Indonesian Regulation

in Prosecuting Cybercrime

Dr. Edmon Makarim., S.Kom., S.H., LL.M

Dosen Inti Penelitian FHUI dan Pengajar Hukum Telematika FHUi
Nama : Edmon Makarim
CV
Positions : Teacher & Researcher IPR‟s & Telematics/Cyber Law
 Faculty of Law, University of Indonesia
Education :
• 1988-1993, “S.Kom” (computer degree), Informatics
Management, Universitas Gunadarma.
• 1989-1994, “S.H.” (law degree), Economics Law, FH-UI
• 2002-2004, “LL.M.” (Lex Legibus Master/Master in Law),
Comparative Law, University of Washington School of Law,
Seattle.
• 2004-2009, “Doctor” (Doctoral of Law Sciences, FHUI, Depok).
Experience :
 1994-1996, Assistant of Lawyer (“SHR Law Firm”)
 1996-1999, In-house Legal Counsel (“Sisindosat telematics co)
 1995- present, Lecturer and Senior Researcher (Legal
Research for Technology Law)
 Jan 2008-Dec 2009, Legal Advisor to Information &
Communication Ministry
E-mail :
edmon_makarim@yahoo.com & edmon@ui.ac.id
 Outline
• Indonesian Regulations in prosecuting Cyber
crimes
– Criminal legal systems in Indonesia regarding the
evidence (negatief wettelijk bewijstelsel)
– Admissibility of digital evidence: requirements for
digital evidence to be admissible in the court
within the Indonesian criminal procedure system.
– Telecom’s companies’ liability in prosecuting
cybercrime pursuant to Indonesian Laws &
Regulations
• Relevant Case Studies
 Indonesian Legal System & Hierarchies
Constitution Constitutional Court
• ordinary/general court
=> criminal & civil cases
Supreme court • religious court
Laws • military court
• administrative court
• specialized court
President Government (corruption, tax, etc)
Regulation Regulation
Notes:
- Principles how to applied the laws:
- Lex superior derogat lege inferiori
Municipal Ministry
- Lex specialist derogat lege generalist
Regulation Regulation
- Lex posterior derogat lege priori
- Indonesian Penal Code (KUHP) =>
inheritance of the Netherlands colonization) +
new laws (particular crime or extraordinary
crime, special implementing agency + special
procedural code/investigation
 Mapping of Indonesian Criminal Laws
Specific Criminal Laws
Out of KUHP
Indonesian Penal Code
(general criminal code) Broadcasting
Pornogrpahy
telecomm IPR’s
(KUHP)
Press
Public
services
Human IET LAW
Rights (UU-ITE) Freedom
corruption Of Information

Indonesian General Criminal
Procedural Code
(Procedural Code/KUHAP)
Corporate
terrorism Document Money tax
& Archives laundering
Specific Criminal Procedural Code/
Out of KUHAP
(Specific Procedural Code)
 Human Rights protection => due process of law
• Constitution => human rights (art.28 A-28 J)
• Law No.39/1999 concerning Human Rights
– Every person have a right to have a protection of his personal, family, respect,
dignity, and his/her property (Art. 29)
– Freedom and confidentiality in correspondence including a communication by
electronic facilities cannot be interfered, unless based on the court order or any
other legitimate power according to laws and regulations. (Art. 32)
• Law No.48/2009 concerning Judicial Powers
– No one can be arrested, detained, searched, and seized, except based on written
order from legitimate power according to the ways was regulated by laws (Tidak
seorang pun dapat dikenakan penangkapan, penahanan, penggeledahan, dan
penyitaan, kecuali atas perintah tertulis dari kekuasaan yang sah dalam hal dan
menurut cara yang diatur dalam undang-undang. Art. 7)
Notes:
– There is no explicit provision yet, to protect the right against self-incrimination
(such as art.14 point (3)-letter (g) of UN-ICCPR: every one shall be entitled: „not to
be compelled to testify against himself or to confess guilt).
 SRO‟s & Commission of
Information & Communication
Conventional Media Freedom Electronic
of
Information
Books Press Freedom of Film Broadcast Telecomm.
(Copyright (40/1999) Public (33/2009) Law (36/1999)
Law 19/2002) Freedom of Information (32/2004)
=> Speech & (14/2008) (Radio &
Literary & Journalism TV)
artistic works
Privacy Internet => ITE (11/2008)
Copyright Press Public Film Broad- Regulation
Council Council Information Censorship casting Telecommunic
Commission Agency Commission ation
(KIP) + (KPI) Commission
Indonesia (BRTI)
Film
Board
 ICT/Telematika/Cyberspace = New Media?

Technologies Legislations

• Real-time Telecommunications
Ubiquitous
• Borderless (network & services)
• Anonymity
• Open/unrestricted
• broad penetration INTERNET
• unexpired
• permanent Computer Mass Coms

Regulations Administrations Policies

SRO’s => creating problems for the harmonization powers & process
 Why does the Crime happening?
• There is a bad intention of the perpetrator AND/OR There is
an blatantly open chance to do the expected crime …???
– Having a specific law to criminalize or dissuasive the potential
perpetrator
– Is that mostly to the users intention perspective? And How about
from the network or service providers‟ intention perspective?
– How about the bad motivation because of the bad system?
– Bad intention or negligence from the operator, provider, or vendor to
make a big-hole, basically facilitating or stimulating the crimes itself?
– Therefore, instead of the substantive law, in order to have an
accountability or trustworthiness of the system to protect the public
interest, ITE provide also the liability provisions for them => IT
governance + presumed liability
 UU-ITE -- ToC
chapter 1 chapter 5 chapter 8
General provisions Electronic Transaction Dispute resolution

chapter 6 chapter 9
chapter 2
Domain Name, IPR’s & Government &
Principles & Purpose
Privacy community role

chapter 10
chapter 3
Electronic Information, chapter 7 Investigation
E-Document & Prohibited
E-Signatures Actions chapter 11
Criminal Sanctions

chapter 4
chapter 12 chapter 13
Electronic System
& Electronic Certification transition Closing
 CoC & Indonesia
CoC (definition) Indonesia (ITE, KIP, Tel ++)
Computer system: means any device or a group • Computer device =>. Electronic device
of interconnected or related devices, one or more • Computer network (telecomm network)
• Electronic System (IS/Computer system)
of which, pursuant to a program, performs => including business process +
automatic processing of data; engineering process

Computer Data means any representation of ITE:

facts, information or concepts in a form suitable • Electronic Information => data/content
for processing in a computer system, including a • Electronic Document => e-record
program suitable to cause a computer system to
perform a function •Telecommunication:
Traffic Data means any computer data relating to – Network (fixed + mobile/cellular)
a communication by means of a computer – Services => multimedia/internet/ IT
system, generated by a computer system that based (Government Regulation
formed a part in the chain of communication, 52/2000)
indicating the communications origin, destination,
route, time, date, size, duration, or type of
underlying service + Content + Subscriber
Information
Information System/Electronic System
LAN
Communication
I

Data/Informasi Input – Process – Output

Archive
I
Storage
Organization
&
Management

Procedures program

Business Process Engineering Process

Information System Development
Intellectual Actors:
- vendor
- consultant
- contractor
- Operator

Bit (binary digit)

0 or 1

bytes
hardware
(PC)
field
Linux / OS
record X/Windows

File: Database Application Program

 CoC & Indonesia
CoC (definition) Indonesia
Service Provider means: Person or legal entity (ITE +
Telecomm Law)
i. any public or private entity that provides to
users of its service the ability to Electronic network and services (ITE
communicate by means of a computer + telecommunication)
system, and
ii. any other entity that processes or stores
computer data on behalf of such
communication service or users of such
service
 EU Convention on Cybercrime 2001
CoC (substantive law)
Title 1 – Offences against the confidentiality,
integrity and availability of computer data
and systems .
illegal access,
illegal interception,
data interference,
system interference,
misuse of devices,
Title 2 – Computer-related offences
computer-related forgery,
computer-related fraud
Title 3 – Content-related offences
offences related to child pornography
and offences related to copyright and
neighbouring rights.
Title 4 – Offences related to infringements of
copyright and related rights
Title 5 – Ancillary liability and sanctions
Attempting and aiding or abetting
Corporate liability
Indonesia
UU-ITE + UU Telecomm.
 illegal access,
 illegal interception, (operator recordig, request
by police, prosecutor, LEAs) + only for serious
crime (> 5 years, longlife, or death penalty)
 data interference,
 system interference,
 misuse of devices,
KUHP & UU-ITE
computer-related forgery,
computer-related fraud
KUHP, ITE, Pornography & Copyrights:
• Indecent materials/pornography,
• Online defamation,
• gambling,
• intimidation/stalking, hate speech.
Terrrorism, Illegal Digital works)
KUHP, IITE, Telecommunication + Others
• aiding and abetting in KUHP
• attempting only for „material delict‟ (e.g:.murder)
 Indonesian Procedural Law
• Formal (1865 BW/163 HIR) • Substantial/material (184 KUHAP)
• Any one who claims to have any – material evidence (barang bukti)
=> it shows the incidents/crime
right or who refers to a fact to scene.
support such right, or who objects – Legal Evidence (alat bukti) => it
to another party's right, shall prove shows who would be the suspect
the existence of such right, or such
fact. Criminal Procedures
• 184 KUHAP
Civil Procedures: 1866 BW & 164 HIR
– Written evidence; – Witnesses
– Witnesses; – Experts
– Inference; – Written document
– Confession (letters)
– Oath – Inference
– Testimony/confession 16
 Legal Theory in
Examining Process Before the Court
1. Positief Wettenlijk Bewijstheorie (based on law)
2. Conviction Intime (based on judges conviction)
3. La Conviction Raisonee (based on logical argument)
4. Negatief Wettenlijk Bewijstheory (combination of the 1st +
2nd theories ):
• The examination process and the judges conviction should follow the
procedures and the legal evidence determined by the procedural Law.
• Judges can make a decision, based on two legal evidence (exception; mini
trial)
• Weight of Evidence or assessment of the probative value, merely based on
the legal reasoning of the judges/judges consideration (art 188 KUHAP).
Notes:
– In practice all of those theories have a similar purpose to convince
the judges.
– Indonesian Court doesn‟t work with the “chamber system”, there is
no a specialized judge and his teams/council permanently.
 Scope of Investigatory Power
• Art. 5 sect. (1) KUHAP
a) Due to his obligation, the investigator has authorization to :
1) Receive report or complain for someone that reported criminal activities
2) Searching for any information and evidences
3) Asking and verified for identity to suspect
4) Take any necessary responsible action based on the law
b) As an order, the investigator can do activities as :
1) Arresting, prohibited to move, search and seizure
2) Examine and seize to document (mail)
3) Take fingerprint and take a picture of the suspect
• In extra ordinary situation, investigator must take an action and if not
possible to take a warrant at the first time, without reduce article 33
section (5), investigator can do search in general to any space with
related suspect and criminal act. (Article 34)
 Search: Art.32 & Art. 33 KUHAP
Article 32
For the sake of investigation, investigators may conduct a house search or frisk
search of clothing or body according to the procedures specified in this Act.

Article 33
(1) With the permission of the local court chairman in conducting the investigation the
investigator can conduct a search is required.
(2) In the event that the required written behest of investigators, police officers of the
Republic of Indonesia to enter the house.
(3) Every time entering the house must be witnessed by two witnesses about the suspect
or the residents agreed.
(4) whenever entering house must be witnessed by village head or the head of the
environment by two witnesses, in terms of suspects or occupant refuses or is absent.
(5) Within two days after entering and or-searched the house, should be made an official
report submitted to the owners and their derivatives or occupants of the house
concerned.
 Search: Art. 34 KUHAP
(1) In the circumstances a very necessary and urgent if the investigators must act
immediately and not likely to get a permit beforehand, without prejudice to the
provisions of Article 33 paragraph (5) the investigator to search:
a. the suspect‟s home page, the suspect resides, dwelling or exist, and things
thereof on it;
b. at any other place that the suspects reside, stay or exist;
c. at the place of the crime committed, or thereof are traces;
d. where the lodging and other public places.

(2) In the event that the investigator perform a search such as referred to in
paragraph (1) investigators are not allowed to inspect or seize letters, books and
other writings are not an object associated with the crime in question, except for
items relating to the crime in question or that allegedly used to commit the
crimes in question and to that end shall immediately report to the chairman of
the local court to obtain approval.
Explanatory:
• "Circumstances that very necessary and urgent" means when in place soon to
worry about escape or to repeat the crime or objects that can be confiscated
immediately feared destroyed or removed while the letter of permission from the
chairman of the county court can not be obtained by appropriate means and in a
short time .
 Seizure/Confiscation ( 32-46 KUHAP)
• Article 38
(1) Confiscation can only be carried out by an investigator with a warrant from the
chairman of the local district court.
(2) In a very needy and urgent situation if an investigator has to act immediately and
cannot possibly obtain a warrant first, without mitigating the provision of section (1) the
investigator can only confiscate movables, for which purpose he has to report
immediately to the head of the local district court to get his approval.

• Article 39
(1) Objects which can be subject to confiscation include :
a. goods or claims of the suspect or defendant which all or part have originated from a
criminal act or are the results of a criminal act ;
b. goods which have been used directly for committing a criminal act or for preparing it;
c. goods used to obstruct the investigation of a criminal act;
d. goods especially designed and intended for committing a criminal act;
e. other goods which have direct connections with the criminal act committed.
 Confiscation: Art.39-43 KUHAP
Article 39
2) Goods in confiscation because of a civil case or bankruptcy can also
be confiscated in the interest of the investigation, prosecution and trial
of a criminal case, so long as they meet the provision of section (1).

Article 43
• The confiscation of letters or other written materials from those who
are obliged according to law to keep them a secret, so far as they do
not concern state secrets, can only be carried out with their agreement
or by special warrant from the chairman of the local district court
except when the law provides otherwise.
 Letters/Correspondence Examination
(intercepted of paper based communication)
• Article 47
(1) Investigators have the right to open, inspect and seize other letters that is sent
through the post and telecommunication office or corporate communications or
transport if the object is suspected with good reason have links with criminal
cases being examined, with special permission (warrant) granted to it from the
head of the district court.
(2) For the sake of the investigators may ask the head of the postal and
telecommunication office, head of corporate communications office or other
transportation to give him the requested letter and for that should be given a
receipt letter.
(3) It referred to in paragraph (1) and paragraph (2) of this article, can be done at all
levels of examination in the judicial process according to the provisions
stipulated in the section.
Explanatory of section (1):
• What is meant by "other letters" are letters that do not directly relate to the
offense will be checked, but reasonable suspected.
 Letters/Correspondence Examination
(intercepted of paper based communication)
Article 48
(1) If after the open and examined, it turns out that the letter has nothing to do with the
case which is being checked, the letter attached to the dossier.
(2) If after a review found it had nothing to do with the case is, the letter was closed
neatly and quickly handed back to the postal and telecommunications office or
corporate communications or other transportation after the stamped seal that reads
"has been opened by the investigator" with the stamped date, signature and identity
of the investigators.
(3) Investigators and officials at every level of examination in the judicial process shall
keep confidential earnestly for the strength of the oath of the returned that letter's
contents.

Article 49
(1) Investigators make an official report about the actions referred to in Article 48 and
Article 75.
(2) Derivatives news event by an investigator sent to heads of post and
telecommunications office, the head of the communications „ corporate or the
transportation company concerned.
 Investigation
Art. 42 ITE
• The investigation of crime as referred to
this Law shall be carried out pursuant to
the provisions in the Criminal Procedures
Law and this Law

NOTE:
• KUHAP still applied unless ITE‟s provided in detail.
• E.g. article 34 section (1) point (c); and sec. (2) jo. article 33
sec. (5)
– Search & seizure in rush => having court approval after that action.
 Art. 43 ITE
(1) In addition to the Investigators from the Police of the Republic of Indonesia,
certain public official investigator (PPNS) within the Government with the scope of
duty and responsibility in the field of information technology and electronic
transaction shall be given a specific authority as an investigators pursuant to the
Criminal Procedures Law to conduct criminal investigation in the field of
information technology and electronic transaction.
(2)Investigation in field of the information technology and the electronic transaction
as referred to Clause (1) conducted by observing the protection for privacy,
confidentiality, continuity of public services, or data integrity pursuant to the
prevailing laws and regulations.
(3)The searching and/or the confiscation of the electronic system presumptively
related to a criminal action are performed with the warrant from the head of
district court.
(4) During the searching and/or the confiscation as referred to Clause (3), the
investigator shall take care of the continuity of public services wellbeing.
 Search & Seizure Warrant
• Location of Search
– Residence/dorm
– Business (size or number of employees)
• What to search for
– Equipment (hardware or software)
– Records
• Historical
• Current
– Reference material
• Hacking & phreak instructions
• Carrier related materials
• Bulletin boards
– Other violations
• Credit cards
• Hazardous material
Categorization of Legal
Evidence: Digital Evidence,
Art. 5 UU ITE
e- e-  An extension of


existing legal
e- e- evidence
(inferrence)
UU-ITE

 
KUHAP & Corruption
e- e-
 Law
Others evidence
(out of 184 KUHAP)
Legal value of electronic information depends Money Laundering Law,
on the accountability/trustworthy of the Terorism, Narcotics, etc..
electronic system => art. 16 UU ITE
 Computer Data • Traffic data
• Content data
Evidence Communication Data
• Subscriber information

Computer Physical Suspects

• Transaction journal • Source Document • Attendance
• User ID – Check/deposit • Background
slips – Personnel
• Terminal location
– Charge Slips – Financial
• Email logs
• Handwritten • Personal habits
• Media Storage Notes
• Disk/cards • Statements
• Photograph – Verbal
• Etc. – Location
– Written
– Bank surveillance
• etc
• Etc.
 Security procedures  probative value
of the legal evidence
• “Where information is recorded by mechanical means
without the intervention of a human mind, the record
made by the machine admissible in evidence,
provided of course, it is accepted that the machine is
reliable” [Professor Smith, 1981]
• Computers would be useless if they were not able to
record information with a fair degree of reliability,
which consist of 2 elements;
– The trustworthiness of the Content. Two-tier
approaches
– The trustworthiness of the Process
 Admissibility Requirements of
legal evidence
KUHAP ITE
• Lawful obtained (legal/ • lawful & due process of law
legitimate) by having a court • Limited by investigative legal
order or approval in searching provisions, protect:
and seizure. – legitimate expectation to
• The evidence should be privacy
relevant with the cases (having – confidentiality
direct relation to the crime) – continuity of public services
• validity of the evidence, – integrity of data
determined by the judges.
Electronic Information  paper based information
(functional-equivalent-approach) => art.6 ITE


Requirements:
e-  - accessible
- displayable

“Writings”
UU-ITE copy
} - integrity guarantee
- responsible
- Could be used to
explain certain
“Signed”
“Original”
e-  condition
 Trustworthy/Accountability
Electronic System Article 15 section (1) & (2)

could be trustworthy, • “Reliable” means that the electronic system has the
only if : capacity suitable to the need of the user.
•“Secured” means that the electronic system is
protected physically and non-physically.
•“Working Properly ” means that the electronic system
has the capacity in accordance with its specification.
Presumed Liability: „Responsible‟ means there is someone to take the
The provider should be legal responsibility of the electronic system.
liable, unless he/she can
proof the mistakes Notes:
actually was not from
In practice, they need support from IT Professional
him/her (force major or
(technical, management & law), to support the
consumers negligence) trustworthy.
 How to find the validity ?

incident

Planning: Implementation Operational

• Logical Design + findings ?
• Physical Design Maintenance

investigation

Audit System No-changes =

Trail Information is Valid
Weak:
 Weight of Evidence strong:
non
confidentiality integrity authencity authorization
repudiation

Intermediate:
Confidentiality Integrity Authencity Authorization Non
Repudation
weak X X X X X
Intermediate     X
strong     

free bindings
Uncertified but the Parties Accepted

accepted

A
Uncertified

e-  UU ITE

e-
accepted
Accepted/Admitted

 B
 Uncertified + Dispute
Burden of Proof:

Uncertified accepted
 Showing the system working
properly and no mistakes

e-  UU ITE

e- repudiate
Court Order => to examine
whether the information or the
electronic system could be

 B
trusted
 Certified & Accredited
Certified &
Accredited Admissible

e-  UU ITE
e-

Burden of Proof:
Repudiate
There is a forgery or
mistake in the system


 Telecom’s company liability
• Law No.36/1999 + Government Regulation 50/2000.
• Telecom’s industry
– Network (operators/carriers)
– Services => multimedia (TCP/IP services) => including NAP &
ISP
• Data Retention of their logs
• Preserved communication data
• Wiretapping => recording based on LEA’s request
• Rendering data (blocking & filtering) …???
• Production order
 Case Studies
• Defacing
– Public election 2004 (illegal access & tel. interference) of Telecom Law)
– Golkar
• Illegal Software (copyright)
• Unauthorized breaking the locking software (Copyright)
• Email terror and web-site terror (law terrorism)
• Data Interference (KUHP + ITE)
• Carding (conventional fraud KUHP & online fraud ITE)
• Online Defamation (Prita‟s case)
• Online Porn (ariel, luna & cut tari) => KUHP, ITE & Pornographic Law
• Sisminbakum (illegal public private partnership) => corruption
• Lawful Interception (usage of illegal interception & publish to the media)
=> unsolved …???
• Spamming => Civil cases based on ITE or Civil Code)
 Prita Bibit Chandra Ariel, Luna & Tari
Fact • statement injuring • Constitutional Review of • privacy stolen data (sexual
reputation by accusing Corruption Law affairs) upload to the
explicitly the name of • the illegal interception internet by anonyms and
doctor and their hospital send exclusively to some broadcasters make the
as a con big media & the transcript public searching and
• Prosecutor detained published before the case copying from internet
her • un-proportionally played (stimulating internet traffic).
Issues Defamation/harrasment • illegal interception • pornographic materials
statement) • blackmail vs bribery • Privacy

Rule • 27 (3) ITE • Telecommunication Law • ITE (illegal acces, data

• Consumers Rights + Illegal Interception interference + privacy)
• Public Services of • bribery vs black-mail. • pornographic
hospital • indecent broadcasting
Public •Prita have a right to • Permitted, because an • Ariel should go to jail
complain or „curhat‟ extra-ordinary situation (a because of his collection
Opinion •Civil Case => Prita High Level Conspiracy to publish in Internet
Loss but she has a eliminate KPK). • Media proportionally
forgivenes from hospital. • KPK‟s interception broadcast the collection, in
•Criminal Case => Prita doesn‟t need a court order contrast they publish part of
won or warrant to intercept the collection.
 Cases: Fictional Story
• Mr. Jayusman background (55) • Mrs Lelly background (54)
– Business man with 30 years – Started from honorary staf (30 years ago), and
experience, junior high school her now becomes a Directorate General of the
graduated, started from “kaki lima” Financial Ministry, post-graduated from the
and well-known his sincere and then
famous university, well-known with her
make a bookstore.
smart/intelligent, wise & dedicated
– Make an online book-store by
himself, but negligence in his conduct – Proposed the policy to bail-out the sucked
(failed in security, sharing the bank in order to prevent the financial rushed or
consumer data base with their financial distrust.
business partner) • Motivation & News:
• Motivation & News: – Her political enemy try to exploit her mistakes
his competitor (anonymity) writing in & her bad life experiences in the past, in order
their blogs & make a facebook to kick her out from the bureaucracy because
movement, to disrupt his business her decision never favorable to their interest
relation & reputation. group. They have some bloggers and initiate
• Effect: groups in facebook for the movement.
– Loss his reputation & bankruptcy • Effect:
– Accused by fraud & tort of unfair – Accused by corruption
business practices
– Family broken
– Family broken (10 children and 2 wives)
– Emotional distressed, heart attacked
– Emotional distress
– Died, 1 years latter
– Died, 6 month latter.
THANK YOU

---- o0o ----

• Appendix 1: History of ITE, jurisdiction &
principles.
• Appendix 2: Detailed Cybercrime
(Substantive Law) Provisions
• Appendix 3: Table Comparison: CoC and
Indonesia
 History of ITE
• 3 September 2004, Presiden
Megawati submit the bil of ITE to
DPR
• DPR return the bill of ITE to the
government
• There is a transition to the 3
consecutive Ministry of Kominfo
• 5 September 2005, SBY resubmit the bill
of ITE to DPR
• 25 Maret 2008, DPR approved the Bill of
ITE
• 21 April 2008, ITE LAW enacted, signed
by SBY with nunber. 11 Years 2008 Ttg
Informasi & Transaksi Elektronik
45
 Extra Teritorial Jurisdiction

Crime

Indonesian’s national interest: including but not limited to anything that injuring indonesian
economic interest, strategics data protection, national security, national sovereignty , citizen, and
Indonesia‟s corporation. 46
 Principles & Purposes
Pasal 3
• Legal Certainty
(kepastian hukum),
• Utility (manfaat),
• Prudential (kehati-
hatian),
• Good-faith (iktikad baik),
dan
• Neutral technology
Pasal 4
The utilization of information technology and
electronic transaction shall be aimed:
a. to enhance the intellectual of our the nation as a
part of world information society;
b. to develop national trade and economy in order to
improve social welfare;
c. to improve the effectiveness and the efficiency of
public service;
d. to create opportunity for everyone as widely as
possible to expand idea and capability in the use
and utilization of information technology in an
optimal and responsible means; and
e. to create the sense of safety, justice and legal
certainty for the users and information technology
organizers.
APPENDIX - 2
 Prohibited Actions
• Computer as a tool for Abuse:
– Distribution of Illegal/harmful Content
• Indecent, gambling, defamation/humiliation, cyber-stalking
– offences related to copyright
– computer related fraud & forgery
• Computer as a target
– Akses tanpa hak dan/atau melawan hukum (Illegal Access)
– Intersepsi tanpa hak (Illegal Interception)
– Gangguan/Pengrusakan Data (Data Interference)
– Gangguan Pengrusakan Sistem (System Interference)
– Penyalahgunaan Perangkat (Misuse of Device)
 Content Related Offence =>
Distribusi Konten Illegal (1)
prohibited actions Pidana

Art. 27
• every person (pribadi, kelompok/bdn hk) art 45 section (1) – (3)
• committed intentionally & without right
• distributing and/or transmitting and/or imprisonment max 6 years and/or
making available (to public) penalty max 1 milion
• electronic information and/or electronic
document, which having a content of:
– indecency (section 1)
– gambling (section 2)
– defamation (section 3)
– blackmail/harrasment (section 4)

50
 Off-line & Online Defamation
315 310 311

Penghinaan Ringan: Pencemaran Nama Baik Fitnah/

-Harassment/contempt/ (Defamation, UK) Malicious Falsehood (UK)
Something to embarrass (infliction to make Defamation (US):
someone emotional distress, US) • malice intent
• untrue statement of facts
5
4,5
4
Exceptional: 310 (3) KUHP
3,5 • public interest
3
2,5 • defense
2
Pidana Penjara (tahun)
1,5
1 Pidana Denda (ribuan) Article 27 (3) – UU ITE:
0,5 -Committed intentionally
0
- without right
Hina Ringan Pencemaran Pencemaran Fitnah
Nama Baik Nama Baik - distribute, forward, transmit,
Making available to public of
melalui lisan melalui
tulisan
the defamation material.
 Content Related Offence
(Distribusi Konten Illegal)
Prohibited Actions Penal
Article 28
• Any Person
• who knowingly and without authority Article 45 Section (2)
• disseminates
Section (1) sentenced to imprisonment not
• false and misleading information exceeding 6 (six) years
• resulting in consumer loss
and/or a fine not exceeding
• in Electronic Transactions.
Rp1,000,000,000,-
Section (2)
(one billion rupiah).
• information aimed at inflicting hatred or
dissension on individuals and/or certain
groups of community
• based on ethnic groups, religions, races,
and intergroups (SARA).
 Content Related Offence
(Distribusi Konten Illegal)
Prohibited Actions Penal

Article 29
• Any Person
• who knowingly and without
authority
• sends Electronic Information
and/or Electronic Records
• that contain violence threats or
scares
• aimed personally.
Article 45 Section (3)
sentenced to imprisonment not
exceeding 12 (twelve) years
and/or a fine not exceeding
Rp2,000,000,000
(two billion rupiah).

53
 Illegal Access (Akses Ilegal)
Prohibited Actions Penal

Article 30 Article 46
Section (1)
• Any Person
• who knowingly and without authority or 1.Max. 6 years &/ fine 600 Million
unlawfully 2.Max. 7 years &/ fine 700 Million
• accesses Computers and/or Electronic
Systems 3.Max. 8 years &/ fine 800 Million
• of other Persons in
• any manner whatsoever. (e.g. scannig)
Elucidation of Article 30 Section (3):
Section (2)
• with the intent to obtain Electronic Security systems are systems that restrict
Information and/or Electronic Records. access to computers or prohibit access
Section (3) to computers by category or
• by breaching, hacking into, trespassing classification of users and specified
into, or breaking through security levels of the authority.
systems.
Hacking, cracking, etc
54
 Illegal Interception E.g. Sniffing, wiretapping, etc

Prohibited Actions Penal

Article 31
Section (1) Article 47
• Any Person
sentenced to imprisonment not
• who knowingly and without authority or unlawfully exceeding 10 (ten) years
• carries out interception or wiretapping of Electronic and/or a fine not exceeding
Information and/or Electronic Records Rp. 800,000,000
• in certain Computers and/or Electronic Systems (eight hundred million rupiah).
• of other Persons.
Section (2)
Elucidation of Article 31 Section (1):
• of nonpublic Electronic Information and/or Electronic
Records from, to, and in certain Computers and/or “Interception or wiretapping" means
Electronic Systems of other Persons, whether or not activities to listen, record, reroute,
alter, block, and/or log transmission of
causing alteration, deletion, and/or termination of
nonpublic Electronic Information
Electronic Information and/or Electronic Records in
and/or Electronic Records, whether
transmission.
communications cable networks or
Section (3) wireless networks, such as
• Interception excepted from one as intended by section electromagnetic waves or frequency
(1) and section (2) shall be interception carried out in the radio.
scope of law enforcement at the request of the police,
prosecutor’s office, and/or other law enforcement
institutions as stated by laws. 55
 Data Interference
Prohibited Actions Penal

Article 32
Section (1) Article 48
• Any Person
• who knowingly and without authority or unlawfully 1. Max. 8 years and/or fine 2 Billion
• in any manner whatsoever
• alters, adds, reduces, transmits, tampers with, deletes,
2. Max. 9 years and/or fine 3 Billion
moves, hides Electronic Information and/or Electronic 3. Max. 10 years and/or fine 5 Billion
Records
• of other Persons or of the public.
Section (2)
• moves or transfers Electronic Information and/or
Electronic Records to Electronic Systems of
unauthorized Persons. (Third Party/External)
Section (3)
• Acts as intended by section (1) shall be acts that result
in any confidential Electronic Information and/or
Electronic Record being compromised such that the
data becomes accessible to the public in its entirety in
an improper manner.

Defacing, Trojan horse (mallware) virus, etc

56
 System Interference
Prohibited Actions Penal

Article 33
• Any Person
• who knowingly and without
authority or unlawfully
• commits any act
• resulting in faults on
Electronic Systems and/or
resulting in Electronic
Systems working improperly.
Article 49
sentenced to imprisonment not
exceeding 10 (ten) years
and/or a fine not exceeding
Rp10,000,000,000
(ten billion rupiah).

Spamming, DoS attack, Virus, mallware, etc

57
 Misuse of Devices
Prohibited Actions Penal
Article 34
Section (1) Article 50
Any Person who knowingly and without authority or
unlawfully produces, sells, causes to be used,
imports, distributes, provides, or owns: sentenced to imprisonment not
a. Computer hardware or software that is designed exceeding 10 (ten) years
or specifically developed to facilitate acts as
intended by Article 27 through Article 33; and/or fine not exceeding
b. Computer passwords, Access Codes, or the like to Rp10,000,000,000
make Electronic Systems accessible with the
intent to facilitate acts as intended by Article 27 (ten billion rupiah).
through Article 33;
Section (2)
Acts as intended by section (1) are not criminal acts if
aimed at carrying out research activities, testing
of Electronic Systems, protection of Electronic
Systems themselves in a legal and lawful manner.
Botnet, Skimmer, Malware,
Trojan, etc
58
 Computer Related Forgery/Fraud
Prohibited Actions Penal
Article 35
Pasal 51
Any Person who knowingly and without Section (1)
authority or unlawfully manipulates,
creates, alters, deletes, tampers with sentenced to imprisonment not
Electronic Information and/or Electronic exceeding 12 (twelve) years and/or
Records with the intent that such a fine not exceeding
Electronic Information and/or Electronic Rp12,000,000,000 (twelve billion
Records would seem to be authentic data. rupiah).

Illegal copy, carding, unauthorized transaction, Section (2)

identity theft, etc
sentenced to imprisonment not
Article 36 exceeding 12 (twelve) years and/or
Any Person who knowingly and without a fine not exceeding
authority or unlawfully commits acts as Rp12,000,000,000 (twelve billion
intended by Article 27 through Article 34 rupiah).
to other Persons’ detriment.
Cyber fraud
59
 Prohibited Actions And Penal
Prohibited Actions Penal

Article 37
Any Person who knowingly Mutatis Mutandis
To Previous Articles
commits prohibited acts as
intended by Article 27 through
Article 36 outside the territory of
Indonesia towards Electronic
Systems residing within
jurisdiction of Indonesia.

60
 Added Punishment (ps.52)
Article 27 Section (1)
– involving propriety or sexual exploitation of children
• subject to an increase in the sentence by one third of the basic sentence.
Article 30-37
– aimed at Computers and/or Electronic Systems as well as Electronic Information
and/or Electronic Records of the Government and/or used for public services
• sentenced to the basic sentence plus one third.
– aimed at Computers and/or Electronic Systems as well as Electronic Information
and/or Electronic Records of the Government and/or strategic bodies including and
not limited to defense institutions, the central bank, banking, finance, international
institutions, aviation authority
• subject to a sentence of maximally the basic sentence for the respective Articles plus
two-thirds.
Article 30-37
– committed by corporations
• sentenced to the basic sentence plus two-thirds.

61
APPENDIX - 3
 Comparison of Procedural Law
Common Law Civil/continental Law Indonesian Law
•Trial by the jury •Trial by the judges •Trial by the judges
•
•Passive judges •Active judges •Active judges
•Burden of proof to the •Prosecutor •Prosecutor
prosecutor

•Real evidence, •Limited categorization •Limitation on evidence

documentary evidence, of legal evidence (limited categorization
testimonial evidence, of legal evidence)
judicial notice
 Procedural Law (1)
CoC
•Title 1-common provisions
–scope of procedural provisions =>
power & procedures for specific
criminal investigation or
proceedings
– Conditions & safeguards =>
• principle of proportionality
• judicial or other independent
supervision
• grounds justifying application
• Limitation of the scope and
the duration of such power or
procedure
• public interest => rights,
responsibilities & legitimate
interest of 3rd parties.
Indonesia
• even thought it was not explicitly stated by law, but ITE
can be used for all criminal related with IT as long as
related to the compt, system..
• Competent Authorities:
– Police (general criminal inestigator)
– public servant investigator (PPNS)
– Prosecutors (specific criminal, eg: corruption)
– Corruption Commission (KPK)
– Narcotics Agency (BNN)
– Ministry of Law & Human Rights (MLA)
– etc.
• Condtion & Safeguards: (43 (2) ITE)
– privacy, confidentiality, public services, data integrity
refer to the existing laws & regulations.
• court order before searching seizure in home (33 (1))
• there is no detailed provision for specified data &
places, but there is a restriction (34(2) & 39, KUHAP) for
investigator, cannot search & seizure of anything which
were indirect related with the crimes
• there is no provision concerning the right against self-
incrimination, legal privileges, (Privacy => KIP & ITE)
 Procedural Law (2)
CoC (procedural law) Indonesia
• Title 2 - expedited preservation of stored • there is no regulation to give a power to
computer data preserve a stored computer data
– expedited preservation of stored
computer data • there is no oblige to LEA, to search &
• give an order to a person who has
seizure for specified data & places
responsibility to preserve specified
computer data (networks)
• those person should maintain the • there is data retention and order for
integrity for a period of time as long as preservation data (CDR)
necessary (90days + renewed)
• there is a duty to operator to keep
• the custodian should keep
confidential for interception process
confidentiality of the process
– expedited preservation and partial
disclosure of traffic data • there is an obligation for NAP or ISP to
• such expeditious preservation data send the network-log to IDSIRTII
should be available
• enable the Party to identify the service
providers and the path through which
the communication transmitted
 Procedural Law (3)
CoC (procedural law) Indonesia
• title 3 - production order • ITE had not such detailed provisions yet
– Competent authorities can order
• a person in its territory to submit specified
compt data in that person‟s possession or
control (off-line & online)
• a service provider in the territory to submit
subscriber information
• title 4 - search & seizure of stored computer
Data
– Lawfully search or similarly access to
computer system & data storage (primary &
secondary storage, off-line-online)
– Expeditiously extend the searching to other
system
– Scope of Power: to seize or similarly secure a
computer system, make and retain a copy,
maintain the integrity, render inaccessible or
remove those computer data in the accessed
computer system.
 Procedural Law (4)
CoC (procedural law)
• title 5 - real time collection of computer data • Telecom operator should protect the
– real time collection of traffic data
– interception of content data
Indonesia
confidentiality of communication
• Telecom operator could record the
information about the of usage of their
customer
• Telecom can wiretapping the
communication (content) between the
parties based on the LEA‟s request
• Telecom can send the record of
communication data to LEA based on
the request.
 Mutual Legal Assistance
CoC (Int’l cooperation) Indonesia
Sect 1 - General Principles UU 1/2006 MLA
•general principles to Int‟l cooperation Competent Authority => Ministry of
• principles relating to extradition Law & Human Rights, coordinated
• general principles relating to mutual with Prosecutor
assistance => spontaneous information
• procedures pertaining to mutual
assistance request in the absence of
applicable int‟l agreements =>
confidentiality and limitation on use
 CoC (Int’l cooperation) Indonesia
Sect 2 – Specific provisions UU 1/2006 MLA
•Title 1- Mutual assistance regarding provisional • powers to exchange the document
measures evidence (paper and electronic based)
– expedited preservation of stored ITE:
computer data
– expedited disclosure of preserved traffic
data
•Title 2- mutual assistance regarding • investigator can make a cooperation
investigative powers with the foreign investigator
– mutual assistance regarding accessing – there is no regulation about the
of stored computer data remote access for foreign investigator
–Trans-border access to stored computer
data with consent or where publicly
available
–Mutual assistance in the real-time
collection of traffic data
–Mutual assistance regarding the
– controversial regulation about remote
interception of content data interception by LEA
– 24/7 network
– ID-SIRTII & ID-CERT
 Law Reform
• Revision of UU-ITE => reducing punishment of
art 27 (3)
• Law of Telecommunication & Broadcasting
Convergence (RUU-Konvergensi)
• Cyber crime Law (RUU-Tipiti)
– Complementary of ITE
• Electronic Fund Transfer
• Revision of KUHP
• Revision of KUHAP