From DSA to CSA: The same two bottles of agony
The August 7 announcement to repeal the Digital Security Act became a matter of great anxiety and discomfort for citizens, as the government had proposed a new law called the Cyber Security Act, 2023, without consulting stakeholders. Unfortunately, the proposed law's content – particularly its provisions regarding cybercrime and the composition and operation of organisations involved in cybersecurity – is essentially identical to that of the Digital Security Act, 2018 and amounts to a contravention of the constitution, international human rights standards, and the rule of law.
At a press conference on August 10, Law Minister Anisul Huq and State Minister for Information Zunaid Ahmed Palak said that stakeholders could provide feedback on the draft Cyber Security Act (CSA) within 14 days and that any specific recommendation made in response would be taken into consideration. During the conference, both said it was imperative to review the criticism of the CSA and made statements acknowledging the reconsideration of several previously voiced concerns, which a few organisations have enthusiastically embraced. These concerns include decriminalising ethical hacking, legal action against law enforcement misuse, legal recourse against false and deceptive lawsuits and how to stop them, and monetary compensation for victims of human rights abuses or unlawful detention due to wrongful prosecutions and perjury, alongside other issues.
The proposed CSA and Digital Security Rules, 2020 involve four agencies: Digital Security Agency, the Bangladesh government's e-Government Computer Incident Response Team, its Digital Forensic Lab, and the National Digital Security Council. The proposed CSA allows regulators to restrict or delete data based on subjective criteria, potentially restricting free speech. It criminalises vague speech, inviting government interference and potentially restricting freedom of expression. It could also require the BTRC, through government intimation, to delete or block data under Sections 8(1) and 8(2), which might cause Bangladesh's internet to be blocked, filtered, and censored, causing concerns about transparency and official opacity.
Furthermore, the National Emergency Response Team, the director general of the Cyber Security Agency, and police investigators can obtain, remove, block, or otherwise regulate data and internet activity without protections or judicial review under the proposed CSA. Additionally, the draft CSA repeals Section 57 of the DSA, which states that no employee or other party shall be liable for harm resulting from good-faith actions. But if officers, employees, or individuals of these institutions violate fundamental human rights, freedom of expression, and the right to privacy of personal information, how and where can employee accountability, the requirement to publish transparent annual financial and activity reports, and standard operating procedures be implemented?
Citizens have applauded the decision to repeal the harsh and onerous Digital Security Act, 2018. However, the implementation of the CSA could negatively affect social justice, human dignity, fundamental rights, and human rights.
The proposed Cyber Security Act's penalties for most transgressions appear to be excessive, disproportionate, and unlawful. For instance, Section 29 criminalises defamation on internet media and carries a fine of Tk 25 lakh for doing so. Besides this, criminal defamation is punishable by two years in jail with or without a fine under Sections 499 and 500 of the Penal Code, 1860. While defamation on digital media maintains the aforementioned legislative definition, the punishment for the same offence is different. How can an accused get a longer term for the same crime? Due to its conflict with Article 27 of the constitution, Section 29 can be deemed unconstitutional, unlawful, and voidable under Article 26 of the constitution. Also to be emphasised is the distinction between criminal and civil defamation in Bangladeshi law, with the latter being based on tort law. Tort law wrongdoing is decided at the judge's discretion, while defamation must be established beyond a reasonable doubt in criminal proceedings. Damages for civil defamation, however, could be determined by probability. The government should have emphasised the significance of adopting modern communication technology in Bangladesh's defamation legislation and the emergence of civil defamation in democracies.
The now-possibly-repealed DSA included harsh, unreasonable, and illegal punishment provisions; nevertheless, the proposed CSA minimised excessive penalties and boosted bailable crimes. In reality, the proposed CSA will not aid accused criminals to lessen sentences or increase the number of offences that are eligible for bail since, once a case has been filed, the bailable clause is added to the non-bailable clause, which not only is against the rule of law but also gives rise to fear, intimidation, and panic in citizens. Under the proposed CSA, no new judicial system has been established, and the authority has been given to the Cyber Tribunal that was established under the ICT Act. The bail of the accused under the DSA is also subject to the bail requirements in the ICT Act. It goes without saying that the responsibility imposed on the court before granting bail in the aforementioned act is against legal precedent and unjust in nature.
The state must protect freedom, human dignity, and reputation without compromising individual rights. Section 38 of the proposed CSA gives the investigating officer 90 days to finish the probe, and the higher authority might grant an extra 15 days. After 75 days, the cyber tribunal might prolong the investigation by statute. The DSA has seen serious clause breaches. The proposed legislation provides harsh penalties on conviction, and the crimes are non-bailable with limited exceptions.
Different nations have unique regulations governing the length of pre-trial detention since there is no chance it may be seen as a punishment. If the investigating agency fails to produce the report promptly, the accused may be granted bail. But there are no laws or standards in place that govern how people are punished for crimes. Measures for penalising violations of the CSA need to be revised. The conflicting stances of recent laws have made our criminal justice system more challenging and contentious, jeopardising people's fundamental rights.
Cyberterrorism and other "national security" offences, including those that might be used to retaliate against whistleblowers, are also overbroad and do not offer sufficient protection against misuse. While the Disclosure of Information in Public Interest (Protection) Act, 2011 encourages individuals to speak out against corruption, Sections 21, 25, 29, and 32 of the proposed CSA prevent it. Several journalists and rights advocates were prosecuted under the DSA at the beginning of the Covid-19 pandemic for covering misconduct by public officials and representatives. Moreover, citizens were given the power to enforce the legislation, which exacerbated court harassment since judges and investigators did not understand how to investigate and punish DSA offences.
The proposed CSA's Section 34 states that assisting in the commission of an offence constitutes an offence, and the penalty for aiding and abetting is the same as the original offence. This is excessive and disproportionate, as it does not differentiate between those who commit a crime and those who help and abet it. The proposed act lacks distinctions between unlawful action and public interest, and also lacks specific definitions. International cybercrime treaties list several offences, but the proposed CSA defines many of them too broadly and leaves out the question of criminal intent. Additionally, many of the offences in the CSA are already covered by other criminal laws, such as the ICT Act, making it too broad to interpret multiple offences in multiple areas.
More alarmingly, the proposed CSA and the DSA encourage the arrest of children, violating their internationally recognised rights, contravening the UN Children's Rights Declaration and the Charter. Furthermore, the proposed CSA does not include a provision that would make it illegal to file false charges or provide false evidence, which is in violation of Section 211 of the Penal Code.
Citizens have applauded the decision to repeal the harsh and onerous Digital Security Act, 2018. However, the implementation of the CSA could negatively affect social justice, human dignity, fundamental rights, and human rights.
To pass cyber laws, regulations, and recommendations, the government must regularly, spontaneously, consistently, and meaningfully engage with civil society. Since too many parts of the proposed Cyber Security Act, 2023 – from definitions of crimes to the powers, rights, and obligations of administrative institutions – violate national and international human rights legislation, it must not be implemented.
Numerous DSA cases indicate that most prosecutions restrict the public's and the media's freedom of expression, and the provisions in the proposed CSA are raising comparable concerns. In order to preserve the constitution and fundamental human rights (particularly the right to free expression) in Bangladesh, the proposed CSA should not be presented to parliament right away. Fourteen days is not enough time for people to extensively consider an issue of such importance. Instead, a legislative measure such as a bill to repeal the DSA could be introduced to safeguard unencumbered cyberspace freedom and promote democratic principles in Bangladesh.
Rezaur Rahman Lenin is an activist academic. Nowzin Khan is an independent researcher.
Comments