Existing Legal Frameworks and the Reality of Cyber Security in Bangladesh

Submitted By:

Name: Anika Tabassum Ananna

ID: 18109048
Introduction
The present era of globalization is marked by the rapid expansion of information technology
and communication. Cyber security is crucial to national security in this era of globalization.
This has a tremendous impact on a nation's capacity to maintain economic stability and
effective security. In the previous decade, the internet has grown tremendously. Criminal
activity that takes use of the current technical state of the global economy is no longer bound
by national boundaries in today's world. Because of the rapid and dramatic growth of ICT,
cybercrime has become a major security threat in the global arena in recent years. In the fight
against cybercrime, governments must contend with both individual cybercriminals and state-
sponsored assaults. They not only affect economic progress and defence systems, but they
also raise diplomatic tensions and may lead to chaos in the world order. Global peace,
stability, and economic prosperity might be at risk when information and communication
technology is misused.

When it comes to cyber security and surveillance, Bangladesh is an easy target for hackers
who use phishing, hacking and data theft to get access to people's personal information. The
majority of cybercrime is a property crime. Data, information, and computer organisations
are examples of less evident and impalpable forms of property that aren't directly connected
to the persons in issue. Personal and organizational information, as well as government and
non-governmental digital services, are attractive to criminals. Providing services through
digital platforms, it is not unusual for security measures to be insufficient. Cyberspace
security may not be adequately protected under the Information and Communications
Technology Act of 2006 (the "Act"). Bangladesh's chaotic cyber security and
countermeasures in a globalized world are the key focus of this study.
Legal Frameworks for Cyber Security in Bangladesh
This law, known as the Bangladesh Telecommunication Regulation Act, 2001, was largely
passed in Bangladesh with the goal of regulating any kind of unintended cyber violence
committed via the use of telecommunication instruments. Furthermore, the Information and
Communication Technology Act, 2006, the Pornography Control Act, 2012, the Digital
Security Act, 2018 and other rules were created by the Bangladeshi government to deal with
the issue of cybercrime. There are a number of federal regulatory agencies that operate in
conjunction with the national cyber security system in addition to these legislations.

1. The Bangladesh Telecommunication Regulation Act, 2001

It was the Bangladesh Telecommunication Regulation Act, issued in 2001, that was the first
cyber legislation in the nation, and it dealt with all types of cybercrime. However, the Act did
not operate to the degree that today's heightened cybercrime has come from the advent of
diverse social media platforms, and as a consequence, the Act did not act as effectively as it
should have. An independent regulatory agency, dubbed the Bangladesh Telecommunication
Regulatory Commission (BTRC), was formed under Section 53 of the Act with the
jurisdiction to combat any cyber aggression in the information and communications
technology (ICT) sector. The BTRC has supervisory authority and has the ability to restrict
any undesired websites, blogs, and social media accounts. Telecommunication regulation, on
the other hand, was transferred from the BTRC to the Ministry of Post and
Telecommunication in 2010, thereby reducing it to the status of an auxiliary force.

2. The Information and Communication Technology Act, 2006

It was in 2006 that the Information and Communication Technology (ICT) Act was enacted
in Bangladesh, with a particular emphasis on combating cybercrime. In order to ensure the
smooth operation of the Act, the government promulgated the Information Technology
(Certificate Authority) Rules in the year 2010. For numerous cybercrimes, the ICT Act
allows for jail terms ranging from 7 to 14 years and/or monetary penalties of up to Tk. 1
crore, or a combination of the two. Anyone found guilty of causing damage to or hacking into
a computer system or security code, posting false and indecent information on the internet,
disclosing any confidential data, creating a forged digital signature, certificate, or license, or
assisting in the commission of these crimes will be sentenced in accordance with the
provisions of this Act. Crimes under the ICT Act are cognizable, and law enforcement
authorities are permitted to investigate and apprehend any suspected criminal without a court
order in the course of their investigations. Section 68 of the Information and Communications
Technology Act empowers the government to establish one or more Cyber Tribunals in order
to expedite and maximize the outcome of cybercrime proceedings. After consulting with the
Supreme Court of Bangladesh, the judges of the Cyber Tribunal will be selected from among
the Session Judges or Additional Session Judges. The Cyber Tribunal must, to the extent that
it is compatible with the Code of Criminal Procedure (CrPC), 1898, follow the trial processes
set out in Chapter 23 of the Code of Criminal Procedure. An absentee trial may be conducted
by the Tribunal, with a Public Prosecutor acting on behalf of the government in such
instances. The Tribunal must complete the trial within six months, with the option of
extending the time limit by another three months. Furthermore, under the provisions of this
Act, the government must create one or more Cyber Appellate Tribunals to hear appeals from
the decisions of the Cyber Tribunal, as appropriate. The government will designate a
Chairman and two members to the Cyber Appellate Tribunal, which would be established in
due course. The Chairman of the Supreme Court must be a retired or serving judge of the
Supreme Court, or he or she must be qualified to serve as a judge of the Supreme Court. One
of the two members must be a past or current District Judge, and the other must be an expert
in information and communications technology. This tribunal's judgment is final, and it will
follow the appeal processes established by the Supreme Court's High Court Division in
making its conclusion.

3. Mandates of the Newly Enacted Digital Security Act, 2018

The new law on cyber security, the ICT Act, was replaced by the Digital Security Act in
2018. In order to ensure digital security, this Act describes E-Commerce and E-Transactions
in detail. Derogation and injury to religious beliefs, as well as a breakdown of the law, may
now be committed by transmitting on a website or in any digital form, according to the new
laws (Runa, 2019, p. 84). Those who use digital methods to spread defamatory information
about the Father of the Nation or the Bangladesh Liberation War risk up to 14 years in prison
or Tk. 1 crore in compensation, or both. The Digital Security Act covers a wide range of
cyber-attackers, including those operating outside of the country's territorial boundaries.
Sections 18 and 26 of the Act punish anybody who gains unauthorized access to a computer
system or digital device. Part of the Digital Security Act also eliminated ICT Act sections 54
to 66. If a person sends or publishes an offensive, frightful or false piece of information in an
attempt to denigrate, defame, or otherwise damage the national honour through the use of a
digital medium and is sentenced to three years in prison or a fine of not more than Tk. 3 lacs,
they are subject to the penalties outlined in Section 25 of the aforementioned Act. Second-
time offenders in Bangladesh risk up to five years in jail or a fine of Tk. 10 million, or both,
depending on the specific circumstances of the case. Additional penalties include
imprisonment for up to seven years or a fine of not more than Tk. 10 lacs, or both, for
anybody who broadcasts on a website or electronic format that hurts religious beliefs or
encourages others to do so. This means that if someone commits the same violation again,
they might face 10 years in jail, Tk. 20 million in penalties, or both. There are three years in
jail or Tk. 5 lacs in fines or both for those who publish or broadcast negative material as
specified in Section 499 of the Penal Code, 1861, using digital media, under Section 29 of the
Act If the perpetrator commits the violation for the second time, the punishment may climb to
five years in jail or a fine of Tk. 10 million or both. When someone publishes or broadcasts a
file online or in a digital format that incites hatred, discord, or social harmony for the second
time, they will be subject to a maximum seven-year prison sentence, as well as a fine of not
more than Tk. 5 lacs, or both. This is in accordance with Section 31 of the Digital Security
Act. Official Secrets Act, 1932 penalties include a fine of up to Tk. 25 lacs or both for
anybody who uses a computer, digital device, or another electronic medium to aid or abet
someone in committing a violation under that act. Life in prison or a fine of up to Tk. 1 crore,
or both, are possible punishments for repeat offenders. Section 17 of the legislation makes
cybercrime punishable by up to 14 years in jail and a fine of Rs. 1 crore, or both. This
conduct was a violation of international law protecting free expression. Section 43 of the
Digital Security Act gives police officers the authority to detain and search anybody they
suspect of committing a crime, as well as to conduct physical examinations and other
investigative procedures provided in the California Penal Code. Officers who complete this
program maintain the authority to seize evidence such as computers, documents, and other
materials used in criminal activity. A Digital Security Agency may be established under
Section 5 of this Act in order to protect national digital security and support the BTRC.
Bangladesh's Cyber Emergency Incident Response Team and Digital Forensic Lab are also
expected to be formed. There are thirteen members of the National Digital Security Council,
which is established under Section 12 of the Digital Security Act, including Bangladesh's
Prime Minister.
 4. The remedy under the Pornography Control Act, 2012

Under Section 8 of the Pornography Control Act, cyber pornography, such as the
dissemination of sexual film, sexual harassment, and blackmail by photograph, is a felony
that may be punished. This section of the Penal Code imposes prison sentences of up to seven
years, with the possibility of an additional ten years in cases involving child pornography.
According to Section 5, the investigative procedure would be conducted in accordance with
the Criminal Procedure Code (CrPC). In addition, Section 7 of the Pornography Control Act
covers investigations and evidence submissions by organizations with technical competence.

5. Other Relevant Legislation and Institutions Regulating Cyber

Violence
In addition to these legal frameworks, the Copyright Act, 2000 and the Penal Code, 1860 in
Bangladesh outline a few sections of cyber misbehaviour, such as piracy, illegal media
content supply, intellectual property theft, cybersquatting, forgery and mischief, etc. Any
online behaviour that is false, disparaging, damaging to religious beliefs, or bothersome to the
nation's dignity is considered a cybercrime under these legal systems. A new cyber-wing has
been established by the Bangladeshi police to investigate and monitor cyber offenders and
threats. For the purpose of combating online defamation, email fraud, and the dissemination
of false information, the Anti-Cyber Crime Department is led by a Deputy Commissioner of
Police.

The Reality of Cyber Security in Bangladesh

Although there is no dispute about the extent of cybersecurity risk in Bangladesh, it remains
to be seen if the nation will be able to manage the risk effectively and on time in the future.
Despite widespread public awareness, politicians are still hesitant to adopt comprehensive
steps to safeguard themselves and their constituents from danger. Many laws have been
enacted in Bangladesh to prevent cybercrime, including the Information and Communication
Technology (ICT) Act, 2006, and the Digital Security Act, 2018. The Information and
Communication Technology (ICT) Act, 2006, and the Digital Security Act, 2018, are just a
few examples. In reality, it is evident that the laws' principal objective is to restrict people's
freedom of expression and expression of thought. In order to stifle free expression in the
media and on social media, authorities in the government and law enforcement are using
sections of the law that are in direct conflict with one another. The Bangladeshi government
signed the Information and Communications Technology Act into law on October 8, 2006.
On October 6, 2013, seven years after the Act's inception, the country's parliament revised the
legislation, however important problematic components were left in place as well. Victims of
cybercrime have the right to file a lawsuit against their assailants, regardless of where they
are located in the globe. Despite the fact that the ICT Act provides a starting point, victims
must engage with regional law enforcement authorities in Bangladesh, such as the CID
(Criminal Investigation Department), as well as international law enforcement organizations
such as Interpol in order to achieve their objectives. Campaigners, civil society leaders, and
journalists have all urged the repeal of Section 57 from the Information and Communication
Technology Act as soon as possible since it allows for widespread exploitation of the
technology. Because cybercrime is not made a cognizable offense under the ICT Act, police
cannot arrest some offenders without a warrant of arrest in all cases, also the Court pursues
with section 3 of CRPC. Previously, the maximum penalties for violating the section's criteria
were a fine of one crore taka and ten years in jail, respectively. Under this law, police officers
were required to get approval from the appropriate authorities before filing a case or arresting
a suspect. Since then, the maximum sentence has been increased to 14 years in jail. A warrant
is no longer required for legislators to hold someone without their consent. Any person who
knowingly posts or transmits material that is false or offensive and has the intent of
influencing the reader to become dishonest or corrupt is guilty of violating this section. It is
also guilty of violating this section if the material causes or creates the possibility of
deteriorating law and order." In spite of some important revisions, the 2006 key Act mostly
retains its original form, despite the many inconsistencies and heavy punishments it contains.
As example of the implementation of Bangladeshi cyber security law has reflected on the
Shafiqul Islam Kajol, a photojournalist. He has been accused of making fake news and
currently under the custody of DSA. Another example is about Murad Hasan who has been
punished for his indecent remarks on women. He was being charged under the Digital
Security Act 2018. The Bangladeshi government has infringed fundamental human rights,
such as freedom of speech, by enacting the 2013 Information and Communications
Technology Act (as modified). Many of the law's provisions are vague and overbroad, and
they may actually serve to encourage rather than discourage cybercrime in the long run.
According to the International Court of Justice, Bangladesh's original ICT Act section 57 is
'incompatible with Bangladesh's obligations under Article 19 of the International Covenant
on Civil and Political Rights.' It has been determined that the freedoms of speech and ideas
have been restrained beyond what is permissible under Article 19(3), which specifies that
"the offences imposed are imprecise and excessive." Due to the fact that "Section 57 is not
mentioned and includes a wide range of offences," an acquittal is doubtful. We may be led to
assume that legislation is necessary to deal with cyberspace-related offences as a result of the
ICT Statute 2006 and modifications; nevertheless, the already existing act is vague and needs
ongoing organization in addition to the current ad hominem system.

The arrest of journalist Probir Sikdar, who was working for the New York Times, sparked a
passionate discussion over whether Section 57 should be abolished. Since July 2017, at least
21 lawsuits have been brought against journalists under Section 57 of the Information and
Communication Technology Act, a clause that has been roundly denounced for the possibility
that it would be abused by individuals in the media sector (The Daily Star, 7 July, 2017). On
May 2, in response to significant criticism of the Information and Communications
Technology Act (ICT Act), Bangladesh Law Minister Anisul Huq said that section 57 of the
ICT Act will be abolished and that a new "Information Technology Act in the pipeline"
would be adopted. It was on September 19, 2018, that the Bangladeshi Parliament enacted the
2018 Digital Security Act, which contains a significant provision enabling police agents to
search or arrest someone without a warrant.

Concerned that the proposed bill will be in violation of constitutional principles and so
violate the spirit of the constitution, human rights organizations and journalists have stated
their objection to the plan. If a police officer believes that an action has been or is being
committed in a specific area where evidence may be lost, the officer may perform a search of
the site or anybody present, according to the new legislation, Section 43. Sections 8, 21, 25,
28, 29, 31, 32, and 43 of the Anti-Terrorism Act were enacted by Bangladesh's Sampadak
Parishad, a daily editorial forum, on September 16, last year, and are effective immediately.
In the statement, the words "surprise, disappointment, and regret" were used to describe the
situation. In accordance with Section 3 of the Digital Protection Act, which incorporates
language from the Access to Information Act 2009, which will deal with data issues,
information security will be addressed in detail. Section 32 of the Official Secrets Act, 1923,
provides that a person who commits or assists in the commission of a crime under the Act, or
who permits others to do so, may be sentenced to a maximum of 14 years in prison, a fine of
Tk 25 lakh, or both if he or she violates the Act. Glory to the wonderful ideas of nationalism,
socialism; democracy; and secularism that motivated our heroic people to dedicate their lives
to, and our brave heroes to lose their lives in defense of Part IX, Section 21 of the Act, gives
a more in-depth explanation of these requirements. People who break the law by using a
website or electronic means may be sentenced to up to three years in jail or a fine of Tk 5
lakh, or both, under Section 499 of the Penal Code, depending on the gravity of the
infringement. Act The Criminal Code states that anyone who intentionally posts or broadcasts
something on a website or in an electronic form that fosters hatred or enmity between
different groups of people and causes law and order to deteriorate faces seven years
imprisonment or a fine of Taka 5 lakh (approximately US$10000) (Taka 5,000,000). In
comparison of other countries, Bangladesh has been ranked first in South Asia for having the
most effective cyber security segment. So it can be said that Bangladesh has been improving
continuously in this sector. Even our neighbour country India has been facing more cyber
crimes daily than Bangladesh and has been struggling keep up an ethical environment.

Actions to Ensure Cyber Security in Bangladesh with

Recommendation
In the aforesaid situation, numerous corrective policy alternatives are suggested by many
competent researchers in the areas of cybersecurity, cyberspace safety, and lowering the
incidence of cybercrime in Bangladesh, among other things. The provided policy
recommendations to the government of Bangladesh are described below, but also the issues
of individual security are addressed here. The following are examples of possible options:

a. Reform of legal structure

Legal guidance from the International Court of Justice on the ICT Act 2006 and its
amendments is critical for Bangladesh's Parliament and administration to follow. A request
from the International Court of Justice (ICJ) will be made if Bangladesh's Information and
Communication Technology Act 2006, as revised in 2013, does not comply with international
law and norms. However, the ICT Act section 57 must be changed so that any restrictions on
freedom of expression and opinion are in accordance with international law; (2) amending the
ICT section 57 so that forbidden speech is clearly defined; and (3) amending the ICT Act so
that any restriction on freedom of speech and information, including any penalty for violating
this freedom; Bangladesh's government has received guidance on how to handle this matter
from the International Court of Justice (ICJ). The fines for Digital Security Act 2018
penalties need to be revised. To put it another way, the fees are too high even for those who
live in nations with more progressive cyber laws than Bangladesh. Bangladesh imposes a
punishment of 1 crore for hacking While India's requirement is 2 lakh rupees. It is illegal in
China to commit cybercrime under the People's Republic of China's criminal legislation.
There is a lot of focus on cybercrime in sections 285, 286 and 287. Section 285 of the
criminal code stipulates a maximum sentence of three years in jail or fine for anybody caught
hacking into a computer system. The sections of the Penal Code 1860 are 421-440, which
deals with fraud and mischief; 378-382, which deals with theft; 499-502, which deals with
defamation; and 463-477A, which deals with forgery. It would be preferable if a few sections
on cybercrime were included. Numerous cybercrime penalties are omitted, including hacking,
stalking, malware attacks, and email spamming. This country's police force is still unfamiliar
with cyber rules. However, there is no similarity between the Bangladesh police and the
Federal Bureau of Investigation in the United States. They are far more knowledgeable than
the Bangladesh police. That is why it is incredibly easy for cyber criminals to commit crimes
in Bangladesh. No one should be prevented from enjoying their right to free expression,
including expressing their views on government actions or inaction, under the ICT Act.
Charges should be dropped against bloggers who are practising their First Amendment rights.
Insist that government entities refrain from filing documents that might impede citizens'
ability to participate in politics.

b. Maintaining rules of cyber security

Eneken Tikk, a legal counsel at the NATO Cooperative Cyber Defense Center of Excellence
in Tallinn, Estonia, released "Ten Rules of Cyber Security" in 2011 to establish a framework
for safeguarding cyber security principles. When designing the framework, Tikk had both
national and personal security in mind.

For the most part, Eneken Tikk's suggestions are in the listener's favour. In order to protect
cyber security, he referred to the "territorial rule," which states that "Information
infrastructure located inside a state's territory is subject to the territorial sovereignty of that
state". According to 'the law of duty,' governments should behave responsibly to preserve
their own territorial integrity and sovereignty, as described by Tikk. Under the "early warning
legislation," he says, there is also a "responsibility to alert probable victims of known,
impending cyber-attacks."

For Bangladesh, it was advocated the establishment of an effective national digitally-savvy

organization capable of dealing with both existing and future cyber threats from across the
world, since prevention is always better than treatment. If a state wants to safeguard its vital
national data, Tikk says it must create "the data protection standard." According to him,
unless otherwise indicated, the information infrastructure monitoring systems' data is treated
as personal. It is possible to employ another Tikk rule, known as the responsibility to care'
rule, in this case. In order to protect any type of information infrastructure, he advocates that
everyone bear a bare minimum of responsibility. It is suggested that the Bangladesh
government employ its own resources, expertise, and innovative thinking to protect the
internet and national interests. According to Bangladesh, it is preferable to rely on
international professionals for cyber training and development, to design our own server
frameworks and systems using our own resources and labor, to devote significant effort to
constructing a cyber security safety net, and to recruit promising local programmers. For the
third time, Tikk's "cooperation rule," as he refers to it, is something that everyone can get
behind. He said that "when a cyber-attack is undertaken via information systems situated
inside the territory of a state, the victim state has a legal obligation to interact with the
perpetrator state." Third, Tikk's "cooperation rule," as he refers to it, is something that
everyone can agree on and follow. According to him, when a "cyber-attack is carried out
using information systems located inside a state's territory," the victim state has a legal
obligation to assist the perpetrator state. When transnational criminal activities are carried
out, cybersecurity concerns are often integrated. For example, victims may be targeted in one
country while the perpetrators escape by using international boundary barriers in order to
flee. In order to combat these dangers, Bangladesh need the participation of the whole globe.

Yes, Interpol and other foreign law enforcement organizations have engaged with the
Bangladesh government and police in this manner, but the country requires much more
cooperation, particularly from technological behemoths such as Microsoft and Google, in
order to effectively combat crime and corruption. For the purpose of concision, I'll just
mention Tikk's other two guiding principles: self-defense and access to knowledge. Everyone
has the right to self-defense, and the general public has the right to be informed of dangers to
their life, security, and general well-being, according to him. According to him, it is being
urgued that Bangladesh's government to take preventive and precautionary measures to
ensure the country's cybersecurity.
 c. Individual awareness
It is impossible to escape the consequences of globalization. There must be an increase in
public awareness about personal data protection and safety in addition to government-led
measures.

In order for professionals to be able to deal with cyber technologies, regardless of their
position in the hierarchy or the numerous organizational structures they operate in, they must
obtain a minimal level of ability in dealing with cyber technologies. The only way to save
Bangladesh from falling into a pit of cyber security dangers is to provide it with enough
education and awareness. To ensure your safety when using the internet, you should take a
few simple steps. Here are a few examples of possible preventive measures:

Ensure the safety of your internet connection (iv), practice safe web browsing (v), and only
conduct online transactions with reputable merchants (vi), and use extreme caution when
posting information to public forums (ix) Antivirus software has to be kept up to date. For
cybercrime victims, people should report it to our local police station, which may contact the
FBI and the Federal Trade Commission for additional investigation. Even though small
crimes may seem inconsequential, they must be reported as soon as they happen. The citizens
can assist prevent similar crimes from happening in the future if the government act quickly.
The financial institutions and companies where the crime occurred should be contacted if any
identity theft is suspected.
Conclusion
As a worldwide phenomenon, cybercrime presents serious challenges to national security in
any country, including Bangladesh. As a consequence of globalization, cybercrime has
become an even more serious problem for the United States. Weak cyber security measures,
people's unfamiliarity with modern technology, and widespread ignorance of potential threats
to online safety might have serious ramifications for the country. In addition, the country's
regulations seem to be inadequate to safeguard the country's internet. International
cooperation, the development of technological know-how, the acquisition of knowledge, and
the promotion of public awareness of cyber security concerns are some of the corrective
measures that the country may explore in order to confront the ever-present cyber security
challenges. It is imperative that a national infrastructure be built in order to empower citizens
and enhance democratic values and standards for sustainable economic growth by using
infrastructure to improve human capital; democratic accountability; e-commerce; finance;
public utilities; ICT-enabled services and all kinds of digital ICT-enabled services. The quick
development in cyber-crime in Bangladesh and around the globe reinforces the argument that
the problem of cyber-crime is unavoidable, despite the fact that others say that cyber risks are
not a realistic possibility for Bangladesh in the near future. Last but not least, it can be
claimed that the time has come for Bangladesh to adopt preventative and counteracting
actions in order to tackle the risks presented by cybercriminals. As a result, the Bangladesh
government as well as the general public should carefully consider the ideas included in this
paper.