The telecoms regulator has collected sensitive personal data of about 7 crore cellphone users without their consent and shared those with another government agency for a “survey,” just weeks before the parliamentary elections.
Four mobile operators were at first reluctant to hand over the information but eventually gave in to the demand of the BTRC (Bangladesh Telecommunication Regulatory Commission) in a breach of customers' trust, industry sources have confirmed.
There is no privacy and data protection law in the country as yet. Still, under the existing laws, mobile companies cannot share subscribers' information unless there is a court order or an issue of national security and public order.
Sources in the mobile companies said they were uncomfortable with the data transfer for a so-called survey.
Strangely, the BTRC gave two different versions, in a span of two days, about which government agency took the data.
On Tuesday, its acting chairman Jahurul Haque said, “We received a request from the power and energy ministry and sent the data for a survey. And I don't think any violation of law has occurred here.”
Then last night, he said it was actually Bangladesh Bureau of Statistics (BBS) that took the dataset.
But The Daily Star's suspicion about the so-called survey deepened when the paper contacted the ministry.
State Minister Nasrul Hamid flatly denied that the ministry collected any users' data from the BTRC.
“We have no plan to conduct any such survey right now,” said Hamid, advising this paper to contact the BBS as it ran this kind of surveys several times.
Approached, BBS Director General Krishna Gayen also denied having collected any mobile phone user data from the BTRC in recent days.
However, she said a few months ago they did a survey through mobile phones. Collecting data from the BTRC of only 18,000 mobile users, they had reached 12,000 at that time.
The power ministry's Power Cell, which usually conducts survey and study on power-related issues, also did not receive any customer data from the BTRC, confirmed its Director General Mohammad Hossain.
Meanwhile, three competent sources confirmed to The Daily Star that in reality Prime Minister Sheikh Hasina's Power and Energy Adviser Tawfiq-e-Elahi Chowdhury collected the data from the BTRC and handed it over to the BBS.
Contacted last night, he admitted collecting the data for a survey on power consumers' satisfaction.
Asked why he collected such sensitive data immediately before the election, he claimed they had originally sought the data long ago but the BTRC took time to hand over the information.
He said they expected to conduct the survey in January if the Awami League returned to power. He also said as an adviser to the PM, he had the authority to collect such data.
On December 4, the telecoms regulator sent a letter to all the four mobile operators, asking them to provide the data as early as possible. The letter said the power and energy ministry needed the data for what it called an “electricity survey”. The Daily Star has a copy of the letter.
The operators entertained the request on December 10.
Personal data of all the mobile users in 184 upazilas were collected in the process. The upazilas are from Dhaka, Khulna, Chattogram, Rangpur, Sylhet, Rajshahi, Mymensingh and Barishal divisions, according to the list attached with the BTRC letter.
This is for the first time that the telecoms regulator has collected such a huge volume of user data of certain locations, and suspicions deepened as it coincides with the run-up to the national election, industry insiders said.
There are concerns about the risk of data leak as well. In their written communications with the regulator, operators also voiced their concern about data security and other privacy risks, and warned the BTRC that other government authorities can also demand the same information in future.
Against a phone number, there are 36 types of information about a customer. The BTRC, however, sought only two of those -- phone numbers within the geographical locations and customer's sex.
To some extent, that minimised the risk of possible damage to users or the telecoms operators in case this bulk data are somehow obtained by any unscrupulous person or party, observed telecoms industry experts.
“We are spending crores of take every year for safeguarding our system and our user data. Everything is now at stake because of this breach,” said a top executive of a mobile operator, asking not to be named.
Referring to sections 30 (f) and 97 of the Telecommunication Act-2001, Supreme Court lawyer Aneek R Haque said collecting customers' information without their consent is a direct violation of the law.
“As a regulator, it is BTRC's duty to ensure users' privacy and they [BTRC] can't avoid their responsibility in any circumstances,” said Haque, also a former legal consultant of the BTRC.
The telecoms watchdog can take customers' dataset only in case of an emergency, and there is no national crisis at the moment, the lawyer pointed out.
But the BTRC insists that it has the authority to collect user data and share those with the government if needed.