An ordinary person’s guide to dangerous online regulations


Two dangerous draft policies regulating our online presence have been hatched before our eyes, and with the exception of a few usual crying wolf suspects, there has been little public outrage over it. And I don’t blame you for not knowing them or not caring. It is quite easy to get lost in the technical jargon of experts (Intermediaries? Traceability? Peer-to-peer encrypted messaging?), or the righteous indignation of human rights activists (Violation of constitutional guarantees? Incompatibility with the ICCPR Article 19?Principles of proportionality?).

Maybe you have 99 issues and are worried about some far-off law – which will likely affect certain types of activists anyway – not one of them.

For all the latest news, follow the Daily Star’s Google News channel.

But what if I told you that, if implemented, these laws will not only curtail what little freedom of speech the press still has, but may well hamper those endless Netflix shows? What if your most private photos could be easily and legally accessed on the slightest pretext, like “liking” a Facebook post about government corruption?

The Data Protection Bill (DPA), drafted last November and finalized last week, is supposed to do as its name suggests: protect your data. The problem is that in reality, it allows a multitude of actors to access your data, without even your permission or even your explicit knowledge. These actors include law enforcement and security agencies, the Director General of the Digital Security Agency – responsible for investigating breaches, imposing fines and ensuring compliance – as well as all employees of the Data Protection Office. The law also contains a provision that gives more power to the government to exempt data controllers, that is, those responsible for collecting or processing (or supervising the processing) of personal data such as your computer scientist, respect for the law.

Also, while it gives us the right to know what kind of personal data is being collected, it does not apply to cases where “the processing is necessary for government functions”. What do “duties of government” entail, you ask? The draft doesn’t spell it out, which means it could mean literally anything the government wants it to mean. Similarly, the draft states that government agencies can “intercept, record, or collect information” about anyone for “national security” or “public order” reasons, but it does not define or limit what those terms mean. imply, which leaves them open to (misinterpretation.

Now, at this point, you might be thinking, well, that sure sounds terrible, but I’m a law-abiding citizen. I don’t even go to Shahbagh to phuchka, let alone protests. What possible justification would the government have for snooping in my Facebook chats? Unfortunately, the scope of the exemption is so broad that law enforcement or security agencies can lawfully access your data for the weakest grounds, for example, for writing a post criticizing a former minister, posting a satirical caricature or simply commenting on someone else’s behavior. status.

It may seem like I’m exaggerating, but these are concrete examples of ordinary people, such as students and professionals who have no connection to the media or politics, who have been arrested on these same grounds under the Digital Security Act (DSA).

You see, these laws only seem distant until they reach you.

The second piece of legislation – “Bangladesh Telecommunication Regulatory Commission Regulation for Digital, Social Media and OTT Platforms” – is even scarier. It offers an aggressive and authoritative content governance framework that applies to a host of applications/actors, including social media networks like Facebook, Twitter, Instagram, Pinterest; technology companies like Google, Microsoft; OTT platforms like Hoichoi, Netflix, Chorki, Spotify; live broadcasts on Facebook; IPTV and social media handles from media organizations.

Experts have pointed to the absurdity of bundling services that are functionally, technically and operationally miles apart, and therefore require different regulatory models. By forcing them to adopt a one-size-fits-all model, the government is essentially democratizing the internet, penalizing both content producers and end users in one fell swoop.

Also, all these platforms will have to register, yes, including apps selling sarees through Facebook live from home. For small e-commerce platforms and independent content producers, the bureaucratic loopholes associated with obtaining registration may well have a chilling effect on their entry into the digital space while, for an established news platform like The star of the dayregistration – and the imminent threat of its cancellation – will be a noose that can be tightened with the smallest of digressions.

The draft criminalizes the same set of vague provisions as the DSA. It states that the aforementioned service providers may not host any information that, among other things, “threatens the unity, integrity, defence, security or sovereignty of Bangladesh, [and its] friendly relations with foreign states; “violates government secrecy; creates disorder or disorder or deteriorates the public order situation; “is offensive, false or threatening and insulting or humiliating to a person” or “decency, morality, social acceptance, social values, contrary to the national culture”.

But what exactly do these terms mean? Would an R-rated Netflix show pass the test of “decency” or “national culture”? Who decides this? And frankly, what would the Internet be like even without content that was “humiliating” or “insulting” to someone or the other?

Unfortunately, we have already seen how broadly and arbitrarily these definitions have been used by the government to arrest, harass and humiliate a wide range of actors, including ordinary people, for exercising their constitutional right to liberty. of expression. Now, you may be wondering: if the DSA already allows the government to criminalize free speech, does it matter that new regulation is at stake? It matters because now the government is forcing all social media platforms to police on their behalf.

According to the new draft, platforms like Facebook can be fined up to Tk 3 billion and its representative jailed for up to 5 years for violation. With nearly 45 million users in the country, how exactly is Facebook supposed to do this oversight, with much of what is posted lost in translation? How can automated systems with filters understand context, dialects and nuances?

Additionally, the draft regulations state that the Bangladesh Telecommunications Regulatory Commission (BTRC) can order service providers to remove or block content – that too, within 72 hours of the instruction – which will deprive all these platforms of their independence and character. The tech giants are unlikely to take these lying blows. We’ve already seen Facebook, Google, and Twitter warn Hong Kong that they would stop operating there if officials in that country moved forward with amendments to data protection law (which isn’t as bad as ours) that could hold companies responsible for users’ actions.

The BTRC Regulations further require that all social media intermediaries have a Resident Complaints Officer, a Compliance Officer to conduct due diligence, and an Officer to liaise with law enforcement agencies and the BTRC – all of whom have to be residents of Bangladesh – basically so that there’s someone here they can hold accountable or arrest for any violation. But why would a company like Netflix, for example, go out of its way to take on this inconvenience when the easiest and cheapest solution would be to pack up and go? And it’s not just Netflix of course. A multitude of regional and global companies may no longer find it in their interest to operate in Bangladesh.

It’s getting worse. The BTRC regulation as well as the DPA also oblige intermediaries such as WhatsApp, Signal, Telegram, etc. to allow traceability and identification of the first issuer of any information. In simple terms, this means that these companies, whose very existence depends on guaranteeing privacy, would be required to break end-to-end encryption. Yes, you read that right: these regulations will legalize the monitoring of your private messages that you don’t want to share with the universe.

These are just some of the scariest layouts of the projects. They are dense and technical, but it is absolutely crucial that we decompress them to fully understand how they would impact us on a daily basis, in a very concrete way, if and when they are approved. Unless we want to live the rest of our lives constantly looking over our shoulders, deprived of the real benefits of the internet, we ordinary citizens must speak loudly against them while we still can.

Sushmita S Preetha is a journalist and researcher.


Comments are closed.