Critical Review of the Proposed Cyber Security Rules 2024 Reveals Flaws Targeting Fundamental Rights

Published: 20 June 2024

The proposed Cyber Security Rules 2024 have sparked a wave of criticism, raising significant concerns about their implications on freedom of speech, journalistic freedom, and human rights in general. Transparency International Bangladesh (TIB) and Article-19 have jointly reviewed the proposed Cyber Security Rules, 2024 and presented a detailed review on 13 June 2024. The observations and recommendations were prepared and presented by Quazi Mahfujul Hoque Supan, Associate Professor of the Department of Law at the University of Dhaka.

The CSA: A Tool Against Freedom of Speech and Press, Human Rights and A Mirror Image of the Draconian Digital Security Act

Despite its rebranding, the Cyber Security Act 2023 appears to be a direct descendant of the Digital Security Act (DSA), retaining much of its oppressive framework and has not alleviated fears regarding the suppression of free speech and press freedoms. Some people say that many parts of the CSA are similar to parts of the DSA, which was known for being used to silence criticism and attack basic speech rights. The new rules still pose a threat to these freedoms, which contradicts the very essence of a democratic society that values open dialogue and the free flow of information. The continuity of these controversial aspects suggests a mere cosmetic change rather than a substantive overhaul.

Highlighting that relevant stakeholders' opinions have not been reflected in the rules, TIB Executive Director (ED) Dr. Iftekharuzzaman stated, “The CSA has been implemented following the DSA to use as tools against the free access to information and free speech facilitated by information technology. The arbitrary elements unearthed in the review of the CSA have been further complicated by the proposed rules. The most pressing issue is that the local and international organizations that need to be directly or indirectly involved for proper implementation of the law have not been mentioned in the rules. We do not see any possibility of the goals and objectives of the law and rules being met, and we are concerned that this would only be used as a weapon for controlling the rights of citizens.”

Arbitrary Rule Setting and Unclear Definitions

One of the most alarming aspects of the CSA is its vague definitions and the potential for arbitrary rule setting. Such ambiguities can lead to subjective interpretation and application, which can be manipulated to serve specific agendas. For instance, Rule 26 of the proposed rules grants excessive powers to the Director General, far beyond those outlined in the parent law. This opens the door to arbitrary enforcement and decision-making that lacks accountability and transparency.

Supervision and Control of Digital Spaces

A critical issue with the CSA and its associated rules is the underlying notion that digital spaces must be under government supervision and control. This perspective runs counter to the fundamental principle of the internet as a free and open space for the exchange of ideas. The rules do not provide adequate safeguards against potential misuse of surveillance powers, raising fears of widespread monitoring and censorship under the pretext of cybersecurity.

A Top-Heavy Organization Lacking Expertise

The structural design of the National Cyber Security Agency (NCSA) under the CSA has also demonstrated flaws. The organization is perceived as top-heavy, with unclear qualifications and expertise requirements for its personnel. This lack of specific criteria for the recruitment and performance of cybersecurity officials can undermine the effectiveness of the agency. Furthermore, the absence of mechanisms ensuring transparency and accountability exacerbates concerns about potential abuse of power and privacy violations.

The proposed Cyber Security Rules 2024 reflect a continuation of problematic policies rather than a fresh start towards enhancing digital security while respecting fundamental rights. The criticisms underscore the urgent need for reforms that balance the imperatives of cybersecurity with the protection of free speech, press freedoms, and human rights.

Commenting on the review, Regional Director of Article-19, Sheikh Manjur-E-Alam said, “We still haven’t implemented a data protection law, yet we are working on an AI policy, despite AI being heavily reliant on data. Instead of ensuring the safety of cyber spaces, we are showing interest in implementing such laws to control freedom of expression, gain access to information and data, and harass people. We must step away from this approach.”

As discussions continue, it is imperative for stakeholders to push for amendments that ensure the rules serve their intended purpose without compromising the foundational principles of freedom and democracy.

For the full review and presentation on the Cyber Security Rules, 2024,
visit - https://ti-bangladesh.org/articles/position-paper/7020