Executive Summary

INDONESIAN NATIONAL POLICY IN COMBATING CYBER-CRIME

I.Background

  1. The utilization of internet technology (or information technology) has become an integral part of people’s activities. Such development brings both positive and negative impacts at the same time. Internet makes it possible for people to do business in such a way that has been never done before. It can be found in a form of online trading, where people trade in a “virtual market”. The transaction is really there, but the physical market is not really there.
  2. The development, which creates a new “virtual world”, however, also creates a new realm for crimes to be committed. This brings a new kind of threats to the security and stability of the people in the world.

II.The Threats

II. A. Common global threats

  1. Cyber and other computer related crimes have been known to the world since the inception of internet technology. The realm of virtual world has created the so called a new breed of crime acts. Those crimes ranging from the spreading of computer viruses, which jeopardizes local computer system, then in its advancement jeopardizes a particular computer network up to the threats of cyber-terrorism.
  2. In narrow sense, Using internet or cyberspace to commit crime can be found in the forms of crime against online banking that includes credit card fraud, personal account thefts, and a particular bank’s forgery.
  3. In broader context, Internet, computer network (both local and wide area) as the target of a criminal act can be found in the forms of hacking, cracking, database deconstruction, network stability, spoofing and deployment of trojan viruses with intended damaging impact.

II. B. Indonesia’s challenge in cyber security

  1. To date, the most common cyber and other computer related crimes known to Indonesia are hacking, cracking, Credit card fraud, Internet Banking.According to the survey by the ClearCommerce, in 2002 Indonesiais the “second best” in the term of country of origin of carders in the world, after Ukraine. Whereas in 2003, Indonesia was the first in the term of credit card fraud in the world.
  2. The most recent modus of cyber-crime found in Indonesia is counterfeit online transaction. This is done by the deployment of a false online store website to attract buyers. Once a deal was made and a potential buyer transferred the money to a fake seller, the buyer got nothing but a missing a particular amount of money.
  3. Challenges that is faced the Government of Indonesia in dealing with cyber and other computer related crime are (i) the lack of resilient and reliable technical infrastructure (the internet connection is relatively slow and expensive), (ii) the lack of human resources skill, especially those of law enforcement agencies in the term of adequacy in information technology, (iii) the lack of legal basis to regulate cyber security.

III.Indonesian National Policy

III. A. General concept of Indonesian National Information System Policy

  1. Given such threats and challenges, the Government of Indonesia is developing a national information system that covers two major infrastructures, i.e. (i) the fundamental infrastructure, which mainly consists of human resources and regulation and (ii) technical infrastructure, which mainly consists of network security, application as well as content and data center protection.
  2. At national level, both infrastructures are aimed at the establishment of an “e-Indonesia” which will cover e-Governance, e-Learning, e-Banking, e-Commerce, e-Health and e-Finance.
  3. Indonesia’s National Information System Policy will enable all stakeholders in Indonesia to collaborate in establishing a secure and resilient information system society in Indonesia. This will also include promoting awareness of Indonesian people on information technology’s security. That way, cyber and other computer related crimes can be minimized.

III. B. Legal basis

  1. Currently, in deploying its national information system, the establishment of a legal basis for national information system policy is the focus of the Indonesian Government to deal with threats that emerge in relation with cyber and other computer related crime.
  2. Indonesia is currently finalizing a draft a Law on Information Technology and Electronic Transaction (ITET). This draft Law is to be the first Indonesian regulation with regard to the utilization of information technology and electronic transaction. This Law provides all law enforcement agencies in Indonesia with legal definition on matters related to information technology.
  3. The draft Law covers regulation on the following matters:
  4. Electronic documents and information;
  5. Comprehensive security of electronic mail;
  6. Electronic signatures;
  7. Electronic system services;
  8. Electronic transaction;
  9. Intellectual Property Rights;
  10. Privacy;
  11. Forbidden activities related to cyberspace;
  12. Dispute settlement;
  13. The Role of the Government;
  14. The Role of civil society;
  15. Investigation, and due process of law; and
  16. Criminal procedures.
  17. The draft Law encompasses violations as the followings:
  18. Website content abuses, which include child pornography, violation of the intellectual property rights.
  19. Crimes related to electronic transaction, which include credit card fraud, multilevel marketing fraud, and website forgery.
  20. Other cyber and computerrelated crimes such as cracking, denial of services attack, virus spreading, hijacking, backdoor attacking, etc.
  21. Such legal basis is needed to create law supremacy and to be used by law enforcement agencies to deal with cyber and other computer related crime. One example is that given the advancement of IT, evidence to be brought before the court may be present in digital form, such as data from a hard-drive, e-mails, and other electronic documents. Current Indonesia’sPenal Code has yet to recognize digital and electronic formats as valid evidence.
  22. However, in addition to Indonesia’s Penal Code, there are other Indonesia’s Laws and Regulations, which can be used as basis to prosecute cyber and other computer related crimes. Those are the (i) Law No. 19 of 2002 on Intellectual Property Rights, (ii) Law No. 36 on 1999 on Telecommunication, (iii) Law No. 8 of 1997 on the Security of Company Documents, (iv) Law No. 25 of 2003 on Money Laundering, and (v) Law No. 15 of 2003 on the Combating Terrorist Acts. Those Laws have recognized digital and electronic formats of evidences to be used in a proceeding.
  23. The enactment of future Law on ITET will provide the court with a stronger certainty and basis to accept evidences presented in digital and electronic formats, since it is specifically drafted to deal with cyber-crime.
  24. In addition, the Government of Indonesia is also finalizing a draft Law on Transfer of Funds, which, although does not specifically covers cyber-crime, can be used as a basis in dealing with cyber-crime. This draft law encompasses security in transfer of fund which is done by wire, electronic as well as online.
  25. To implement such Laws once they have been enacted, the Government of the Republic of Indonesia is also preparing drafts Government Regulation and Ministerial Regulation as follows:
  26. Draft Government Regulation on Electronic System Provider.
  27. Draft Government Regulation on Electronic Contract.
  28. Draft Government Regulation on Electronic Certification.
  29. Draft Government Regulation on Electronic Signature.
  30. Draft Government Regulation on Competence Certification Agency.
  31. Draft Ministerial Regulation on Domain Names.
  32. Draft Ministerial Regulation on the Guidelines of the Certification Authority Provider in Indonesia.

III. C. Technical Realm

  1. On technical realm, the Department of Communication and Information Technology, in cooperation with the Indonesian National Police and the Internet Community (the Indonesian Internet Providers Association) is currently working on the establishment of Indonesian Security Incident Response Team on Internet Infrastructure (ID SIIRTI) as the Indonesian computer emergency response team.
  2. Its vision is, among others, to create a disturbance free environment of internet infrastructure in Indonesia. Its mission is to increase network security of internet infrastructure, enhancing online transaction security, supporting law enforcement agencies in dealing with cyber-crime, and enhancing strategic partnership with other relevant agencies both nationally and internationally in dealing with cyber security.

III. D. What we’ve done so far

  1. In addition to the enactment of Laws related to cyber-crime, the Government of Indonesia has established a Working Group on Trans-National Organized Crime in 2005. The Working Group consists of four committees; one of them encompasses cyber crime. In conjunction, the Indonesian National Police also established its special cyber crime unit.
  2. With the aforementioned Laws and regulations, Indonesian law enforcement agencies have succeeded in dealing with cyber and other computer related crime. Those are, among others:
  3. In 2005, Indonesian National Police arrested Mr. Dani Hermansyah and brought him before the law for the crime of defacing the website of Indonesian General Election Commission (Komisi Pemilihan Umum / KPU).
  4. In the same year, Indonesian national police also arrested and prosecuted Mr. Steven Haryanto who committed an online banking website forgery, in an attempt to steal personal account records of the Bank Central Asia in Indonesia.
  5. In 2006, Cyber-crime unit of the Indonesian National Police intercepted an attempt to recruit new member by the Jamaah Islamiyah using internet (online recruitment).

III. E. What we should be aware of

  1. There is threats of cyber-terrorism, which may resulted in catastrophe by the misuse of internet by terrorist group or an attack to an important datacenter or computer networking system, which support vital infrastructure. This may include among others attack to computer system and network of the air traffic control, instrument landing system, and flight records. Attention should also be paid to computer network of nuclear facilities, and railways traffic control, just to name a few.
  2. The most possible relation in cyber-crime with terrorism in today’s interaction is misusage of online enabled transaction as a modus to finance their terrorist acts.

IV.Conclusion

  1. In enhancing each country’s comprehensive national anti cyber-crime policy and enhancing cyber security, there is urgency for countries to collaborate in dealing with recent and future threats of cyber crime and the potential of cyber terrorism. The collaboration may include:
  2. Technical assistance in establishing a secure and resilient national backbone as well as in accelerating the implementation of secure database and computer networking to support law enforcement agencies in combating cyber crime.
  3. Technical assistance in capacity building of law enforcement agencies in the realm of information technology, both in hardware and software wise as well as brain-ware wise. This may include personnel’s training cooperation.
  4. Capacity building in online investigation and digital forensic unit.
  5. Enhancing cooperation among ARF participant in combating cyber crime by among others establishing a mutual legal assistance.
  6. Enhancing real-time exchange of information and best practices including maximization of the utilization of the established international network such as the Interpol’s I-24/7.

* * * * *

Aji Surya

Deputy Diector for Intra-Regional Cooperation, Indonesian DFA