You are currently viewing From Policy to Practice: Habibullah N. Karim on Cybersecurity in Bangladesh

From Policy to Practice: Habibullah N. Karim on Cybersecurity in Bangladesh

Habibullah N. Karim is a prominent figure in Bangladesh’s IT industry, renowned for his leadership as Founder and CEO of Technohaven Company Ltd. Since its establishment in 1986, the firm has become a leading provider of IT solutions in Dhaka. His influence extends to shaping national ICT policies, notably as Convener of the Working Group of the ICT Policy Review Committee in 2008, leading to the Bangladesh ICT Policy 2009 draft. Co-founder of the Bangladesh Association of Software & Information Services (BASIS) in 1997, he served as President for two terms. His contributions are recognised internationally, with publications in esteemed journals and co-authorship of “Going Digital – Realising The Dreams Of A Digital Bangladesh For All.” With a BS in Electrical Engineering from Yale University and executive education from Stanford University, Habibullah N. Karim continues to play pivotal roles in industry associations and government committees, reflecting his commitment to advancing Bangladesh’s digital landscape.

Recently, he joined Grameenphone Ltd. Presents Bangladesh Cyber Security Summit 2024: Cyber Resilience for Bangladesh, powered by Link3 Technologies, IDEA Foundation, and in association with bKash Limited as one of the distinguished speakers. During the event, Bangladesh Brand Forum spoke with him about the concept and reality of ethical AI Policies.


BBF: With your pivotal role in authoring the Bangladesh ICT policy 2009, how do you assess the progress in integrating cyber security measures within the national ICP policies?

Habibullah N. Karim: It was a policy directive. A policy is not supposed to be more than a guideline. So it had the policy directives for cyber security as well, but where we departed from standard policies is that in our policy, we also had provisions for action plans. So, of the 306 action plans we compiled under that policy, some addressed security issues.


BBF: With the rise of AI and machine learning, what ethical considerations should be at the forefront of cyber security practices?

Well, there are two aspects to that. Firstly, cyber security itself has ethical considerations. So, systems should not be open to hackers or cyber criminals. The people responsible for the administration of those digital systems must be adequately screened so that they do not join hands with cyber criminals to create havoc. On the other side, the AI issue is slightly different in that we now have an open-source AI movement.

The AI technologies are available for anybody. It can be used by good AI practitioners and bad practitioners who can use it to create havoc or carry out criminal activity. So, in that area, people responsible for organisations like Open AI or others should keep a close tab on the people accessing their platforms or using them to create AI applications. If access to those platforms can be managed, I believe the damage could also be contained. On the other hand, if it is like a laser sphere, free for all, then the bad elements and bad actors will also have the full complement of AI technology, which can be disastrous for our future.


BBF: How do you propose the AI companies filter out which people use those for bad intentions or unethical means?

See, it’s not that difficult. For example, all banks or fintech companies in the world maintain what is known as allowlists and blocklists.

People who are known to be involved with financial crimes, they are automatically on the blocklist.

People who are guilty of, let’s say, money laundering, cyber terrorism funding or any other type of financial crimes automatically get listed in those blocklists. And people who are known to be clean are part of the allowlist. So this is something even though you may not know; you are part of these allowlists or blocklists of different systems based on your behaviour. So, we need similar things for AI users and practitioners also.


BBF: How would you evaluate the current AI development and how do you foresee the future?

From the 80s and 90s to today, it’s a quantum leap. Where Chat GPT and generative AI have taken us is mind-boggling. Even five years ago, we could not imagine these things.

Even though it has come a long way, we are still far from what is known as artificial general intelligence, AGI. In this case, computers could carry out general tasks, not just specialised tasks for which a system is trained or learned. So, that kind of general intelligence is probably still 20 years away.

And then the thing that everybody fears, the singularity where machine intelligence will overtake human intelligence, that is bound to happen 30, 40 years down the road, maybe not during our lifetime. So, along that path, I think the ethical use of technology will be even more critical.


BBF: Will it be very difficult to decide whether an act or task on the Internet is ethical or unethical?

Not necessarily. Ethical values are quite universal. Suppose you steal from somebody who is treated as a crime, whether you are in Japan, the USA, or Bangladesh. So, there is no issue with ethical values.

The issue would be how you react to that. So, if somebody steals, do you lock him away for 20 years or only five years? Different countries have different legal frameworks for that. Criminal jurisprudence is structured differently in different countries. So, there may need to be more international collaboration and rationalisation of such provisions.

So today, for example, somebody spreading hate speech on Facebook may affect somebody in Bangladesh, but it might be done from somewhere outside Bangladesh. So, how do you bring that person under the purview of law? It definitely requires international collaboration. And that can happen the other way around, too.

Somebody from Bangladesh could be doing the same to somebody somewhere else. So, those kinds of collaboration and the collaboration framework must happen quickly. The UN is working on that. An UN-led general framework and then more bilateral frameworks will be necessary, where each country will have a bilateral arrangement on such things.


BBF: Drawing from your experience as a columnist and author,     particularly with Going Digital, realising the dreams of a digital Bangladesh for all, how important is public awareness and education in building a resilient cyber security culture in Bangladesh?

Very important.  Well, you know, the bulk of your assets are physical today. In 10 to 20 years, most of your assets will be digital.

Even your car ownership papers will be digital. You cannot just sign away your car. The ownership title for your land or your apartment will also be digital.

You must do more than sign a physical paper to do that. So, when everything will be digital, even your identity, digital security or cyber security could be nicerly. It will be a fundamental requirement, not just for the government or business but for every citizen.

Public awareness must be taught from primary school onwards because everybody uses technology. Even a primary school student, a 10-year-old boy or girl, uses a tablet, which is high-tech equipment. And if the parents are not careful, those children may be given access to information they are unaware of.

So, cyber security is pervasive, just as digital systems are pervasive. Everything is now digital, from the cradle to the grave.

Leave a Reply