Cyber-Related Legal Issues in Bangladesh: Inadequacies and Challenges
Dr. Kudrat-E-Khuda (Babu)
The whole world, including Bangladesh, has witnessed tremendous technological changes in the past two decades. Technology has inevitably evolved, driving significant human progress in every sphere of life. Amid this technological development, laws and regulations have been enacted to control offences relating to global advances in technology, including in Bangladesh. Bangladesh government has taken many initiatives in support of Vision 2021 to make the country Digital Bangladesh. Encouraged by the government’s initiatives, many national and multinational companies are facilitating online shopping, banking, communication, and many other e-commerce services, but in Bangladesh, the cyber-related laws are full of shortcomings and the customary laws are extremely outdated, leading to legal issues: most of the laws do not fit the era of information technology. As a result, these customary and cyber-related laws should be amended promptly so that they meet the challenges of the present information and communication technology era. Although Bangladesh government passed the ICT Act and the Digital Security Act to control cybercrime, the country’s existing laws for fighting the menace are inadequate due to certain limitations.
Cyber-Related Legal Issues in Bangladesh
A large number of cyber-related issues are mentioned in different Bangladeshi Acts (e.g. the Contract Act, the Tort and Liability Act, the Sale of Goods Act, the Penal Code etc.), but most of this cyber-related Bangladeshi legislation is quite outdated and is not suitable for the current Internet era. Moreover, there are many inadequacies in this legislation. These cyber-related legal complications must be addressed promptly for the greater security of e-administration, e-governance, e-commerce, in the interests of Digital Bangladesh, and so on. It should also be enacted compatibly with the people’s constitutional rights under Article 39 (the rights to freedom of thought, conscience, and speech) and Article 36 (the right to freedom of movement). It is essential that privacy is protected in cyberspace, and these two articles of the constitution of Bangladesh permit the state to impose reasonable restrictions on the exercise of these rights in certain circumstances, at their discretion. The interests of the sovereignty and integrity of the country, the security matters of Bangladesh, maintaining friendly relationships with other foreign States, public order, decency, morality, contempt of court, defamation, and incitement of offence are a few of the important issues that should be balanced in cyberspace as well as the general public sphere.
The Contract Act 1872
Any electronic transactions using computers, the Internet, e-mail, telephone, fax, or other electrical equipment are essentially contracts. No transactions can take place without a contractual relationship. However, all contract matters in Bangladesh are governed by the Contract Act 1872. The Contract Act permits the formulation of a contract (also called an agreement), which is a paper-based document. Under pre-Internet customary law, such a contract would not typically fulfil the criteria of electronic composition, since that would require presentation in a different form, so electronic information is clearly disregarded. According to this Act, cross and outskirt contracts are legitimate. Likewise, with the Evidence Act, a physical signature is important to make an agreement legally binding. With respect to correspondence regarding agreements, letters by post are adequate according to the law. Enactment that authorises advanced testaments, electronic contracts, and so on ought to be instituted, and some sections of the Act concerning documents and records should be amended to include electronic documents and records and e-signatures. E-commerce and Internet-based commerce have established new types of contract known as clickwrap and shrinkwrap contracts. In click-wrap contracts, clicking on a specific part of a website to signify offer or acceptance, as the case may be, becomes an important means of creating contractual relationships over the Internet; for instance, the software or Internet site presents the customer or potential buyer with contractual terms governing the utilisation of the software or the Internet. The client must consent to those terms and click on a link for ‘I acknowledge’, or ‘I concur’ to give his/her consent to utilising the product or site. Such click-through agreements substitute for direct dealings between participants in an online domain and can be utilised for a wide range of purposes. In addition, click-through agreements are utilised to: (i) establish terms for the downloading and utilisation of programs over the Internet, (ii) obtain agreement to a site’s terms of administration, (iii) set up terms for the checkout of merchandise online, and similar.
Fundamentally, the premise is that an agreement comprises an ‘offer’ by one party and an ‘acceptance’ by a second party. With regard to substantive issues concerning the arrangement of electronic contracts, the same guidelines that govern the development of a paper-based agreement should apply similarly to electronic contracts (Halim, 2008). Along these lines, in addition to other factors, there must be an ‘offer’ which meets with a formal and genuine ‘acceptance’; for instance, in a straightforward business exchange, the purchaser offers to buys something from a vendor or dealer, who acknowledges the offer; the two parties consent to the sale of a specific item at a specific cost; and the deal is concluded. As electronic contracts develop and advance, another fascinating issue that the courts will probably experience, eventually, is whether an agreement can be concluded between two PCs working in a trade context without human intervention. An agreement obviously requires a ‘meeting of minds’ (consensus ad idem) between the concerned parties even though, obviously, the law long ago acknowledged the right to enter into contracts through specialist third parties (qui facit per aliumfacit per se). However, that acknowledgment was customarily limited to offices and individuals or perceived juridical people and organisations. An agreement might ultimately employ any and all means of formalising agreements, including in writing or orally, directly or indirectly. Contract law governs private agreements between parties who agree to execute or forgo certain actions. The theoretical form is a mutually beneficial exchange whose terms are negotiated by the parties. The duration of a contract relies on its terms and conditions but is theoretically unlimited.
Tort Liability and Remedies in Cyberspace
A tort liability arises because a person’s rights are violated, in either the online or offline world, and the issue of cyber-tort arises when torts are established through online activities. Cyber-torts may relate to acts of negligence or cybersquatting, which involves registering names as Internet domains with the intention of reselling them for profit. Use of the Internet may also involve the same issues as ordinary torts, such a libel, and infringement of IPRs, misleading publications and any types of misrepresentation. Private wrongdoing may cause civil liability through website hacking, email spamming, breach of contract, and so on, which are not criminal acts, but public wrongs. There should be solutions to address these kinds of harmful activities. A new concept of defamation has been introduced, named cyberbullying, and has recently become quite notorious. A number of class action lawsuits have been filed in different countries around the world against cyberbullying and led to significant judgements. Although Bangladesh is now having a large number of incidents under tort law, the country is still in need of a constructive Act with provisions and remedies for tort matters.
The Sale of Goods Act 1930
Cyberspace is the conceptual environment where communication occurs over the Internet and through computer networks. It is the new open marketplace. Sellers and buyers exchange products without ever seeing each other. This is called a virtual marketplace. To protect people’s rights and control this kind of market, effective laws are vital, so that businesses can be run without experiencing any kind of unfairness. In Bangladesh, an Act that is known as the Sale of Goods Act 1930, governs such transactions. Under this Act, proper contracts and agreements are necessary for the sale and purchase of products. The seller is obliged to give a description of the product and send a sample to the buyer. If the product does not meet the buyer’s expectations in terms of quality, the buyer can cancel the contract and request a refund. The seller can also obtain compensation if any damage has occurred. This can prevent any kind of fraud by the buyer or seller. Consumers are permitted to request any kind of information because this has no cost on the Internet, but the buyer or seller needs to show an interest in the product. Unfortunately, in Bangladesh, there is no law to govern the sale of goods through the Internet, so a specific law should be passed to address e-commerce and online transactions.
The Penal Code 1860
The Penal Code of Bangladesh is a 159-year-old crime-related substantive law. This law specifies the penalties for various traditional crimes, but not cybercrime, computer-based, or Internet based crime. The legal criteria should be amended to apply to liaison in cyberspace:
The Police Act 1861
The Bangladesh Police follow the Police Act 1861, to govern their activities, but this Act is archaic and it is ineffective for investigating cybercrime. Historically, the policing model was taken from the Irish system about 158 years ago. Since cybercrime is affecting Bangladesh from different angles, it is essential to amend the Police Act 1861, to control and prevent cyber-related crimes and offences. Here it should be remembered that we are now in an era of globalisation via the Internet and, nowadays, offenders are committing crimes and offences using electronic devices and the Internet—not knives—so the traditional practices of the police system should be reformed as a matter of urgency. Furthermore, in amending the existing Police Act of Bangladesh, it is very important to implement developments by which Bangladesh Police can become experts in the field of ICT and finally play a key role in preventing cyber-related offences in Bangladesh. The police should be introduced to new and relevant technology and systems to enable them to easily investigate cybercrime and identify cyber offenders. The lawmakers and concerned authorities should move forward to address these issues, which are critical to the prevention of cybercrime in Bangladesh. Regarding this issue, Mr. Abdul Quayum, Chief of the Special Branch of the Bangladesh Police, said that the Police department wants to set up a cybercrime unit before such crimes go out of control and stated ‘we have already initiated a process by working with ICT experts in the police department to track down such criminals’. No relevant watchdog or security system has yet been developed in the country, although the present situation is not beyond the control of the security forces under the said Act.
The Evidence Act 1872
A physical signature is required in Bangladesh to formalise a commercial or business transaction or to make any valid contract under the Evidence Act 1872. This Act is also outdated, like the other laws of Bangladesh. Unfortunately, no electronic contract is valid under this Act, despite this being the era of information and communication technology and globalisation. It is generally agreed that electronic/computer evidence is a new development, which is not covered by the Evidence Act, thus necessitating certain amendments therein. Considering the circumstances and need of the people of Bangladesh, the Evidence Act 1872 should be modified promptly to recognise digital signs and signatures, since such electronic/computer evidence is a new concept in the present world and such types of signatures are being used globally for commercial and other purposes. The following sections of the Evidence Act should be modified to accept as evidence computer documents, internet documents, and electronic records or other electronic forms in the age of ICT. It is essential to define ‘evidence’ to include electronic records in addition to written documents. The current definition of evidence includes two kinds of evidence: oral evidence and documentary evidence. So, in the Bangladeshi context, there is no concept of electronic records as evidence, despite electronic records being important and considered as valuable evidence in many countries. Digital signatures, electronic agreements, electronic messages, and similar are having a profound impact on our lives by changing our means of interaction and transaction with one another, but computer and electronic records have no status in the Evidence Act, 1872. Computer and electronic records could be influenced by the following sections of the Evidence Act, 1872:
(i) Section 17 (for admissibility)
(ii) Section 32 (relating to cases in which statements of relevant facts by a person who is dead or cannot be found are relevant)
(iii) Section 34 (relating to oral admissions when the contents of documents are relevant
(iv) Section 35 (relating to the relevance of entries in public records, made in performance of duty)
(v) Section 39 (relating to what evidence must be given when a statement forms part of a conversation, document, book, or series of letters or papers)
(vi) Section 59 (relating to proof of facts by oral evidence)
(vii) Section 61 (relating to proof of the contents of documents)
(viii) Section 62 (relating to primary evidence)
(ix) Section 65 (relating to secondary evidence that may be given regarding the existence, condition or contents of a document)
(x) Section 67 (relating to proof of signature and the handwriting of a person alleged to have signed or written a document produced as evidence)
(xi) Section 68 (relating to proof of execution of a document required by law to be attested);
(xii) Section 69 (relating to proof where no attesting witness can be found)
(xiii) Section 70 (relating to admission of execution by party to an attested document)
(xiv) Section 131 (relating to the production of documents which another person, having possession of, could refuse to produce).
The above sections of the Evidence Act, 1872 only cover paper-based documentation and are not applicable to electronic or computer-based documents or reports; for example, composition, printed words, lithographed captures, guides, plans, and engravings on metal or stone are all considered to be documents. Section 39 (18) of the General Clauses Act 1897 (in the Bangladeshi context) defines documents in an exclusive manner: a document includes ‘any matter written, expressed or described upon any substance by means of letters, figures, or marks, or by more than one of those means, which is intended to be used, or which may be used, for the purpose of recording the matter’. If all the above-mentioned forms are documents, there is no reason why electronic records or computer-based records are not.
The Bangladesh Bank Order 1972
This law provides the rules and provisions for money or fund transfers between banks, or between banks and other financial institutions, through physical deeds or papers. In the era of Internet and information communication and technology, since people are becoming familiar with such transfers, and considering the needs of people and current demands, new provisions for fund or money transfers via electronic means should be added to the paper-based regulations to encourage e-banking.
The Copyright Act 2000
Twenty years ago, people could not imagine that intellectual property rights would become as important as they are today regarding the protection of computerised material, but the protection of copyright and intellectual property rights has emerged as a leading topic in scholarly and public discussions. Copyright law in Bangladesh is having particular difficulty in adjusting to the new era. The Copyright Act 2000 came into force in Bangladesh in July 2000, replacing the Copyright Ordinance Act 1962. There are suggestions that Bangladesh may sign and ratify a WIPO treaty in near future. The Government has also announced its intention to amend the Copyright Act and introduce a right of IP (intellectual property) to own copyright in respect of computer-protected material and extent the duration of copyright for all IP and computer-related material. Such changes could enable Bangladesh to become a party to all the World Intellectual Property Organization (WIPO) treaties. Although Bangladesh is a member of the WIPO, the country has not yet signed or ratified a WIPO treaty. Patent, trademark, copyright, and similar issues are very important, not only in a Bangladeshi context, but also in a global context, but these important issues have been neglected in Bangladesh’s ICT Act 2006, which indicates the great shortcomings of that Act. Considering the demand and importance of copyright-related issues, the Bangladesh Government should amend the existing Copyright Act. Furthermore, patent, trademark, and copyright-related issues should be included in the ICT Act also, so that plaintiffs may benefit from proper remedies when their copyright is violated or infringed.
The Telegraph Act, 1885
The Telegraph Act, 1885, is obsolete in the age of information and communication technology. This Act should also be amended by adding a new section to prohibit the transmission or receipt of encrypted data by electronic means.
Multi-jurisdiction or Cross-border Problems
In the virtual marketplace of cyberspace, which deals with people from different countries, Bangladeshi legislation should follow the precedents of Internet transactions and contracts relating to cyber law. This would minimise any unlawful activities when the buyer and seller are bound by multi-jurisdiction or cross border legal obligations. A mutual understanding between two parties relies on intentions which are finally established as contracts according to Bangladeshi Law.
E-commerce and Cyber Law
Electronic commerce, also known as e-commerce, relies on the Internet for buying and selling products through electronic means. Currently, four types of e-commerce are growing dramatically in Bangladesh: business to business, business to consumer, consumer to consumer, and business to employees. The ICT Act 2006 was established to encourage the rapid growth of e-commerce. Cybercrime greatly affects businesses in Bangladesh. Hacking, online fraud, IP rights infringements, and misuse of personal data are a few of the common offences. In February 2016, the Central Bank of Bangladesh faced a huge crisis due to the fraudulent transfer of its reserve fund, amounting to $101 million dollars, but fortunately, it managed to prevent another $850 million-dollar fraud of the same type. Although, in Bangladesh, there is major difficulty in prosecuting cyber criminals due to lack of evidence, the courts do not accept electronic evidence against the accused. Online purchasing has now become a common method of doing business but is also increasing the rate of fraudulent transactions and breaches of consumer rights. Sometimes the actual products are different from the products shown to the consumer online, but unfortunately, there is no specific legislation to handle this matter in Bangladesh.
Consumer Protection Laws and Cyber Law
There is no specific law to control and protect the cyberspace context in which people of different nationalities run their businesses, but laws which exist in Bangladesh could be executed in a proper way to maintain consumer protection. As consumers, having access to computers and the Internet involves the right to information and technology. To protect consumer rights, the European Union has specific laws to control cyberspace through electronic contracts. Likewise, Bangladeshi cyber law needs to make changes to protect the consumer rights of users in the cyber marketplace and eliminate any unfairness.
Internet Taxation and Cyber Law
No law in Bangladesh exclusively addresses electronic transactions. The Income Tax Ordinance, 1984, is the only income tax-related law in Bangladesh for the collection or assessment of tax. The National Board of Revenue (NBR) has released a series of tax guidelines stating the sectors which should be taxed or not in each year, but the NBR has not released any tax guidelines for electronic transactions; for example, if one person in Bangladesh agrees to buy something from a website in Singapore through the Internet, the revenue authority of Singapore clarifies the tax treatment of the proposed goods and procedures. However, the Bangladeshi NBR and other tax authorities are completely silent on this issue, creating problems for electronic transactions every moment.
Cyber-terrorism and Cyber Law
Some recent incidents around the world, including Bangladesh, have created a buzz regarding the need for a separate Act relating to cyber-terrorism. Although this matter is covered by criminal law, it undoubtedly requires more attention now. Cybercrime and cyber-terrorism are now two major menaces that depend on the Internet and thus require a specific Act to cover them both.
Privacy, Data Protection, and Cyber Law
The personal data protection and privacy of individual Bangladeshi citizens is covered by the Right to Information Act 2009. This Act has incorporated provisions that not only ensure the free flow of information on different matters, but also state people’s right to information. The Act explains that any information which may breach the privacy of someone’s personal life, hinder law enforcement agencies, or jeopardise the life or physical safety of any individual, and any personal information protected by any law of the country, is not subject to mandatory disclosure by certain private organisations or the Government of Bangladesh, instead of incorporating separate provisions in the ICT Act, as countries like India have done with their own data protection law. It is high time that Bangladesh enacted a separate Data Protection Act with provisions for cyber-related safety issues and remedies.
Impediments to the Implementation of Cyber-Related Laws
With today’s increasing dependence on information systems, electronic devices, and data networks, the Government should concentrate on enacting new cyber security legislation to reduce cyber-related crime, but there are some obstacles to the enactment of cyber-related laws, which are outlined below.
Lack of Collaboration Regarding Enactment of Related Laws
The Government should keep pace with the emerging crisis arising from the rapid growth of Internet use that requires regulatory frameworks for security management, but there is a disjuncture between the enactment of cyber and related laws. When we allude to enactment, we are alluding to the utilisation of guidelines on an extensive scale, with a view to ensuring digital security on a national level. For the most part, enactment is very powerful with regard to managing conduct in a joint effort with related sectors, but impediments to, and constraints on, joint efforts may result from lack of trust, inadequate enactment, and conflicting interests between the different parties. There are problems to be resolved for the viable use of the law if those laws are not connected with complementary laws. Notwithstanding, these laws can generally be improved, especially when we consider that there are situations which could undermine, not just the standards on which the web is based, but even certain fundamental human rights. In view of the possibility that the Web is limitless and has no physical boundaries, there are situations in which, despite the fact that enactment has a national dimension, legitimate clashes occur, mostly concerning the origins and implications of security concerns and opportunities to articulate them. In this situation, serious discussion about protection and security may possibly be the most important factor. In addition, the lack of enactment or provisions to address specific issues can undermine global cooperation, even within a similar region. Open and private areas face challenges with regard to access to data, with implications for security, the right to privacy, and business interests, primarily of technology companies.
Shortage of Resources
Concerning enactments regarding the Internet and related issues, the Government intends to take measures to reduce crime in cyberspace and prevent Internet-based disruption through digital security agencies and a national digital security council, but the Government has yet to implement these measures. Moreover, a shortage of qualified IT security personnel makes it difficult for organisations to attract and recruit qualified staff. The security agencies have been unable to successfully cope with the emerging problems triggered by the rapid expansion of Internet use in daily life. They do not have sufficient human resources to implement these measures, which places the security of the Government at risk. Furthermore, there is a gap between the incentives of the public and private sectors to reduce the security problems of Internet use, with the government agencies not only having to devise a security and compliance strategy for networks and devices, but also take over daily security management. In order to eliminate the cyber crisis, first of all the public and private sectors must ensure the development of security expertise and the necessary technical resources to operate effectively.
Lack of Awareness among Users
It is necessary to outline rules for all stakeholders to ensure clarity and make legislation effective. However, behind this new legislation lie challenges that need to be overcome in order for it to occur. These include understanding the requirements and conditions that exist in each of the general public and private sectors and the capability of all stakeholders as users and citizens. Nowadays, the stakeholders in Internet use reach from the top to the bottom of society, and a remarkable proportion of the society uses the Internet, mostly social media, for rational and communication purposes (e.g. Facebook, Imo, WhatsApp, and Viber. With this remarkable expansion of Internet users among illiterate groups of people, some unexpected incidents are taking place in cyberspace, with or without their knowledge. Interestingly these groups of people are not at all concerned about the existing laws and most of the victims are unaware of the legal remedies that they are eligible to obtain, so it is high time for the private and public sectors who enter cyberspace to make stakeholders aware of the possible unlawful acts that may be committed using the Internet. The absence of proper client mindfulness and preparedness is conceivably one of the most significant reasons for digital wrongdoing episodes to occur and may become the ‘fuel’ that drives them (e.g. spoof messages and junk letters). Users who do not know about the potential perils of the Internet tend to become the most frequently exploited people. Neither the wrongdoers, nor the victims, are fully aware of the consequences of cyber offences.
Lack of Accredited Agencies
Bangladesh is not the only country struggling to strike a balance between cybercrime and freedom of speech. Unlike other countries, Bangladesh is still working to find a constructive mechanism which may work effectively for cyber-related issues. At this stage, there is mention of a cyber/digital forensic laboratory, to be established through the ICT Act, but the country still needs expertise and aware minds to make the operation of this laboratory efficient. Bangladesh is still dependent on other countries (e.g. China, the USA) for its cyber equipment, but it needs agencies that can fully construct and control the cyber security framework without dependence. Although Bangladesh has formed a Bangladesh Computer Emergency Response Team (BDCERT), the organisation is not active and has not been updated since its formation.
In the age of information and technology, it is important for any country to have a process for making cyber laws to supervise and protect against cybercrime. In Bangladesh, there are only two Acts to manage the cyber world—the ICT Act 2006, and the Digital Security Act 2018—but these need major changes if they are to protect the interests of the Bangladeshi Internet users. In Bangladesh’s legal framework, it is a difficult process to accept the Internet completely and make major changes in laws to protect the rights of consumers.
However, now it is imperative that there should be changes in the ICT Act 2006; the Evidence Act 1872; the Bankers’ Books Evidence Act 1891; and the Bangladesh Bank Order 1872. This would help the country to discover the huge opportunities afforded by computers and the Internet in the age of information and technology. The ICT Act could support e-commerce and e-governance, so there should be rapid amendments to keep up with technological developments. In Bangladesh, there is a law called the Penal Code, which has been in force since 1860, when people never anticipated the age of information and technology, but this Code is no longer effective in minimising the crimes that occur in cyberspace. Some common crimes, such as conspiracy, solicitation, security breaches, fraud, espionage, and similar are now increasing through the use of the Internet; therefore, it is obvious that new laws for protecting the citizens of Bangladesh are desperately needed. By making changes to the existing laws, Bangladesh can reap the rewards of Internet use like many other countries. To maintain national security and fulfil the dream of Digital Bangladesh, it is vitally necessary to introduce and implement a comprehensive law covering cyber-related matters and ensure the best interests of the citizens.
Dr Kudrat-E-Khuda (Babu), Associate Professor and Head, Department of Law, Daffodil International University; Visiting Professor at the Lyceum of the Philippines University-Laguna, the Philippines; Climate Activist at the Greenpeace International and former Associate Member at the Centre for the Study of Global Human Movement, University of Cambridge (UK). He can be reached at: firstname.lastname@example.org