Between 2015 and 2025, Bangladesh spent nearly $190 million on surveillance and spyware technologies, with at least $40 million of the total expenditure directed at Israeli-origin apparatus, infamous for their usage by authoritarian regimes worldwide.
This surge in surveillance spending, running parallel with the ousted Awami League government's increasing authoritarianism, saw the procurement and/or deployment of at least 160 surveillance technologies, often via opaque deals and third-country intermediaries.
These findings have come up in a bombshell investigation conducted by the Tech Global Institute and published in its August issue titled "The Digital Police State: Surveillance, Secrecy and State Power in Bangladesh", a 70-page report, drawn up on the yields of a year-long research, charting the evolution and architecture of Bangladesh's surveillance apparatus.
"Purchases rose sharply before or just after national elections in 2018 and 2024, indicating these technologies were likely used to suppress political and civic opposition, and maintain regime continuity," the report said.
Moreover, spending on geolocation tracking ($10.8m) and spyware and data extraction ($77.1m) increased ahead of national polls to heighten surveillance on political rallies and candidates.
Although these figures are likely undermined due to the lack of public records and documentation on procurement, the report says these investments suggest "a coordinated expansion of the state's capacity to monitor and control digital communications".
The unsettling report unearths a hidden chapter in Bangladesh's recent history — tracing its evolution from rudimentary physical monitoring to a sophisticated, cyber-enabled surveillance network capable of real-time interception, metadata analysis, remote eavesdropping, and content filtering.
Citizen Lab in 2018 revealed that Bangladesh was among 45 countries where Pegasus — the powerful spyware developed by Israeli cyber intelligence firm NSO Group — had been detected.
Holey Artisan and the feast of spies
This gradual change in surveillance gained momentum under the flag of the global war on terror, especially following the 2016 Holey Artisan Bakery attack in Bangladesh.
This sinister metamorphosis reached infamy after a report by Citizen Lab in 2018 revealed that Bangladesh was among 45 countries where Pegasus — the powerful spyware developed by Israeli cyber intelligence firm NSO Group — had been detected.
However, the Tech Global investigation exposes that Bangladesh's entanglement with Israel-based spyware is much deeper than thought.
Israeli-origin systems reportedly penetrated the country through the mediation of third parties, including Cyprus, Singapore, and Hungary.
Export documents from Cyprus — a known hub for intermediaries involved in surveillance tech transfers — show that another Israeli-owned firm, Coralco Tech, sold spyware worth an estimated $1.6 million to DGFI via its Singapore operations.
Although Bangladesh has no formal ties with Israel and prohibits direct purchases, Israeli-origin systems reportedly penetrated the country through the mediation of third parties, including Cyprus, Singapore, and Hungary.
The other vendors include many known companies registered in France, Germany, the United States, Canada, and the United Kingdom, which sold surveillance equipment and spyware to the former Bangladeshi government, despite the toppled regime's record of serious human rights abuses.
Where did the equipment go
The National Telecommunications Monitoring Centre (NTMC) is the single largest buyer, spending nearly $90 million between 2018 and 2024, with a focus on network interception, deep packet inspection, remote eavesdropping, and app- and device-level data extraction.
In 2022, Bangladesh recorded its largest single-year expenditure on surveillance and spyware, totalling nearly $88.3 million, as per available government records, of which NTMC accounted for at least $78.3 million.
The Bangladesh Police and RAB invested in Wi-Fi and mobile network interception and signal jamming technologies, mainly used for crowd control and protest surveillance.
The DGFI focused on cell network monitoring, tapping, and signal jamming.
In 2015, according to Citizen's Lab, DGFI purchased FinFisher, a spyware capable of infecting and controlling target devices.
The ICT Division's BGD e-GOV CIRT has also invested heavily in spyware for monitoring social media, messaging apps, and web content.
In 2022, Bangladesh recorded its largest single-year expenditure on surveillance and spyware, totalling nearly $88.3 million, as per available government records, of which NTMC accounted for at least $78.3 million.
That year, Major General Ziaul Ahsan assumed leadership of NTMC, overseeing its mutation from a modest intelligence processing unit within the Ministry of Home Affairs into a high-tech spy agency.
How malware was distributed
Surveillance and spyware both are directed towards intercepting communications, but they differ in intent.
Surveillance can be conducted lawfully when targeting specific individuals for security or law enforcement purposes. Spyware, on the other hand, is malicious software installed without consent to steal information.
However, the line between them is blurred, as modern surveillance increasingly uses spyware for broad, indiscriminate monitoring, the report said.
The investigations uncovered cases where malware was delivered through ordinary apps such as ridesharing, food delivery, e-commerce, games, and local content platforms.
"Once installed, this malware enabled intelligence and law enforcement agencies to fully access the device, monitor communications, and collect data without requiring app-level interception," it said.
The Bangladesh Telecommunication Regulation Act, 2001, is the primary legal instrument, among others, relied upon by state authorities to conduct surveillance, the report said.
Over 22 laws and policies enable surveillance
The report identifies a mesh of domestic laws that either explicitly authorise or indirectly facilitate surveillance, many of which are established and empowered through non-public executive orders facilitating extensive surveillance in violation of constitutional safeguards.
The Bangladesh Telecommunication Regulation Act, 2001, is the primary legal instrument, among others, relied upon by state authorities to conduct surveillance, the report said.
Following amendments in 2006 and 2010, the statute effectively granted surveillance powers to law enforcement, intelligence, and regulatory agencies, enabling them to intercept, monitor, and collect information transmitted via telecommunication networks.
Collectively, these provisions have been interpreted to grant unchecked authority to agencies such as NTMC, DGFI, NSI, ATU, SB, RAB, and Bangladesh Police to surveil internet traffic, encrypted communications, and voice and data transmissions, the report added.
Moreover, service providers are legally compelled to cooperate with government requests, under threat of criminal penalties, including fines, imprisonment, and potential non-renewal of operating licenses.
What now
Despite a change in political climate, following the ouster of the Awami League government, it is unclear whether, and to what extent, surveillance and spyware continue to be purchased and used in Bangladesh, the report said.
Government records show that the Rapid Action Battalion (RAB) acquired vehicular mobile interception devices, and its officers were authorised for training in mobile and Wi-Fi interception, including for deployment during large gatherings and protests, as recently as February 2025.
The report calls for meaningful reform that can divert the country from turning into a "model of digital authoritarianism".
To address these systemic violations, entrenched in the weakening of human rights, democratic accountability, and the rule of law, the report details a series of legal and institutional reforms aimed at establishing constitutional safeguards on surveillance, enhancing transparency and aligning Bangladesh's practices with international human rights standards.
The recommendations include establishing a legislative reform commission on surveillance laws, such as the Bangladesh Telecommunication Regulation Act, 2001, the Telegraph Act, 1885 and the Wireless Telegraphy Act, 1933; subjecting procurement processes of surveillance equipment to both parliamentary oversight and judicial scrutiny; enacting a strong personal data protection law; establishing an independent parliamentary oversight committee, among many others.
Ahead of national polls in February, the report cautions against the unethical and disproportionate use of these technologies against citizens, as it calls for meaningful reform that can divert the country from turning into a "model of digital authoritarianism".
Comments