Bangladesh: State vs. Corporations In the Surveillance Debate

Mass surveillance – whether by state agencies or big corporations – is becoming an unavoidable, ubiquitous and universal phenomenon. Its many advantages include crime detection and prevention, development of better business solutions, and mitigation of the effects of pandemics and natural disasters.

Many countries have successfully used surveillance and big data to monitor and contain Covid-19 outbreaks in recent months. Surveillance has been used as an effective instrument for counter-terrorism in the last two decades.

While surveillance by itself is not universally sinister, without adequate safeguards, it can be used as a tool for abuse. Over the years, various investigations have revealed just that: invasive software is increasingly being used to carry out surveillance en masse on rights activists, lawyers, political oppositions, journalists, corporations, and users.

So where does Bangladesh legal framework sit on the issue of surveillance?

On one hand, Bangladesh recognises freedom of thought, conscience, speech and expression, as well as privacy of correspondence and communication, as constitutional rights. On the other hand, the laws confer sweeping mandates to state agencies to carry out surveillance on the citizens.

Under section 97Ka of the Bangladesh Telecommunication Regulation Act, 2001, the government has the powers to authorise any national security, intelligence or law enforcement agency to intercept, record or collect information belonging to any person on national security or public order grounds without any warrant.

Moreover, guidelines, policies and licenses issued by the Bangladesh Telecommunication Regulatory Commission require licensees to facilitate surveillance efforts of the state agencies.

Such surveillance and interception activities, without adequate checks and balances, would erode public trust in companies as well as the government authorities.

The High Court Division of the Supreme Court of Bangladesh in The State vs. Oli [2019] observed that the routine collection of call details and audio records from service providers by the regulators without following the due process or informing the customers are a breach of the fundamental right guaranteed under Article 43 of the Constitution of Bangladesh.

The Government of Bangladesh is also introducing a new data privacy law, which contains data mirroring provisions. Under the new law, both local and offshore data controllers will have to store “at least one serving copy of data” in servers or data centres located in Bangladesh.

Any new data privacy law should have the ability to curb unrestrained surveillance.

This requirement will further reinforce the security agencies’ powers to surveil and intercept locally stored data – which is opposed to the supposed privacy-centric framework of the proposed legislation.

Minister Mustafa Jabbar hinted at using this legislation to ensure that non-resident social media and video-on-demand platforms comply with its directions.

Using a data privacy law as a tool for enforcing a digital security agenda is perhaps not the most ideal way forward, especially when considered in the context of how the Digital Security Act, 2018 and the Information and Communication Technology Act, 2006 has been used over the last decade.

Especially now, in an era of digitalisation of services and digital consumerism where data sets are constantly being re-engineered and re-purposed, unchecked state surveillance, with little-to-no relief for privacy violations, is a serious privacy concern.

Our institutions suffer from a plague of fluctuant enforcement of laws and there is a dearth of privacy jurisprudence in Bangladesh. While the issue is not limited to one country, it could nevertheless have a deleterious impact on Bangladesh’s investment prospects: it is well-settled that one of the barriers to capital inflows is the host country’s national security and public order policies (which broadly encompasses its state surveillance laws and practices).

It is therefore absolutely crucial that the legal mandates on surveillance are guided by principles of necessity, proportionality, transparency and accountability within their design.

Moreover, commercial surveillance is met with increased distrust and hypersensitivity, even where the underlying motivations are admirable. For instance, a recent announcement by Apple about a new tool that will scan iOS devices for child abuse imagery was met with severe public backlash.

Many privacy advocates have argued that the only thing stopping the company from using this tool for other purposes is their words, and, in addition, this could give the governments a backdoor for surveilling citizens and persecuting dissidents. It is therefore equally important that the new data protection law incorporates sufficient safeguard against abuse by non-state actors.