Government Endorsed National Cyber Security Policy, 2080 The Cabinet approved the National Cyber Security Policy 2080 (2023) on 8 August, 2023. The policy is a significant step toward advancing the forthcoming Cyber Security Bill and other related legislations. It encompasses future strategies, operational guidelines, objectives, and plans related to cyber security. A notable aspect of the policy is its emphasis on establishing a secure cyberspace for users. The policy’s primary goal is to enhance the global cyber security index score from 44.99 to 60% within five years, 70% within ten years, and 80% within fifteen years. It aims to create legal and institutional frameworks to ensure a secure cyberspace, mitigate cyber-attack risks, and safeguard critical national infrastructure. Additionally, the policy seeks to facilitate the exchange of experiences and cooperation at bilateral, regional, and international levels to reduce cyber security risks. The Ministry of Communications and Information Technology had previously shared the draft policy with stakeholders for input. Stakeholders urged the government to incorporate provisions for key responsible agencies and resources to execute the policy. They also emphasized the importance of open and safe internet, individual privacy, credibility, neutrality, accountability, interoperability, partnership, and a multi-stakeholder approach. While the policy has addressed some stakeholder concerns, many others remain unaddressed. One contentious aspect of the policy is its intention to monitor and control social media to prevent potential infringement on individuals’ rights in the cyber space. Digital Rights Nepal will be conducting a thorough policy analysis from a digital rights perspective, so stay tuned. | | | Controversy surrounding TERAMOCS Continues In a recent update, the Nepal Telecom Authority (NTA) persists in its plans to deploy the Telecom Traffic Monitoring and Fraud Control System (TERAMOCS) despite unresolved queries raised both within the parliament and among the general public. Concerns regarding privacy and legality form the basis of opposition, garnering objections from not only lawmakers but also telecom service providers. Earlier, the NTA had indicated that Ncell Axiata had agreed to share encrypted data. However, Nepal Telecom, a state-owned telecommunications company, cited technical and legal constraints preventing them from complying with the NTA’s request. Adding to the complexity, Ncell Axiata has now issued a public notice stating that they have not integrated or linked their system with the contentious TERAMOCS. Furthermore, they mentioned that comprehensive technical assessments are in progress to evaluate the potential impact of TERAMOCS on the privacy of both the company and its customers. Ncell Axiata emphasized that no integration will occur until a clear understanding of these implications is attained. Similarly, lawmakers from various political parties have raised concerns about the rushed implementation of TERAMOCS without sufficient deliberation within the parliament, its committees, and the broader public domain. NTA Takes Firm Stand Against ISPs
Nepal Telecommunication Authority (NTA) has taken a strong stance against internet service providers (ISPs) regarding the delay in their royalty payments. In an official notice that includes a comprehensive list of these service providers, the regulatory body has firmly urged these ISPs to promptly settle their royalty dues as well as their obligations to the Rural Telecommunication Development Fund (RTDF).
Under the established framework, Nepal’s ISPs are mandated to allocate 4 percent of their annual revenue as royalty and an additional 2 percent towards the RTDF, directed to the NTA. However, a significant number of service providers have fallen short in meeting these financial obligations for the Fiscal Year FY 2078/79, which were originally required to be settled by the conclusion of Poush 2079. Arrest Warrant Issued against Journalist Giri
An arrest warrant has been issued by the Prabat District Court against journalist R K Adipta Giri, who had voiced critical opinions about fellow journalists. The warrant has been issued in connection to an investigation into a cyber-crime complaint. Giri had taken to social media to express concerns about potential financial irregularities involving journalists from Parbat. This led to six journalists based in Kushma filing a formal cyber-crime complaint under Section 47 of Electronic Transaction Act, 2063 against him. Mr. Giri has not been apprehended by the time of reporting this news.
DRN is concerned that the journalists themselves have invoked Electronic Transaction Act against a journalist for a social media post that didn’t indicate any specific individual, and the court decided to issue an arrest warrant under the ETC. DRN is following the case and will update the development in upcoming edition. Saptari DAO barred taking Photo and Video Without Authorization
In a notice released on 8 August 2023, the Saptari District Administration Office (DAO) has imposed a ban on the capturing of photos and videos within its premises, citing security concerns and potential infringement upon the privacy of its staff. The official notice articulates that this decision has been prompted by instances of service seekers, journalists, and the general public taking photos and videos within the office premises without proper authorization. These visuals were subsequently shared on various digital platforms, including social media, online news outlets, and magazines. The DAO has expressed apprehension about these actions due to both security sensitivities and the personal privacy of its officers. Additionally, the DAO has issued a warning, cautioning that stringent measures will be taken against individuals found capturing photos and videos without obtaining proper permission. | | | Publication State of Digital Identification System in South and Southeast Asia EngageMedia has published a report called ‘ State of digital Identification System in South and Southeast Asia’. This report focuses on biometrics and digital identity (BDI) in the South and Southeast Asia region as part of a larger global research effort. It examines the status, threats, and impact of BDI across various regions, including SSE Asia. The study builds on seven country-level case studies (Bangladesh, Cambodia, Indonesia, Maldives, Nepal, Philippines, and Sri Lanka). For the Nepal section of the report, DRN collaborated with Engagemedia to shed light on Nepal’s digital ID landscape. The Nepal section highlights Nepal’s digital ID landscape, pointing out issues like privacy negligence, data access controls, retention practices, and risks of unauthorized access. It raises concerns about potential misuse of citizens’ data due to the lack of purpose limitations in Nepal’s ID system. The report emphasizes the need for strong regulations to protect citizens’ data rights and address exclusions of those without citizenship cards. The report also discusses provisions in Nepal’s National ID Act allowing data disclosure under specific conditions, and criticizes the lack of control, accountability, and legal avenues for addressing concerns. The report calls for enhanced safeguards and a notification mechanism to improve the national ID system in Nepal. Full report is available at: Report-on-the-State-of-Digital-Identification-in-South-and-Southeast-Asia-2023.pdf (engagemedia.org) | | | | Digital Rights Weekly is a week-based update on Digital Rights and ICT issues, that happened throughout the week, compiled and analyzed from the digital rights perspective by Digital Rights Nepal (DRN). DRN is a not-for-profit initiative dedicated to the protection and promotion of digital rights, including the right to online freedom of expression and association, online privacy, access to information, and related issues such as internet governance, cyber laws/policies, and cyber securities in Nepal. | | | |
