Increasingly, it seems that citizens’ personal data is the least safe with our own government. As per a recent investigation by fact-checking initiative Dismislab, the final voter list of the 13th parliamentary election is being sold on Facebook and Telegram for prices ranging between Tk 30 and Tk 250. This database reportedly contains voters’ names, voter numbers, parents’ names, dates of birth, occupations, and permanent addresses. Ahead of the February election, the Election Commission (EC) had published a final voter list, which was distributed among nominated candidates “for electoral purposes.” Now, these lists of voters’ personal information are being sold online, disaggregated by constituencies—although one may also purchase the national voter list at once. What is baffling is that, beyond Facebook groups and pages, the lists are also being promoted for sale via paid advertisements on the platform.
Unfortunately, personal data breaches have now become a regular occurrence in Bangladesh. Late last year, personal data—including NID cards, passports, marriage certificates, educational records, trade licences, and business contracts—of at least 1,100 citizens was reportedly leaked on a fake e-Apostille platform posing as a government service website. Only a few months ago, a technical flaw in an EC portal temporarily exposed the personal information of at least 14,000 journalists who had applied for accreditation cards ahead of the election. This raises several questions. What measures, if any, do authorities take to protect citizens’ data that they are entrusted with; and do they realise the scale of the impact of such leaks?
Time and again, our cybersecurity laws have been amended and replaced, mostly with a political motive and often lacking stakeholders’ consultation. Given the prevalence of data leaks and the sensitivity of the information exposed, such consultations should be made mandatory. The government must also be cognisant of the seriousness of this issue.
Over the last decade and more, there has been a push to digitise every government service, perhaps in an effort to appear advanced. But the issue was and still is the lack of adequate digital protection frameworks and infrastructure to complement these advances. We would urge the government to acknowledge that Bangladesh’s digital security mechanisms are dangerously flawed and to work with experts in law, technology, and human rights to ensure that citizens’ safety and dignity are not allowed to be handled so callously by authorities themselves.
