The Assessment of Indonesia’s Cyberlaw Bill: The Electronic Information and Transaction Bill (Rancangan Undang-undang Informasi dan Transaksi Elektronik – RUU ITE)

By Sonny Zulhuda

The current Electronic Information and Transaction Bill (`the Bill’) is considered the first initiative of the country to enact a comprehensive legislation on cyberlaw. There were initially two government agencies that came out with two different bill drafts at the same time. This fact reserves some comment in the later part of this paper.

 

The Ministry of Industry and Trade initiated the draft of Electronic Information and Electronic Transaction Bill. On the other hand, the Department of Tourism, Post and Telecommunication under the Ministry of Transport also came out with the draft of Information Technology Bill. This double initiative was uncoordinated creating prolonged, unfocused and unnecessary debates among academics and IT professionals.Nevertheless, the debates were deemed to have brought constructive ideas as well. It is noteworthy that the two drafts took different approach in formulating cyberlaw into legislation. While the Electronic Information and Electronic Transaction Bill was concentrated on e-commerce law and related aspects taking into account the requirements under UNCITRAL model law on e-commerce, the IT Bill was a general law (some called `umbrella law?) dealing with so many issues on general terms.

After some years of debates, the government acted wisely to coordinate and merge the efforts together. The coordinating agency is now Ministry of Communications and Information, and the consolidated draft is now called Electronic Information and Transaction Bill. The approach is somehow a hybrid of the two original drafts; it does cover quite extensive subject matters from e-contract to e-signature, from privacy and personal data to cyber squatting and intellectual property rights, and from cyber crimes to consumer protection. However, the Bill does not go lengthy enough in subject matters other than cyber crime, e-contract and related aspects. For other subject matters, the Bill provides that they will be governed by subsidiary regulations.

 

At present, the draft Bill had been finalized by relevant agencies after it was consulted to public for comment. It was reported in June this year that the Ministry has processed the Bill to be signed by the President and ready to be tabled to Parliament. It is presumed that the Bill will be enacted not later than the first quarter of year 2004.Since this draft bill is the first to accommodate cyberlaw requirements, once enacted the law will certainly provide basis for the reform or revision of other areas of laws including electronic fund transfer, e-government, capital market, online taxation, and online banking.

 

Legal Position of Electronic Message & Admissibility of Electronic Evidence

 

The Bill acknowledges in section 4 that electronic information shall have legal effect as evidence. This preposition includes the print-out form generated from the electronic message. However, for its legal effect, the electronic message is required to have generated from electronic system that is reliable. Furthermore it also stipulates that the electronic information system must fulfill requirements of integrity, reliability, and accessibility. It also has to be able to retrieve the message it is required. Having said this, however, the Bill stipulates that there are some exceptions in certain maters where written document is still necessary & essential including the marriage contract and land matter.

 

Consumer Protection

 

It is stipulated in the Bill that everyone has the right to obtain accurate and complete information with respect to contract requirements, manufacturer, and product that is offered electronically section 10(1). For this purpose there can be reliability certification body to be jointly worked out by government and members of public.

 

In respect with dispute resolution methods, consumers are given variety of legal redresses by the Bill. In case there is found any use of IT by certain party that creates harm for society, a class action can be taken by virtue of section.37. Arguably, this `use of IT’ is wide enough to cover many areas and issues to the favor of consumers. Besides, civil action can also be brought to commercial court in the event there is a use of IT that causes commercial loss to the consumers. In certain circumstances where there is a threat to certain important aspect of public life, the government may instead take action to protect public interest.

 

Other than litigation, consumers are also given option to settle their e-commerce disputes by employing alternative dispute resolution (ADR) including arbitration as provided in section 42, and the decision resulting from such process shall be final and binding upon the disputing parties.

 

Electronic Contract

 

The principle of freedom of contract is strongly upheld by the Bill when it stipulates the freedom of contracting parties as to which law to govern, and in which forum to hear the disputes. In this respect, alternative dispute resolution is also available for the contracting parties to opt.

More than expected, the Bill does not only recognize the legal effect of an electronic contract and parties to it, but also places the e-contract inline with the requirements of international civil law. This international civil law would be the reference in the event where contracting parties do not specifically stipulate which law would govern their agreement. This stipulation in section 20 (3) is especially important in the event dispute arises and the parties did not specify which law is to be the governing law.

 

The constitution of e-contract still depends on the offer and acceptance of the offer; nevertheless the principles are being adjusted to the online environment. Furthermore, by virtue of section 23(3) the use of electronic agent for a contract can also be held binding as far as the electronic agent is functioning properly in the ordinary course of business. This provision accommodates among other things the widely used Automatic Teller Machines (ATM) by banking industries. Other kinds of payment methods that involve automatic arrangement e.g. through computers are also covered under this provision.

 

Given the relatively new and ever-developing circumstances of the information technology, the Bill does anticipate its limitation in governing the e-contract activities. As a result, the Bill also provides in section 25 that any business customs and commercial practice those are alive today and not in contravention with the provisions of the Bill shall remain applicable.

 

Writing & Signature Requirements

 

Electronic message can be held original and shall fulfill the requirement of `writing? provided that its integrity, reliability, accessibility, and retrievability are guaranteed. Electronic signature has a valid legal effect under section 11, and the requirements are set in section 13. The word used is `electronic’ and not `digital’. Therefore, it is technology neutral, and, interestingly, it does not ever touch the technology of public key infrastructure. Meanwhile, the certification authority is not made compulsory; instead it was made optional (`dapat’) in section 15(1).

 

Cyber Squatting

 

Some aspects of domain name registration and related issues are touched in section 26 of the Bill. It recognizes any registration of domain names on first come first serve basis. However, this domain name shall not be registered under bad faith, should not trespass fair competition law, and should not infringe rights of others on the name. If the latter occurs, the infringed party may take civil action for damages. While international system of registration is recognized, further procedure of names registration would be regulated by subsidiary regulation. Arguably, this stipulation gives legal effect to the international arbitration procedures, e.g. those under WIPO, UDRP, etc.

 

Intellectual Property Rights

 

The Bill in section 27 recognizes and protects every intellectual property rights as the result of electronic information work, and same protection is given for Internet website design and any IP-righted materials it contains. This provision is very short and simple, purposely because there is already a comprehensive law deals with IP issues. Apparently the Bill tries to avoid overlapping with those IP legislations. For instance, Indonesia’s new copyright law No. 19/2002 does anticipate the information technology and what it may affect the copyrighted works. It already sufficiently provides that the same principles of copyright are applicable in the cyberspace medium.

 

Personal Data Protection

 

Personal data protection (PDP) has been among the most contentious issue in the cyberlaw discourse. This is due to many reasons, mainly its significance to two seemingly-contradictive things: human rights that demands maximum protection of privacy in one hand, and international trade that requires extensive personal data transfer on the other. This background leads to various international attempts to come with regulatory measures on PDP. However, possibly to the surprise of many, the Bill only provides one section (section 28) to deal with PDP, and no subsidiary regulation is mandated by the draft.

 

It only stipulates that data subjects must give `consent’ before the `use? of any information containing personal data and privacy rights of that party, except in relation to public information that are no longer confidential. Questions arise as to whether there is similar protection in the event of collection, storage, or deletion of the same personal data? Also, what kind of `consent’ is required? Is it an opt-in or opt-out model? Given the width of the issue, why very limited provisions in the Bill? And why no mandate is provided for any secondary legislation such as in other parts of the Bill?

 

Offences of Cyber Crime

 

The offences under proposed bill are among the most contentious issues. The first sight on Bill’s provision suggests wide and extensive coverage of computer misuse types and categories.

 

First of all, it is Interesting to note that `hacking’ or a mere unauthorized access to a computer or electronic system is not made an offence, in an opposite stand to the law in other major countries such as UK, Malaysia and Singapore. This is believed to be crucial since Indonesia has been known for its rampant cases on cyber crime involving hacking, web-defacing and credit card fraud.

 

Hacking is an offence only when, first, it is committed with the purpose of obtaining or altering information contained in that system. Secondly, it is committed with the intention to secure information classified as confidential, or that are detrimental for national security and international relations. It is argued that this provision on international relations and nation’s critical information infrastructure would provide redress for the issues of cyber-terrorism. Hacking is also an offence when it is committed against the electronic system of financial and banking industries, with the purpose of misusing it or gaining undue advantage out of it.

 

The Bill also criminalizes any action that posed harms to the proper functioning of nation’s protected electronic system (e.g. those system under national critical infrastructures). `Protected computer? is elaborated by the Bill’s elucidation of section 34; to fall into two categories: first, special and exclusive computers that belong to the government’s financial institutions, and secondly, the computers that are used by the state to communicate and trade with parties from other countries.

 

In other provision, the Bill makes it an offence for the wrongful communication of password, access code, or other means of access (section 35).

Credit card fraud is addressed in section 33, where it provides that, any way of unauthorized use or access of other people’s credit card to gain benefit from e-commerce is an offence under the Bill. It is hoped that this provision may curb the existing problem and thus eliminate the notorious credit card fraud in Indonesia.

 

Summary

 

There are some other aspects worth noting, including both advantages and weaknesses. First appreciation worth to note is that draft has aptly acknowledged the nature of technology of the Internet and ICT that is ever changing, ever developing and very dynamic. Ready to face this nature, the draft expressly stipulates (in section 2) that the law to be enacted must be based on neutral technology basis. This provision will enable the law to accommodate various and dynamic developments of the information and communication technology. All kinds of technology will be acknowledged and given legal effect as long as the requirements of system integrity, reliability, and accessibility can be assured.

 

Since the cyberlaw is a `lex specialis’ or special legislation, the drafts provides in section 3 another important provision, that any other existing laws that have some extent of ICT use and employment, will be deemed applicable. Thus, rather than repealing effect, the cyberlaws have instead acted as complimentary to other existing laws and regulation. This provision is very important to affect solid and comprehensive national legal system.

 

The Bill, however, reserves some considerations for improvement. The biggest limitation it posed may be associated to its wide but not-deep coverage, especially in the area of privacy and personal data protection. Simple and short approach taken by the draft in dealing with other issues may also cause another inefficiencies f the law. The current draft Bill requires about eight regulations. Normally these regulations will take another time and process to achieve.

 

It appears that the civil procedures in the commercial court as provided by the Bill open room for delay of litigation. And this may create another factor of ineffectiveness of the law. By virtue of section 39, the court is given a maximum of 90 days from the date an action is registered to deliver judgment. An extension of 30 days is provided with the permission of Supreme Court. It submitted that a total of 120 days for the delivery of judgment is too a long period and may necessarily prejudice the action due to the nature of e-evidence that may be gone vary fast.

(This paper was presented at the International Conference on E-Commerce, held by the National University of Singapore (NUS), in Singapore, December 2003. It was drafted in 2003, based on the old version of the Draft Bill. Note that the Bill has ever since gone through lots of review, amendments and redrafting. For the latest version, please consult: http://www.depkominfo.go.id).