Cyber Security Ordinance: When the law fails to define, anything can be considered a crime
Though the Cyber Security Ordinance aims to address cybercrimes and uphold freedom of expression, its purpose is undermined by the absence of clear and precise definitions.
Back in 2020, Khadijatul Kubra, a then 17-year-old student at Jagannath University was prosecuted under the Digital Security Act (DSA). Her crime? Hosting a webinar where her guest speaker criticised the government and urged people to raise their voices. After spending 15 months in jail, Khadija was released on 20 November last year.
Her chargesheet mentioned offences under Sections 25 and 29 of the DSA.
Section 25 prohibited publishing or transmitting false, offensive, or defamatory information through digital media to harm, insult, or harass someone, while Section 29 criminalised publishing or broadcasting defamatory information in electronic form.
In 2018, renowned photojournalist Shahidul Alam was charged under section 57 of the Information and Communication Technology (ICT) Act 2006, which similarly criminalises the publication, transmission, or sharing of false, obscene, or defamatory information through digital platforms.
Keep updated, follow The Business Standard's Google news channel
He commented in an interview to Al Jazeera that the road safety protests "stemmed from anger about widespread government corruption" and also stated that the government was unelected and had no mandate to rule.
The government labeled his statements as 'provocative' and arrested him.
What was similar in both cases was that the definition of defamation remained unclear, and it is still a question how their actions were criminalised.
Now, the approval of the Cyber Security Ordinance's final draft seems like a solid step in the right direction. Structured across nine chapters and 52 sections, it repeals nine previously controversial provisions from the Cyber Security Act 2023, itself a rehash of the DSA.
But while it aims to address cybercrimes and uphold freedom of expression, its purpose is still undermined by the absence of clear and precise definitions.
"There is no clear definition of cyberbullying in the draft. It should be under Section 2. It is just mentioned in Section 25, but that too vaguely. There are no preventive measures either. It should have included comprehensive guidelines on how to create a safe cyberspace."
Consider Section 25 of the ordinance: For the first time, the country's cyber law has introduced a provision recognising cyberbullying as a punishable offence.
However, in general, cyberbullying lacks a universally accepted definition because its nature is inherently subjective and context-dependent. What one person perceives as harmful or offensive may not elicit the same reaction from another.
The draft defines it as actions that intimidate, threaten, or harass an individual or group through social media, messaging platforms, websites, or cyberspace. It includes spreading false or harmful information, abusive or defamatory messages, rumours, or harmful content that damages a person's reputation or mental health as examples of cyberbullying.
But legal experts do not think that is enough.
"There is no clear definition of cyberbullying in the draft. It should be under Section 2. It is just mentioned in Section 25, but that too, vaguely. There are no preventive measures either. It should have included comprehensive guidelines on how to create a safe cyberspace," said Supreme Court lawyer Barrister Jyotirmoy Barua.
Furthermore, the draft penalises 'hurting religious sentiment' with a two-year jail term and a fine of Tk10 lakh. Both the CSA and DSA included this provision.
A study by the Centre for Governance Studies (CGS) found that 528 cases have been filed over the past five years on charges related to the offence of hurting religious sentiments.
However, the degree of offence caused by religious sentiment can vary from person to person, meaning the same act may offend one individual while not affecting another.
"When will it apply and when will it not? The question remains. Such vagueness certainly creates scope for misuse," remarked Dr Qazi Zahed Iqbal, another Supreme Court lawyer.
In Bangladesh, where religion is often used as a political tool, the potential for misuse is even greater. Incidents of attacks, vandalism, arson, or lynching often occur under allegations of religious disrespect.
The CGS study also found that approximately 190 defamation cases were filed under the DSA for allegedly defaming the former prime minister Sheikh Hasina, with the majority of these cases initiated by her supporters.
Over 32% of the accused individuals were politicians, while 29.40% were journalists. On the other hand, around 78% of the plaintiffs had affiliations with the Awami League, the study further found.
Former law minister Anisul Huq himself once stated in the parliament that by the end of January 2023, a total of 7,001 individuals had been charged under this law.
"To combat cyber crime, there must be proper laws. But the question is, how people-friendly is it? If it includes provisions that can be misused to criminalise others, the very purpose of the law is defeated," Dr Iqbal remarked.
There are many more examples where the draft fails to provide a clear definition.
It provides wide authority to the Director General of the National Cyber Security Agency. Under clause (8), the Director General can ask the Bangladesh Telecommunication Regulatory Commission (BTRC) to remove or block harmful information, with the BTRC allowed to act in 'appropriate cases'. The term 'appropriate cases' is unclear here, which could lead to misuse and suppression of dissent.
The challenge with definitions can also lead to necessary laws being repealed, as it happened with provision 24 of the CSA. It considered identity fraud or impersonation as an offence and penalised it.
Prof Dr BM Mainul Hossain, Director of the Institute of Information Technology (IIT) at Dhaka University, believes that it should not have been repealed. "Many individuals commit crimes online using fake identities. This law was necessary," he said.
Meanwhile, section (36) of the draft still includes provision for searches, seizures, and arrests without warrants, which has always been controversial. Again, it is not clearly defined which context allows such a sensitive action.
"This provision grants power to the police. It is essential to scrutinise whether they are applying the law correctly. Otherwise, the law creates scope for misuse," said Dr Iqbal.
Professor Hossain added, "It requires a report of the search to be submitted to the tribunal. However, no specific time limit has been set for this. Since searches without a warrant could lead to harassment, there should be an obligation to submit the report, including the reasons for the search, within a reasonable time frame."
Barrister Jyotirmoy Barua confirmed to TBS that none of lawyers or activists who have been working on this issue for a long time were consulted in the drafting process. To make matters worse, the government provided only three days for public feedback, a timeframe too short for meaningful participation.
"The draft contains various practical flaws. The entire ordinance focuses solely on punishments, outlining what punishments will be imposed for certain actions. If this law is passed as is, it will create numerous implementation problems in the future," he warned.
