Local

Surveillance and Sovereignty: Bangladesh’s Spyware Decade (2015–2025)

Surveillance and Sovereignty: Bangladesh’s Spyware Decade (2015–2025)
Golam Mahfuz Zoardar
Feb 19, 2026 15:01

1. A Dark Decade of Digital Surveillance

In the history of Bangladesh’s surveillance technology, the period from 2015 to 2025 will likely be marked as a dark chapter. During this decade, the Government of Bangladesh imported surveillance and spyware technologies worth approximately USD 190 million, including at least USD 40 million spent on Israeli-origin technologies [1][2]. Notably, these transactions were completed despite the absence of diplomatic relations between Bangladesh and Israel—through complex and opaque channels involving third countries [3].

1.1.2 Major Types of Spyware

Pegasus (NSO Group): Zero-click attack capability; ability to bypass end-to-end encryption [4][5]
Graphite (Paragon): Infiltration of encrypted messaging platforms; hacking of Signal and WhatsApp [6]
Cellebrite UFED: Device forensics and data recovery; unlocking locked phones and retrieving deleted data [7]
P-6 Intercept: Mobile network intrusion; IMSI catching and call interception capabilities [1]

1.1.3 Import Statistics

  • Total expenditure: USD 190+ million [1][2]

  • Expenditure on Israeli spyware: USD 40+ million [1][3]

  • Number of imported technologies: 160+ [1]

1.2 Abolition of NTMC and the Opportunity for Legal Reform

Following the 2024 mass uprising, the interim government decided to abolish the National Telecommunication Monitoring Centre (NTMC), which had functioned as the principal instrument of mass surveillance under the Hasina administration [8][9]. Through the Telecommunication (Amendment) Ordinance 2025, several historic reforms were introduced: permanent prohibition of internet shutdowns, criminalization of unauthorized phone tapping, and restructuring of the independence of the Bangladesh Telecommunication Regulatory Commission (BTRC) [10][12].

1.3 Establishing Digital Democracy Through Independent Oversight

To ensure transparency, accountability, and alignment with international standards, Bangladesh must establish an independent oversight body and implement mandatory reporting and audit mechanisms for surveillance technologies. Regular evaluation processes involving policymakers, technologists, and civil society are essential. The moment demands structured reform, institutional restructuring, and technological capacity-building to realize a democratic, human rights-centered digital future.

2. Introduction: The Rise of the Digital Police State

2.1 Digital Transformation and Surveillance in Bangladesh

2.1.1 The “Digital Bangladesh” Initiative

The “Digital Bangladesh” initiative was first pledged in the 2008 election manifesto of the Bangladesh Awami League and began implementation after assuming power in 2009 [21]. The initiative expanded internet connectivity nationwide, introduced e-governance services, and aimed to develop the ICT sector.

2.1.2 Democratic Values vs. National Security

The fundamental tension surrounding surveillance lies between democratic values and national security. When surveillance is weaponized for political objectives—suppressing opposition, controlling journalism, and intimidating civil society—it erodes the foundations of democracy [15][20].

3. Israeli Spyware: Bangladesh’s Covert Arsenal

3.1 Technology Transfers Without Diplomatic Relations

Bangladesh does not recognize Israel as a state and maintains no diplomatic relations [3][7]. Bangladeshi passports still bear the statement: “This Passport Is Valid For All Countries Of The World Except Israel.” Yet, an undeclared commercial relationship developed centered on surveillance technology.

3.1.2 Third-Country Transit Routes

Israeli spyware reportedly reached Bangladesh via Cyprus, Singapore, and Hungary [1][3], jurisdictions selected for favorable legal frameworks and business ties with Israel.

3.2 Major Spyware Platforms

Pegasus – NSO Group: Zero-click mobile infiltration; bypasses encryption; reportedly used against political opponents and journalists [4][5].

Graphite – Paragon: Infiltrates encrypted messaging platforms; intermediary reportedly based in Singapore [6].

Cellebrite UFED – Cellebrite: Device forensics and data extraction; valued at USD 330,000+; used by law enforcement [7].

P-6 Intercept: Mobile network intrusion; IMSI catching; reportedly procured by DGFI [1].

4. NTMC and the Infrastructure of Mass Surveillance

The National Telecommunication Monitoring Centre (NTMC) operated under the Ministry of Home Affairs and held sweeping authority over national telecommunications networks [8][9].

A key deficiency was the absence of a specialized parliamentary oversight mechanism. More than 20 laws authorized surveillance directly or indirectly, yet no dedicated committee oversaw intelligence operations [1][20].

Integrated Lawful Interception System (ILIS)

The United States-based Yana Technologies reportedly sold Bangladesh an Integrated Lawful Interception System (ILIS) worth approximately USD 51.7 million [1][2]. The system enabled mass data acquisition, deep packet inspection (DPI), encrypted traffic analysis, and unified target profiling.

5. Misuse of Surveillance: Targets and Harassment

5.1 Political Opponents

Research indicates that political opposition figures were primary targets, particularly during election cycles and mass protests [1][15].

5.2 Journalists

Investigative journalists faced hacking, source compromise, harassment, and pressure leading to self-censorship [15][23].

5.3 Human Rights Activists

Surveillance endangered investigators of international crimes, threatened witness protection, and obstructed civil society initiatives [15][16].

6. Data Transfers and Sovereignty Risks

Significant concerns exist regarding cloud-based data storage potentially located abroad [1][2]. Israeli spyware firms operate under oversight of the Israeli Ministry of Defense, requiring export approvals and regulatory monitoring [3][4]. Software updates may create avenues for potential data exfiltration.

Regional rivalries—particularly involving India and Pakistan—heighten the risk of weaponized data exposure [1][3].

7. Legal Reform and Institutional Restructuring

7.1 Abolition of NTMC

Following the 2024 mass uprising, the interim government abolished NTMC [8][9], responding to domestic demands and international pressure.

7.2 Proposed Center for Information Support (CIS)

A new Center for Information Support (CIS) has been proposed to operate strictly under judicial authorization [8][9], including:

  • Mandatory judicial approval

  • Regular review

  • Annual parliamentary reporting

  • Complaint mechanisms

  • Independent privacy oversight

7.3 Telecommunication (Amendment) Ordinance 2025

Key reforms include:

  • Permanent ban on internet shutdowns

  • Criminal penalties for unauthorized phone tapping

  • Reduced executive control over BTRC

  • Data protection framework

  • Oversight council for national data governance

Critics, including Human Rights Watch, argue that later drafts weakened judicial oversight provisions [14].

8. Comparative International Practices

8.1 European Union

The European Parliament formed the PEGA Committee to investigate spyware misuse [17][18], recommending export bans to human rights violators, transparency requirements, and compensation mechanisms.

8.2 United States

The U.S. Department of Commerce placed NSO Group on its Entity List in 2021 [19]. U.S. frameworks include FISA judicial oversight and executive orders limiting surveillance abuse.

8.3 International Human Rights Law

Article 17 of the ICCPR guarantees the right to privacy [17][20]. Bangladesh ratified the ICCPR in 2000 but implementation gaps persist.

9. Policy Recommendations

9.1 Transparency and Accountability

  • Annual parliamentary reporting

  • Independent privacy commission

  • Mandatory judicial authorization

  • Public hearing mechanisms

9.2 Alignment with International Standards

  • Full compliance with ICCPR Article 17

  • Adoption of GDPR-aligned standards

  • Application of the Montreux Document principles

9.3 Implementation Roadmap

Immediate (0–6 months): Finalize telecom reforms; implement data protection ordinance; establish judicial oversight; operationalize CIS.

Medium Term (6–24 months): Victim compensation fund; international cooperation; rights-based safeguards.

Long Term (2+ years): Constitutional amendments; transparent surveillance governance; domestic technological development to reduce dependency.

10. Conclusion

Bangladesh stands at a historic crossroads. The 2024 mass uprising has created an opportunity to dismantle the digital police state and reconstruct a rights-based surveillance framework.

Without transparency, accountability, and international alignment, ethical surveillance remains unattainable. The path forward demands principled reform to build a democratic, human rights-centered digital future.

Author: Golam Mahfuz Zoardar, CEO, CBC77 Limited

Disclaimer: The opinions expressed are solely those of the author. They do not reflect the position of Digital Bangla Media Authority. As a platform committed to pluralism, the article has been published without editorial alteration. Any offense taken is strictly a personal matter of the reader.

Tags:

পূর্ববর্তী সংবাদ

Putul’s Poignant Post from First Day at the Secretariat

পরবর্তী সংবাদ

Revised Ramadan Schedule for Dhaka Metro Rail