Wikileaks reveals Bangladesh’s spyware purchase

This revelation has exposed the lack of privacy.

Though the Constitution and Right to Information Act 2009 address the privacy issue of a citizen; there seems to be enough holes yet to be plugged.

The software is FinFisher, aka FinSpy, and mostly used by law-enforing agencies around the world .

The software can be installed in target computers through hoax software updates and emails with fake attachments.

Antivirus software cannot detect the malware and it has the ability to take full control of infected computers and it can decipher information from encrypted data and communications.

Wikileaks says the majority of the customers of the malware are identified by a 8-digit alphanumeric username. Like Bangladesh, some of the customers are identified by a closer look at the support requests.

According to Wikileaks, a Bangladeshi agency spent around €831,060 to purchase 3 FinSpy-licenced software and 3 FinFly USB back in Nov in 2012.

Two of the software and USBs expired in Nov 2013. Another software with the USB will expire on Nov 16 this year.

Each software allows two agents to operate it and can monitor 20 targets (infected computer or mobile phone) at the same time.

Wikileaks also reveals that one “Arefin” from Bangladesh had made a support request to the support team of the spyware company about feeding from a target (infected) computer.

Since its inception, the software has allowed its Bangladeshi user to access numerous computers and phones and to monitor private information of citizens.

Despite addressing security concerns, equipping law-enforcing agencies with such software infringes privacy.

The Constitution of Bangladesh ensures the privacy rights of Bangladeshi citizens with some restrictions.

Article 43 (2) of the Constitution says, “Every citizen shall have the right to the privacy of his correspondence and other means of communication , subject to any reasonable restrictions imposed by law in the interests of the security of the State, public order, public morality or public health.”

But here terms are not clearly defined and citizen’s privacy rights undermines when it is the matter of state security.

Moreover, Right to Information (RTI) Act 2009 stipulates that in certain cases authorities cannot disclose private information of a citizen. Clause 7 of chapter 2 in RTI Act 2009 does not allow any authority to provide information that , if disclosed, hurts the privacy of the personal life of an individual and any secret information of a person which is protected by law.

However, RTI Act does not bar authorities to access, monitor and store private information of Bangladeshi citizens.

In recent past, FinFisher software was used against political dissidents and journalists. Reporters Sans Frontiers dubbed the Gamma International, the marketing company of the software, as “corporate enemies of the internet” and “digital era mercenaries” for selling the software to repressive regimes.