Hi Dimitar,
Thank you for your reply. Ministerial Regulation No. 5/2020 repealed two existing regulations:
- The Ministerial Regulation on "Supervision of Internet Sites with Negative Contents" (No. 19/2014): primarily oriented towards sites containing contents of child pornography, incitement of violence, and two vaguely-worded standings:
"ethnicity, religion, race, and other groups" and "other illegal activities based on the provisions of laws and regulations". It allowed ISPs to block contents on those two sites under two-mechanisms: self-block or using third-party "blocking services".
- The Ministerial Regulation on
"Electronic System Operator Registration Procedures" (No. 36/2014): specified what kind of Internet provider that has to register with the government. Under this one, it was mandatory to register for "providers of Internet services for public necessities" (which covered government agencies, state-owned corporations, and courts), but it was optional for those not providing Internet services for public necessities, which are the commercial, non-profit, and/or UGC Internet enterprises. There was no specified mechanism for IP unmasking or any other form of online identity unmasking in this regulation. Therefore, Wikimedia project sites were never subject to any kind of registration to the government under this regulation
MR No. 5/2020 expanded the mandatory registration for all providers of Internet services and enterprises (public or private, providing services for public necessities or not, registered in Indonesia or in abroad, UGC or not) with the government, and introduced a whole new set of mechanism that would inevitably force them to share the online identity of their users upon request of the government, law enforcement agencies, and/or the court without having to establish any form of reasonable suspicion. No court order is needed for the request to be executed, nor any form of appeal are provided to challenge the legality of such request. There is no reason why the government includes UGC sites, either. Reasons to request an unmasking of users identity including terrorism, child pornography, gambling, and two vaguely-worded reasons: "content which is prohibited under its authority" and "content that disrupts public order".
There is no explicit threat of criminal or civil punishment if a PSE under MR 5/2020 refuses to register; but refusal to cooperate with the government, law enforcement agencies, and/or the court upon a request of user identity unmasking may subject to written warning, temporary or permanent block of access to the site, de-registration of the PSE, and up 2 to 5 years of imprisonment.
I could imagine a request to unmask the identity of a registered user at a Wikimedia project which had contributed or edited an article that was viewed as contrary to the government's official narrative of an event or subject to increasing public controversy. Such requests would inevitably go to the CheckUser, which is subject to the said penalties if they refuse to cooperate. That being said, the Indonesian affiliate of Wikimedia and sysops of Indonesia's Wikimedia projects are the ones with the greatest exposure to criminal charges under this regulation; adding more burden to their already vulnerable positions due to an incident that happened as recently as June 2020, when users and sysops of Indonesian Wikipedia are
doxxed and cyber attacked for
historical articles that do not present the government-friendly narrative [id].