Presentation on theme: "Prevention and Eradication in Indonesia"— Presentation transcript:
1 Prevention and Eradication in Indonesia Cyber-terrorismPrevention and EradicationinIndonesiaNovember 2008Edmon Makarim, S.Kom., S.H., LL.M.Department of Telecommunication and InformationRepublic of Indonesia
2 CyberterrorismThe use of the Internet for terrorist purposes, such as:(a) attacks via internet that cause damage not only to essential electronic communication systems and the IT infrastructure but also to other infrastructures, systems, and legal interests, including human life public utility damage(b) dissemination of illegal content, including threatening with terrorist attacks; inciting, advertising, and glorifying terrorism; fundraising for and financing of terrorism; recruiting for terrorism; and dissemination of racist and xenophobic material; as well as(c) other logistical uses of IT systems by terrorist, such as internal communication, information acquisition, and target analysis[ Prof. Dr. Dr. h.c. Ulrich Sieber and Phillip W. Brunst. Cyberterrorism – the Use of the Internet for Terorist Purpose. (expert report), Council of Europe, December p.11]
3 Existing Law and Regulations (1) Indonesian Penal Code (KUHP) => 335 & 336Law No.36 Year 1999 concerning Telecommunication => 38 jo 55Law No.15 Year 2003 concerning Eradication of Terrorism (“Law of Terrorism”)President Regulation No.7 Year 2005 concerning Mid Term National Development Plan for year (RPJM) particularly in Attachment Chapter VI concerning Terrorism,Law No.11 Year 2008 concerning Electronic Information and Transaction (“Law of EIT”)+ Ministerial Decree No.166/Kep/M.Kominfo/11/2006 concerning Indonesia Security Incident Responses Team On Internet Infrastructure (ID-SIRTII) <=> ID-CERT
4 Law No.15 Year 2003In Article 6, it is stipulated that any person committed intentionally violence or threat of violence that cause situation of terror or fear toward a persons broadly or cause massive victims by seizure other freedom or lost of life or possession, or cause damage or destruction of strategic vital objects, or environment or public facilities or international facilities, shall be liable to be sentenced for death sentence, or whole life imprisonment, or imprisonment for minimum f (four) years and maximum 20 (twenty) years.While in Article 7, it is stipulated that any person committed intentionally violence or threat of violence which intention is to cause situation of terror or fear toward person broadly or cause massive victims by seizure other freedom or lost of life or possession, or cause damage or destruction of strategic vital objects, or environment or public facilities or international facilities, shall be liable to be sentenced for maximum whole life imprisonment.
5 Relevant Law and Regulations (2) Law No.19 Year 2002 concerning Copyright => art (4)President Instruction concerning E-GovPresident Decision concerning Board of National IT and CommunicationMinistry Regulation concerning Guidance of the National IT GovernanceEtc.
6 Case AterrorThe case is dispatch of s which contain terror by a woman to her ex boyfriend who run away and married other woman in United States. Because of her hatred toward him, she had sent s by other name to his relatives, school and church where the marriage would be held.the perpetrator was charged with primary charge Article 226 of Indonesia Criminal Code and subsidiary charge Article 335 paragraph (1) of the Code. The perpetrator was also charged with Article 7 of Law of Terrorism provides sentence for any one who has intention to cause situation of terror or fear broadly
7 Case BThe second case is a set up of a site to disseminate information contain terrorism (www.anshar.net). This site was purposed to facilitate communication between them and to facilitate to teach to internet users how the terror conducted.under Registration Case No. 84/PID/B/2007 PN SMG, at least the perpetrator was charged Article 13 point (c) of Law of Terrorism which provide sentence for any person who gives aid or facility for perpetrator of the terrorism criminal act, particularly in this context is communicating through internet.
8 REGISTRASI HOSTING & DOMAIN website : http://www.anshar.net MAX FIDERMAN als MAPGG. Pangeran Cendono Rt. 04/05Dawe Kudus Jawa TengahRegistrasihostingdomainIsi form registrasi :- Isi- Minta konfirmasi utk pembayaran- Isi form data kartu kreditSubmit data kartu kredit curianhosting = 300 £ per yeardomain = 60 $ US per year“online”QITALISI CONTENTUP LOAD TEMPLATE
9 LAPORAN POLISI NO.POL : LP-A/…./VIII/2006/SIAGA…… TGL……. AGUSTUS 2006 TTG TINDAK PIDANA TERORISMPASAL 7,13 huruf c UU No 15 Tahun 2006UNSUR-UNSUR PASAL 7SETIAP ORANGSENGAN SENGAJA MENGUNAKAN KEKERASAN/ANCAMABERMAKSUD UTK MENIMBULKAN TEROR/RASA TAKUTSECARA MELUAS/MENIMBULKAN KORBANDG CARA MERAMPAS KEMERDEKAAN/HILANG NYAWA &HARTA BENDAPIDANA SEUMUR HIDUPTERSANGKAABDUL AZIS “qital”(Guru Komputer SMAdipekalongan)MAX FIDERMAN aliasMOHAMMAD AGUNG PRABOWOMahasiswa Fak Teknik ElektroUniversitas SemarangSAKSI-SAKSIBENY IRAWANANDI JATI TRISTIYANTOMARDI SISWO UTOMOPETUGAS BNI CBG SUTA USMADMIN ISPPETUGA LAB POLRIPRTUGAS POLRIAGUNG SETYADI Skom.“pakne” “salafuljihad”Dosen FTI UniversitasSTIKUBANKBARANG BUKTIDIGITAL MP3BLUETOOTH USBSIM CARD IM3 &MATRIX MILIK M AGUYNG PRABOWOHARDISK BARACUDA ATA IV ST 3200 II A 20 GB NO SERI 3HT4HM81BUKU TABUNGAN & PRINT OUT AN M AGUNG PRABOWO2 KOMPUTER MILIK IS & ISSAC TAYIB ( DPB)HARDISK LAB UNISBANKHP/CDR TLP AGUNG SETYADIHASIL DIGITAL EVIDENT LAB KOMPUTER FORENSICDLL
10 DETIKNAS (ICT National Council) => 7 Flagship Programs e-educatione-Procuremente-budgetNational Single WindowNational Identity NumberPalapa RingSoftware Legalization
11 EIT Outline Ch I : General Provisions Ch II : Principles and Purposes Ch III : Electronic information, document & signatureCh IV : Electronic System Provider (including CA)Ch V : Electronic TransactionCh VI : Domain Name, IPR & PrivacyCh VII : Prohibited Act (Crime)Ch VIII : Dispute ResolutionCh IX : Government Role & Public ParticipationCh X : InvestigationCh XI : Criminal SanctionCh XII : Transition ProvisionCh XIII : Closing
12 Chapter I General Provisions Electronic Information (EI) : electronic data or collection of electronic data include but not limited to writing, sound, picture, map, planning, photo, electronic data interchange, , telegram, telex, telecopy, or alike letter, sign, number, access code, symbol, or perforation which has meaning for or can be understood by a person through a particular process.
13 Electronic System (ES) : a set of electronic equipment and procedure to prepare, collect, process, analize, store, present, publish, and/or disseminate EI.Electronic Transaction (ET) : a legal action conducted by or through computer, computer network, or other electronic media.Electronic Document means every Electronic Information made, transmitted, sent, received, or stored on analog, digital, electromagnetic, optical, or the like, which can be seen, presented, and/or heard by means of Computer or Electronic System, include but not limited in writing, sound, picture, map, plan, photo or the like, letter, mark, number, Access Code, symbol, or perforation which has meaning or which can be understood by particular person
14 Chapter II Sphere of Application For:Every PersonConducts legal action regulated in ETIplace : in or outside Indonesialegal impact : in or outside Indonesiaharm Indonesia’s interests
15 Article 2 Principles and Purposes Certainty - Good FaithBenefit - Freedom to ChoosePrudent - Technology NeutralPurposesfacilitate Trade & EconomyJustice and legal certaintyTechnology Development
16 Chapter VII Prohibited Actions Article 27(1) Any person, committed intentionally and without right, distributes and/or transmits and/or enables the accessibility of the electronic information and/or the electronic document with indecent content.(2) Any person, committed intentionally and without right, distributes and/or transmits and/or enables the accessibility of the electronic information and/or the electronic document with gambling content.(3) Any person, committed intentionally and without right, distributes and/or transmits and/or enables the accessibility of the electronic information and/or the electronic document with humiliation and/or defamation content.(4) Any person, committed intentionally and without right, distributes and/or transmits and/or enables the accessibility of the electronic information and/or the electronic document with blackmail and/or threat content.
17 Article 28(1) Any person, committed intentionally and without right, disseminates hoaxes and misleading news that caused any loss to the consumers in an electronic transaction.(2) Any person, committed intentionally and without right, disseminates information with the aim to create hatred and hostility among individuals and/or certain communities based on ethnic-groups, religion, race and inter groups.Article 29Any person, committed intentionally and without right, sends the electronic information and/or the electronic document containing a threat or intimidation to be aimed at the target personally.
18 Article 30(1) Any person, committed intentionally and without right or violating the law, accesses a computer and/or an electronic system belong to the other persons using any method.(2) Any person, committed intentionally and without right or violating the law, accesses a computer and/or an electronic system using any method to obtain any electronic information and/or electronic document.(3) Any person, committed intentionally and without right or violating the law, accesses a computer and/or an electronic system using any method by breaking, trespassing, surpassing or hacking the security system.
19 Article 31(1) Any person, committed intentionally and without right or violating the law, intercepts or taps electronic information and/or an electronic document in a computer and/or a certain electronic system belongs to other person.(2) Any person, committed intentionally and without right or violating the law, intercepts the transmission of electronic information and/or electronic document which are closed to the public, from, to, and in a certain computer and/or an electronic system belongs to the other person that may or may not cause any change that changed, deleted and/or stop the process of transmission of the electronic information and/or the electronic document.(3) The interceptions as referred in Clause (1) and Clause (2) are prohibited except the interception for law enforcement by the police and attorney and/or other law enforcement institutions as stipulated by Law.(4) Further provisions on the interception procedure as referred to in Clause (3) shall be stipulated under the Government Regulation.
20 Article 32(1) Any person, committed intentionally and without right or violating the law, by any method whatsoever changes, adds, reduces, transmits, damages, eliminates, transfers and hides the electronic information and/or electronic document belongs to other person or public.(2) Any person, committed intentionally and without right or violating the law, by any method whatsoever changes or transfers electronic information and/or electronic document to the other electronic system belonging to the other person without right.(3) Any action set forth in Clause (1) causing a confidential electronic information and/or a confidential electronic document to be accessible by the public with the inappropriate data integrity.
21 Article 33Any person, committed intentionally and without right or violating the law, performs any action that caused disturbance to an electronic system and/or caused an electronic system operate not properly.Article 34(1) Any person, committed intentionally and without right or violating the law, produces, sells, procures to be used, imports, distributes, provides , or possesses:a. hardware or software of computer designed or specifically enhanced to facilitate the prohibited actions as referred to in Article 27 to Article 33.b. computer codes, access codes or similar to it which are designed to make an electronic system be accessible with the aim to facilitate any prohibited action as referred to in Article 27 to Article 33.(2) Any action as referred in Clause (1) is not a criminal action if it is being used to conduct a research, an electronic system test, with the aim to protect the electronic system alone legally and not violating the law.
22 Article 35 Any person, committed intentionally and without right or violating the law, manipulates, creates, changes, deletes, damages electronic information and/or electronic documents with the aim to make the electronic information and/or the electronic documents to be regarded as an authentic data.Article 36Every person shall be intentional and without right or break the law to carry on the action as referred toin Article 27 up to and including Article 34 implicated damage for other.
23 Summary of Ch VIIArticle 27, 28 & 29 => distributing illegal contentObscene/porn;Gambling;defamation;False statement;Hate-speech, racism or xenophobia;cyber stalkingSanction/punishment: max 6-12 years and/or penalty max 1-2 Billion (Art. 45)23
24 Max 10 years and/or penalty max 800 million (Art 47) Art 32 Illegal AccessMax 6-8 years and/or max million (Art 46 section (1), (2) and (3))Art 31Illegal InterceptionMax 10 years and/or penalty max 800 million (Art 47)Art 32Data InterferenceMax 8-10 years and/or penalty max 2-5 Billion (Art 48 section (1), (2) and (3))Art 33InterceptionMax 10 years and/or penalty max 10 B (Art 49)2424
25 Art 34 Art 35 Art 36 Misuse of Devices max 10 years and/or penalty max 10 B (Art 50)Art 35Computer Related Forgerymax 12 years and/or penalty max 12 B (Art 51)Art 36Computer Related Fraud25
26 Added Punishment (Art 52) IIf the indecent materials [Art 27 section (1)] concerning childrenBasic punishment + 1/3 of basic punishmentI If the activities destroying strategic dataGovernment data related with public services + 1/3 of basic punishmentStrategic data related with financial, defense, etc + 2/3 of basic punishmentWas done by corporation + 2/3 of basic punishment26
27 CHAPTER IX The Role of The Government & The Society Article 40(1) The government shall facilitate the utilization of information technology and electronic transaction pursuant to the provisions of the prevailing laws and regulations.(2) The government shall protect the public interests from all kinds of disorder as the result of the abuse of electronic information and electronic transaction that disrupt the public order pursuant to the prevailing laws and regulations.(3) The government shall decide the bureau or the institution possessing strategic electronic data that have to be protected.(4) The bureau or the institution as referred to in Clause (3) shall prepare the electronic document and its electronic backup and connect them to certain Data Centre in order to safeguard the data.(5) The other bureau or institution apart from those stipulated in Clause (3) shall make the electronic document and its electronic backup in accordance to the need for their data protection..(6) Further provisions on the role of government as referred to in Clause (1), Clause (2), and Clause (3) shall be stipulated under the Government Regulation.
28 Article 41(1) The society may involved to enhance the utilization of information technology by means of using and organizing the electronic system and the electronic transaction pursuant to this Law..(2) The role of the society as referred to in Clause (1) can be organized by an institution which is established by the society..(3) The institution as referred to in Clause (2) may have the function of consultation and mediation.
29 CHAPTER X Investigation Investigation shall be conducted based on provisions in Criminal Proceeding Law. (Art. 42)The Investigators are POLRI and PPNS. (Art. 43)Investigators shall pay attention on privacy aspect, confidential status, the continuation of public service, data integrity and public interest.
30 Evidences (Article 41) Investigation, prosecution and trial in court: Evidences are based on Laws and Regulations;Other evidences : (i) ED and (ii) EI.
31 Government Regulation Draft NEXT STEP:Government Regulation DraftImplementation of EITBoard of Trust mark Certification;Electronic Signature ;Electronic Certification Providers ;Electronic System Exertion ;Electronic Transaction ;Electronic Agent Exertion ;Domain Administrator ;Board of Strategic Data ;Lawful Interception31
32 OthersDraft of Ministry Regulation concerning Content Multimedia Guidance;Draft of Ministry Regulation concerning Spamming ;Draft of Government IT Security ;Draft of Ministry Regulation concerning CA ;Draft of Ministry Regulation concerning Standard Audit.
33 Others Revision of Company’s Filling & Documentation (e-filing) Draft of Law (Bill) concerning Data Protection ActDraft of Law (Bill) concerning IT/Cyber-crime Act