Censorship looms with new Indonesia cyberpolicy
LOCAL and foreign digital service providers in Indonesia have been granted a six-month grace period to register with the government as mandated by a recent regulation that grants the state sweeping authority to censor digital content.
Communications and Information Ministerial Regulation No 5/2020, signed by minister Johnny G Plate in November of last year, allows the ministry to remove prohibited content on digital platforms owned by the public, individuals or private companies, known as digital service providers (PSEs).
The provision applies to a wide range of domestic and foreign digital platforms, including social media sites, search engines, financial technology platforms and data processing sites whose services are accessible in Indonesia.
The policy’s initial deadline for registration was May 24, when the powers stipulated in the regulation were to come into effect. If a platform failed to register by that time, the ministry reserved the right to block access to it.
But this deadline has been extended for another six months, the ministry’s director-general for applications and informatics Semuel Abrijani Pangerapan announced on May 24.
He said the extension had been granted because PSEs would need to register through the Risk-Based Approach Online Single Submission (RBA-OSS) system managed by the investment ministry. The system is set to be launched on June 2.
As of May 24, around 1,000 PSEs had registered with the ministry, Semuel said, most of which were domestic service providers.
“[The policy] is part of the government’s efforts to preserve and protect the country, as well as the Indonesian people,” he told a live streamed press briefing.
Semuel said the ministerial regulation had been formulated after eight months of discussion. The ministry had also received 27 letters of counsel from local and international businesses and neighbouring countries.
The regulation grants the government the authority to order that access to prohibited information or documents be terminated. The state may also request the personal data of PSE users for criminal investigation.
The regulation defines prohibited content as electronic information or data that violates prevailing laws, incites unrest or disturbs public order. Information or data that facilitates access to forbidden content is also prohibited under the regulation.
Digital service providers must remove such content within 24 hours of receiving notification from the ministry and within four hours for content containing child pornography, messages supporting terrorism or content that could cause “immediate public disorder”.
If a PSE ignores the ministry’s order and allows the content to remain accessible to users, the ministry can order internet service providers to block access to the platform.
Other government bodies, law enforcement institutions and the public can report prohibited content to the ministry.
These provisions have raised concern that the policy will allow users’ personal information to be exposed to authorities.
However, Semuel claimed that neither the government nor law enforcement institutions would have access to user data stored by PSEs.
If there was a need to request access to such data for supervisory or law enforcement purposes, he said, the government would adhere to international certification ISO 27037 on the collection of digital evidence.
Provisions on obtaining digital evidence have been stipulated in a circular issued by the information ministry in 2019. However, watchdogs say no standardised procedure exists for requesting such data.
Critics say the regulation will undermine free speech on the internet, which is already under pressure because of the draconian Electronic Information and Transactions (ITE) Law, under which people have been sent to prison for online defamation and hate speech.
Semuel did not address these concerns during May 24’s press briefing. He noted that the public needed to remain cautious to avoid “misinformation and disinformation”.
Digital attacks, including on activists, and data breaches have been growing in the country, raising further questions about the government’s ability and willingness to protect internet users’ data and privacy.
Human Rights Watch (HRW) said the regulation was “a tool for censorship” and demanded that Indonesia suspend it.
“The 2020 ministerial regulation is a human rights disaster that will devastate freedom of expression in Indonesia and should not be used in its current form,” said Linda Lakhdhir, a legal adviser in HRW’s Asia division.
“The Indonesian government should immediately suspend the regulation and start a consultation process with stakeholders and civil society groups based on the premise that any new or revised regulation must comply with international standards for privacy and free expression.”
The rights group released a letter to minister Johnny dated May 17 demanding that the government to amend the regulation.
The head of the Southeast Asia Freedom of Expression Network’s (SAFEnet) freedom of expression division, Nenden Sekar Arum, said the regulation was prone to be abused by the government to silence its critics and that the regulation’s vague provisions could potentially curb press freedom as well.
“Online media companies could be classified as a digital platforms [under the regulation]. What if, in a worstcase scenario, the media publish news that is taken down by the government under the pretext that it disturbs public order?” Nenden said.