The Transparency International Bangladesh (TIB) and the Article 19 jointly called for overhauling and redrafting Cyber Security Act 2023 before the Cyber Security Rules 2024 are implemented.
This process should involve meaningful and effective participation from relevant experts and consider concerns, advice and recommendations of the stakeholders concerned, they stated.
Despite strong objections from relevant stakeholders, implementing the Cyber Security Rules 2024 while retaining the human rights and freedom-curbing clauses of the Cyber Security Act 2023 will not yield any fruitful result(s).
The observations were made in a joint press conference on 'Proposed Cyber Security Rules 2024: Observations and Recommendations' on Thursday.
The scope of the proposed rules is very limited, as 19 rules are a 'verbatim' reproduction of the Digital Security Rules 2020.
The rules do not adhere to contemporary standards as they fail to adequately define critical information infrastructures and cyber security-related incidents, establish a top-heavy cyber security agency, present a clear organisational structure or provide an accountable and transparent working procedure.
Even they do not specify qualifications for relevant human resources, lack provisions for international assistance in information exchange and the Mutual Legal Assistance Treaty (MLAT), and do not meet global quality standards for the Digital Forensic Lab, according to the organisations duo.
While presenting and reviewing the rules at the event, Quazi Mahfujul Hoque Supan, an associate professor who teaches law at Dhaka University, said the proposed regulations lacked a framework for bringing foreign cyber attackers under law.
"All major attacks on our critical information infrastructures have originated from outside the country," he mentioned.
However, there are no provisions in the proposed regulations on how to take action against these attackers, added Mr Supan.
Dr Iftekharuzzaman, executive director of the Transparency International Bangladesh (TIB), expressed concerns about the potential for increased abuse of power under the proposed Cyber Security Rules 2024.
The restrictive clauses from the Digital Security Act have been retained in the new Cyber Security Act, which is seen as a tool for controlling people's rights, particularly freedom of speech, expression and journalism, according to him.
"We believe that the Cyber Security Act 2023 is repressive, largely undemocratic, and an obstacle to freedom of expression. Creating subordinate legislation while keeping such inconsistencies in the main law will render the purpose largely ineffective."
sajibur@gmail.com