Indonesia cybersecurity law: Advancement of criminal justice to the digital victimization
The recent development of technology that brought the world into the era of industrial revolution 4.0 has created many impacts on human life. A decade back, we have felt both the good and bad effects on the development. These massive developments, for example, trigger to make economic fundamentals grow.
Research from INDEF and Persada Data Laboratory concluded that the contribution of the digital economy to the national economy amounted to 56.4 billion dollars or 5.5 percent of GDP throughout 2018. Indonesia’s digital economic growth is predicted to continue to increase in 2020 where it is estimated to reach 130 billion with an average annual growth of 50 percent. This is in line with World Market Monitor projections where the Indonesian digital economy would contribute 155 billion dollars to the national economy or 9.5 percent of GDP by 2025.
Unfortunately, the good effects on one side are always followed by bad effects on the other side. Based on data from the State Coding and Cyber Agency (BSSN), in 2018 there were more than 232 thousand potential cyber-attacks in which half of it was in the form of malicious software attacks. That number has increased compared to the threat of attacks throughout 2017.
Also, the Directorate of Cybercrime, Crime Investigation Unit of Indonesian Police (Bareskrim Polri) received 3,130 reports of cybercrime cases during January-July 2019. The crimes were dominated by online fraud (1,243 cases) with details of provocation content (1,136 cases), pornography (198 cases), illegal access (198 cases) 153 cases), and system hacking (126 cases).
For comparison, on a global scale, based on data from the Identity Theft Resource Center (ITRC), during 2018 there were 22 thousand more data stolen through system encryption or personal data burglary from internet users. There were also 1.4 billion passwords cracked through ransomware attacks. Data from the Norton Cybersecurity Insight Report also showed the same dangerous trend in which consumer losses due to cybercrime in Indonesia have reached more than 3.2 billion dollars.
According to the Positive Technologies analysis report, the company analyzes solutions for vulnerability assessment, compliance management, and threats, the victims who are most attacked by cybercrime are companies and private organizations, which is as much as 56 percent. The perpetrators of cybercrime are more targeted at economic benefits.
However, based on the report from Positive Technologies, we could also know that victims besides corporations and private organizations, there was no less than 44 percent of individual victims. Added by Effendy Ibrahim, Internet Safety Advocate & Director, Asia, Consumer Business, Symantec, cybercrime has created at least one million victims every day or 50,000 victims every hour.
Indonesia is under a real threat. Every detail of the above negative impact data shows that Indonesia is experiencing a real threat of cybercrime. Unfortunately, Indonesia does not yet have a strong policy and regulatory foundation in dealing with this condition.
My study entitled “Modernizing Indonesian Criminal Justice System Through Cybersecurity Policy (2020)” shows two things related to legal relations and the importance of cybersecurity regulations to respond to the development of technology. First, Indonesia has not been responsive in responding to the facts of the development itself. The lack of adequate and resilience regulation, both aims to prevent and overcome various forms (new modes) of cybercrime is proof that Indonesia has left behind other countries.
Second, the current handling of (criminal law) cases still relies on all conventional methods, including in dealing with those cybercrime cases. The implication is that the crime cannot be identified as a crime because there are no positive rules can be used as a legal basis. Moreover, it is believed that the pre-investigation and investigation cannot be carried out because it is considered to have no legal basis to follow up on the legal process.
The Draft of Cyber Security and Resilience Act (RUU KKS) which had invited a polemic is a form of leap in thinking in the development of cybersecurity regulations. The draft cannot yet determine the main problem of the cybersecurity issue in the Indonesia context specifically. For example, Indonesia has no personal data protection regulation yet as practically it should be made before the cybersecurity regulation.
For this reason, three main issues need to be considered while developing effective and relevant cybersecurity regulations. First, the arrangement related to the management of cybercrime cases. The use of technology must be possible and required in handling cases of high-tech crime, for example, the mechanism of Natural Language Processing (NLP).
Second, increasing the capacity of law enforcement to be able to deal with cybercrime cases more effectively. In the UK, police have used online crime reporting mechanisms including the use of artificial intelligence. For this reason, empowering law enforcement capacities is crucial, especially for the police in the initial stages of handling cases.
Third, the need to consider the protection of victims due to cybercrimes in more detail and comprehensive. It is undeniable that cybercrime has a difficult and complex character to be identified. Somehow, it is an invisible crime. Such character will result in victims who are also difficult to be identified (invisible victims).
For this reason, there is the concept of digital victimization could be considered. The concept raises the theoretical foundation of the redefinition of victims who needs to be protected. The digital victimization also proposes the handling of victims by optimizing the use of technology. These three points could be used as a basis for the re-discussion of the preparation of our cybersecurity regulations as soon as possible.
