Indonesia needs to fix 'authoritarian' clauses in bill on cyber security before passing it into law

Indonesia, a country with the fifth-highest number of internet users in the world, plans to issue its first law on cyber security this month.

Currently, Indonesia’s law enforcement institutions are not equipped with adequate laws and tools to combat cyber threats. A law on cyber security is urgently needed as Indonesia deals with an increasingly high level of cyber threats.

But, before passing the bill into law, legislators must resolve some problematic articles in the legislation. The bill as it stands poses a serious threat to citizens’ freedom of speech and will create a body that will be above law enforcement institutions.

The law will arm the state in the fight against cyber threats. It will appoint the country’s cyber and encryption agency as the implementing body to coordinate with the armed forces, police, attorney-general’s office, intelligence bodies and other government ministries and institutions.

The urgency

Indonesia was home to 150 million internet users in January 2019, a 13% increase in a year. The country’s poor cyber security system renders them prone to cyber attacks.

At least 232.45 million cyber-attacks against Indonesia were recorded in 2018, compared to 205 million attacks in 2017. In May 2019 alone, 1.9 million cyber-attacks were recorded. It is estimated these attacks can cause Rp478.8 trillion (US$33.7 billion) in losses. That’s equal to almost a fifth of Indonesia’s state budget next year.

Once the bill is passed, Indonesia will be the latest Southeast Asian country with a cybersecurity law after Singapore, Thailand and Malaysia.

Indonesia urgently needs to pass this bill as the country still does not have a specific law on cyber security. Indonesia only has two cyber-related regulations: Law on Electronic Information and Transactions and a Government Regulation on the Implementation of Electronic Systems and Transactions. Neither deals with cyber threats.

Therefore, Indonesia’s House of Representative took the initiative and drafted the cybersecurity bill in October 2018 with a target date of September this year to pass it into law.

The criticism

However, many criticise the deliberation process as being rushed.

Some fear the dominant role of the implementing body may turn it into a super agency, placing it above other law enforcement institutions. This is problematic as the agency is not a law enforcement institution.

The bill also gives authority to the agency to determine the scope and advanced procedures in dealing with cases. But it provides no detail on how we can monitor the agency’s work. This creates the potential for abuses of power.

Others think the bill may violate human rights.

Under the bill, the government, through the implementing body, can censor content deemed dangerous. But there are no detailed criteria on what constitutes dangerous content.

Critics fear this authority might endanger people’s freedom of speech as the government could use this law to censor content that might threaten the regime’s interests.

Possible solutions

Before passing it into law, the legislators must conduct more hearings with related stakeholders to receive more inputs. For example, they should involve human rights activists to ensure the law protects human rights. In the end, these discussions will help the legislators resolve the challenges presented by the bill in its current form.

The government should also consider preparing supporting regulations to help with implementation of the law.

Unless legislators revise the problematic clauses, Indonesia will be protected against cyber threats, but to the detriment of citizens’ rights.