Abstract
Cybersecurity and privacy have now become a matter of increasing concern for citizens, the private sector, and the Indonesian government. The government is currently struggling to combat cyberattacks and data breaches. Indonesia is, in fact, in the early stages of developing a national cybersecurity strategy. The legal framework for cybersecurity in Indonesia is still weak. The one and only legal basis for regulating cybersecurity, privacy, and security, in Indonesia so far is the Electronic Information and Transactions Law No. 11/2008 and its revised version Law No.19/2016. Furthermore, the government through the Indonesian Ministry of Communication and Information has just issued the implementing regulation called the Ministerial Regulation Number 5 of 2020. This Ministerial Regulation has several debatable articles and provisions, such as regarding the registration obligation, the content management and safe harbor concept, as well as the censorship issues, and the access availability to government. This article would like to address and examine whether it's lawful for Indonesian government institutions or law enforcers to request such an access to electronic systems and users’ personal data from the Electronic Systems Operators or internet service providers for surveillance and law enforcement purposes. The article then provides legal steps or procedures as well as legal recommendations that Indonesian government entities must follow before conducting such a legitimate electronic cyber operation. This article will also compare those Indonesia’s digital surveillance practices with the United States legal practices and lesson-learned on government surveillance.
Bahasa Abstract
Keamanan siber dan privasi kini semakin menjadi perhatian utama masyarakat, sektor swasta, dan pemerintah Indonesia. Pemerintah saat ini sedang berjuang memerangi kejahatan siber dan pelanggaran data. Indonesia, pada faktanya, masih berada dalam tahap awal pengembangan strategi keamanan siber nasional. Kerangka hukum untuk keamanan siber di Indonesia masih lemah. Satu-satunya dasar hukum yang mengatur mengenai keamanan privasi dan keamanan siber di Indonesia sejauh ini hanyalah Undang-Undang Informasi dan Transaksi Elektronik No. 11/2008 yang sudah direvisi dengan Undang-Undang No.19/2016. Selanjutnya, pemerintah melalui Kementerian Komunikasi dan Informatika Indonesia baru saja mengeluarkan peraturan pelaksanaan, yaitu Peraturan Menteri Nomor 5 Tahun 2020. Peraturan Menteri ini memiliki beberapa pasal dan ketentuan yang masih diperdebatkan, seperti mengenai kewajiban pendaftaran, pengelolaan konten, konsep “safe harbor,” serta masalah sensor, dan ketersediaan akses kepada pemerintah. Artikel ini ingin membahas dan menelaah apakah diperbolehkan bagi lembaga pemerintah atau penegak hukum Indonesia untuk meminta akses ke sistem elektronik dan data pribadi pengguna tersebut dari Penyelenggara Sistem Elektronik atau penyedia layanan internet untuk tujuan pengawasan dan penegakan hukum. Pasal tersebut kemudian memberikan langkah-langkah atau prosedur hukum serta rekomendasi hukum yang harus diikuti oleh entitas pemerintah Indonesia sebelum melakukan operasi siber elektronik yang sah tersebut. Artikel ini juga akan membandingkan praktik pengawasan digital di Indonesia dengan praktik hukum Amerika Serikat dan pembelajaran tentang pengawasan pemerintah.
References
Books, Journals, Websites:
A. Fathan Taufik. “Indonesia’s Cyber Diplomacy Strategy as A Deterrence Means yo Face the Threat in the Indo-Pacific Region.” Journal of Physics: Conference Series. The International Conference on Defence Technology (Autumn Edition, 2020): 5. https://doi:10.1088/1742-6596/1721/1/012048
A. Nugroho. “Personal Data Protection in Indonesia: Legal Perspective.” International Journal of Multicultural and Multireligious Understanding 7, No. 7 (2020): 183-189.
Ashley Deeks. Defend Forward and Cyber Countermeasures 2, Hoover Inst. Working Group on Nat’l Sec., Tech., and L., Aegis Series Paper No. 2004, 2020. https://www.hoover.org/research/defend-forward-and -cyber-countermeasures (noting that “many states view the [Draft Articles] as reflecting customary international law”).
Budi Rahardjo. “7 The State of Cybersecurity in Indonesia.” In Digital Indonesia. Singapore: ISEAS Publishing, 2017. https://doi.org/10.1355/9789814786003-007.
Cabinet Secretariat of The Republic of Indonesia. “Indonesia’s Foreign Policy Priorities in 5 Years Ahead,” Accessed November 9, 2021. https://setkab.go.id/en/indonesias-foreign-policy-priorities-in-5-years-ahead/
Center for Indonesian Policy Studies. “Protecting People: Promoting Digital Consumer Rights.” Accessed September 27, 2021. https://www.cips-indonesia.org/digital-consumer-rights-pp27.
Djafar, W., Sumigar, F., & all. Perlindungan Data Pribadi di Indonesia: Ulasan Pelembagaan Dari Perspektif Hak Asasi Manusia. Jakarta: ELSAM Press, 2016.
Gliddheo Algifariyano Riyadi. “Policy Brief No. 7: Data Privacy in the Indonesian Personal Data Protection Legislation.” Center for Indonesian Policy Studies, March, 2021.
Heidy Tworek & Paddy Leerssen. “An Analysis of Germany’s NetzDG Law.” Translantic Working Group, A working paper of the Transatlantic High-Level Working Group on Content Moderation Online and Freedom of Expression (April 15, 2019). https://www.ivir.nl/publicaties/download/NetzDG_Tworek_Leerssen_April_2019. pdf.
Human Rights Watch. “Indonesia: Suspend, Revise New Internet Regulation.” Accessed September 21, 2021. https://www.hrw.org/news/2021/05/21/indonesia-suspend-revise-new-internet-regulation.
Ido Kilovaty. Evaluation in the Light of the Tallinn Manual on the International Law Applicable to Cyber Warfare, Cyber Warfare and The Jus Ad Bellum Challenges (2014).
Kementerian Komunikasi dan Informasi Republik Indonesia. “DPR telah Adakan Rapat Dengar Pendapat Umum terkait RUU PDP.” Accessed September 27, 2021. https://aptika. kominfo.go.id/2020/07/dpr-telah-adakan-rapat-denger-pendapat-umum-terkait-ruu-pdp.
Kosseff Jeff. Cybersecurity Law. United States: Wiley, 2019. https://platform.virdocs.com/r/s/0/doc/1488325/sp/156513543/mi/507507143?cfi=%2F4%2F2%2F6%2F4%5Bhead-2-98%5D%2C%2F1%3A0%2C%2F1%3A0.
Laila Afifa. “6 Major Data Breach Cases in Indonesia in Past 1.5 Years.” Tempo. September 3, 2021. https://en.tempo.co/read/1501851/6-major-data-breach-cases-in-indonesia-in-past-1-5-years.
Martha Finnemore & Duncan B. Hollis. “Beyond Naming and Shaming: Accusations and International Law in Cybersecurity,” European Journal of International Law, (forthcoming 2020) (manuscript at 12). https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3347958.
Muhamad Rizal and Yanyan M. Yani. “Cybersecurity Policy and Its Implementation in Indonesia.” Journal of ASEAN Studies 4, No. 1 (2016).
NCSI Project Team e-Governance Academy. “National Cyber Security Index 2020.” Accessed October 1, 20201. https://ncsi.ega.ee/country/id/
Nikkei Asian Review. “ASEAN Remains Prime Target for Cyberattacks.” Accessed 8 February, 2018. https://asia.nikkei.com/Business/Business-trends/ASEAN-remains-prime-target-for-cyberattacks.
Noor Halimah Anjani. “Policy Brief No. 9: Cybersecurity Protection in Indonesia.” Center for Indonesian Policy Studies, March, 2021.
Paul C. Ney Jr. General Counsel, Dep’t of Def. DOD General Counsel Remarks at U.S. Cybe Command Legal Conference (March 2, 2020). https://www.defense.gov/Newsroom/Speeches /Speech/Article/2099378/dod-general-counsel-remarks-at-us-cyber-command-legal-conference/
Setiadi, F., Sucahyo, Y. G., & Hasibuan, Z. A. “An Overview of the Development Indonesia National Cyber Security.” International Journal of Technology & Computer Science (IJTCS) 6, (December 2012): 111.
The ASEAN Post. “Southeast Asia Cybersecurity Emerging Concern.” Accessed 20 May, 2018. https://theaseanpost.com/article/southeast-asias-cybersecurity-emerging-concern
The Ministry of Defense of the Republic of Indonesia. A Road Map to Cyber Defense National Strategy. Jakarta: The Ministry of Defense of the Republic of Indonesia, 2013.
The Indonesian National Cyber and Crypto Agency. Annual Report 2020: Cybersecurity Monitoring. Jakarta: BSSN, 2020.
The Indonesian National Cyber and Crypto Agency. Indonesia National Cyber Security Strategy. Jakarta: BSSN, 2020.
The Indonesian National Cyber and Crypto Agency. “Cyberattack Data (January – April 2020).” Accessed October 1, 2021. https://bssn.go.id/rekap- serangan-siber-januari-april-2020.
The International Telecommunication Union. Global Cybersecurity Index 2020: Measuring Commitment to Cybersecurity. Geneva: ITU Publications, 2021.
The Software Alliance. “Asia-Pacific Cybersecurity Dashboard.” Accessed September 17, 2021, www.bsa.org/APACcybersecurity.
The World Bank. "Ensuring a More Inclusive Future for Indonesia through Digital Technologies." Accessed October 5, 2021. https://www.worldbank.org/en/news/press-release/2021/07/28/ensuring-a-more-inclusive-future-for-indonesia-through-digital-technologies.
UN Human Rights Council, Report of the UN High Commissioner for Human Rights, A/HRC/39/29, para. 18.
US Cyber Command. Achieve and Maintain Cyberspace Superiority: Command Vision for US Cyber Command (2018). https://www.cybercom.mil/Portals/56/Documents/USCYBERCOM %20Vision%20April%202018.pdf?ver=201806-14-152556-010.
US Cyber Command. The Fiscal Year 2021 Budget Request for U.S. Cyber Command and Operations in Cyberspace: Hearing Before the H. Comm. on Armed Servs., Subcomm. on Intelligence and Emerging Threats and Capabilities, 116th Cong. 44 (2020).
US Department of Defense. Summary: Department of Defense Cyber Strategy (2018), https://media.defense.gov/2018/Sep/18/2002041658/-1/1/1/CYBER_STRATEGY_SUMMARY _FINAL.PDF
W. Owens Et Al., Eds. Technology, Policy, Law, And Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities. National Research Council, 2009.
Wight M. System of States. Leicester: Leicester University Press, 1979.
Laws and Regulations:
Undang-Undang Republik Indonesia Nomor 11 Tahun 2008 tentang Informasi dan Transaksi Elektronik, Lembaran Negara Republik Indonesia Tahun 2008 Nomor 58, Tambahan Lembaran Negara Republik Indonesia Nomor 4843.
Undang-Undang Republik Indonesia Nomor 19 Tahun 2016 tentang Perubahan Atas Undang-Undang Republik Indonesia Nomor 11 Tahun 2008 tentang Informasi dan Transaksi Elektronik, Lembaran Negara Republik Indonesia Tahun 2016 Nomor 251, Tambahan Lembaran Negara Republik Indonesia Nomor 5952.
Peraturan Pemerintah Republik Indonesia Nomor 71 Tahun 2019 tentang Penyelenggaraan Sistem dan Transaksi Elektronik, Lembaran Negara Republik Indonesia Tahun 2019 Nomor 185, Tambahan Lembaran Negara Republik Indonesia Nomor 6400.
Peraturan Menteri Komunikasi dan Informatika Republik Indonesia Nomor 5 Tahun 2020 tentang Penyelenggara Sistem Elektronik Lingkup Privat, Berita Negara Republik Indonesia Tahun 2020 Nomor 1376.
United States Code Title 18 – Crimes and Criminal Procedure
Recommended Citation
Fatihah, Citra Yuda Nur
(2021)
"Establishing A Legitimate Indonesia’s Government Electronic Surveillance Regulation: A Comparison with The U.S. Legal Practices,"
Indonesia Law Review: Vol. 11:
No.
3, Article 6.
DOI: 10.15742/ilrev.v11n3.6
Available at:
https://scholarhub.ui.ac.id/ilrev/vol11/iss3/6
Included in
Comparative and Foreign Law Commons, Computer Law Commons, Fourth Amendment Commons, Internet Law Commons, Science and Technology Law Commons, Transnational Law Commons