Pressure to develop new databases despite no necessity

The Bangladesh Telecommunication Regulatory Commission (BTRC) sent fresh letters to the mobile telecom operators on 20 March instructing them to create a new database to store personal information of customers, which the government agency National Telecommunication Monitoring Centre (NTMC) said is not necessary. Telecom operators are not interested to build new data centres now either.

The telecom regulator and the operators have been exchanging letters on data centres since November 2023. In a letter on 25 January, the BTRC directed the mobile telecom operators to file progress reports on the preparation to develop the database by 14 February.

The BTRC said in its letter on 20 March that the operators gave alternative proposals, which the regulator did not accept rather they directed the telecom operators to complete all formalities and file reports within 2 April.

Currently, four mobile telecom companies are in operation in the country with a total of 190 million subscribers as of January 2024.

Prothom Alo reached state minister for posts, telecommunications and information technology (ICT) Zunaid Ahmed Palak, but he declined to comment saying the matter is currently under the consideration of the court.

Rights body Human Rights and Peace for Bangladesh (HRPB) filed a writ petition at the High Court in early March challenging the BTRC’s directives and the top court issued a rule on 20 March asking the BTRC to explain why the regulators’ directives should not be declared to be void.

BTRC secretary Md Nurul Hafiz told Prothom Alo on Sunday, “We are holding a series of meetings on the establishment of the database, and new decisions are likely.” He, however, disclosed nothing about new decisions.

The database that the BTRC is asking the telecom operators to develop will contain 16 types of information including name, national identity (NID) card number, father and mother’s names, address, gender, profession and photo, and these data will come from the database of national ID cards of the Election Commission (EC).

According to the BTRC decisions, mobile operators will collect information from the Bangladesh Computer Council National Digital Architecture (BNDA) system through a process known as the ‘auto-filling of electronic telecommunication customer registration form.’

One of the BNDA’s services is ‘Porichoy', which was launched in July 2019. ‘Porichoy’ offers clients information verification services from the database of national ID cards of the election commission. Private company Digicon Technologies operates the service and receives a large portion – 80 to 90 per cent – of the income from this service.

Digicon Technologies managing director Wahed Sharif told Prothom Alo on 18 January that they only provide technical services and don’t have access to the database of national ID cards. He claimed ‘Porichoy’ got the contract through the direct purchase method (DPM).

Mobile telecom operators said currently they verify clients’ information from the database of the election commission and they pay the commission Tk 5 per client. On the other hand, ‘Parichoy’ adds photo verification services and charges Tk 10 per client. Mobile operators allegedly face this pressure to develop new databases to offer the business to private firm Digicon Technologies.

The telecom regulator, however, claimed that developing the databases is necessary to control crimes because a person currently can commit a crime using several SIMs, but once the database is ready it will be easier to identify the criminals. Mobile operators, however, are reluctant on the grounds of the additional cost of data verification, as well as expenditures on the establishment of new databases and their maintenance.

State-run agency NTMC has long been saying they have the clients’ information so there is no need to develop the new database. NTMC director general Major General Ziaul Ahsan told Prothom Alo expressed concern over security on the sensitivity of this type of data. He told Prothom Alo if the BTRC directives are followed, people’s personal information will reach the hands of local and foreign companies through the ‘auto-filling’ process, and that will pose risks to security and secrecy.

If personal information is gathered somewhere without adequate security, data breaches and misuse may happen, he said adding, if the mobile operators need to develop the new database, a replica of the national identity card database can be created.

In its letter on 6 February, the BTRC gave the mobile operators instructions on the sale of new SIM. The letter said a client will provide the NID number to purchase a new SIM and the respective mobile operator will send a message to the retailer informing the latter whether this certain client owns any SIM of other operators against the NID number provided.

If the client owns no SIM, they will receive a new one. If the client has SIM of any other operators, the retailer will then verify the old SIM number, add the number to the database and finally, provide the client with a new SIM.

The BTRC claimed the old SIM number provided by the client against the NID number does not match, they will receive no new SIM, and the client will be instructed to learn about the SIM number from the customer care centres of the respective mobile operators.

Currently, one can purchase 15 SIMs against a single NID number. While selling SIMs, mobile operators collect the photocopy of the NID and match the fingerprints of the customers. Yet, the BTRC is insisting on establishing new databases of clients’ personal information.

Sources at the BTRC said mobile telecom operators sent an alternative proposal to the telecom regulator through the Association of Mobile Telecom Operators of Bangladesh (AMTOB). The proposal states all information accessible through ‘Parichoy’ is mostly available in the election commission’s database, and they want to develop databases with this information. If necessary, mobile operators can provide face recognition service, and in that case, they will be required access to the data verification service from the commission’s database.

In a letter to the BRTC on 14 February, the AMTOB said no law gives mobile telecom operators the authority to develop databases with people’s personal information. Besides, if a database is created, it may pose risks of data breaches.

A senior official of a mobile operator told Prothom Alo on condition of anonymity ‘Porichoy’ will provide information to the mobile operators from the database of the election commission, but the operators proposed to receive it from the commission directly. Yet, it is not understandable why the proposal was rejected.

Prothom Alo ran a report titled “'Pressure from the govt' to ensure business for a private firm” on 6 February. Following the report, a writ petition on behalf of the rights body Human Rights and Peace for Bangladesh was filed at the High Court. The High Court bench of justices Mustafa Zaman Islam and Md Atabullah issued a rule on the matter.

Senior lawyer Manzil Murshid stood for the petitioner at the court. Later, he told Prothom Alo if the mobile operators implement the directions of the BTRC, the personal information of people will reach the hands of the private companies, thus, national security will face threat.

This report appeared in the print and online editions of Prothom Alo and has been rewritten in English by Hasanul Banna