Cyber Security Rules won't be fruitful when CSA is there: TIB, ARTICLE 19

The formulation of Cyber Security Rules, 2024 while retaining the clauses of the Cyber Security Act, 2023 that curb human rights, freedom of speech and free of press will not yield any fruitful results, according to Transparency International Bangladesh (TIB) and ARTICLE 19. 

Before the Cyber Security Rules are implemented, the Act must be overhauled and redrafted, they said.

At a press conference at the TIB office in the capital today (13 June), the organisations called for reviewing the law, taking into consideration stakeholders' strong objections to those clauses.  

Presenting a keynote paper at the event, Quazi Mahfujul Hoque Supan, associate professor of the Department of Law at DU said the scope of the proposed Cyber Security Rules is very limited, as 19 of the rules are a verbatim reproduction of the Digital Security Rules, 2020. 

"The rules do not adhere to contemporary standards. They fail to adequately define critical information infrastructures and cybersecurity related incidents, establish a top-heavy Cyber Security Agency, present a clear organisational structure, or provide an accountable and transparent working procedure," he said.  

Additionally, they do not specify the qualifications for relevant human resources. They also lack provisions for international assistance in information exchange and the Mutual Legal Assistance Treaty (MLAT), and do not meet global quality standards for the digital forensic lab, he added.  

Certain sections on digital evidence are overlooked, and some sections contradict the main law related to digital evidence, creating legal gaps in evidence collection and reporting, he further said. 

The extent of the proposed rules has been kept limited without specifying important definitions and explanations of some issues. 

Additionally, there are no provisions or sections in the main law or the proposed rules to ensure the transparency and accountability of the national Cyber Security Agency. 

According to Mahfujul, in the absence of an independent supervisory body, there are risks of violating citizens' privacy rights and enabling arbitrary access by government-controlled agencies. 

Iftekharuzzaman, TIB executive director, said, "The Cyber Security Act is merely the resemblance of the Digital Security Act in different packaging, and it is equally arbitrary. The CSA has been implemented following the DSA to use as weapons against the free access to information and free speech facilitated by information technology. 

"We do not see any possibility of the goals and objectives of the law and rules being met, and we are concerned that this would only be used as a weapon for controlling the rights of citizens."

TIB and Article-19 have come up with a number of recommendations to make the Cyber Security Act and associated rules more aligned with rights, freedom of expression, and democracy. 

These also include defining the minimum personal, educational, and technological qualifications for cyber security officials; establishing legal provisions for enlisting digital evidence from both domestic and international sources; creating an effective and meaningful organisational structure for the national Cyber Security Agency, upgrading the existing forensic lab with modern equipment, software, and human resources, rather than building a new digital forensic lab, among others.