1.

Cipher's actions can be addressed through several sections of the Digital Security Act, but
mostly can be confined to the Chapter VI of the law. Depending on the sections
punishments can be different in both compensation and imprisonment. Here’s a listing of
the sections by which Cipher can be condemned. We are assuming here on his goodwill
that he didn’t intend to commit any evil crime with his act.
Section Offense

17(1)(a) Illegal access to any critical information infrastructure

18(1)(a) Illegal access to any computer, computer system or computer network

26(1) Collection and possession of identity information of any other person

without lawful authority,

32(1) Committing an offense under the Official Secrets Act, 1923 (Act No. XIX
of 1923) by means of computer, digital device, computer network, digital
network or any other digital means

33(1) Preserving any data-information of any governmental, semi-governmental,

autonomous or statutory organization, or any financial or commercial
organization by making illegal access to any of its computer or digital
system in order to make any addition or deletion, or hand over or transfer

34(1) Committing hacking

2. According to the Act, the potential punishments Cipher could face for unauthorized
access and data extraction are as follows. We will assume that
(i) Cipher didn’t commit this crime for the second time.
(ii) The computer or computer system or computer network were’t protected as a
vulnerability had been found by Cipher him/heself.

Section Imprisonment Fine

17(2)(a) Less than 7 years Less that Taka 25 lac

18(2)(b) Less than 6 months Less that Taka 2 lac

26(2) Less than 5 years Less that Taka 5 lac

32(1) Less than 14 years Less that Taka 25 lac

33(2) Less than 5 years Less that Taka 10 lac

 34 Less than 14 years Less that Taka 1 crore

3. There is a section in the Digital Security Act(DSA) addressing the possibility of

compensation. It is section 37. In this section the Tribunal has been empowered to issue
any order of compensation. But this section specifically mentions only 3 sections for this
situation to be valid for which are 22, 23 & 24 none of which is related to the act of
Cipher’s. Therefore even though the offense of Cipher is punishable under the DSA,
there's no scope of compensation for the victims here.

4. The preventive measures the government and organizations could take to avoid such
incidents in the future is as follows.
(i) Rigorous testing of the system could have been done before deployment so that any
other potential vulnerabilities can be found and patched.
(ii) The data can be kept in an encrypted version so that even if someone gets his hands
on thai data, he/she cannot make any sense out of it.
(iii) Adopting more stricter laws can be proved useful. For example, along with the
imprisonment and fines, a restraining order could have been added barring the criminal
from getting into touch with computers ever again.
(iv) The users of the system could have been trained in a more advanced way more
strictly so that the confidentiality of the system holds.
(v) Another way could have been to fragment the database so that even if someone gets
her hand on one table, he/she can’t identify a person precisely without other tables.
(vi) The development of the database must be done with a skilled and competent person
with adequate knowledge and experience in this sector.
(vii) Regular auditing must have been done with penetration testing and threat analysis to
get a proper idea of the security of the database so that it can be updated with time.