Can a new law balance cybersecurity and free expression?

The critical question of cyber safety is at the forefront with governments globally striving to protect citizens online while preserving freedom of expression. Bangladesh too is on the cusp of a transformation that hinges on robust reforms of cyber safety laws.

The Cyber Security Act 2023 (CSA), mirroring the now-repealed Digital Security Act 2018 (DSA), continues the legacy of vaguely defined offences that restrict free speech and impose severe penalties, including up to 14 years of imprisonment and hefty fines. Such provisions, reminiscent of the earlier repealed section 57 of the Information and Communication Technology Act, 2006 (ICTA), have been criticised for stifling dissent, with accusations of misuse by authorities to target journalists, academics, and others. Although section 57 of the ICTA and several DSA provisions have been challenged in the Supreme Court, many cases under these laws continue.

In a significant move, the law ministry announced an initiative to withdraw speech-related cases filed until August 2024 under the ICTA, DSA, and CSA. This was followed by a stakeholders’ meeting to discuss CSA reform proposals. By early October 2024, the government decided to repeal the CSA. As a result, a significant number of draft versions of the Cyber Shurokkha Ordinance (CSO) have been produced even after the approval of an initial draft by the advisory council in December 2024, reflecting deliberations among rights activists, legal experts, and other citizens. These drafts penalise various offences similar to earlier iterations but notably reduce the number of speech offences while introducing penalties for new harmful content. However, some definitions and procedures remain concerning, as discussed further below.

Cyber violence

The proposed CSO penalises “sexual harassment,” “revenge porn,” and “child sexual abuse material” on cyberspace. This will potentially have a positive impact on women and girls, who experience such forms of cyber violence. However, these terms are not defined, creating a scope for subjective interpretation and inconsistent application of the proposed ordinance.

Similarly, the proposal’s aim to criminalise sharing videos that are deemed “obscene,” is rooted in subjective moral standards adopted from the colonial-era Penal Code. As the meaning of “obscene” varies widely among people, it risks limiting freedom of expression, complicating enforcement, and causing inconsistent application. It may also lead to self-censorship among creators and artists. Besides, obscenity laws are often misused, including those under the Pornography Control Act 2012. These laws particularly affect women, often leading to moral policing.

The draft CSO shifts focus from protecting religious sentiments to penalising speech deemed hateful or provocative towards religions or their followers. However, its vague language may lead to misuse and subjective interpretation, threatening free expression and public discourse, crucial for societal progress. This conflicts with Article 20 of the International Covenant on Civil and Political Rights (ICCPR), which limits speech of religious hatred among others only when inciting discrimination, hostility, or violence.

While defamation has been removed from the proposals, the offence of criminal defamation considered a disproportionate response to protecting reputation, persists under the Penal Code. It applies equally to offline and online platforms and makes the change in the CSO largely ineffective. International bodies recommend decriminalisation of defamation, as echoed in the Media Reforms Commissions’ March 2025 report to ensure free expression.

The draft also aims to curb frivolous lawsuits by limiting case filings to aggrieved individuals, their representatives, or law enforcers. However, this may fail in situations such as alleged religious provocations, where many can claim grievances. In contrast, when victims of online sexual harassment and their representatives choose to avoid reporting due to the lack of victim and witness protection, perpetrators might escape accountability if case filing is restricted to these parties.

Procedural issues

The draft grants extensive powers to the director general of the Cyber Protection Agency, resembling those held by agencies under the CSA and DSA. They may demand the blocking of data through the Bangladesh Telecommunication Regulatory Commission (BTRC) or the Information and Communication Technology (ICT) Division based on vague criteria including undermining “solidarity” and “religious sentiments.” The vagueness of criteria, the overlapping roles between the BTRC and the ICT Division, and the latter’s power to demand data blocking, present significant risks for surveillance and threats to free expression.

The proposed CSO also permit police to search, seize, and arrest without warrants on broad grounds, such as mere suspicion of hacking or cyber-attacks on Critical Information Infrastructure. Though narrower than the CSA, DSA, or ICTA, these undefined criteria still risk misuse. Investigations can still last up to 105 days, with extensions approved by Cyber Tribunals on vague “reasonable grounds.” Severe penalties, including up to 10 years in prison and Tk 1 crore fine, without sentencing guidelines, risk inconsistent application. Collectively, these measures threaten freedom of expression, privacy, and due process rights, potentially leading to pre-trial harassment.

Furthermore, the Cyber Shurokkha Agency, with government-appointed directors will act as directed by the government resembling the agencies under the CSA and DSA. This raises concerns about government influence over their activities including blocking content. Meanwhile, the proposed National Cyber Shurokkha Council, led by the prime minister or chief adviser, will steer the agency in applying the draft ordinance and tackling cybersecurity threats. The council, mainly composed of government and security officials, risks power misuse and surveillance issues, echoing concerns from earlier councils under the CSA and DSA.

To protect individuals from online harm while upholding fundamental freedoms, such as the right to expression outlined in the ICCPR (Articles 19 and 20), offences must be clearly defined. Any restrictions on speech must be legitimate and proportionate. Warrantless arrests should be restricted to instances of direct threats to the body, with clear investigation protocols ensuring due process. Fair sentencing guidelines, including non-punitive options like community service or fines for minor offences, should be introduced. Also, digital forensic labs and an independent regulatory body, free from government influence must be established. An independent body to manage content blocking is necessary, aligning categories with permissible restrictions under the ICCPR and ensuring procedural safeguards, such as court-authorised blocks, to protect freedom of expression.

The question is: will the government roll out a cyber framework to herald a new era of restricted dialogue, or will it evolve to strike a balanced chord between protecting online discourse and safeguarding free expression? The conversation continues.

Priya Ahsan Chowdhury is a barrister, and advocate at the Supreme Court of Bangladesh, and associate at Dr Kamal Hossain and Associates.

Views expressed in this article are the author’s own. 

Follow The Daily Star Opinion on Facebook for the latest opinions, commentaries and analyses by experts and professionals. To contribute your article or letter to The Daily Star Opinion, see our guidelines for submission.