Is NEIR a surveillance tool?

When the government introduced the National Equipment Identity Register (NEIR), it was presented as a technical solution to a practical problem: stopping illegal mobile phones, blocking stolen devices, and bringing order to Bangladesh's chaotic handset market.

Officially, NEIR is described as a regulatory system, not a surveillance mechanism. Yet, since its announcement, a persistent question has followed it: can NEIR function as a tool for surveillance?

To answer this, it is important to first understand what NEIR does and what it does not do.

NEIR is based on three core identifiers: IMEI (International Mobile Equipment Identity), IMSI (International Mobile Subscriber Identity), and the Mobile Station International Subscriber Directory Number (MSISDN or phone number).

At its core, NEIR is a national database that records the identity of mobile phones and links them to SIM (Subscriber Identity Module) cards.

Every mobile phone has a unique 15-digit IMEI, much like a fingerprint for the device. Every SIM card also carries its own unique code, IMSI, and every phone number is tied to a registered user.

NEIR brings all these elements together in one central system. When a phone connects to a mobile network, its identity is checked against NEIR to determine whether it should be allowed to operate.

From a regulatory point of view, this makes sense. A stolen phone can be blocked nationwide. Smuggled or counterfeit handsets can be shut out of the network. Consumers are protected, and the government gains control over an industry that has long operated with loopholes.

However, the very features that make NEIR effective also raise concerns.

By permanently linking a physical device, a SIM card, and a phone number, NEIR creates a strong digital identity for every mobile user. This does not mean the system listens to calls or reads messages like traditional surveillance tools -- it does not.

But it does mean that the state has the technical ability to know which device is being used with which SIM, and when that device connects to the network.

Mobile phones constantly communicate with network towers, even when users are not making calls. As a result, telecom networks naturally generate large amounts of metadata.

When such data is centralised in a single national system, it becomes easier to trace patterns of use, movement, and association, especially if the system is later linked with other databases, said an expert.

This is where the surveillance debate begins. NEIR itself is not a classic surveillance system. It does not monitor conversations, intercept messages, or spy on internet activity.

Those functions belong to separate lawful interception systems.

"It may not watch you directly, but it can make watching easier if other systems are brought into play," the expert added, wishing anonymity.

Globally, similar systems exist in many countries, including India and Pakistan. None of them is officially labelled as surveillance tools.

In Australia, mobile phone users are protected through a nationwide system that blocks lost or stolen handsets across all mobile networks.

This protection is provided through an industry-led programme run by the Australian Mobile Telecommunications Association (AMTA), rather than direct government intervention.

In the United Kingdom, if you report your phone lost or stolen to your network provider, they will block its IMEI across all UK mobile networks, making the device useless even with a new SIM card.

Rakibul Hassan, an automation expert and author of books on artificial intelligence, said there are widespread fraudulent activities involving digital financial and booking platforms, many of which are difficult for law-enforcement agencies to trace due to weak device-level traceability.

As the world moves rapidly towards a digital economy, almost all transactions, money transfers, services, and even personal profiles are now dependent on mobile connectivity.

In this context, a properly implemented NEIR system can act as a deterrent against scams by preventing anonymous and device-based misuse, he said.

Countries that have robust identity frameworks usually integrate national ID systems, mobile numbers, and device registration mechanisms.

In Bangladesh, while the national ID system exists, it is still not fully and systematically linked with mobile numbers and device identities, creating both enforcement gaps and governance risks.

To address surveillance concerns, Hassan said that the system must operate under strict legal safeguards. Any access to NEIR data, blocking decisions, or cross-system integration should be subject to judicial or quasi-judicial oversight. Arbitrary decisions by regulatory bodies or the government should not be permitted.

Fahim Mashroor, former president of the Bangladesh Association of Software and Information Services, said, "To me, it's not a surveillance tool, as it is not a targeted system but rather general in scope. Online gambling and financial fraud have grown to an unbearable extent, draining huge amounts of money out of the country. NEIR can help combat these issues."

Rezaur Rahman Lenin, a human rights activist, said there is a misconception about the NEIR system. Mobile phone users and anyone who encounters it should understand that NEIR is not a surveillance tool.

The relevant question is whether the state ensures efficient, appropriate, and timely protection in the context of communication surveillance, including its tools and techniques.

By permanently linking a physical device, a SIM card, and a phone number, NEIR creates a digital identity for every mobile user. This does not mean the system listens to calls or reads messages. But it does mean that the state has the technical ability to know which device is being used with which SIM, and when that device connects to the networ

"However, this must be done in strict accordance with the law, its principles, and the protections it affords. The national laws and policies of Bangladesh on communication surveillance must strike a proper balance between security needs and privacy rights, emphasising legality, necessity, proportionality, transparency, and due process."

An integrated system is necessary. However, the problem is that the series of ordinances related to the digital ecosystem enacted by the interim government -- such as the Cyber Security Ordinance, Personal Data Protection Ordinance, and National Data Governance Ordinance -- have individually and collectively already created a strong surveillance capacity in the hands of the authorities, which can be exercised with hardly any accountability," said Dr Iftekharuzzaman, executive director of Transparency International Bangladesh.

"As a result, the data generated through this system carries a risk of further reinforcing this unaccountable surveillance capacity," he said.

"The implication is that any government of the day may use this digital platform and the wider ecosystem around it at will for targeted suppression of dissent, free speech, and media, and compromise the right to privacy of mobile handset users, recreating the same system of rule by intimidation as under the authoritarian regime that the July Movement fought against. Strong legal provisions must be created to prevent unacceptable surveillance with mandatory judicial oversight," he added.

Faiz Ahmad Taiyeb, special assistant to the chief adviser with executive authority over telecom and ICT, said that the amended telecom ordinance, approved by the advisory council on December 24, includes provisions to protect device users.

"The ordinance adds a clause barring surveillance or harassment of citizens through SIM and device registration, making any violation a punishable offence," he added.