Overview of ICT Act.

2006 / Cyber
Law in Bangladesh

Md. Shihab Uddin Khan

Associate Professor,
BIBM, Mirpur-2, Dhaka

Agenda
What is Cyber Law?
Why Cyber law?
Importance of Cyber Law?
Cyber Jurisdiction
Target of Cyber Law
Cyber Law in Bangladesh (The ICT Act 2006)
Salient Features of ICT Act 2006
What is Cyber Crime?
Cyber Crime/Financial Frauds in e-Banking
Actions taken to Curb Cyber Crimes
Cyber Crime and Punishments (as per ICT Act. 2006)
Steps taken for Electronic Certification
Next Actions

What is Cyber Law?

Law that governs the cyber space (ICT,

computer, internet etc.)

It refers to all the legal and regulatory aspects
of Internet and the World Wide Web (WWW)
Law to govern electronic and internet
communications
Cyber law consists of rules that :
Is approved by the government, and
is in force over a certain territory, and
must be obeyed by all persons in that territory.

Why???
ICT is encompassing all walks of life
Transformation from Paper to less paper to paperless
Transaction in cyber space increasing
Cyber Crime is increasing rapidly and is not limited to

geographical territory

Importance of Cyber Law

Government Information flow in electronic form is increasing;

electronic information has become the main object of cyber crime.

Online Transaction is increasing
A software source code worth crores of taka or a movie can be
pirated across the globe within hours of their release.
Conventional laws are inadequate to govern and regulate
Cyberspace
Cyberspace has complete disrespect for jurisdictional boundaries.
Cyberspace handles enormous amount of transaction every
second.
Cyberspace is absolutely open to all.
Theft of corporal information.
Electronic records are copied quickly, inconspicuously and often
via telecommunication facilities.

Cyber Jurisdiction
The

internet does not tend to make

geographical and jurisdictional boundaries,
but internet users are remaining under
physical jurisdictions. A single transaction
may involve at least 3 jurisdiction. These
are:
The law of the state/country in which the user resides;
The law of the state/country that apply where the

server hosting the transaction is located; and

The law of the state/country which apply to the
person or business with whom the transaction takes
place

Target of Cyber Law

Authentication
Persons (Sender, Receiver) and Documents/

Information

Secured Transaction
Minimize Cyber Crime
Minimize Digital Hazard and Breakdowns
Spam e-mail, Mobile SMS
Protect Privacy and Intellectual property
Encompass all means and medias
Authorize government bodies and regulators
Formulate punishments and immunity

Cyber Crimes are Vulnerable

Because of : Anonymity,
Computers storage capacity,
Weakness in Operating System,
Lack of Awareness of user.

12

Classification of Cyber Crime

Cyber Crime refers to all activities done with criminal intent
in
cyberspace. These fall into four major slots/categories.
Against persons/individuals (Spamming, e-mail spoofing, Child
Pornography, Cyber stalking/defamation etc.)

Against Property (Credit card, fraud, intellectual property crimes Soft Piracy, theft of computer source code , and Internet time theft )
Against (Business and Non-business) organizations
(Capture
secret
data/valuable
business
information
by
hacking/cracking, unauthorized access to computer, DDoS, virus
attack, e-mail bombing, salami attack, logic bomb, Trojan horse and
data diddling etc.)
Crime targeting the government (Cracking any govt./military
websites etc.)
13

Cyber Crime/Financial Frauds in e Counterfeiting Debit or Credit card

Banking
ID-Theft/Account Take over
Hacking/Cracking IDs/Password and other

confidential information
Data Leakage/Breaching
Malware attack to capture security credentials
DoS/DDoS Attack
Salami Attack
Fake MICR Cheque
Fraudulent Fund Transfer through EFT
Unauthorized fund transfer due to password
sharing/leakage
Phishing

BIBM Website Hacked,

2012

Cyber Law in Bangladesh (The ICT Act.

2006)
The ICT Act of Bangladesh has enacted in 2006

as Information Communication Technology Act

2006
The Act retains legal recognition and security
guidance of ICT and related matters
The ICT Act 2006 empowered the government to
take necessary legal attempts to bring ICT of the
country under the control of the government
The Act has been amended in 2009
The Act contains 90 (ninety) sections
under 9 (nine) chapters

Cyber Law in Different Countries

India - IT Act,2000
Pakistan - Electronic Crimes Act, 2004
Srilanka - Computer Crime Act, 2007
UK - Computer Misuse Act 1990
USA - US Federal Cybercrime Laws (2010)
KSA KSA Anti-Cyber Crime Law (2007)
China Computer Information Network and

Internet Security, Protection and Management

Regulations (1997) /Criminal Law of the Peoples
Republic of China
Australia - Cybercrime Act 2001
Japan - Information Law/ Unauthorized Computer
Access Law (1999)

Name of Nine Chapters of ICT

Act. 2006
1) Preliminary
2) Digital Signature & Electronic Records
3) Attribution, Acknowledgement And Dispatch Of
4)
5)
6)
7)
8)
9)

Electronic Records
Secure Electronic Records & Digital Signatures
Controller & Certifying Authorities
Duties Of Subscribers
Breaching Rules, Prevention, Penalties Etc.
Offences, Investigation, Adjudication, Penalties
Etc
Miscellaneous

Cyber Law of Bangladesh

(contd..)
Subsequently, Information Technology

(Certifying Authorities) Rules, 2010 has been

promulgated.
Information Security Policy Guideline is

underway to be formulated.

Salient Features of ICT Act 2006

Recognition of electronic records, electronic signature
Controller of Certifying Authorities

Regulation of Certifying Authorities

Administering security issues and cyber crime control
Certifying Authorities
Electronic signature certificate issuance
Cyber Crime, investigation, judgment and

punishment
Cyber Tribunal, Appellate tribunal
Promotion of e-transaction, e-payment, eprocurement etc.
Immunity section for non-compliance!!!

Actions taken to Curb Cyber Crimes

The cyber crimes jurisdictional boundaries are

defined.
ICT Act declared the penalty of 10 years
imprisonment with or without fine.
As per revised law (October, 2013), Period of
imprisonment: Max 14 years and Min 07 years.
Cyber Tribunal may take cognizance of cyber
crime. A cyber tribunal in Dhaka City is
established.
BTRC performs as a watchdog in cyber
protection and has the authority to conduct
Mobile Courts for speedy trial of such crime.

Actions taken to Curb Cyber Crimes

Bangladesh police has an Anti-cyber Crime

Department headed by a DC of Police, CID in

2008
Bangladesh has formed the authority of CERT
(Computer Emergency Response Team).
BTRC has formed a special cell to crack down
on cyber crimes. The 11-member Bangladesh
Computer Security Incident Response Team
(BD-CSIRT) has already started its works. The
team is tasked to mark websites with contents
that may spread social, political, religious or
national hatred.

Steps taken for Electronic

Certification

1) Controller of Certifying Authorities (CCA) has started

functioning from 2009 [BCC, MoICT]

2) Information Technology (Certifying Authority) Rules
2010 has been approved by the government
3) Certifying Authority Licenses has been given to provide
digital signature and certificate services [6 CAs]
4) Decision has been taken for Government CA
5) Initiative to set up Cyber Tribunal
6) CA auditing has began
7) Establishment for Root CA is going on
8) Awareness for importance and uses of Digital signature

CCA Office & Licensed CAs in

Bangladesh

1. Mango Teleservices
2.
3.
4.
5.
6.

Limited
Bangla Phone Ltd.
Dohatec New Media
Data Edge limited
Flora Telecom Ltd.
Computer Services Ltd.

Source: http://www.cca.gov.bd

Office of the CCA

controller
BCC Bhaban, Agargaon
Dhaka, Bangladesh
Dhaka 1207
Telephone: 88-028144042
Fax: 88-02-8181711
E-mail: info@cca.gov.bd
Ministry of Posts,
Telecommunications and
Information Technology
ICT Division
Office of the Controller of
Certifying Authorities (CCA)

Cyber Crime and Punishments

(as per ICT Act. 2006)
Section 54. Penalty for damage to computer,

computer system, etc.--If any person, without

permission of the owner or any person who is in
charge of a computer, computer system or computer
network,-Punishment/Penalty: Imprisonment for maximum
ten years, or with fine which may extend to Taka ten
(10) lakhs, or with both.
Section 55. Punishment for tampering with
computer source code.
Punishment/Penalty: Imprisonment for maximum
three (03) years, or with fine which may extend to Taka
three (03) lakhs, or with both.

Cyber Crime and Punishments

(as per ICT Act. 2006)
Section 56. Punishment for hacking with computer system.
Section 57. Punishment for publishing fake, obscene or defaming

information in electronic form.-Punishment/Penalty: Imprisonment for maximum ten years, or with fine
which may extend to Taka one (01) crore, or with both.
Section 61. Punishment for unauthorized access to protected systems.--(1)

Any person who secures access or attempts to secure access to protected

system in contraventions of section 47 of this Act, then this activity of his will
be regarded as an offence.
(2) Whoever commits offence under sub-section (1) of this section he shall be
punishable with imprisonment for a term which may extend to ten years, or
with fine which may extend to Taka ten lakhs, or with both.

IT Act . 2000 and Punishment for Cyber

terrorism
(Indian Cyber Law)
Section 66 of IT Act -Hacking (punishment upto 3 yrs/fine of 2

lakhs)
Section 70 of IT Act - any act to harm protected systems

punishable under IT Act 2000 (punishment upto 10 yrs)

Section 121of IPC -waging war against Government ( punishable

with life imprisonment)

Section 153A,295 A of IPC -promoting enmity between different
religious groups is punishable offence(3 yrs imprisonment/fine/both)
Section 66F of the Indian Information Technology Amendment
Bill 2008 specifically deals with issue of cyber terrorism.
Covers denial of access, unauthorized access, computer contaminant

leading to harm to persons, property, critical infrastructure,

disruption of supplies, sensitive data thefts
Punishable with imprisonment which may extend to imprisonment for

life.
30

Recent amendments in IT Act,2000

(Indian Cyber Law)
To protect interests of sovereignty , integrity of India,

public order, security of State , defense of India, friendly

relations with foreign states Section 69 -Power of interception, decryption, monitoring of
information by Central govt/state govt, authorised agencies
Section 69 A -Power to block objectionable websites-to protect

interests of sovereignty , integrity of India, public order, security

of State , defense of India, friendly relations with foreign states

Section 69 B -Power to authorize to monitor and collect traffic

data, or information through any computer resource for cyber

security

Section 70 -Protected systems, and Section 70A Central Govt

shall appoint Indian Computer Emergency Response Team to

protect its critical infrastructure
31

Weakness of ICT Act. 2006,

Bangladesh

In the Information Communication Technology Act

of Bangladesh does not define what the Cyber law
by any section is. But Cyber laws are contained in
the Information and Communication Technology Act,
2006.
The Act. mentions only limited number of cyber
crimes but also others are cyber crimes present
before us. In future different types of cyber crimes
will be intimated us.
Subsequently the law does give proper solution
about the Intellectual Property Right and this law
does not discuss about the rights and liability of
domain name holders which is the first step of

Next Actions
Heighten awareness/ training as to acquire or

upgrade ICT capabilities, on major risks, and

importance of security policies and capabilities.
Develop warning and reporting points which serve
as a means of internal and external information
sharing about incidents.
Continue formation of CERT with international
communications
and
technical
knowledge
exchange.
Constitute a cyber crime commission involving
internet policy experts, computer experts, lawyers,
law enforcers and internet service providers to
check cyber crimes.

Next Actions (Contd..)

Safeguard

the integrity and privacy specially of

economic and administrative communications and
their security across all free flow of information.
All Criminal & related Codes and Acts (Penal Code,
Evidence Act., Bankers Books Evidence Act., Privacy
and Data Protection Act., Spam E-mail & SMS,
Protection Act., etc.) should be enhanced to include
electronic provisions and security options.
Social awareness and moral values are to be
enhanced.
Implement the acts and laws in more fruitful ways.
Update/Revised the law periodically on demands.

Thank You