Cybercrime in Indonesia Essay

Even if Indonesia has not ratified or signed the Convention on Cybercrime yet, officially Indonesia has implemented almost all cyber crime provisions set forth in the Convention. These provisions are set out in several articles in Law No. 11 Year 2008 on Information and Electronic Transaction. The seven provisions, among others; offense related to child pornography, illegal access, illegal interception, data interference, system interference, misuse of devices, and computer related forgery. The provisions of computer-related fraud and attempt and aiding or abetting are no longer regulated under this Act due consideration has been accommodated by the existing provisions in the Penal Code. Likewise, some offenses related to infringements of copyright and related rights are deemed to have been sufficiently set forth in the Law on Intellectual Property Rights. In addition to the above provisions, the Law No.11/2008 is the merely cybercrime statute in Indonesia, which also includes provisions on e-commerce and e-signature referring to the UNCITRAL Model Law and the EU Directives on such subjects. This is by virtue of the awareness of regulator about inevitable legal convergence of telecommunications, media, and informatics. By means of the principle of neutrality and efficiency, this product of law will be able to encompass the three specialties. Moreover, hacking, according to BATAN is defined as ‘infiltrating or breaching activities into an electronic system without rights, which usually aim to misuse or damage the system.’ Identical definition of hacking is also proposed by David S. Wall which is ‘deliberate unauthorized access to spaces over which rights of ownership or access have already been established.’ Therefore, hacking can be incorporated into illegal access provisions. In the Article 30, there are three paragraphs that organize illegal access, inter alia; 1. ‘Setiap Orang dengan sengaja dan tanpa hak atau melawan hukum mengakses Komputer dan/atau Sistem Elektronik milik Orang lain dengan cara apa pun.’ It means ‘any person intentionally and without right or unlawful access to computers and/or electronic system belongs to any other person in any way.’ 2. Setiap Orang dengan sengaja dan tanpa hak atau melawan hukum mengakses Komputer dan/atau Sistem Elektronik dengan cara apa pun dengan tujuan untuk memperoleh Informasi Elektronik dan/atau Dokumen Elektronik. It means ‘any person intentionally and without right or unlawful access to computers and/or electronic system in any way aim at obtaining electronic information and/or document.’ 3. Setiap Orang dengan sengaja dan tanpa hak atau melawan hukum mengakses Komputer dan/atau Sistem Elektronik dengan cara apa pun dengan melanggar, menerobos, melampaui, atau menjebol sistem pengamanan.’ It means ‘any person intentionally and without right or unlawful access to computers and/or electronic system in any way by infiltrating, trespassing, surpassing, and breaking through a security system.’ The first offenses are to be punished with imprisonment up to 6 years either with or without an administrative fine of up to IDR 600 million. Meanwhile the second offenses are to be sentenced by imprisonment up to 7 years either with or without an administrative fine of utmost IDR 700 million. The latter is to be sanctioned by imprisonment up to 8 years either with or without an administrative fine of up to IDR 800 million. During the past four years since enactment, a myriad of hacking incidents have taken place in Indonesia . However, only two cases were successfully expressed and processed in court. The first case is a case of hacking (defacing) the Election Committee website in 2004 by Dani Firman. While the second case is a similar case against the website of one Indonesia’s largest party, Golkar, by Iqra Syafaat. In fact, according to data from the Association of Indonesian Internet Service Provider (APJII), in 2003, it has recorded 2267 cases of network incidents and in 2004 there were 1103 such cases. It can be concluded that the cases which fails to trial far less. Furthermore, another concern is phishing, defined as ‘the pursuit of personal financial information that is subsequently used to defraud the victim and relies upon the recipient’s inability to distinguish a bogus email from a real one.’ Hence, it should be categorized into ‘computer related forgery’ provision. Article 35 states ‘Setiap Orang dengan sengaja dan tanpa hak atau melawan hukum melakukan manipulasi, penciptaan, perubahan, penghilangan, pengrusakan Informasi Elektronik dan/atau Dokumen Elektronik dengan tujuan agar Informasi Elektronik dan/atau Dokumen Elektronik tersebut dianggap seolah-olah data yang otentik.’ It implies ‘any person intentionally and without right or unlawful manipulate, create, delete, alter, or suppress any electronic document and/or information with the intent that it be considered as if it were authentic.’ Accordingly, this breach is to be sentenced up to 12 years in prison and a maximum fine of IDR twelve million. Unfortunately, there is no case hitherto which is brought to court proceeding. Finally, rare incidents of cybercrime exposed and processed in court trial as the aforementioned are caused by several factors, inter-alia; the lack of awareness among users, the absence of single identity number, the reluctance of victims to report, the limitedness of infrastructure or equipment and devices in the field of IT, and also the lack of law enforcement officers who have expertise in the field of IT. ——————————————– [ 1 ]. Indonesia Law Number 11/2008 about Information and Electronic Transaction, entry into force on April 21,2008 [ 2 ]. See (n 1) art 27 and art 9 in Convention on Cybercrime, Council of Europe, entry into force on July 1, 2004 [ 3 ]. See (n 1) art 30 and art 2 in Convention on Cybercrime, Council of Europe, entry into force on July 1, 2004 [ 4 ]. See (n 1) art 31 and art 3 in Convention on Cybercrime, Council of Europe, entry into force on July 1, 2004 [ 5 ]. See (n 1) art 32 and art 4 in Convention on Cybercrime, Council of Europe, entry into force on July 1, 2004 [ 6 ]. See (n 1) art 33 and art 5 in Convention on Cybercrime, Council of Europe, entry into force on July 1, 2004 [ 7 ]. See (n 1) art 34 and art 6 in Convention on Cybercrime, Council of Europe, entry into force on July 1, 2004 [ 8 ]. See (n 1) art 35 and art 7 in Convention on Cybercrime, Council of Europe, entry into force on July 1, 2004 [ 9 ]. art 8 in Convention on Cybercrime, Council of Europe, entry into force on July 1, 2004 [ 10 ]. (n 9) art 11 [ 11 ]. (n 9) art 10 [ 12 ]. Indonesia has several Laws on IPR such as Law No.12/1997 about Copyright, Law No.29/2000 about Vegetal Variety Protection, Law No.30/2000 about Trade Secrecy, Law No.31/2000 about Industrial Design, Law No.32/2000 about Layout Designs of Integrated Circuits, Law No.14/2001 about Patent, and Law No.15/2001 about Trademark [ 13 ]. See UNCITRAL Mode Law on E-commerce on http://www.uncitral.org/pdf/english/texts/electcom/05-89450_Ebook.pdf and UNCITRAL Mode Law on E-signature http://www.uncitral.org/uncitral/uncitral_texts/electronic_commerce/2001Model_signatures.html accessed September 28, 2012 [ 14 ]. (n 1) Explanation [ 15 ]. BATAN is an Indonesian government institution which constitutes one of consulting agents of ICT, http://www.batan.go.id/sjk/uuite.html accessed September 29, 2012 [ 16 ]. Wall, David S, ‘Cybercrime: The Transformation of Crime in the Information Age’, (Polity Press 2008) 53 [ 17 ]. (n 1)