As the term "Smart Bangladesh " becomes the go-to hashtags for Facebook posts; Bangladeshis are increasingly relying on technology for various aspects of their lives. This article looks at the newly implemented Cybersecurity Act 2023 and discusses how it affects legal rights as opposed to its predecessors.
The Digital Security Act was adopted in 2018 with the aim of preventing any kind of racism and terrorist propaganda via social media, print media or any other electronic media1. However, since its provisions were ambiguous and open to interpretation, it was a controversial law.
In response to the increasing national demands and international critique, in September 2023, the Government repealed the Digital Security Act 2018 and published the Cybersecurity Act 2023. The CSA carried forward most of the offenses under the DSA, with the severity of some of the associated punishments being reduced.
The nine sections of the DSA identified as a threat to the freedom of speech are sections 8,21, 25, 28, 29, 31, 32, 43 and 53. The newly implemented CSA contains all these sections2. Only seven sections have been amended in terms of punishment and bail, while no changes have been made on two sections. For example, Section 21 of the DSA has been carried forward to the new CSA, with the 10-year jail sentence being reduced to 5 years under the new Act.
Sections 5,6 and 7 of the CSA provides for the establishment of a dedicated cybersecurity agency, emphasizing the need for appointing experts in cybersecurity. Sections 12, 13 and 14 establish the National Cyber Security Council, comprising government officials and specialists to oversee cybersecurity efforts3.
Traditional law enforcement officers may lack the technical proficiency needed4, and although the establishment of cybersecurity agencies and councils are a step in the right direction, its effectiveness could be enhanced by and including multidisciplinary expertise with technical, legal and policy skills, which would strengthen the cybersecurity protection.
Sections 8-11 of the CSA provides the legislative framework for preventative measures and data removal. Section 08 authorizes the removal or blocking of data that threatens digital security or public order, while sections 9, 10 and 11 outline the establishment of emergency response, digital forensic labs, and quality control measures5.
Provisions for preventive measures like data removal or blocking, emergency response, and digital forensic labs demonstrate a proactive approach to handling cyber threats. However, they must be aligned with international standards and principles to ensure respect for individual rights and due process.
Part 6 of the Act contains the offenses and their related punishment. For example, section 25 criminalizes the publication or transmission of offensive, false, or threatening data and content while section 29 deals with the publication of defamatory information.
Just like its predecessor DSA, CSA lacks a clear definition of expressions like "threat to digital security", "national integrity", "solidarity", "financial activities" and "religious values"6, and these can potentially suppress legitimate online expression and freedom of speech.
As can be seen from sections 33-39 of the Act, CSA imposes a reduced maximum imprisonment period of 7 years for various cyber offenses without additional penalties for repeated offenses. It no longer includes more severe penalties for repeat offenses as seen in the previous DSA. The investigation period under the CSA is extended to 90 days from the initiation of the investigation, as opposed to the 60 days stipulated under the DSA.
The extended investigation period allows more time for thorough investigations, which can lead to better handling of cybercrime cases. Furthermore, the reduction in maximum imprisonment periods and the absence of additional penalties for repeated offenses may be seen as a more balanced approach to penalizing cybercrimes.
As Bangladesh continues its journey towards a "Smart Bangladesh", the delicate balance between protection and punishment in technology law remains a critical challenge. While the Cybersecurity Act of 2023 represents an attempt to address the shortcomings of the DSA, the core issues of overly broad provisions and the potential for misuse persist.
The adage "it is better that ten guilty persons escape than that one innocent suffer" serves as a stark reminder of the importance of safeguarding individual liberties in the pursuit of security. In the realm of technology law, where the line between free expression and harmful content can be blurred, this principle is of paramount importance.
Written by Junayed Chowdhury (Managing Partner) and Naila Noshin (Intern) at Vertex Chambers
Footnotes
1. https://en.wikipedia.org/wiki/Digital_Security_Act,_2018 (as of 15/07/2024)
2. https://www.thedailystar.net/opinion/views/news/cyber-security-act-and-the-fear-history-repeating-itself-3393861 (as of 15/07/2024)
3. https://www.ti-bangladesh.org/upload/files/position-paper/2023/Presentation-on-Digital-Security-Act-2018-and-Draft-Cyber-Security-Act-2023.pdf (as of 15/07/2024)
4. https://www.ti-bangladesh.org/upload/files/position-paper/2023/Presentation-on-Digital-Security-Act-2018-and-Draft-Cyber-Security-Act-2023.pdf (as of 15/07/2024)
5. https://www.ti-bangladesh.org/upload/files/position-paper/2023/Presentation-on-Digital-Security-Act-2018-and-Draft-Cyber-Security-Act-2023.pdf (as of 15/07/2024)
6. https://www.ti-bangladesh.org/upload/files/position-paper/2023/Presentation-on-Digital-Security-Act-2018-and-Draft-Cyber-Security-Act-2023.pdf (as of 15/07/2024)
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.