Cyber-terrorism Cyber-terrorism Prevention and Eradication Prevention and Eradication

in in IndonesiaIndonesia

November 2008November 2008

Edmon Makarim, S.Kom., S.H., LL.M.Edmon Makarim, S.Kom., S.H., LL.M.

Department of Telecommunication and Information Department of Telecommunication and Information

Republic of IndonesiaRepublic of Indonesia

CyberterrorismCyberterrorismThe use of the Internet for terrorist purposes, such as:The use of the Internet for terrorist purposes, such as:

(a) attacks via internet that cause damage not only to essential electronic (a) attacks via internet that cause damage not only to essential electronic communication systems and the IT infrastructure but also to other communication systems and the IT infrastructure but also to other infrastructures, systems, and legal interests, including human life infrastructures, systems, and legal interests, including human life public utility damagepublic utility damage

(b) dissemination of illegal content, including threatening with terrorist (b) dissemination of illegal content, including threatening with terrorist attacks; inciting, advertising, and glorifying terrorism; fundraising for and attacks; inciting, advertising, and glorifying terrorism; fundraising for and financing of terrorism; recruiting for terrorism; and dissemination of racist financing of terrorism; recruiting for terrorism; and dissemination of racist and xenophobic material; as well as and xenophobic material; as well as

(c) other logistical uses of IT systems by terrorist, such as internal (c) other logistical uses of IT systems by terrorist, such as internal communication, information acquisition, and target analysiscommunication, information acquisition, and target analysis

[ [ Prof. Dr. Dr. h.c. Ulrich Sieber and Phillip W. Brunst. Prof. Dr. Dr. h.c. Ulrich Sieber and Phillip W. Brunst. Cyberterrorism – the Cyberterrorism – the Use of the Internet for Terorist PurposeUse of the Internet for Terorist Purpose. (expert report), Council of . (expert report), Council of Europe, December 2007. p.11Europe, December 2007. p.11]]

Existing Law and Regulations Existing Law and Regulations (1)(1)

Indonesian Penal Code (KUHP) => 335 & 336Indonesian Penal Code (KUHP) => 335 & 336 Law No.36 Year 1999 concerning Telecommunication => 38 jo 55Law No.36 Year 1999 concerning Telecommunication => 38 jo 55 Law No.Law No.15 Year 2003 concerning Eradication of Terrorism (“Law of 15 Year 2003 concerning Eradication of Terrorism (“Law of

Terrorism”)Terrorism”) President Regulation No.7 Year 2005 concerning Mid Term National President Regulation No.7 Year 2005 concerning Mid Term National

Development Plan for year 2004-2009 (RPJM) particularly in Development Plan for year 2004-2009 (RPJM) particularly in Attachment Chapter VI concerning Terrorism,Attachment Chapter VI concerning Terrorism,

Law No.11 Year 2008 concerning Electronic Information and Law No.11 Year 2008 concerning Electronic Information and Transaction (“Law of EIT”) Transaction (“Law of EIT”)

+ Ministerial Decree No.166/Kep/M.Kominfo/11/2006 concerning + Ministerial Decree No.166/Kep/M.Kominfo/11/2006 concerning Indonesia Security Incident Responses Team On Internet Indonesia Security Incident Responses Team On Internet Infrastructure (ID-SIRTII) <=> ID-CERTInfrastructure (ID-SIRTII) <=> ID-CERT

Law No.Law No.15 Year 200315 Year 2003 In Article 6, it is stipulated that any person committed intentionally violence

or threat of violence that cause situation of terror or fear toward a persons broadly or cause massive victims by seizure other freedom or lost of life or possession, or cause damage or destruction of strategic vital objects, or environment or public facilities or international facilities, shall be liable to be sentenced for death sentence, or whole life imprisonment, or imprisonment for minimum f (four) years and maximum 20 (twenty) years.

While in Article 7, it is stipulated that any person committed intentionally violence or threat of violence which intention is to cause situation of terror or fear toward person broadly or cause massive victims by seizure other freedom or lost of life or possession, or cause damage or destruction of strategic vital objects, or environment or public facilities or international facilities, shall be liable to be sentenced for maximum whole life imprisonment.

Relevant Law and Regulations Relevant Law and Regulations (2)(2)

Law No.19 Year 2002 concerning Copyright => art.17 + 72 (4)Law No.19 Year 2002 concerning Copyright => art.17 + 72 (4) President Instruction concerning E-GovPresident Instruction concerning E-Gov President Decision concerning Board of National IT and President Decision concerning Board of National IT and

CommunicationCommunication Ministry Regulation concerning Guidance of the National IT Ministry Regulation concerning Guidance of the National IT

GovernanceGovernance Etc.Etc.

Case A Email terror

The case is dispatch of emails which contain terror by a woman to her ex boyfriend who run away and married other woman in United States. Because of her hatred toward him, she had sent emails by other name to his relatives, school and church where the marriage would be held.the perpetrator was charged with primary charge Article 226 of Indonesia Criminal Code and subsidiary charge Article 335 paragraph (1) of the Code. The perpetrator was also charged with Article 7 of Law of Terrorism provides sentence for any one who has intention to cause situation of terror or fear broadly

Case B The second case is a set up of a site to disseminate

information contain terrorism (www.anshar.net). This site was purposed to facilitate communication between them and to facilitate to teach to internet users how the terror conducted.

under Registration Case No. 84/PID/B/2007 PN SMG, at least the perpetrator was charged Article 13 point (c) of Law of Terrorism which provide sentence for any person who gives aid or facility for perpetrator of the terrorism criminal act, particularly in this context is communicating through internet.

REGISTRASI HOSTING & DOMAINwebsite : http://www.anshar.net

hosting

domain

www.openhosting.co.uk

www.joker.com

MAX FIDERMAN als MAP GG. Pangeran Cendono Rt. 04/05

Dawe Kudus Jawa Tengah

www.anshar.net“online”

Isi form registrasi :- Isi email : ahmad@maxfider.com- Minta konfirmasi utk pembayaran- Isi form data kartu kredit- Submit data kartu kredit curian hosting = 300 £ per year domain = 60 $ US per year

QITAL

ISI CONTENTUP LOAD TEMPLATE

Registrasi www.anshar.net

ABDUL AZIS “qital”(Guru Komputer SMA

dipekalongan)

AGUNG SETYADI Skom.“pakne” “salafuljihad”Dosen FTI Universitas

STIKUBANK

MAX FIDERMAN aliasMOHAMMAD AGUNG PRABOWO

Mahasiswa Fak Teknik ElektroUniversitas Semarang

LAPORAN POLISI NO.POL : LP-A/…./VIII/2006/SIAGA……TGL……. AGUSTUS 2006 TTG TINDAK PIDANA TERORISMPASAL 7,13 huruf c UU No 15 Tahun 2006

TERSANGKA

SAKSI-SAKSI

BARANG BUKTI

UNSUR-UNSUR PASAL 7SETIAP ORANGSENGAN SENGAJA MENGUNAKAN KEKERASAN/ANCAMABERMAKSUD UTK MENIMBULKAN TEROR/RASA TAKUTSECARA MELUAS/MENIMBULKAN KORBANDG CARA MERAMPAS KEMERDEKAAN/HILANG NYAWA &HARTA BENDAPIDANA SEUMUR HIDUP

BENY IRAWANANDI JATI TRISTIYANTOMARDI SISWO UTOMOPETUGAS BNI CBG SUTA USMADMIN ISPPETUGA LAB POLRIPRTUGAS POLRI

DIGITAL MP3 BLUETOOTH USBSIM CARD IM3 &MATRIX MILIK M AGUYNG PRABOWOHARDISK BARACUDA ATA IV ST 3200 II A 20 GB NO SERI 3HT4HM81BUKU TABUNGAN & PRINT OUT AN M AGUNG PRABOWO2 KOMPUTER MILIK IS & ISSAC TAYIB ( DPB)HARDISK LAB UNISBANKHP/CDR TLP AGUNG SETYADIHASIL DIGITAL EVIDENT LAB KOMPUTER FORENSICDLL

DETIKNAS (ICT National Council)

=> 7 Flagship Programs e-education e-Procurement e-budget National Single Window National Identity Number Palapa Ring Software Legalization

EIT OutlineEIT Outline Ch ICh I : General Provisions : General Provisions Ch IICh II : Principles and Purposes: Principles and Purposes Ch IIICh III : Electronic information, document & signature: Electronic information, document & signature Ch IVCh IV : Electronic System Provider (including CA): Electronic System Provider (including CA) Ch VCh V : Electronic Transaction: Electronic Transaction Ch VICh VI : Domain Name, IPR & Privacy: Domain Name, IPR & Privacy Ch VIICh VII : Prohibited Act (Crime): Prohibited Act (Crime) Ch VIIICh VIII : Dispute Resolution: Dispute Resolution Ch IXCh IX : Government Role & Public Participation: Government Role & Public Participation Ch XCh X : Investigation: Investigation Ch XICh XI : Criminal Sanction: Criminal Sanction Ch XIICh XII : Transition Provision: Transition Provision Ch XIIICh XIII : Closing: Closing

Chapter I Chapter I General ProvisionsGeneral Provisions

Electronic Information (EI) : electronic data Electronic Information (EI) : electronic data or collection of electronic data include but or collection of electronic data include but not limited to writing, sound, picture, map, not limited to writing, sound, picture, map, planning, photo, electronic data planning, photo, electronic data interchange, email, telegram, telex, interchange, email, telegram, telex, telecopy, or alike letter, sign, number, telecopy, or alike letter, sign, number, access code, symbol, or perforation which access code, symbol, or perforation which has meaning for or can be understood by a has meaning for or can be understood by a person through a particular process.person through a particular process.

Electronic System (ES) : a set of electronic Electronic System (ES) : a set of electronic equipment and procedure to prepare, collect, equipment and procedure to prepare, collect, process, analize, store, present, publish, and/or process, analize, store, present, publish, and/or disseminate EI.disseminate EI.

Electronic Transaction (ET) : a legal action Electronic Transaction (ET) : a legal action conducted by or through computer, computer conducted by or through computer, computer network, or other electronic media. network, or other electronic media.

Electronic Document means every Electronic Electronic Document means every Electronic Information made, transmitted, sent, received, or Information made, transmitted, sent, received, or stored on analog, digital, electromagnetic, stored on analog, digital, electromagnetic, optical, or the like, which can be seen, presented, optical, or the like, which can be seen, presented, and/or heard by means of Computer or Electronic and/or heard by means of Computer or Electronic System, include but not limited in writing, sound, System, include but not limited in writing, sound, picture, map, plan, photo or the like, letter, mark, picture, map, plan, photo or the like, letter, mark, number, Access Code, symbol, or perforation number, Access Code, symbol, or perforation which has meaning or which can be understood which has meaning or which can be understood by particular personby particular person

Chapter IIChapter IISphere of Application Sphere of Application

For:For: Every PersonEvery Person

Conducts legal action regulated in ETI Conducts legal action regulated in ETI - placeplace : in or outside Indonesia : in or outside Indonesia - legal impactlegal impact : in or outside Indonesia : in or outside Indonesia - harm Indonesia’s interests harm Indonesia’s interests

Article 2Article 2Principles and PurposesPrinciples and Purposes

PrinciplesPrinciples- Certainty Certainty - Good Faith- Good Faith- BenefitBenefit - Freedom to Choose- Freedom to Choose- PrudentPrudent - Technology Neutral- Technology Neutral

PurposesPurposes- facilitate Trade & Economyfacilitate Trade & Economy- Justice and legal certainty Justice and legal certainty - Technology DevelopmentTechnology Development

Chapter VIIProhibited Actions

Article 27

(1) Any person, committed intentionally and without right, distributes and/or transmits and/or enables the accessibility of the electronic information and/or the electronic document with indecent content.

(2) Any person, committed intentionally and without right, distributes and/or transmits and/or enables the accessibility of the electronic information and/or the electronic document with gambling content.

(3) Any person, committed intentionally and without right, distributes and/or transmits and/or enables the accessibility of the electronic information and/or the electronic document with humiliation and/or defamation content.

(4) Any person, committed intentionally and without right, distributes and/or transmits and/or enables the accessibility of the electronic information and/or the electronic document with blackmail and/or threat content.

Article 28

(1) Any person, committed intentionally and without right, disseminates hoaxes and misleading news that caused any loss to the consumers in an electronic transaction.

(2) Any person, committed intentionally and without right, disseminates information with the aim to create hatred and hostility among individuals and/or certain communities based on ethnic-groups, religion, race and inter groups.

Article 29

Any person, committed intentionally and without right, sends the electronic information and/or the electronic document containing a threat or intimidation to be aimed at the target personally.

Article 30

(1) Any person, committed intentionally and without right or violating the law, accesses a computer and/or an electronic system belong to the other persons using any method.

(2) Any person, committed intentionally and without right or violating the law, accesses a computer and/or an electronic system using any method to obtain any electronic information and/or electronic document.

(3) Any person, committed intentionally and without right or violating the law, accesses a computer and/or an electronic system using any method by breaking, trespassing, surpassing or hacking the security system.

Article 31

(1) Any person, committed intentionally and without right or violating the law, intercepts or taps electronic information and/or an electronic document in a computer and/or a certain electronic system belongs to other person.

(2) Any person, committed intentionally and without right or violating the law, intercepts the transmission of electronic information and/or electronic document which are closed to the public, from, to, and in a certain computer and/or an electronic system belongs to the other person that may or may not cause any change that changed, deleted and/or stop the process of transmission of the electronic information and/or the electronic document.

(3) The interceptions as referred in Clause (1) and Clause (2) are prohibited except the interception for law enforcement by the police and attorney and/or other law enforcement institutions as stipulated by Law.

(4) Further provisions on the interception procedure as referred to in Clause (3) shall be stipulated under the Government Regulation.

Article 32

(1) Any person, committed intentionally and without right or violating the law, by any method whatsoever changes, adds, reduces, transmits, damages, eliminates, transfers and hides the electronic information and/or electronic document belongs to other person or public.

(2) Any person, committed intentionally and without right or violating the law, by any method whatsoever changes or transfers electronic information and/or electronic document to the other electronic system belonging to the other person without right.

(3) Any action set forth in Clause (1) causing a confidential electronic information and/or a confidential electronic document to be accessible by the public with the inappropriate data integrity.

Article 33

Any person, committed intentionally and without right or violating the law, performs any action that caused disturbance to an electronic system and/or caused an electronic system operate not properly.

Article 34

(1) Any person, committed intentionally and without right or violating the law, produces, sells, procures to be used, imports, distributes, provides , or possesses:

a. hardware or software of computer designed or specifically enhanced to facilitate the prohibited actions as referred to in Article 27 to Article 33.

b. computer codes, access codes or similar to it which are designed to make an electronic system be accessible with the aim to facilitate any prohibited action as referred to in Article 27 to Article 33.

(2) Any action as referred in Clause (1) is not a criminal action if it is being used to conduct a research, an electronic system test, with the aim to protect the electronic system alone legally and not violating the law.

Article 35Any person, committed intentionally and without right or violating the law, manipulates, creates, changes, deletes, damages electronic information and/or electronic documents with the aim to make the electronic information and/or the electronic documents to be regarded as an authentic data.

Article 36

Every person shall be intentional and without right or break the law to carry on the action as referred toin Article 27 up to and including Article 34 implicated damage for other.

Summary of Ch VIISummary of Ch VII

Article 27, 28 & 29 => distributing illegal contentArticle 27, 28 & 29 => distributing illegal content- Obscene/porn;Obscene/porn;- Gambling;Gambling;- defamation;defamation;- False statement;False statement;- Hate-speech, racism or xenophobia;Hate-speech, racism or xenophobia;- cyber stalkingcyber stalking

Sanction/punishment: max 6-12 years and/or Sanction/punishment: max 6-12 years and/or penalty max 1-2 Billion penalty max 1-2 Billion (Art. 45)(Art. 45)

Art 30Art 30- Illegal AccessIllegal Access- Max 6-8 years and/or max 600-800 million (Art 46 section (1), (2) Max 6-8 years and/or max 600-800 million (Art 46 section (1), (2)

and (3))and (3))

Art 31Art 31- Illegal Interception Illegal Interception - Max 10 years and/or penalty max 800 million (Art 47)Max 10 years and/or penalty max 800 million (Art 47)

Art 32Art 32- Data InterferenceData Interference- Max 8-10 years and/or penalty max 2-5 Billion (Art 48 section (1), Max 8-10 years and/or penalty max 2-5 Billion (Art 48 section (1),

(2) and (3))(2) and (3))

Art 33Art 33- Interception Interception - Max 10 years and/or penalty max 10 B (Art 49)Max 10 years and/or penalty max 10 B (Art 49)

Art 34Art 34- Misuse of DevicesMisuse of Devices- max 10 years and/or penalty max 10 B max 10 years and/or penalty max 10 B (Art 50)(Art 50)

Art 35Art 35- Computer Related ForgeryComputer Related Forgery- max 12 years and/or penalty max 12 B max 12 years and/or penalty max 12 B (Art 51)(Art 51)

Art 36Art 36- Computer Related FraudComputer Related Fraud- max 12 years and/or penalty max 12 B max 12 years and/or penalty max 12 B (Art 51)(Art 51)

Added Punishment (Art 52)Added Punishment (Art 52)II

If the indecent materials [Art 27 section (1)] concerning children If the indecent materials [Art 27 section (1)] concerning children - Basic punishment + 1/3 of basic punishmentBasic punishment + 1/3 of basic punishment

IIIf the activities destroying strategic dataIf the activities destroying strategic data

- Government data related with public services Government data related with public services + 1/3 of basic + 1/3 of basic punishmentpunishment

- Strategic data related with financial, defense, etc Strategic data related with financial, defense, etc + 2/3 of basic + 2/3 of basic punishmentpunishment

- Was done by corporation Was done by corporation + 2/3 of basic punishment + 2/3 of basic punishment

CHAPTER IXThe Role of The Government & The Society

Article 40

(1) The government shall facilitate the utilization of information technology and electronic transaction pursuant to the provisions of the prevailing laws and regulations.

(2) The government shall protect the public interests from all kinds of disorder as the result of the abuse of electronic information and electronic transaction that disrupt the public order pursuant to the prevailing laws and regulations.

(3) The government shall decide the bureau or the institution possessing strategic electronic data that have to be protected.

(4) The bureau or the institution as referred to in Clause (3) shall prepare the electronic document and its electronic backup and connect them to certain Data Centre in order to safeguard the data.

(5) The other bureau or institution apart from those stipulated in Clause (3) shall make the electronic document and its electronic backup in accordance to the need for their data protection..

(6) Further provisions on the role of government as referred to in Clause (1), Clause (2), and Clause (3) shall be stipulated under the Government Regulation.

Article 41

(1) The society may involved to enhance the utilization of information technology by means of using and organizing the electronic system and the electronic transaction pursuant to this Law..

(2) The role of the society as referred to in Clause (1) can be organized by an institution which is established by the society..

(3) The institution as referred to in Clause (2) may have the function of consultation and mediation.

CHAPTER XCHAPTER XInvestigation Investigation

Investigation shall be conducted based on provisions in Investigation shall be conducted based on provisions in Criminal Proceeding Law. (Art. 42)Criminal Proceeding Law. (Art. 42)

The Investigators are POLRI and PPNS. (Art. 43)The Investigators are POLRI and PPNS. (Art. 43)

Investigators shall pay attention on privacy aspect, Investigators shall pay attention on privacy aspect, confidential status, the continuation of public service, data confidential status, the continuation of public service, data integrity and public interest. integrity and public interest.

Evidences Evidences (Article 41)(Article 41)

Investigation, prosecution and trial in Investigation, prosecution and trial in court:court:- Evidences are based on Laws and Evidences are based on Laws and

Regulations;Regulations;- Other evidences : (i) ED and (ii) EI.Other evidences : (i) ED and (ii) EI.

NEXT STEP: NEXT STEP: Government Regulation DraftGovernment Regulation Draft

Implementation of EITImplementation of EIT Board of Trust mark Certification;Board of Trust mark Certification; Electronic Signature Electronic Signature ;; Electronic Certification Providers Electronic Certification Providers ;; Electronic System Exertion Electronic System Exertion ;; Electronic Transaction Electronic Transaction ;; Electronic Agent Exertion Electronic Agent Exertion ;; Domain Administrator Domain Administrator ;; Board of Strategic Data Board of Strategic Data ;; Lawful Interception Lawful Interception

Others

Draft of Ministry Regulation concerning Content Draft of Ministry Regulation concerning Content Multimedia Guidance;Multimedia Guidance;

Draft of Ministry Regulation concerning Spamming ;Draft of Ministry Regulation concerning Spamming ; Draft of Government IT Security ;Draft of Government IT Security ; Draft of Ministry Regulation concerning CA ; Draft of Ministry Regulation concerning CA ; Draft of Ministry Regulation concerning Standard Draft of Ministry Regulation concerning Standard

Audit.Audit.

OthersOthers

Revision of Company’s Filling & Documentation (e-Revision of Company’s Filling & Documentation (e-filing)filing)

Draft of Law (Bill) concerning Data Protection ActDraft of Law (Bill) concerning Data Protection Act Draft of Law (Bill) concerning IT/Cyber-crime ActDraft of Law (Bill) concerning IT/Cyber-crime Act

THANK YOU FOR YOUR ATTENTION