Legal Issues in Electronic Commerce
I.
Introduction i.
Background The world today is currently facing the 4.0 industry revolution. It brings a fundamental change to work and life at a regular basis. For instance, this revolution is related in a great extent to electronic contracts for the purpose of commercial transactions conducted electronically on the internet, which we often conjured up as electronic commerce (“e-commerce”). To the majority of people, e-commerce is limitedly interpreted as mere online shopping. However, e-commerce also comprises many other activities, such as businesses trading with other businesses and internal processes that companies use to support their buying, selling, hiring, planning, and other activities. 1 A more generic definition of electronic commerce would include electronic funds transfers used by many banks as well as business to business communications using the internet, extranet and intranet networks. 2 Following the vast development of technology, the e-commerce market is growing rapidly, particularly in Indonesia. The latest estimation by Macquarie Bank is that the Indonesian market has grown 60–70 per cent annually since 2014
and
will
expand
from
US$8
billion
in
2016 to US$60 billion in 2020.3 A Google Indonesia survey held between November 2014 and February 2015 found that 78 per cent of respondents shopped online using mobile devices.4 According Pew Research Center, a survey regarding the number of smartphone user was conducted in May 14th
1
Gary P. Scheiner, Electronic Commerce, 9th Edition, (Course Technology, Cengage Learning, 2011), pg. 4. J. Ohene-Djan, Electronic Commerce, (London: University of London, Goldsmiths, 2008), pg. 8 . 3 Australian Government (Austrade), E-Commerce in Indonesia: Guide for Australian Business, (Australia Unlimited, Australian Trade and Investment Comission, 2018), pg. 4, quoting: Online retail as a percentage of total sales, Euromonitor, Statista, Macquarie Research, April 2017; in Macquarie Research, Indonesia e-commerce, 12 April 2017,https://www.macquarieresearch.com/rp/d/r/publication.do?f=C&pub_id=7318216& le_name=IndonesiaEcommerce120417Re270473.pdf, page 1. 4 Tony Keusgen, Country head, Google Indonesia, Jakarta Post, ‘Indonesia, SE Asia’s digital powerhouse’, 9 August 2016, http://www.thejakartapost.com/academia/2016/08/09/indonesia-se-asias-digital-powerhouse.html, accessed May 29th, 2019. 2
until August 12th 2018 with a total of 30.133 respondents from 27 countries. 5 The result was that the majority of Indonesians with a percentage of 42% were using smartphones.6 Thus, the rapid growth of technology holds a pivotal role in increasing smartphone users, which at the same time will accommodate the enhancement of e-commerce market in Indonesia. With the rise of e-commerce market era, all communications and transactions are conducted electronically. Although it might seem more practical, the potential of fraud practice in electronic transactions is higher than conventional transactions. Unlike conventional transactions where we can directly face the seller and see the products that we are going to buy, the specific data of a product in electronic transactions are only provided through the internet. This will give numerous opportunities to conduct cyber crime, such as data privacy theft, data manipulation of products, manipulation of electronic transactions, and a lot more. Based on a research involving 26 countries conducted by Kaspersky Lab, a global software security group, Indonesia is the leading country in terms of online financial frauds with a total of 26% of online consumers becoming victims of the frauds.7 Based on the data from the Ministry of Communication and Information Indonesia on September 11th, 2018, there are 16.678 victims filing for online financial frauds. 8 Taking into account that any transaction holds an important economic value and with the risk of cyber crime in the e-commerce era, one of the method to
5 Pew Research Center, Smartphone Ownership Growing Rapidly Around the World, February 5th , 2019, accessed at https://www.pewglobal.org/2019/02/05/smartphone-ownership-is-growing-rapidly-around-the-worldbut-not-always-equally/ on May 29th, 2019. 6 Pew Research Center, Smartphone Ownership Growing Rapidly Around the World,February 5th , 2019, accessed at https://www.pewglobal.org/2019/02/05/smartphone-ownership-is-growing-rapidly-around-the-worldbut-not-always-equally/ on May 29th, 2019. 7
Indonesia Investments, Online Scams in Indonesia: 26% of Consumers become Victims of Fraud, May 31st, 2016, accessed at https://www.indonesia-investments.com/id/news/todays-headlines/online-scams-in-indonesia-26of-consumers-become-victim-of-fraud/item6871 on May 29th 2019. 8 Meila Arnani, Kompas.com, 16.000 Laporan Diterima Cekrenening.Id: Penipuan Online Capai 14.000, September 11th, 2018, accessed at https://nasional.kompas.com/read/2018/09/11/15014481/16000-laporan-diterimacekrekeningid-penipuan-online-capai-14000?page=all on May 29th 2019.
secure electronic transactions is through the existence of a valid electronic signature (“E-Sign”). An e-sign is crucial in electronic transaction as a tool of verification and authenticity to enhance the security, as well as a tool of evidence for the electronic transaction itself. 9 The legal basis of e-sign in Indonesia has been established with the issuance of Law No. 11 Year 2008 regarding Electronic Information and Transaction (“Law 11/2008”) and Government Regulation No. 82 Year 2012 regarding System of Electronic Transaction (“GR 82/2012”) With the legal basis that was established to secure electronic transactions in Indonesia, it raises the question why Indonesia is still the leading country with online financial fraud. Why do the people who commit online financial fraud are not afraid of the sanction of the regulation? Are the regulations enough? What are some ways to combat online financial fraud in Indonesia?
ii.
Basic Regulation of The Topic 1. International Legal Basis Following the rapid growth of technology where there are no more borders to communicate or conduct transaction globally, United Nations Commissions on International Trade Law (“UNCITRAL”) issued the UNCITRAL Model Law on Electronic Commerce 1996 (“UNCITRAL Model Law on E-Commerce”). It is an international legal basis to conduct e-commerce on a global scale and a guideline for states to issue a national regulation regarding e-commerce. The UNCITRAL Model Law on E-Commerce defined E-Commerce as “any information in the form of a data message used in the context of commercial activities”.10 “Data message” means information generated, sent, received or stored by electronic, optical or similar means including, but not limited to, electronic data interchange (EDI), electronic mail,
9
Farida Dewi, Tanggung Jawab Hukum Penyelenggara Tanda Tangan Digital Tersertifikasi yang Berinduk (Analisa Komparatif terhadap Kasus Diginotar di Belanda, University of Indonesia Thesis, (Jakarta: University of Indonesia, 2012) pg. 32. 10 UNCITRAL, The UNCITRAL Model Law on Electronic Commerce 1996, Art 1.
telegram, telex or telecopy. 11 The term “commercial� should be given a wide interpretation so as to cover matters arising from all relationships of a commercial nature, whether contractual or not. 12 Relationships of a commercial nature include, but are not limited to, the following transactions:13 a. any trade transaction for the supply or exchange of goods or services; b. distribution agreement; c.
commercial representation or agency;
d. factoring; e. leasing; f. construction of works; g. consulting; h. engineering; i.
licensing;
j.
investment;
k. financing; l.
banking;
m. insurance; n. exploitation agreement or concession; o. joint venture and other forms of industrial or business cooperation; p. carriage of goods or passengers by air, sea, rail or road. Based on the explanations of the UNCITRAL Model Law on ECommerce, the scope of commercial context is very broad and flexible. Thus, it provides space for States to extend or specifies their national regulation regarding e-commerce. Nevertheless, It is also stated in the UNCITRAL Model Law on E-Commerce that “ This Law does not override any rule of law intended for the protection consumers (Uncitral,1998). 5 , which
11
Ibid, explanation of Art 1. Ibid. 13 Ibid. 12
means that it is only made as a legal validity for international e-commerce, not for the purpose of consumer protection. UNCITRAL also acknowledges the importance of electronic signature to secure e-commerce transactions. Article 7 of UNCITRAL Model Law on E-Commerce defines electronic signature (“e-sign”) particularly in the use of e-commerce, as:14 (a) a method is used to identify that person and to indicate that person’s approval of the information contained in the data message; and (b) that method is as reliable as was appropriate for the purpose for which the data message was generated or communicated, in the light of all the circumstances, including any relevant agreement. For the purpose of establishing a firm legal basis to a greater extent, UNCITRAL also issued the UNCITRAL Model Law on Electronic Signatures 2001 (“UNCITRAL Model Law on E-Sign”). It defines e-sign as “data in electronic form in, affixed to or logically associated with, a data message, which may be used to identify the signatory in relation to the data message and to indicate the signatory’s approval of the information contained in the data message”.15 There is also a certification for e-sign which is “a data message or other record confirming the link between a signatory and signature creation data”. Thus an e-sign holds a firmer authenticity if it is backed with the certification. 2. National Legal Basis for Indonesia The validity of an electronic transaction in the form of contract or agreement and its e-sign for the basis of e-commerce in Indonesia is excessively related to Indonesian Civil Code and Law No. 11 Year 2008 regarding Electronic Information and Transaction (“Law 11/2008”) which is amended with Law No. 19 Year 2016. After all, electronic contract is a contract based on Article 1313 Indonesian Civil Code that is made within
14
UNCITRAL, The UNCITRAL Model Law on Electronic Commerce 1996, Art. 7. UNCITRAL, UNCITRAL Model Law of Electronic Signature 2001, Art 2 point a
15
the electronic system. 16 First, it must comply to the four general requirements of a contract regulated in Article 1320 Indonesian Civil Code, which are: (1) having consent; (2) legal competency; (3) pertaining to specific objects; (4) for reasonable and valid purpose according to the applicable law. Second, it must also comply with Law 11/2008, in which an e-sign related to the subject that gives consent must conform to the following requirements:17 a. The data is privately known only to the original owner of the signature; b. In the time of signing the documents, only the original owner is allowed to use it; c. All changes to electronic signatures after the signing process could be well-acknowlegded; d. All changes to electronic information after the signing process could well-acknowlegded; e. Includes a specific method to prove the validity of the signature owner; f. Includes a specific method to prove that the signature owner has given valid consent regarding a specific electronic transaction.
Law 11/2008 also regulates the prohibited acts or conducts in the scope of electronic information and transaction, such as: (1) accessing other people’s electronic systems to obtain electronic information or documents 18, (2) interception19, (3) hacking20, (4) manipulation of electronic information or documents as if it is an authentic one 21, and so on. The prohibited acts regulated on Law 11/2008 could be one of the legal basis of consumer protection in e-commerce. It aligns with Law No. 8 Year 1999 concerning Consumers’ Protection (“Law 8/1999”). Law 8/1999
16
Indonesia, Law regarding Electronic Information and Transaction, Law No. 11 Year 2008, Art. 1 point
17. 17
Indonesia, Law regarding Electronic Information and Transaction, Law No. 11 Year 2008, Art. 11. Ibid, Art. 30 19 Ibid, Art 31 20 Ibid, Art. 33 21 Ibid, Art. 35 18
regulates the rights of consumers, obligations of business agents, and prohibited acts of business agents. The most important clause is the obligations of business agents that must be complied. The obligations of business agents consist of: (a) having a good intention in conducting business activities; (b) providing correct, clear and honest information about the condition and guarantee of goods and/or services and providing explanation about uses, repair and maintenance; (c) treating or serving consumers correctly and honestly and indiscriminatority; (d) guaranteeing the quality of the goods and/or services produced and/or traded on the basis of the prevailing standard provisions on the quality of goods and/or services; (e) providing an opportunity to consumers to test and/or try certain goods and/or services and providing an assurance and/or a guarantee for the goods made and/or traded; (f) giving compensation and or refund for the losses caused by the use, application and utilization of goods and/or services traded; (g) giving compensation and/or refund if the goods and/or services received or utilized are not up to the agreement. 22
iii.
Legal Issue Regarding the Topic 1. Data Privacy Theft Based on Internet Security Threat Report on 2013, Indonesia was ranked number one as the riskiest country to experience internet security threat with 23.54% of threat exposure rate.23 What most people does not acknowledge is that some threats also emerge in the form of malware or cookies that steals personal data of the smartphone user while conducting electronic transactions, such as credit card number, most visited websites, e-mail address, interest, and even the shopping pattern of an individual. 24 This is a violation of Article 30 Law 11/2008 and Law 8/1999.
22 23
Indonesia, Law No. 8 Year 1999 concerning Consumers’ Protection, Law No. 8 Year 1999, Art. 6. Symantec Corporation, Internet Security Threat Report (2013), 2012 Trends, Vol 128 Published April
2013. 24
Acep Rohendi, Ecodemica Journal, Vol. III, No. 2., Perlindungan Konsumen dalam Transaksi ECommerce: Perspektif Hukum Nasional dan Internasional. September 2015.
2. Online Scamming Online scamming in the name of e-commerce is often found in Indonesia. One example of an online scamming case in Indonesia on mid 2018 was conducted by an individual selling Chanel bags online through Instagram and WhatsApp with the price of Rp37,5 million rupiahs. Although the transaction was completed, the seller does not send the related Chanel bag to the buyer. The accused was then found by the police and confessed that she has been doing online scamming for 20 years. 25 This is a violation of Article 35 Law 11/2008 and Article 6 (b) Law 8/1999. 3. Manipulation of Electronic Transaction One of the case investigated by the Directorate of Cyber Crime in Badan Reserse Kriminal Kepolisian RI (Bareskrim Polri), the police institution in Indonesia, was regarding a manipulation of transaction of a voucher in one of Indonesia’s e-commerce platform, Bukalapak. The fraud is conducted with a group of three people, manipulating transactions in Bukalapak with a “cash-back voucher” and earned a total of 70 million rupiahs.26 This is a violation of Article 35 Law 11/2008. 4. Inauthenticity of e-Signature The issue of legal validity is often raised due to the minimum certification of an e-sign. Some hacker have the ability to manipulate an esign of others within electronic transaction nowadays. This is a violation of Article 35 Law 11/2008. An e-sign certification platform must provide the a valid certification and a method to prove the authenticity of the e-sign.
II.
MAIN ISSUE: METHODS TO OVERCOME THE LEGAL ISSUES i. The E-Commerce Investigation Unit by Bareskrim27
25
http://wartakota.tribunnews.com/2018/09/12/kasus-penipuan-toko-online-bela-hasilkan-ratusan-jutahasil-penipuan-bermodus-jual-beli-online 26 https://www.merdeka.com/peristiwa/manipulasi-voucher-cashback-3-pelapak-pembeli-di-bukalapakditangkap-kln.html 27
commerce
https://news.detik.com/berita/d-3812221/banyak-kasus-penipuan-online-bareskrim-bentuk-satgas-e-
The government has done a prominent role by concting the E-Commerce Investigation Unit in the Directorate of Cyber crime as one of the way to ensure the security protection in e-commerce market. This unit is also cooperating with the Financial Services Authority (Otoritas Jasa Keuangan), Financial Technology Association, and Digital Economy Association. I think it is one of the stepping stone in terms of e-commerce protection by the government in the 4.0 revolutionaty industry. ii. The Cek Rekening ID Application by Ministry of Communication and Information (KOMINFO) 28 Another method conducted by the government is The Cek Rekening ID which is one of the application made by the Ministry of Communication to check one’s financial account and also file an online financial fraud report. After that, it could “normalize” one’s account so that his account is not included in the bank account database that is suspected of being a criminal offense. The Ministry of Communication and Information sets several conditions, namely (a) Account holders report online or offline, accompanied by a screenshot of the objection proof from the complainant's complaint. (b) In certain situations, the organizer of the application can bring together the reporting party and the account owner if there is a difference in opinion. (c) The application organizer will provide a special sign on the account that is still in the stage of dispute between the reporter and the account owner. iii. Internal Audit29 A method that could be done by e-commerce platforms is conducting internal audit throughout their business. This method is conducted by Tokopedia on August 15th until 17th , 2018 with the results of 49 products are indicated being manipulated by business agents. Therefore, a large number of business agents and 28
Meila Arnani, Kompas.com, 16.000 Laporan Diterima Cekrenening.Id: Penipuan Online Capai 14.000, September 11th, 2018, accessed at https://nasional.kompas.com/read/2018/09/11/15014481/16000-laporan-diterimacekrekeningid-penipuan-online-capai-14000?page=all on May 29th 2019. 29
Faishal Bosnia Ahmad, vines, Tokopedia Memberhentikan Puluhan Karyawan yang Terindikasi Manipulasi Program Flashsale, https://id.priceprice.com/lainnya/news/Tokopedia-Memberhentikan-PuluhanKaryawan-Mereka-yang-Terindikasi-Manipulasi-Program-Flash-Sale-6308/ on May 29th 2019.
employees are fired from Tokopedia.This method would stop the manipulations of products and transaction in e-commerce for the present time and prevents the fraud to happen once more in the future. iv. Certification of an Electronic Signature The certification of an e-sign is required to prove further authenticity and verification. Some institution, like Bank Indonesia and Financial Services Authority only accept an e-sign that has legal certification authenticity based on Law 11/2008. Furthermore, it was regulated in GR 82/2012 that a certified e-sign is made with the electronic system providers’ service on electronic certification and proved by an electronic certificate. 30 Electronic Certificate is a certificate which has electronic characteristics that contains Electronics Signatures and identities that shows the status of the law subject of the parties in Electronic Transaction issued by the electronic certification operator.31 There are certain requirements by the law in creating electronic certification for an e-sign, which are:32 a. the whole process of making Electronic Signature Creation Data security and confidentiality guaranteed by the Electronic Signatures Operator or the Electronic Signatures Supporting Services; b. if using cryptographic codes, Electronic Signature Creation Data must not be easily seen from the Electronic Signature verification data through a specific calculation, within a certain time, and with a reasonable; c. Electronic Signature Creation Data stored in an electronic medium that is in the possession of Signer; and d.
data related to the Signer mandatory or stored in a data storage facility, which uses a reliable system owned by Electronic Signature Operator or Electronic Signature Support Service that can detect the changes and meet the following requirements: (1) only person authorized to enter new data, change, exchange, or replace data; (2) Signer identity information can be
30
Indonesia, Government Regulation regarding System of Electronic Transaction, GR 82 Year 2012, Art. 55
point (2). 31 32
Ibid, Art 1 point 18. Ibid, Art. 55 point (4).
checked for authenticity; and (3) Other technical changes which violate security requirements can be detected or recognized by the operator. Currently, the only electronic system provider that conducts valid e-sign certification service is PrivyID. Thus, when conducting business electronically, whether through e-commerce platforms or through any fintech industry, It is important to certify e-sign as soon as possible for a valid authenticity and verification. v. Issuing a Specific Indonesian Regulation concerning E-Commerce Frankly, I think the issuance of a specific national regulation that specifically regulates the e-commerce business in Indonesia is important. The purpose is to establish a firm legal basis to a greater extent, not just implicitly regulated throughout partial regulations which is currently what we have now with the Indonesian Civil Code, Law 8/1999, Law 11/2009 jo. Law 19/2016, and GR 82/2012. Indonesia can refer to UNCITRAL Model Law on E-Commerce and ESign for the guidelines on making a specific regulation concerning E-Commerce. As for example, Indonesia could refer to other countries’ law that regulates ECommerce sepecifically. For example, Malaysia has regulated e-commerce specifically through Electronic Commerce Act 2006, accompanied with complementary regulations such as Electronic Government Activities Act 2007, Personal Data Protection Act 2010, Digital Signature Act 1997, dan Consumer Protection Act 1999. 33 III.
CONCLUSION To conclude, the rapid growth of technology in the 4.0 industry revolution is accommodating the enhancement of e-commerce industry. However, the nature of ecommerce is associated to cyber crimes pertaining to online financial frauds. Some legal issues are data privacy theft, online scamming, manipulation of electronic transaction, and inauthenticity of e-sign. Therefore, some methods to overcome those legal issues, are a specific unit for e-commerce established by Indonesian Police Institution (Bareskrim Polri), The Cek Rekening ID Application by the government,
33
Margaretha Rosa Anjani and Budi Santoso, Jurnal Law Reform, Vol. 14, No. 1, Urgensi Rekonstruksi Hukum E-Commerce di Indonesia, 2018, pg. 102.
internal audit by e-commerce platform, and certification of electronic signature. Issuing a Specific Indonesian Regulation concerning E-Commerce could also be a great idea for the government as a firm legal basis for e-commerce in Indonesia.
IV.
BIBLIOGRAPHY
Regulations UNCITRAL, The UNCITRAL Model Law on Electronic Commerce 1996. UNCITRAL, UNCITRAL Model Law of Electronic Signature 2001. Indonesia, Indonesian Civil Code. Indonesia, Law regarding Electronic Information and Transaction, Law No. 11 Year 2008. Indonesia, Law concerning Consumers’ Protection, Law No. 8 Year 1999. Indonesia, Government Regulation regarding System of Electronic Transaction, GR 82 Year 2012.
Internet Pew Research Center, Smartphone Ownership Growing Rapidly Around the World, February 5th , 2019,
accessed at https://www.pewglobal.org/2019/02/05/smartphone-ownership-is-
growing-rapidly-around-the-world-but-not-always-equally/ on May 29th, 2019. Indonesia Investments, Online Scams in Indonesia: 26% of Consumers become Victims of Fraud, May 31st, 2016, accessed at https://www.indonesia-investments.com/id/news/todaysheadlines/online-scams-in-indonesia-26-of-consumers-become-victim-of-fraud/item6871 on May 29th 2019. Meila Arnani, Kompas.com, 16.000 Laporan Diterima Cekrenening.Id: Penipuan Online Capai 14.000,
September
11th,
2018,
accessed
at
https://nasional.kompas.com/read/2018/09/11/15014481/16000-laporan-diterimacekrekeningid-penipuan-online-capai-14000?page=all on May 29th 2019. Faishal Bosnia Ahmad, vines, Tokopedia Memberhentikan Puluhan Karyawan yang Terindikasi Manipulasi
Program
Flashsale,
https://id.priceprice.com/lainnya/news/Tokopedia-
Memberhentikan-Puluhan-Karyawan-Mereka-yang-Terindikasi-Manipulasi-ProgramFlash-Sale-6308/ on May 29th 2019.
Wartakota, Kasus Penipuan Toko Online Bela Hasilkan Ratusan Juta Hasil Penipuan Bermodus Jual-Beli Online, accessed at http://wartakota.tribunnews.com/2018/09/12/kasus-penipuantoko-online-bela-hasilkan-ratusan-juta-hasil-penipuan-bermodus-jual-beli-online on May 29th 2019. Merdeka.com, Manipulasi Voucher Cashback Tiga Pelapak – Pembeli Bukalapak, accessed at https://www.merdeka.com/peristiwa/manipulasi-voucher-cashback-3-pelapak-pembeli-dibukalapak-ditangkap-kln.html on May 29th 2019. Tony Keusgen, Country head, Google Indonesia, Jakarta Post, ‘Indonesia, SE Asia’s digital powerhouse’,
9
August
2016,
http://www.thejakartapost.com/academia/2016/08/09/indonesia-se-asias-digitalpowerhouse.html, accessed May 29th, 2019.
Thesis Farida Dewi, Tanggung Jawab Hukum Penyelenggara Tanda Tangan Digital Tersertifikasi yang Berinduk (Analisa Komparatif terhadap Kasus Diginotar di Belanda, University of Indonesia Thesis, Jakarta. University of Indonesia, 2012.
Journals and Books Gary P. Scheiner, Electronic Commerce, 9th Edition, (Course Technology, Cengage Learning, 2011), pg. 4. J. Ohene-Djan, Electronic Commerce, (London: University of London, Goldsmiths, 2008. Australian Government, E-Commerce in Indonesia: Guide for Australian Business, Australia Unlimited, Australian Trade and Investment Comission, 2018. Symantec Corporation, Internet Security Threat Report (2013), 2012 Trends, Vol 128 Published April 2013. Acep Rohendi, Ecodemica Journal, Vol. III, No. 2., Perlindungan Konsumen dalam Transaksi ECommerce: Perspektif Hukum Nasional dan Internasional. September 2015. Margaretha Rosa Anjani and Budi Santoso, Jurnal Law Reform, Vol. 14, No. 1, Urgensi Rekonstruksi Hukum E-Commerce di Indonesia, 2018, pg. 102.