The Dilemma of Private Information and Public Security By Kevin Bonaparte Christopher, Alif Imam Dzaki, Galang Ramadhan
A. INTRODUCTION
The development of technology, especially in
the field of telecommunications and information in this day and age has been at
a consistently staggering pace. The popping up of social media application such
as Facebook, Twitter, WhatsApp, Telegram, Line, Instagram and so on has allowed
a person to easily contact other without heed to distance. Statistics show that
in 2017, there are 2,46 billion social media users in the world and that amount
is predicted to continually increase.[1] This
development is supported by the widespread public access to the internet and
the increasing use of telecommunications devices that are versatile such as
smartphones.
However, the rapid development of information
and communication technology has created new problems. One of the biggest
problems faced today is the use of social media by radical groups, such as Al-Qaeda and ISIS in
committing acts of terrorism. Based on a study conducted by Gabriel Weimann of Haifa
University, 90% of activities carried out terrorist organizations are conducted
on social media. Weimann argues that terrorist groups use social media as a
means to spread messages, recruit members and obtain information. The use of
social media facilities by terrorist groups is supported by the extensive use
of social media, the ease of accessing social media and the existence of
security guarantees and the protection of confidentiality for social media
users on the content of their messages.
In response to the phenomenon, governments of
countries around the world took several measures to stop the abuse of social
media by these radical groups. One of the methods governments employ is the
encouragement of application developers or device companies to decrypt or grant
access to the personal information of users deemed to be related to radical
groups. One example of such government action is the action of the Federal
Bureau of Investigation (FBI) of the United States that asks the Apple to
decrypt the iPhone's shooting perpetrators in San Bernandino, California on
December 2, 2015[2]
or the Indonesian government's blocking of the Telegram app due to the large
circulation of content that contains radicalism and terrorism.[3]
In addition to the above, the government also
conducts surveillance and interception of telecommunication media and
information used by the general public. In the United States, for example,
under legislation such as the FISA Amendment Act 2008, Patriot Act, and
Executive Order 12333, the US government is authorized to monitor and collect
information from emails, text messages, phones, social media accounts and other
personal information owned by Americans on the basis of protecting the national
security of the United States.
However,
the government's actions are subject to opposition from community groups who
hold that these actions violate the right of public privacy guaranteed by law.
Government action requiring supervisors of telecommunication applications or
devices to open access to user information is deemed to jeopardize user
privacy. In addition, the government's actions in overseeing of personal information
are deemed to be abusive, as has been proven in the Church Committee's 1975
findings on FBI surveillance and in confidential information disclosed by
Edward Snowden in 2013 on the surveillance conducted by the NSA.
This
paper seeks to further discuss the laws on the disclosure of personal
information relating to national security and its implementation practices both
globally and nationally as well as its relation to the protection of the right
to privacy for everyone. The focus of this article is as follows:
1.
How is the disclosure
of personal information in the interest
of national security regulated?
2.
How is the practice of
disclosing personal information within the framework of national security
related to privacy violations?
B. DISCUSSION
1.
Disclosure
Of Personal Information In The Interest
Of National Security Regulated
1.1.Privacy and Supervision
under International Law
In the provisions of international law, the
right to the protection of privacy has been recognized as one of the
fundamental human rights. In the Universal Declaration of Human Rights (UDHR)
and the International Covenant on Civil and Political Rights (ICCPR), it is
stated that noone is permitted to arbitrarily interfere with the privacy,
family, residence or correspondence and is entitled to legal protection from
attacks of any kind.[4]
Later, in response to rapid global technological developments, particularly in
the field of telecommunications and informatics, the United Nations General
Assembly adopted Resolution 68/167, which recognizes the right to privacy in
the context of digital communications and requires states to take actions to
prevent and stop violations of the right to privacy. Rights and protection of
privacy are also recognized in regional international conventions, such as the
European Convention on Human Rights (ECHR), Arab Charter on Human Rights and
the American Convention on Human Rights.[5]
However, the recognition and protection of
the right to privacy by international law cannot be interpreted as prohibiting
any state restrictions or controls. In Article 29 Paragraph 2 of UDHR,
restrictions on the exercise of the rights and freedoms set by UDHR, including
the right and protection of privacy are justified to the extent that “such limitations as are determined by law
solely for the purpose of securing due recognition and respect for the rights
and freedoms of others and of meeting the just requirements of morality, public
order and the general welfare in a democratic society". Further, UN
General Assembly Resolution No. 68/167 recognizes surveillance and
interference, including the interception and collection of information made by
the state in the digital sphere on the basis of public security as long as they
are subject to obligations established under international law.
Actions
that limit the right to privacy, such as state control can only be justified if
such action is established by law, necessary to achieve a legitimate purpose,
and proportional to the intended purpose.[6]
Legislation that limits the right to privacy, in the opinion of the Special
Rapporteur on the Freedom of Expression of the Inter-American Commission on
Human Rights, must be firm, profound, accurate and clear both substantially and
procedurally in regulating the terms and scope of such restrictions.[7]
1.2. Privacy and Supervision
under Indonesian Laws
The 1945 Constitution of the State of the
Republic of Indonesia (the 1945 Constitution) does not specifically mention
privacy rights and protections. However, Article 28G Paragraph (1) gives
everyone the right to a sense of security and protection from the threat of
fear to do or not to do something that is a human right, including in
exercising the right to communicate and obtain information. Interpretation of
Article 28G Paragraph (1) as the basis for the protection of the right to
privacy is confirmed in Decision of the Constitutional Court. 5 /PUU-VII/2010.[8]
In addition to Article 28G Paragraph (1) of
the 1945 Constitution, the recognition of the right and protection of privacy
under Indonesian law is regulated in Law No. 39 of 1999 on Human Rights, where
in Article 32 it is stipulated that independence and confidentiality in
communication relations, including through electronic means shall not be
disturbed except by the order of judges or other authorized powers in
accordance with the provisions of legislation; UU No. 36 Year 1999 concerning
Telecommunication which requires security and protection of telecommunication
and prohibits interference and interception in telecommunication relation; Law
No. 12 Year 2005 on Ratification of ICCPR; and Regulation of the Minister of
Communication and Information Technology No. 20 Year 2016 concerning Protection
of Personal Data in Electronic Systems, which grants and guarantees the right
of everyone to the protection of the confidentiality of personal data it
possesses.
However, in addition to the recognition of
the right and protection of privacy, the provisions of Indonesian national law
also recognize limitations, controls and interference made to privacy. In
Article 28J Paragraph 2 of the 1945 Constitution stipulates that in exercising
their rights and freedoms, each person shall be subject to the limitations
stipulated by law with the sole purpose of ensuring the recognition and respect
for the right of freedom of others and to fulfill fair demands in accordance
with the consideration morals, religious values, security, and public order in
a democratic society. In Article 4 of Law No. 36 Year 1999 on
Telecommunications also stipulates that "telecommunications is controlled by the state and its development is
carried out by the government", which may be interpreted as granting
wide authority to the government against telecommunication content.[9]
Under Telecommunication Law,
telecommunication service providers, in their provision of telecommunication
facilities at the request of telecommunication service users, shall record the
usage of telecommunication facilities by telecommunication service users and
may record information according to the prevailing laws and regulations. And
for the purposes of the criminal justice process, telecommunication service
providers may conduct information recording and may provide the necessary
information at the written request of the Attorney General to the Chief of
Police for certain criminal offenses or the request of the investigator for
certain offenses under applicable law.
In addition to the Telecommunications Law,
the regulation on supervision and interference, including interception in
private telecommunication relationships, is regulated in various other laws and
regulations, such as in Law No. 5 Year 1999 on Psychotropic, Law No. 31 Year
1999 on the Eradication of Corruption, Law no. 17 of 2011 on State
Intelligence, Law No. 30 Year 2002 on the KPK, Perppu No. 1 Year 2002 on the
Eradication of Criminal Acts of Terrorism, Law No. 21 Year 2007 on the
Eradication of Criminal Act of Trafficking in Persons, and Law No. 35 Year 2009
on Narcotics.[10] As
for the procedure of eavesdropping on telecommunication relations by law
enforcement that done legally is regulated in Regulation of the Minister of
Communication and Informatics. 11/PER/M.KOMINFO / 02/2006, which in Article 3
stipulates that:
Legal
interception is conducted with the purpose of investigation, investigation,
prosecution and judicial proceedings against an offense.[11]
2. The Practice Of Disclosing
Personal Information Within The Framework Of National Security Related To
Privacy Violations
2.1.International Practice
Telecommunication surveillance by the state
on the basis of national security has been practiced by countries for many
years. In the United States, state surveillance measures on the basis of
national security have been in place since 1956 through the Counter
Intelligence Program (COINTELPRO) program aimed at overseeing political groups
considered to be subversive. The country's surveillance action is increasing
after the September 11, 2001, attacks in which countries conduct
telecommunications surveillance, either individually or in cooperation with
other countries, in order to track suspected terrorists or to predict and
prevent possible terror attacks.
The importance of surveillance the use of
telecommunications is increasingly emphasized in the face of cyber attacks and
cyber-terrorism, where telecommunication technology, especially the Internet is
used by terrorist groups or other parties to plan attacks, propagate, recruit
and indoctrinate, raise funds and conduct cyberattacks such as hacking, theft
of confidential digital information, or the spread of malware or computer
viruses.
Telecommunication surveillance is also used
within the framework of intelligence, where the surveillance is carried out by
a country against the civil, military and diplomatic relations of other
countries deemed dangerous by the country, such as the Five Eyes alliance which
includes the United States, Canada, Australia and New Zealand which implemented
the ECHELON program aimed at surveillance communication links in the Eastern
Bloc countries in the Cold War. In addition, telecommunications surveillance
may also be used in the context of prevention, investigation and arrest of
perpetrators of crime, such as in the use of CCTV, GPS tracking or tapping of
telephone lines. The effectiveness of telecommunication surveillance in law
enforcement can be seen in the role of CCTV in validating testimony about the
events of a crime, as in the case of State of Florida v. George Zimmerman in
the US.[12]
In general, communications surveillance
carried out by countries is carried out by their special security agencies such
as National Security Agency (NSA) in the US, Government Communication
Headquarters (GCHQ) in the UK, Australian Signal Directorate (ASD) in Australia,
Bundesnachrichtendienst (BND) in
Germany and Radio Fanrsvarets
Radioanstalt (FRA) in Sweden and is directed at parties outside the
relevant countries, although this does not domestic surveillance of telecommunications
does not exist. In the United States, communications surveillance is conducted
under the Foreign Intelligence Surveillance Act (FISA) and the FISA Amendment
Act (FAA) of 2008 and Executive Order 12333 of December 4 1981, aimed at
overseeing alleged foreigners engaging in subversive or terrorist activities
that could harm the United States, and the USA Patriot Act of 2001, aimed at
preventing and stopping acts of terrorism in the US, including through the
supervision and interception of communication links, both at home and abroad.
However, in practice, the supervision of
communications often exceeds the limits set out in international law and the
national laws of those countries. For example, NSA-led surveillance under the
FISA and FAA has been extended by the NSA to include surveillance of
cross-country communications conducted by US citizens or abuse of supervisory
authority under the USA Patriot Act by the NSA to oversee and collect
information on citizen communications US on a daily basis contrary to the
rights guaranteed to US citizens according to the Fifth Amendment of the US
Constitution. Other cases that demonstrate surveillance conducted without
regard to international law are, for example, the case of wiretap conducted by
ASD Australia against Indonesian public officials, including the President of
the Republic of Indonesia in 2013.
2.2.Indonesian Practice
In Indonesia, state institutions with legal
capacity to conduct telecommunication surveillance include the State
Intelligence Agency (BIN), the Strategic Intelligence Agency (BAIS), the State
Code of Conduct, the Indonesian National Police, and the Corruption Eradication
Commission (KPK).
In
general, telecommunication surveillance measures in Indonesia are conducted in
the interest of criminal investigations, especially in cases of special
criminal acts such as corruption and narcotics. The most prevalent
communications surveillance act in Indonesia is the wiretapping conducted by
the KPK in the investigation of alleged criminal acts of corruption. Based on
information from KPK Advisor Abdullah Hehamahua, 50% of corruption cases
handled by KPK are bribery cases revealed through wiretaps.
Indonesia has seen both high-level
surveillance scandals with the government as both victim and perpetrator, and
widespread reports of surveillance against activists, journalists and other
public figures.[13]
Cases of surveillance are particularly prevalent in Papua, where Human Rights
Watch says the Indonesian Armed Forces (TNI), particularly Kopassus, is
monitoring activists, journalists, politicians and religious leaders who are
suspected of having links to separatist groups.[14]
There are a number of problems in
communication surveillance conducted in Indonesia. Firstly, the extent of
authority of certain institutions in conducting surveillance and communication
interception, such as in the wiretapping by KPK where they are able to wiretap
and record unattended telephone conversations from anyone and without being
limited by timeframe which, by some parties, especially the House of
Representatives (DPR) is considered to lead to human rights violations.[15] Secondly,
the lack of independent oversight of institutions authorized to monitor telecommunications
such as BIN, BAIS, and the State Code Institution caused by the positions of
these institutions and the absence of specialized agencies tasked with
overseeing these institutions. And thirdly, there is still a lack of legal
instruments governing the protection of personal information and procedures for
the exercise of communications oversight, whereby the Constitutional Court
Decision No.5 / PUU / VII / 2010 has affirmed the need for special legislation
governing the supervision of communications, up to now regulations governing
communications oversight and privacy protection such as the Tapping Bill and
the Draft Law on Personal Data Protection are still under preparation and
discussion in parliament.
2.3.Impact of Disclosing
Personal Data
In
the past, there has been an increasing trend of data collection, in a "Big
Data" scheme. This collection is undertaken by either the government for
the purpose of development and recording of citizens, as well as by the private
sector in the framework of business. The proliferation of digital business is
growing with the increasing penetration of internet users in Indonesia,
increasing the frequency of recording and collection of personal data of
consumers (citizens).
Opportunities
for the abuse of citizen’s personal data of are increasing, with so many rules
allowing public and private institutions to collect and disclose their private
data. This situation is illustrated at least by the number of laws in
Indonesia, whose material contains personal data content, whether or not
protects or otherwise, provides opportunities for data opening. Studies
conducted by ELSAM, for example, have found at least 30 laws in Indonesia,
which have links to the protection of personal data. Unfortunately the thirty
laws overlap each other, for example for the purposes of data processing,
notification, the purpose of data opening, the duration of the collection and
the opening of data, destruction of data, the granting of permits.[16]
One
of the cases that can be examined from the practice of collecting personal data
is the e-KTP project. Where the government collects almost all types of
personal data from citizens, even up to their special biometric features,
through recording of eye retina data. Whereas, the government itself has never
been able to properly explain the procedures for managing, processing, storing,
and protecting the personal data of citizens that have been collected.
Presidential Regulation no. 67/2011 which is referenced by this project, does
not even govern the mechanism of protection of personal data related to the
e-KTP. It is precisely this trillion dollar project is corrupted by so many
actors holding power, both in government, DPR, and even the private parties
involved. Of course this makes us more worried about the fate of our personal
data that has been collected.
Bibliography
Edmon Makarim, Indonesia: The Controversy over the
Bill Concerning Lawful Interception, Digital Evidence and Electronic
Signature Law Review, Vol 8 2011, accessed through http://journals.sas.ac.uk/deeslr/article/view/1962/1899
pada 23 November 2017
ELSAM, 2017, Kebutuhan akan UU Perlindungan Data Pribadi
kian Mendesak, http://elsam.or.id/2017/05/kebutuhan-akan-uu-perlindungan-data-pribadi-kian-mendesak/
diakses pada 5 Desember 2017 Pukul 16:00 WITA
Human Rights Watch, 2011, Indonesia: Military Documents Reveal
Unlawful Spying in Papua, diakses dari https://www.hrw.org/news/2011/08/14/indonesia-military-documents-reveal-unlawful-spying-papua
Infotoday, 2017, Personal
Privacy VS National Security is being Debated
http://www.infotoday.com/LinkUp/Personal-Privacy-vs-National-Security-Is-Being-Debated-109718.shtml
Mughal, Javaria. National
Security vs. Privacy in the Modern Age, Canadian Student Review Winter
2016, hal. 5, diakses dari https://www.fraserinstitute.org/sites/default/files/national-security-vs-privacy-in-the-modern-age.pdf
Mula Akmal, 2017, DPR Tanya Dasar Hukum Penyadapan, Ini
Jawaban KPK, diakses dari https://nasional.sindonews.com/read/1243179/13/dpr-tanya-dasar-hukum-penyadapan-ini-jawaban-kpk-1506435658
Privacy
International, 2017, State of Privacy in Indonesia, accessed through https://www.privacyinternational.org/node/974 on 23
November 2017
Privacy
International, 2016, The Right to Privacy in the Indonesia, p. 2,
accessed through https://privacyinternational.org/sites/default/files/UPR27_indonesia.pdf
on 23 November 2017
Privacy International, 2017, Guide
to International Law and Surveillance, p. 4-5, accessed through
https://privacyinternational.org/sites/default/files/Guide%20to%20International%20Law%20and%20Surveillance%20August%202017.pdf
on 23 November 2017
Universal Declaration of Human Rights
International Covenant on Civil and Political Rights.
[1]Anonim, 2017, Personal Privacy VS National Security is
being Debated http://www.infotoday.com/LinkUp/Personal-Privacy-vs-National-Security-Is-Being-Debated-109718.shtml
[3]
http://tekno.kompas.com/read/2017/07/14/20495927/ini-alasan-pemerintah-blokir-telegram;
https://www.cnnindonesia.com/teknologi/20170714194448-185-228042/alasan-pemerintah-blokir-telegram/
[4]See Article 12 Universal Declaration of Human Rights dan
Article 17 International Covenant on Civil and Political Rights.
[5] Privacy International, 2017, Guide to International
Law and Surveillance, p. 4-5, accessed through https://privacyinternational.org/sites/default/files/Guide%20to%20International%20Law%20and%20Surveillance%20August%202017.pdf
on 23 November 2017
[6] Privacy International, 2016, The
Right to Privacy in the Indonesia, p. 2, accessed through https://privacyinternational.org/sites/default/files/UPR27_indonesia.pdf
on 23 November 2017
[7]
Privacy International, Guide to International Law, op. cit, p. 7.
[8]
Privacy International, Right to
Privacy, op. cit, p. 3.
[9]Privacy
International, 2017, State of Privacy in Indonesia, accessed through
https://www.privacyinternational.org/node/974 on 23 November 2017
[10] Edmon
Makarim, Indonesia: The Controversy over the Bill Concerning Lawful
Interception, Digital Evidence and Electronic Signature Law Review, Vol 8
2011, accessed through http://journals.sas.ac.uk/deeslr/article/view/1962/1899
pada 23 November 2017
[11] Ibid, p.
135.
[12] Javaria Mughal, National
Security vs. Privacy in the Modern Age, Canadian Student Review Winter
2016, hal. 5, diakses dari
https://www.fraserinstitute.org/sites/default/files/national-security-vs-privacy-in-the-modern-age.pdf
[13] Privacy
International, 2016, The Right to
........, op. cit., hal. 4
[14]
Human Rights Watch,
2011, Indonesia: Military Documents
Reveal Unlawful Spying in Papua, diakses dari
https://www.hrw.org/news/2011/08/14/indonesia-military-documents-reveal-unlawful-spying-papua
[15] Mula
Akmal, 2017, DPR Tanya Dasar Hukum
Penyadapan, Ini Jawaban KPK, diakses dari https://nasional.sindonews.com/read/1243179/13/dpr-tanya-dasar-hukum-penyadapan-ini-jawaban-kpk-1506435658
[16]ELSAM, 2017, Kebutuhan akan UU Perlindungan Data Pribadi kian
Mendesak, http://elsam.or.id/2017/05/kebutuhan-akan-uu-perlindungan-data-pribadi-kian-mendesak/ diakses pada 5 Desember 2017 Pukul 16:00 WITA