THE PROTECTION OF CYBERCRIME BASED ON ITS REGULATION: A COMPARATIVE STUDY Khalifah Al Kays Yusuf Asian Law Students’ Association Local Chapter Universitas Gadjah Mada Email: alkays@live.com I.
Introduction Cybercrime is categorized and defined into two definitions, narrow and broader
sense. In regards to the narrow sense, cybercrime is a “computer crime” which consists of any illegal behavior directed by means of electronic operations that targets the security of computer systems and the data processed by them.1 In a broader sense, it is purported as “computer-related crime” which comprises any illegal behavior committed by means of, or in relation to, a computer system or network, including such crimes as illegal possession and offering or distributing information by means of a computer system or network.2 Cybercrime is becoming a major concern worldwide. It is inexorable that cybercrime will always be developing throughout years. In this regard, internet is considered as the most utilized medium that serves as a platform which leads to cybercrime. It is highly affected by the global revolution of ICTs 3 and used by transnational organized crime. 4 It is a relatively new crime using new method of modes, high-tech is required to using sophisticated information technology or equipment under the scope of cyber law.5 Accordingly, this crime differs with the terrestrial crimes in four ways: “Much easier to learn ways to commit; few resources relative to the potential damages caused required; can be committed without being physically present; the legality
1
“United Nations' Definition of Cybercrime.” Innovative Dynamic Networks, 8 Dec. 2014, idn-
wi.com/united-nations-definition-cybercrime/. 2
“United Nations' Definition of Cybercrime.” Innovative Dynamic Networks, 8 Dec. 2014, idn-
wi.com/united-nations-definition-cybercrime/. 3
Donn B. Parker, 1998, Fighting Computer Crime: For Protecting Information, Wiley, USA, p.10.
4
Michael D. Lyman & Gary W. Potter, Organized Crime, Prentice Hall, 2010; Ulrich SIeber, Legal Aspects
Computer Related Crime, European Commission, University of Wurzburg, 1998, p. 25. 5
Muhammad Prima E, ‘Permasalahan Hukum dalam Menanggulangi Cyber Crime di Indonesia’, Journal
of Moral and Civic Education, 2017, p. 57 – 60.
is still vague.”6 For this reason, it is immensely needed for a government to provide an applicable law. It has urged a challenge for lawmakers, society, and international institutions to dwell and attain this in dire need of an effective law in order to provide protection for criminal activities under cyberspace towards all aspects within a State or abroad. With regard to this occasion, seeing the reality in protecting cybercrime in Indonesia, Author would like to provide an analysis over the problematics of its regulation in Indonesia and conclude it by providing a solution through a comparative study in regards to another State.
II.
Analysis a. The Problematics of Indonesia’s Regulation In Indonesia, there are several regulations related to cybercrime. However, the
main umbrella that covers cybercrime in general is Law No. 19 of 2016 regarding Electronic Transaction Information (ITE). Moreover, in 2016, it was reported by an online news, cybercrime is the most handled case by the Indonesian Police, in which 1.207 cases of cybercrime from 1.627 existed cases. As can be seen from the facts that, there is a great amount of cases regarding cybercrime which actually the government and society are not completely prepared. With respect to the Law No. 19 of 2016, an existence of drawbacks is inevitable. One of them is the evidentiary process of cybercrime, as regulated under KUHAP, it is required to provide at least two sufficient evidences which can be in a form of witness testimony, expert testimony, letter, clue, and defendant testimony. However, as extended within the Law ITE, evidence can be in a form of electronic evidence, Author is of the view that, it is a breakthrough from the lawmaker in order to convict a responsible person over the crime, which it implies one of the characteristics of special criminal law. Nevertheless, seeing the application of this extended evidence, there exists several drawbacks that could hamper the law enforcer within the evidentiary process, which consists of:7
6
Mc Connell International, Cybercrime...and Punishment? Archaic Laws Threaten Global Information,
December 2000. 7
Muhammad Prima E, ‘Permasalahan Hukum dalam Menanggulangi Cyber Crime di Indonesia’, Journal
of Moral and Civic Education, 2017, p. 60.
1. Loctus delicti, in this concerned crime, investigator will be faced with difficulties in determining the accurate location of where the crime took place since the perpetrator can easily erase the trace of his action or even establish a new location to manipulate the investigator. 2. Tempus delicti, it is complicated for the investigator to determine the exact time of the illegal action since the perpetrator is able to easily change the time of when the action took place. 3. Corroboration and witness testimony, within the search of an evidence, it is difficult for the investigator to obtain all of the evidence that is utilized in the preparation and implementation since all the utilization that is being used can be easily be erased and manipulated. Therefore, although an evidence has been gathered, a witness testimony in order to corroborate the documents evidence could be absent, since all the actions is done through the internet which no one directly sees, experiences, or even hears it. Accordingly, there are some difficulties to provide corroboration in order to ensure the authenticity and reliability of the evidence which would result to a substantially doubtful evidence. 4. Lack of witness, one of the nature and the implementation of this action is usually taken by one perpetrator in an isolated room. Thus, similarly as the abovementioned difficulty, it is exhausting for the investigator to attain a witness that directly sees, experiences, and hears the action committed by the perpetrator. Consequently, even unus testis nullus testis principle cannot be fulfilled since obtaining one witness is already quite hard for the investigator. 5. Physical minutes, public prosecutor still needs a witness testimony in a form of formal minutes, which requires physical presence of the witness to testify, thus it implicates to summoning the witness that is abroad to be made a formal minute in Indonesia, as Indonesia has not yet acknowledged testimony in a form of facsimile or e-mail. 6. Jurisdiction, unlike an ordinary crime, which physical presence exists and it eases the determination of which law should be implemented if it is done in one more countries, or can be called transnational crime, in which territoriality principle is the utmost and first limb that must be taken into account to determine the jurisdiction of certain crimes. However, in cybercrime, it is conducted by online
or internet in which it arises a complicated determination of jurisdiction since internet does not recognize or limited by boundaries of state, as all can freely surf through internet without worrying about breach of boundaries, unlike an ordinary crime. It can be deduced that, the drawbacks in the protection of cybercrime in Indonesia is not limited to the unprepared law, however, the law enforcer is still ought to be prepared as there still lacks of human resources and technology in facing new modes of crime which high technology is required. Preparing the law and its enforcer will make a check and balances in handling this no boundaries crime. Seeing this reality, Author is urged to make a comparative study in order to have an insight and enlightenment of the other existing law abroad. b. Cybercrime Protection in US and Israel To begin, the existing protection of cybercrime in Israel focuses on enhancing cooperation to combat cybercrime, it urges numerous cooperative avenues, inter alia: 1. Inter-governmental Cooperation Israel itself has a cooperation with the European Union (EU) and United States (US), as it is expected to have a supporting system in eradicating cybercrime that has rapidly developed. EU itself has its own policy which knowns as EU Cyber Security Strategy, this has been significantly implemented by their members. This is in purpose to “Protecting Europe from large scale cyber-attacks and disruptions: enhancing preparedness, security and resilience.” 8 This international cooperation between Israel policy and EU policy is deemed productive, as it engages the global community to develop together by determining a set of principles which reflects European core values for the internet’s resilience. 9 Furthermore, Israel also borrowed the 2009 Comprehensive National Cybersecurity Initiative (CNCI) which affirmed in 2011 International Strategy for Cyberspace. 10
8
EU Commission, Protecting Europe from Large Scale Cyber-attacks and Disruptions: Enhancing
Preparedness, Security and Resilience, Communication on Critical Information Infrastructure Protection, 2009, available at http://ec.europa.eu/information_society/policy/nis/docs/ comm_ciip/comm_en.pdf. 9
Ibid.
10
The
White
House,
The
Comprehensive
National
Cybersecurity
Initiative,
http://www.whitehouse.gov/cybersecurity/comprehensive-national- cybersecurity-initiative
2011,
2. Regional Cooperation Model of Asia-Pacific’s regional cooperation over cybersecurity in National Computer Emergency Response Teams (CERT) by the Asia-Pacific CERT.11 Other regional cooperative is Organization of American States’ (OAS) which is in purpose to supplement cybersecurity and regional responses to cybercrime. 12 3. Public-Private Platform In order to tackle the lack of high technology, initiative incorporating public with private sector is needed, as private sector could provide a new perspective towards cybercrime. As like Internet Corporation for Assigned Names and Numbers which has been successful in promoting the development and adoption of security extensions for the domain name system (DNSSEC).13 This incorporation is in order to promote information sharing, technical orientation, and enhancing coordination among government agencies. 14 4. Administrative Responses to Cyber Crises It offers additional possibilities regarding the creation of a cybersecurity policy model. In Israel, Israel Bureau’s call, which it helps in defining emergency cyber situations in Recommendation 8 and cyber warnings in recommendation 13 of the INCB’s recommendations.15 Seeing this steps from Israel government which is in purpose to achieve a greatest protection of cybercrime by enhancing cooperation amongst platforms is deemed necessary for Indonesian government to apply. Cooperation amongst private sector, regional, inter-governmental, and also administrative response is suggested to be applied since it is in purpose of assisting our government in combatting cybercrime in which
11
Daniel Benoliel, ‘Towards A Cybersecurity Policy Model: Israel National Cyber Bureau Case Study’,
North Carolina Journal of Law & Technology, Volume 16, Issue 3, 2015, p. 456. 12
Welcome to the Department of Legal Cooperation, Inter-American Cooperation Portal on Cyber-Crime,
www.oas.org/juridico/english/cyber.htm. 13
The Internet Corporation for Assigned Names and Numbers (ICANN), Good Practices Guide for
Deploying DNSSEC, 2010. 14
Forum of Incident Response and Security Teams; ‘Improving Security Together’, FIRST,
www.first.org./.; “EGC Group.” European Government CERTs (EGC) Group, www.egc-group.org/. 15
Recommendation 8 and 13 of the INCB’s recommendations.
Indonesia still lacks of human resources, technology, experience, and prior knowledge to this crime. Moreover, regarding US protection towards cybercrime, it has the same dilemmas with Indonesian law, which is lacking of education and awareness, thus this several programs are compatible with Indonesia problems on cybercrime. Beforehand, attention must be drawn that, this program shall be aimed towards: Legislators, lawmakers, law enforcers, IT professionals, politicians, and also community focusing on cyberspace. The programs that can be done, such as:16 1. Educating Cybercrime Fighters All the parties involved within the preventing, reporting, and prosecuting cybercrime shall be trained. For legislators, it is important for them to be trained and having a deep understanding on the law that they propose regarding cybercrime, other than that, they are also required to directly conduct field research which is in order to have a clear insight on what is needed to furnish the law of cybercrime. This education strategies shall also be implemented by law enforcers as the party who upholds and prosecutes cybercrime criminals. Law enforcer shall understand on the complexity of technicalities; thus, a field training is highly needed. 2. Educating Information Technology Professionals In regards to the technology experts, it is insufficient for them to only deepen their practice on developing the usage of technology, however, it is urgent for them to broaden their skills related to cybercrime, it must be introduced to such experts regarding the new methods of crime, each type, and also its implementation. It must be emphasized that, they must be aware regarding the main purpose of the applicable law of cybercrime, the investigation until the decision by the Court procedure, and also society awareness with respect to cybercrime. 3. Educating and Engaging the Community Beyond the parties involved in upholding the law, community as one of the most users of internet and computer, should have been a great colleague to work with. It is on the reason that, they are more accustomed to the development of cyberspace and indeed cybercrime in the perspective of usage of technology or means of conduct. Thus, Author 16
Mohamed Chawki, ‘A Critical Look at the Regulation of Cybercrime A Comparative Analysis with
Suggestions for Legal Policy’, DROIT-TIC, 2015, p. 53 – 55.
argues that, police officer and IT experts shall have a time to cooperate and educate the community in eradicating this crime.
III.
Conclusion It can be concluded that, cybercrime is a new wrongdoing that will inexorably and
rapidly be a major problem in every State. In Indonesia, cybercrime protection is as yet agitated, either from the inclusion of the legislator, law enforcer, and also IT experts. Along these lines, this comparative study is relied upon to answer the current problematics in Indonesia. IV.
Bibliography
Mohamed Chawki, ‘A Critical Look at the Regulation of Cybercrime A Comparative Analysis with Suggestions for Legal Policy’, DROIT-TIC, 2015 Gabi Siboni, Ido Sivan-Sevilla., ‘A Conceptual Framework, Inherent Challenges, and Normative Recommendations’, Cyber, Intelligence, and Security, Volume 1, No. 1, 2017. Daniel Benoliel, ‘Towards A Cybersecurity Policy Model: Israel National Cyber Bureau Case Study’, North Carolina Journal of Law & Technology, Volume 16, Issue 3, 2015. Muhammad Prima E, ‘Permasalahan Hukum dalam Menanggulangi Cyber Crime di Indonesia’, Journal of Moral and Civic Education, 2017 Rudi Hermawan, ‘Kesiapan Aparatur Pemerintah Dalam Menghadapi Cyber Crime Di Indonesia’, Faktor Exacta, 2013.