New Age | Proposed cybersecurity rules are a weapon to control rights, says TIB

Transparency International Bangladesh Executive Director Iftekharuzzaman on Thursday expressed concern over the draft Cybersecurity Rules 2024, saying it would be a weapon to control citizens' rights.

He also called the Cyber ​​Security Act 2023 restrictive, essentially undemocratic, and an impediment to freedom of expression.

Iftekharuzzaman made these remarks during a press conference jointly organized by TIB and Article 19 at TIB office in Dhaka on 'Proposed Cyber ​​Security Rules 2024: Observations and Recommendations'.

“If the proposed cybersecurity rules are finalized while retaining the contradictions of the CSA, they will be largely ineffective,” he said.

Iftekharuzzaman said: “The Cybersecurity Law is just a digital security law in a different package, and it is equally arbitrary. »

He also said that the CSA was implemented following the DSA to be used as a weapon against free access to information and freedom of expression facilitated by information technology.

The scope of the proposed cybersecurity rules is very limited, as 19 rules are a verbatim reproduction of the Digital Security Rules 2020, it added.

The observations and recommendations were prepared and presented by Quazi Mahfujul Hoque Supan, Associate Professor of the Department of Law, University of Dhaka, during the press conference.

Stakeholders present at the event also said that there was no provision or section in the main law or the proposed rules to ensure transparency and accountability of the National Cyber ​​Security Agency.

Therefore, in the absence of an independent oversight body, there are risks of violating citizens' right to privacy and allowing arbitrary access to government-controlled agencies, they said.

They also said that most major attacks on critical information infrastructure came from outside the country, but that there was no provision in the proposed rules for how action would be taken against these attacks.

Appendix 2 of the proposed rules indicates that the digital forensics process has focused on investigating devices and file systems while neglecting other applications and custom software, they said.

They recommended revising and reformulating the Cybersecurity Act of 2023, based on the effective participation of relevant stakeholders, before implementing the Cybersecurity Rules of 2024.