The government declares communication systems of 29 vital state agencies as 'Critical Information Infrastruc-ture (CII)' with punitive provision for unauthorized access.
Information and Communications Technology (ICT) division published Sunday a gazette bringing those under section 15 of the Digital Security Act 2018.
The institutions are President Office, Prime Minister's Office (PMO), Bangladesh Bank, National Board of Revenue (NBR), Bangladesh Data Center Company Limited, Bridge Division, Department of Immigration and Passports, National Data Center of Bangladesh Computer Council, National Identity Registration Wing, Central Procurement Technical Unit, Sonali Bank Limited, Agrani Bank Limited, Janata Bank Limited, Rupali Bank Limited, Rooppur Nuclear Power Plant Project, Biman Bangladesh Airlines, Immigration of Bangladesh Police, Bangladesh Telecommunication Company Limited (BTCL), Bangladesh Power Development Board, Power Grid Company of Bangladesh, Titas Gas Transmission and Distribution Company Limited, Central Depository Bangladesh Limited, Bangabandhu Satellite Company Limited, Bangladesh Securities and Exchange Commission, Civil Aviation Authority Bangladesh, Office of the Registrar General, Birth and Death Registration, Dhaka Stock Exchange and Chittagong Stock Exchange.
Under the section 15 of Digital Security Act 2018, Critical Information Infrastructure (CII) refers to any computer systems, network or information infrastructure (of any state organs concerned).
As per the provision of the act, it will be treated as an act of offence if anyone 'intentionally or knowingly illegally enters any critical information infrastructure, or by means of illegal entrance, harms or destroys or renders inactive the infrastructure or tries to do so'.
When contacted, Executive Director of Transparency International Bangladesh (TIB) Dr Iftekharuzzaman said the government has taken the decision under the digital security act 2018, which is fine.
But the problem lies in the sub-section 3 of section 15 of the act that states that if the authorities concerned think any activity of any individual is risky for such information infrastructure, then they can investigate ands take action accordingly, he said.
“As there is no clear definition of the term activity in the sub-section, anyone may face strict action by the authority without illegally entering the system, which contradicts the existing right to information act.”
He also said that the government should have consulted the stakeholders before taking such decision to avert any confusion.