Indonesian Legal Framework for Cybersecurity Oleh :

Indonesian Legal Framework for Cybersecurity Oleh : Dr. Edmon Makarim, S.Kom, SH, LLM Presented in NISC International Symposium, Japan., 24 October 2013

CV Name : Edmon Makarim Education : 1988-1993, S.Kom (computer degree), Informatics Management, Universitas Gunadarma. 1989-1994, S.H. (law degree), Economics Law, FH-UI 2002-2004, LL.M. (Lex Legibus Master/Master in Law), Comparative Law, University of Washington School of Law, Seattle. 2004-2009, Doctor (Doctoral of Law Sciences, FHUI, Depok). Experience : 1994-1996, Assistant of Lawyer ( SHR Law Firm ) 1996-1999, In-house Legal Counsel ( Sisindosat telematics co) Jan 2008-Dec 2009, Legal Advisor to the Informatics and Communication Ministry (Depkominfo). 1995- present, Lecturer in Telematics Law and IP Law, Associate Professor, (Chairman of Research Institute for Technology Law) 2012-present, Arbiter of Indonesian IP Arbitration (BAM-HKI) 2012-present, Members of Advisory Council of Telematics Society (MASTEL) 2013-skrg, Members of Advisory Council of Jakarta Municipal Public E-mail : Information Commissioners (Komisi Informasi DKI Jakarta). edmon_makarim@yahoo.com & edmon@ui.ac.id

MODERN STATE Shifting from structural approach to the functional approach of the governmental activities STATE: Good & Clean Governance Public-Private Partnership PRIVATE: Good Corporate Governance Public services SRO s CSR Good Information Governance??? CIVIL SOCIETY: NGO s welfare state Neo-liberalism National Wealth Creation

Ethics: Privacy, Accuracy, Property, Accessibility/Availability Responsibility Accountability Due Process Liability Constitutional Rights & Liabilities Constitution UUD-NRI 1945 (Amend 1-4) Intenational Instruments of Human Rights: Freedom of Expression Access to knowledge Access to technology Access to administration Privacy, Dignity & Reputation Right Against Self-Incrimination Due Process of Law Const l. Liabilities Ps.27 (1), 28 i-j, 30, 31 Other Countries Constitution Individual Rights + Public Interest Freedom of Expression Privacy (Anonymity, Reputation) Property Access to Public Information Rights Against Self Incrimination Government Obligation: Public Trust Obligation Public infrastructure People/citizen Administration E-voting Security etc Government liabilities? Legislation Products and Cases

Indonesian Constitution 1945: CHAPTER XII, DEFENSE AND SECURITY ** ) Article 30 (1) Every citizens have the right and duty to participate in the defense and security of the country. ** ) (2) The defense and state security system implemented through the community defense and security of the people by the Indonesian military and the Indonesian National Police of the Republic of Indonesia, as a major power, and the people, as a supporting force. ** ) (3) the Indonesian Armed Forces consist of the Army, Navy and Air Force as a tool of state has the duty to maintain, protect, and maintain the integrity and sovereignty of the country. ** ) (4) The State Police of the Republic of Indonesia as a means of maintaining state security and public order duty to protect, shelter, serving the community, and to uphold the law. ** ) (5) The structure and position of the Indonesian Armed Forces, Indonesian National Police, Indonesian National Armed Forces of authority relations and the Indonesian National Police in conducting their duties, citizen participation requirements in the defense and security set of Law. ** ) (1) Tiap-tiap warga negara berhak dan wajib ikut serta dalam usaha pertahanan dan keamanan negara. **) (2) Usaha pertahanan dan keamanan negara dilaksanakan melalui sistem pertahanan dan keamanan rakyat semesta oleh Tentara Nasional Indonesia dan Kepolisian Negara Indonesia Republik Indonesia, sebagai kekuatan utama, dan rakyat, sebagai kekuatan pendukung. **) (3) Tentara Nasional Indonesia terdiri atas Angkatan Darat, Angkatan Laut dan Angkatan Udara sebagai alat negara bertugas mempertahankan, melindungi, dan memelihara keutuhan dan kedaulatan negara. **) (4) Kepolisian Negara Republik Indonesia sebagai alat negara yang menjaga kemanan dan ketertiban masyarakat bertugas melindungi, mengayomi, melayani masyarakat, serta menegakkan hukum. **) (5) Susunan dan kedudukan Tentara Nasional Indonesia, Kepolisian Negara Republik Indonesia, hubungan kewenangan Tentara Nasional Indonesia dan Kepolisian Negara Republik Indonesia di dalam menjalankan tugasnya, syaratsyarat keikutsertaan warga negara dalam usaha pertahanan dan keamanan diatur dengan undangundang. **)

National Security vs Cybersecurity National Security Cybersecurity E-commerce E-government cybercrime 1) What is cyber-security...? 2) What s the Correlation with the Cybercrime and National Security..? 3) Is there any liabilities for all stakeholders: community, private and government?

Sources: http://www.pco-bcp.gc.ca Regional?

(ITU => Cybersecurity) Cybersecurity is the collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance and technologies that can be used to protect the cyber environment and organization and user s assets. [Organization and user s assets include connected computing devices, personnel, infrastructure, applications, services, telecommunications systems, and the totality of transmitted and/or stored information in the cyber environment]. Cybersecurity strives to ensure the attainment and maintenance of the security properties of the organization and user s assets against relevant security risks in the cyber environment. The general security objectives comprise the following: Availability; Integrity,( which may include authenticity and non-repudiation); Confidentiality The Global Cybersecurity Agenda has seven main strategic goals, built on five work areas: 1) Legal Measures => cybercrime legislation 2) Technical and Procedural Measures => End users and businesses (direct approach); and Service providers and software companies 3) Organizational Structures => highly developed organizational structures, avoid overlapping, 4) Capacity Building & User s education => public campaigns + open communication of the latest cybercrime threats 5) International Cooperation => Mutual Legal Assistance of the LEA s

Mapping of Indonesian Criminal Laws Particular Law Indonesian Penal Code (KUHP) Indonesian General Criminal Procedural Code (KUHAP) Press Human Rights corruption Broadcasting Pornogrpahy telecomm terrorism UU-ITE Corporate Document Money & Archives laundering Extraordinary Procedural Law IPR s tax Public services Freedom Of Information

Related Laws Law 11/2008 Electronic Information Transaction Law 14/2008, Public Information Law 23/2006. Citizen Administration Law 25/2009 Public Services Law 43/2009 Archives Law 36/2009 Telecommunication Law 32/2002 Broadcasting etc Law 02/2002, Police Law 16/2004, Prosecutor Law 48/2009, Judiciary Power Law 03/2002, Defense Law 17/2011, Intelligent Law 15/2003 Terrorism Notes e-transaction, e-signature e-government cyber-crime privacy and data protection invistigation, evidence and due process Maximum Access limited exemption Citizen Data Protection GCG etc Monitoring and Surveillance => Interception Preventive and Repressive Action => Law Enforcement Mutual Legal Assistance (Law 1/2006)

Long journey for Indonesian ICT Policy Reformation Age TKTI (Tim Koordinasi Telematika Indonesia National IT Framework 2001 (a). Formulate the general policies and strategic direction of national development, through utilization of ICT ; (b). Conducting research in the completion of the steps set the strategic issues that arise in the context of ICT development ; (c). To coordinate with the national agency Central Government / Local, state / local enterprises, World of Business, Professional Institutions, and the ICT community, and society in general in the context of ICT development ; (d). Provide approval for the implementation of ICT programs that cut across departments in order to be effective and efficient. Sisfonas Inpres 6/2001 (+) ICT Framework/Kerangka TIK Nusantara (KARTIKA), (+) ICT Evaluation Charter/ Piagam Evaluasi TIK (EVATIK), (+) National ICT Governance/ Guidance Pedoman TIK Nasional, (+) CA Guideline/Pedoman Certification Authority (+) RPP/Perpres E-government, dst Inpres 3/2003 Detiknas Kepres 20/2006. (i) e-education, (ii) e-procurement, (iii) National Single Window (INSW), (iv) e-budgetair, (v) National ID, (vi) Palapa Ring, (vii) Legalization Software.

National IT Framework + INPRES 3/2003 E-gov: Architectural Framework Civil Society based on IT Which has competitive advantage in year 2020, In supporting the unity of Republic of Indonesia Funding Mechanism with The new paradigm E-Commerce utk ekonomi kerakyatan E-education E Government for Good Governance IT for Society/ E-society E-Democracy Funding Mechanism with the new paradigm Infrastructure and Supporting Components: Infrastructure of information/computer/telecommunication (ICT), Human Resources, Cyber Law/Legal Framework

Institutional concept INCS: Synergy of Various Organizations To counter cyber attacks in the world, at the national level need to be made strong organization. Without having the right organizational structure is very difficult for a country to anticipate threats and attacks. This organization is a form of leadership that will be important for coordination among relevant institutions. Institutional INCS (Detiknas, 2013) The concept of the Indonesian National Cyber Security organization consists of a collection of organization, filled by competent human resources from a variety of fields. The picture is an illustration of the concept of INCS organization consisting of a variety of organizations.

Organizational Framework INCS Homeland Security Protect cyberspace environment Executive Coordinator Team Intelligence Preventive and capacity building Defense Protect militer cyberspace environment Coordinator-Incident Response Team Law Enforcement Investigation and prosecution of criminal in cyberspace Strategic Level President and Ministers Tactical Level Senior Experts, Practisioner, Academicians, Civil Servants Incident Response Team Gov-Cert Military-cert Banking-Cert Education- Cert Sectoral Level... Operational Level Experts, Practisioner, Academicians, Civil Servants Critical Infrastructure National ICT Council, 2013

Tactical Level: Mapping the Field Work Focus Ministries and Institutions Coordinator Coordination KEMENKOPOLHUKAM Homeland Security Intelligence Defense Law Enforcement Protect cyberspace environment Preventive and capacity building Protect militer cyberspace environment Investigation and Prosecution of criminal in cyberspace KEMKOMINFO BIN LEMSANEG KEMDIKBUD KEMHAN TNI POLRI KEJAKSAAN Coordinator-Incident Response Team

Human Resources Qualified Human Resources for Security are needed to handle and to protect the cyberspace in Indonesia. In fact, the condition of the human resource in the field of information security in Indonesia is still limited. However, Indonesia has a huge potential number because many universities and graduation are very large in the field of ICT, which became the basis for the field of Security.. Information Security Consultant Information Security Administrator Information Security Manager Chief Security Officer Information Security Technician/Engi neer Physical Security Manager Physical Security Officer Piramida SDM Keamanan Siber (Detiknas, 2013)

ASEAN ICT Master Plan 2015

Characteristic of ASEAN Region Most ASEAN country are communal, paternalistic and religious + tolerant (local wisdom) => adopted as public/society norms Some of ASEAN country had already combined the European Continental tradition, Common Law tradition and customary + religious tradition in their National legal system ASEAN want to be integrated as one community

Cyber security policy directions to achieve ASEAN ICT Masterplan 2015 Harmonizing the ASEAN Cyberlaw=> Appreciation and Acknowledging of national/community norms (rights and liabilities) => blocking and filtering to the Illegal Content Harmonization between ASEAN member s Cyber security policy and regulation the coordination centre to establish comprehensive, active and united ASEAN Harmonizing the ASEAN National e-authentication Framework => National e-id Management, Cyber-notary to facilitate the exchanging public document (e-apostille). Harmonizing the Cryptography policy and regulation of ASEAN countries Harmonizing the trusted/trustworthy list => e-system Provider which were Registered, Accredited and Certified in order to have mutual cross-border recognition => ASEAN Trustmark trusted list Interoperability between National Root CA and/or Private Root CA => ASEAN Bridging CA for Cross-border certificate Harmonizing the e-public services between the ASEAN members countries Crossborder coordination (24/7 network) => Government and Private incident response (CERT) + cybersecurity council of each state s member ASEAN Mutual Legal Assistance

Thank You Capacity Building: Indonesia Sentra Eyes melambangkan wawasan Smile melambangkan optimisme Lamp/Idea melambangkan HKI Chip melambangkan penguasaan ICT Hub Indonesia Sentra Geografis Dunia

ASEAN Fundamental Principles the ASEAN Member States have adopted the following fundamental principles, as contained in the Treaty of Amity and Cooperation in Southeast Asia (TAC) of 1976: Mutual respect for the independence, sovereignty, equality, territorial integrity, and national identity of all nations; The right of every State to lead its national existence free from external interference, subversion or coercion; Non-interference in the internal affairs of one another; Settlement of differences or disputes by peaceful manner; Renunciation of the threat or use of force; and Effective cooperation among themselves.

ASEAN Community The ASEAN Community is comprised of three pillars, namely: the ASEAN Political-Security Community, ASEAN Economic Community and ASEAN Socio-Cultural Community. Each pillar has its own Blueprint, and, together with the Initiative for ASEAN Integration (IAI) Strategic Framework and IAI Work Plan Phase II (2009-2015), they form the Roadmap for and ASEAN Community 2009-2015

ASEAN CHARTER The ASEAN Charter serves as a firm foundation in achieving the ASEAN Community by providing legal status and institutional framework for ASEAN. It also codifies ASEAN norms, rules and values; sets clear targets for ASEAN; and presents accountability and compliance. The ASEAN Charter entered into force on 15 December 2008. A gathering of the ASEAN Foreign Ministers was held at the ASEAN Secretariat in Jakarta to mark this very historic occasion for ASEAN. With the entry into force of the ASEAN Charter, ASEAN will henceforth operate under a new legal framework and establish a number of new organs to boost its community-building process. In effect, the ASEAN Charter has become a legally binding agreement among the 10 ASEAN Member States.