Overview of ICT Act. 2006 / Cyber Law in BangladeshMd. Shihab Uddin KhanAssociate Professor, BIBM, Mirpur-2, Dhaka

AgendaWhat is Cyber Law?Why Cyber law?Importance of Cyber Law?Cyber JurisdictionTarget of Cyber LawCyber Law in Bangladesh (The ICT Act 2006)Salient Features of ICT Act 2006What is Cyber Crime?Cyber Crime/Financial Frauds in e-BankingActions taken to Curb Cyber Crimes Cyber Crime and Punishments (as per ICT Act. 2006)Steps taken for Electronic CertificationNext Actions

What is Cyber Law?Law that governs the cyber space (ICT, computer, internet etc.)It refers to all the legal and regulatory aspects of Internet and the World Wide Web (WWW)Law to govern electronic and internet communicationsCyber law consists of rules that :

Is approved by the government, andis in force over a certain territory, andmust be obeyed by all persons in that territory.

Why???ICT is encompassing all walks of lifeTransformation from Paper to less paper to paperlessTransaction in cyber space increasingCyber Crime is increasing rapidly and is not limited to geographical territory

Importance of Cyber LawGovernment Information flow in electronic form is increasing; electronic information has become the main object of cyber crime. Online Transaction is increasingA software source code worth crores of taka or a movie can be pirated across the globe within hours of their release.Conventional laws are inadequate to govern and regulate CyberspaceCyberspace has complete disrespect for jurisdictional boundaries. Cyberspace handles enormous amount of transaction every second. Cyberspace is absolutely open to all. Theft of corporal information.Electronic records are copied quickly, inconspicuously and often via telecommunication facilities.

Cyber JurisdictionThe internet does not tend to make geographical and jurisdictional boundaries, but internet users are remaining under physical jurisdictions. A single transaction may involve at least 3 jurisdiction. These are:

The law of the state/country in which the user resides;The law of the state/country that apply where the server hosting the transaction is located; andThe law of the state/country which apply to the person or business with whom the transaction takes place

Target of Cyber LawAuthenticationPersons (Sender, Receiver) and Documents/ InformationSecured TransactionMinimize Cyber CrimeMinimize Digital Hazard and Breakdowns

Spam e-mail, Mobile SMSProtect Privacy and Intellectual propertyEncompass all means and medias Authorize government bodies and regulatorsFormulate punishments and immunity

What is Cyber Crime?Internet is one of wonders of modern science. But today criminals are using it to carry out various criminal activities which are known as cybercrime. Use of computer / internet to do something that would be a crime in any case.Computer crime, cyber crime, e-crime, hi-tech crime or electronic crime generally refers to criminal activity where a computer or network is the source, tool, target, or place of a crime. Computer crime can broadly be defined as criminal activity involving an IT infrastructure, including illegal access and interception, data and computer systems interference (by inputting, transmitting, damaging, deleting, deteriorating, altering or suppressing computer data), misuse of devices, forgery (ID theft), and electronic fraud.

*

COMPUTER CRIME is any crime where Computer is a target.Computer is a tool of crime.Computer is incidental to crime.*

Why learn about CYBER CRIME ?

Because Everybody is using COMPUTERS.From white collar criminals to terrorist organizations And from Teenagers to Adults.Conventional crimes like Forgery, extortion, kidnapping etc. are being committed with the help of computers.New generation is growing up with computers and internet access.MOST IMPORTANT - Monetary transactions are moving on to the IINTERNET.

Profile of Cyber CriminalDisgruntled employees.Teenagers.Political Hacktivist.Professional Hackers / Crackers.Business Rival.Ex-Boy Friend.Divorced Husband. etc*

Motive behind the Crime*GreedPowerPublicityRevengeAdventureDesire to access forbidden informationDestructive mindsetWants to sell new security services/solutions

Cyber Crimes are VulnerableBecause of :-Anonymity,Computers storage capacity,Weakness in Operating System,Lack of Awareness of user.*

Classification of Cyber CrimeCyber Crime refers to all activities done with criminal intent incyberspace. These fall into four major slots/categories.Against persons/individuals (Spamming, e-mail spoofing, Child Pornography, Cyber stalking/defamation etc.)

Against Property (Credit card, fraud, intellectual property crimes - Soft Piracy, theft of computer source code , and Internet time theft )Against (Business and Non-business) organizations (Capture secret data/valuable business information by hacking/cracking, unauthorized access to computer, DDoS, virus attack, e-mail bombing, salami attack, logic bomb, Trojan horse and data diddling etc.) Crime targeting the government (Cracking any govt./military websites etc.)*

Cyber Crime/Financial Frauds in e-BankingCounterfeiting Debit or Credit cardID-Theft/Account Take overHacking/Cracking IDs/Password and other confidential informationData Leakage/BreachingMalware attack to capture security credentialsDoS/DDoS AttackSalami AttackFake MICR ChequeFraudulent Fund Transfer through EFTUnauthorized fund transfer due to password sharing/leakagePhishing

BIBM Website Hacked, 2012

Cyber Law in Bangladesh (The ICT Act. 2006)The ICT Act of Bangladesh has enacted in 2006 as Information Communication Technology Act 2006The Act retains legal recognition and security guidance of ICT and related mattersThe ICT Act 2006 empowered the government to take necessary legal attempts to bring ICT of the country under the control of the governmentThe Act has been amended in 2009The Act contains 90 (ninety) sections under 9 (nine) chapters

Cyber Law in Different CountriesIndia - IT Act,2000Pakistan - Electronic Crimes Act, 2004Srilanka - Computer Crime Act, 2007UK - Computer Misuse Act 1990USA - US Federal Cybercrime Laws (2010)KSA KSA Anti-Cyber Crime Law (2007)China Computer Information Network and Internet Security, Protection and Management Regulations (1997) /Criminal Law of the Peoples Republic of ChinaAustralia - Cybercrime Act 2001Japan - Information Law/ Unauthorized Computer Access Law (1999)

Name of Nine Chapters of ICT Act. 2006PreliminaryDigital Signature & Electronic RecordsAttribution, Acknowledgement And Dispatch Of Electronic RecordsSecure Electronic Records & Digital SignaturesController & Certifying AuthoritiesDuties Of SubscribersBreaching Rules, Prevention, Penalties Etc.Offences, Investigation, Adjudication, Penalties EtcMiscellaneous

Cyber Law of Bangladesh (contd..)Subsequently, Information Technology (Certifying Authorities) Rules, 2010 has been promulgated.

Information Security Policy Guideline is underway to be formulated.

Salient Features of ICT Act 2006Recognition of electronic records, electronic signatureController of Certifying Authorities Regulation of Certifying Authorities

Administering security issues and cyber crime controlCertifying Authorities

Electronic signature certificate issuanceCyber Crime, investigation, judgment and punishmentCyber Tribunal, Appellate tribunalPromotion of e-transaction, e-payment, e-procurement etc.Immunity section for non-compliance!!!

Actions taken to Curb Cyber CrimesThe cyber crimes jurisdictional boundaries are defined.ICT Act declared the penalty of 10 years imprisonment with or without fine.As per revised law (October, 2013), Period of imprisonment: Max 14 years and Min 07 years.Cyber Tribunal may take cognizance of cyber crime. A cyber tribunal in Dhaka City is established.BTRC performs as a watchdog in cyber protection and has the authority to conduct Mobile Courts for speedy trial of such crime.

Actions taken to Curb Cyber CrimesBangladesh police has an Anti-cyber Crime Department headed by a DC of Police, CID in 2008 Bangladesh has formed the authority of CERT (Computer Emergency Response Team).BTRC has formed a special cell to crack down on cyber crimes. The 11-member Bangladesh Computer Security Incident Response Team (BD-CSIRT) has already started its works. The team is tasked to mark websites with contents that may spread social, political, religious or national hatred.

Controller of Certifying Authorities (CCA) has started functioning from 2009 [BCC, MoICT]Information Technology (Certifying Authority) Rules 2010 has been approved by the governmentCertifying Authority Licenses has been given to provide digital signature and certificate services [6 CAs]Decision has been taken for Government CAInitiative to set up Cyber TribunalCA auditing has beganEstablishment for Root CA is going onAwareness for importance and uses of Digital signatureSteps taken for Electronic Certification

Mango Teleservices LimitedBangla Phone Ltd.Dohatec New MediaData Edge limitedFlora Telecom Ltd.Computer Services Ltd.CCA Office & Licensed CAs in BangladeshSource: http://www.cca.gov.bdOffice of the CCAcontrollerBCC Bhaban, AgargaonDhaka, BangladeshDhaka 1207Telephone: 88-02-8144042Fax: 88-02-8181711E-mail: info@cca.gov.bdMinistry of Posts, Telecommunications and Information Technology ICT Division Office of the Controller of Certifying Authorities (CCA)

Cyber Crime and Punishments (as per ICT Act. 2006)Section 54. Penalty for damage to computer, computer system, etc.--If any person, without permission of the owner or any person who is in charge of a computer, computer system or computer network,--

Punishment/Penalty: Imprisonment for maximum ten years, or with fine which may extend to Taka ten (10) lakhs, or with both.Section 55. Punishment for tampering with computer source code.

Punishment/Penalty: Imprisonment for maximum three (03) years, or with fine which may extend to Taka three (03) lakhs, or with both.

Cyber Crime and Punishments (as per ICT Act. 2006)Section 56. Punishment for hacking with computer system.Section 57. Punishment for publishing fake, obscene or defaming information in electronic form.--

Punishment/Penalty: Imprisonment for maximum ten years, or with fine which may extend to Taka one (01) crore, or with both.

Section 61. Punishment for unauthorized access to protected systems.--(1) Any person who secures access or attempts to secure access to protected system in contraventions of section 47 of this Act, then this activity of his will be regarded as an offence.

(2) Whoever commits offence under sub-section (1) of this section he shall be punishable with imprisonment for a term which may extend to ten years, or with fine which may extend to Taka ten lakhs, or with both.

*IT Act . 2000 and Punishment for Cyber terrorism (Indian Cyber Law)Section 66 of IT Act -Hacking (punishment upto 3 yrs/fine of 2 lakhs)Section 70 of IT Act - any act to harm protected systems punishable under IT Act 2000 (punishment upto 10 yrs) Section 121of IPC -waging war against Government ( punishable with life imprisonment) Section 153A,295 A of IPC -promoting enmity between different religious groups is punishable offence(3 yrs imprisonment/fine/both)Section 66F of the Indian Information Technology Amendment Bill 2008 specifically deals with issue of cyber terrorism.Covers denial of access, unauthorized access, computer contaminant leading to harm to persons, property, critical infrastructure, disruption of supplies, sensitive data theftsPunishable with imprisonment which may extend to imprisonment for life.

*Recent amendments in IT Act,2000(Indian Cyber Law)To protect interests of sovereignty , integrity of India, public order, security of State , defense of India, friendly relations with foreign states -Section 69 -Power of interception, decryption, monitoring of information by Central govt/state govt, authorised agencies

Section 69 A -Power to block objectionable websites-to protect interests of sovereignty , integrity of India, public order, security of State , defense of India, friendly relations with foreign states

Section 69 B -Power to authorize to monitor and collect traffic data, or information through any computer resource for cyber security

Section 70 -Protected systems, and Section 70A Central Govt shall appoint Indian Computer Emergency Response Team to protect its critical infrastructure

In the Information Communication Technology Act of Bangladesh does not define what the Cyber law by any section is. But Cyber laws are contained in the Information and Communication Technology Act, 2006.

The Act. mentions only limited number of cyber crimes but also others are cyber crimes present before us. In future different types of cyber crimes will be intimated us.

Subsequently the law does give proper solution about the Intellectual Property Right and this law does not discuss about the rights and liability of domain name holders which is the first step of entering into the e-commerce.

Weakness of ICT Act. 2006, Bangladesh

Next ActionsHeighten awareness/ training as to acquire or upgrade ICT capabilities, on major risks, and importance of security policies and capabilities. Develop warning and reporting points which serve as a means of internal and external information sharing about incidents. Continue formation of CERT with international communications and technical knowledge exchange.Constitute a cyber crime commission involving internet policy experts, computer experts, lawyers, law enforcers and internet service providers to check cyber crimes.

Next Actions (Contd..)Safeguard the integrity and privacy specially of economic and administrative communications and their security across all free flow of information.All Criminal & related Codes and Acts (Penal Code, Evidence Act., Bankers Books Evidence Act., Privacy and Data Protection Act., Spam E-mail & SMS, Protection Act., etc.) should be enhanced to include electronic provisions and security options.Social awareness and moral values are to be enhanced.Implement the acts and laws in more fruitful ways.Update/Revised the law periodically on demands.

Thank You