Indonesia needs to fix ‘authoritarian’ clauses in bill on cyber security before passing it into law

Indonesia, a country with the fifth-highest number of internet users in the world, plans to issue its first law on cyber security this month. Currently, Indonesia’s law enforcement

institutions are not equipped with adequate laws and tools to combat cyber threats. A law on cyber security is urgently needed as Indonesia deals with an increasingly high level of cyber

threats. But, before passing the bill into law, legislators must resolve some problematic articles in the legislation. The bill as it stands poses a serious threat to citizens’ freedom of

speech and will create a body that will be above law enforcement institutions. The law will arm the state in the fight against cyber threats. It will appoint the country’s cyber and

encryption agency as the implementing body to coordinate with the armed forces, police, attorney-general’s office, intelligence bodies and other government ministries and institutions. THE

URGENCY Indonesia was home to 150 million internet users in January 2019, a 13% increase in a year. The country’s poor cyber security system renders them prone to cyber attacks. At least

232.45 million cyber-attacks against Indonesia were recorded in 2018, compared to 205 million attacks in 2017. In May 2019 alone, 1.9 million cyber-attacks were recorded. It is estimated

these attacks can cause Rp478.8 trillion (US$33.7 billion) in losses. That’s equal to almost a fifth of Indonesia’s state budget next year. Once the bill is passed, Indonesia will be the

latest Southeast Asian country with a cybersecurity law after Singapore, Thailand and Malaysia. Indonesia urgently needs to pass this bill as the country still does not have a specific law

on cyber security. Indonesia only has two cyber-related regulations: Law on Electronic Information and Transactions and a Government Regulation on the Implementation of Electronic Systems

and Transactions. Neither deals with cyber threats. Therefore, Indonesia’s House of Representative took the initiative and drafted the cybersecurity bill in October 2018 with a target date

of September this year to pass it into law. THE CRITICISM However, many criticise the deliberation process as being rushed. Some fear the dominant role of the implementing body may turn it

into a super agency, placing it above other law enforcement institutions. This is problematic as the agency is not a law enforcement institution. The bill also gives authority to the agency

to determine the scope and advanced procedures in dealing with cases. But it provides no detail on how we can monitor the agency’s work. This creates the potential for abuses of power.

Others think the bill may violate human rights. Under the bill, the government, through the implementing body, can censor content deemed dangerous. But there are no detailed criteria on what

constitutes dangerous content. Critics fear this authority might endanger people’s freedom of speech as the government could use this law to censor content that might threaten the regime’s

interests. POSSIBLE SOLUTIONS Before passing it into law, the legislators must conduct more hearings with related stakeholders to receive more inputs. For example, they should involve human

rights activists to ensure the law protects human rights. In the end, these discussions will help the legislators resolve the challenges presented by the bill in its current form. The

government should also consider preparing supporting regulations to help with implementation of the law. Unless legislators revise the problematic clauses, Indonesia will be protected

against cyber threats, but to the detriment of citizens’ rights.