Hello everyone,
In November 2020, Indonesian Ministry of ICT passed a new regulation (Permenkominfo 5/2020 https://jdih.kominfo.go.id/produk_hukum/view/id/759/t/peraturan+menteri+komunikasi+dan+informatika+nomor+5+tahun+2020) on "Private Electronic System''. Among others, the regulation would allow the government to force ISPs and basically any web operator to unmask IP addresses of websites that are user-generated for a very broad set of reasons, including but not limited to "inflammatory contents" and "public disorder". The Electronic Frontier Foundation has discussed this new regulation at length here https://www.eff.org/deeplinks/2021/02/indonesias-proposed-online-intermediary-regulation-may-be-most-repressive-yet .
At Indonesian Wikipedia village pump https://id.wikipedia.org/wiki/Wikipedia:Warung_Kopi_(Kebijakan)#Permenkominfo_No._5/2020, we concluded that this regulation will invariably make Wikimedia projects and affiliates in Indonesia subject to it. We are very concerned about the possibility of a broad interpretation of this regulation by the government and its effect on Wikimedia projects here, especially observing the increasingly illiberal attitude https://www.thejakartapost.com/news/2019/11/07/from-buzzers-to-prosecutions-indonesias-internet-freedom-under-threat.html of the current government on Internet and data policy.
We would very much welcome suggestions, warning tales, and/or practical experiences that we could learn in anticipating this regulation's incoming enforcement.
Best,
*David W. Fisher-Freberg* meta https://meta.wikimedia.org/wiki/User:David_Wadie_Fisher-Freberg id.wp https://id.wikipedia.org/wiki/Pengguna:David_Wadie_Fisher-Freberg min.wp https://min.wikipedia.org/wiki/Pangguno:David_Wadie_Fisher-Freberg commons https://commons.wikimedia.org/wiki/User:David_Wadie_Fisher-Freberg
Hi David,
Thank you for reaching out to the list and I hope we can help. I definitely think we should put our heads together on this!
One thing that I am struggling to understand is the following: "unmask IP addresses of websites that are user-generated". What is the current system? Who and under which circumstances can unmask IP addresses right now? Why would it in this case only target user-generated sites and not all sites hosting (allegedly) illegal activities?
Generally there are two strategies: Either you try to stop the entire law/paragraph or to get an exception for what you care. Stopping a paragraph could also mean replacing it with something else.
Has there been some concrete event that triggered the Ministry to move in this direction?
Thank you again and sorry for asking more questions right now than I have answers for you!
Cheers, Dimi
На сб, 13.03.2021 г. в 4:52 ч. DW Fisher-Freberg dwfisherfreberg@gmail.com написа:
Hello everyone,
In November 2020, Indonesian Ministry of ICT passed a new regulation (Permenkominfo 5/2020 https://jdih.kominfo.go.id/produk_hukum/view/id/759/t/peraturan+menteri+komunikasi+dan+informatika+nomor+5+tahun+2020) on "Private Electronic System''. Among others, the regulation would allow the government to force ISPs and basically any web operator to unmask IP addresses of websites that are user-generated for a very broad set of reasons, including but not limited to "inflammatory contents" and "public disorder". The Electronic Frontier Foundation has discussed this new regulation at length here https://www.eff.org/deeplinks/2021/02/indonesias-proposed-online-intermediary-regulation-may-be-most-repressive-yet .
At Indonesian Wikipedia village pump https://id.wikipedia.org/wiki/Wikipedia:Warung_Kopi_(Kebijakan)#Permenkominfo_No._5/2020, we concluded that this regulation will invariably make Wikimedia projects and affiliates in Indonesia subject to it. We are very concerned about the possibility of a broad interpretation of this regulation by the government and its effect on Wikimedia projects here, especially observing the increasingly illiberal attitude https://www.thejakartapost.com/news/2019/11/07/from-buzzers-to-prosecutions-indonesias-internet-freedom-under-threat.html of the current government on Internet and data policy.
We would very much welcome suggestions, warning tales, and/or practical experiences that we could learn in anticipating this regulation's incoming enforcement.
Best,
*David W. Fisher-Freberg* meta https://meta.wikimedia.org/wiki/User:David_Wadie_Fisher-Freberg id.wp https://id.wikipedia.org/wiki/Pengguna:David_Wadie_Fisher-Freberg min.wp https://min.wikipedia.org/wiki/Pangguno:David_Wadie_Fisher-Freberg commons https://commons.wikimedia.org/wiki/User:David_Wadie_Fisher-Freberg _______________________________________________ Publicpolicy mailing list Publicpolicy@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/publicpolicy
Hi Dimitar,
Thank you for your reply. Ministerial Regulation No. 5/2020 repealed two existing regulations:
- The Ministerial Regulation on "Supervision of Internet Sites with Negative Contents" (No. 19/2014) https://jdih.kominfo.go.id/produk_hukum/view/id/215/t/peraturan+menteri+komunikasi+dan+informatika+nomor+19+tahun+2014+tanggal+17+juli+2014: primarily oriented towards sites containing contents of child pornography, incitement of violence, and two vaguely-worded standings: "ethnicity, religion, race, and other groups" and "other illegal activities based on the provisions of laws and regulations". It allowed ISPs to block contents on those two sites under two-mechanisms: self-block or using third-party "blocking services".
- The Ministerial Regulation on "Electronic System Operator Registration Procedures" (No. 36/2014) https://jdih.kominfo.go.id/produk_hukum/view/id/235/t/peraturan+menteri+komunikasi+dan+informatika+nomor+36+tahun+2014+tanggal+30+september+2014: specified what kind of Internet provider that has to register with the government. Under this one, it was *mandatory* to register for "providers of Internet services for public necessities" (which covered government agencies, state-owned corporations, and courts), but it was *optional* for those *not* providing Internet services for public necessities, which are the commercial, non-profit, and/or UGC Internet enterprises. There was no specified mechanism for IP unmasking or any other form of online identity unmasking in this regulation. Therefore, Wikimedia project sites were never subject to any kind of registration to the government under this regulation
MR No. 5/2020 expanded the mandatory registration for *all* providers of Internet services and enterprises (public or private, providing services for public necessities or not, registered in Indonesia or in abroad, UGC or not) with the government, and introduced a whole new set of mechanism that would inevitably force them to share the online identity of their users upon request of the government, law enforcement agencies, and/or the court *without *having to establish any form of reasonable suspicion. No court order is needed for the request to be executed, nor any form of appeal are provided to challenge the legality of such request. There is no reason why the government includes UGC sites, either. Reasons to request an unmasking of users identity including terrorism, child pornography, gambling, and two vaguely-worded reasons: "content which is prohibited under its authority" and "content that disrupts public order".
There is *no* explicit threat of criminal or civil punishment if a PSE under MR 5/2020 refuses to register; but refusal to cooperate with the government, law enforcement agencies, and/or the court upon a request of user identity unmasking may subject to written warning, temporary or permanent block of access to the site, de-registration of the PSE, and up 2 to 5 years of imprisonment.
I could imagine a request to unmask the identity of a registered user at a Wikimedia project which had contributed or edited an article that was viewed as contrary to the government's official narrative of an event or subject to increasing public controversy. Such requests would inevitably go to the CheckUser, which is subject to the said penalties if they refuse to cooperate. That being said, the Indonesian affiliate of Wikimedia and sysops of Indonesia's Wikimedia projects are the ones with the greatest exposure to criminal charges under this regulation; adding more burden to their already vulnerable positions due to an incident that happened as recently as June 2020, when users and sysops of Indonesian Wikipedia are doxxed and cyber attacked https://wikimedia.or.id/pers/wikipedia-dan-topik-kontroversial-netralitas-dalam-urun-daya-pengetahuan-di-wikipedia/ for historical articles that do not present the government-friendly narrative https://inet.detik.com/cyberlife/d-5039752/ramai-ramai-boikotwikipedia-gara-gara-artikel-pki [id].
On the question of what event triggered MR No. 5/2020: a combination of political and security situation https://www.thejakartapost.com/news/2020/06/03/internet-ban-during-antiracism-unrest-in-papua-deemed-illegal.html, social situation https://www.thejakartapost.com/news/2020/10/26/growing-fear-of-speaking-out-survey-finds-indonesias-civil-liberties-under-threat.html, and other issues https://carnegieendowment.org/2020/11/17/indonesia-s-shrinking-civic-space-for-protests-and-digital-activism-pub-83250; as well the increasingly illiberal and anti-open Internet digital policies https://www.tandfonline.com/doi/pdf/10.1080/00074918.2020.1846482 [pdf] of the current administration. For better understanding, please find SAFEnet's full report on the state of digital rights in Indonesia here https://safenet.or.id/2020/10/digital-rights-situation-report-indonesia-2019-the-rise-of-digital-authoritarian/ .
*David W. Fisher-Freberg* meta https://meta.wikimedia.org/wiki/User:David_Wadie_Fisher-Freberg id.wp https://id.wikipedia.org/wiki/Pengguna:David_Wadie_Fisher-Freberg min.wp https://min.wikipedia.org/wiki/Pangguno:David_Wadie_Fisher-Freberg commons https://commons.wikimedia.org/wiki/User:David_Wadie_Fisher-Freberg
On Fri, Mar 19, 2021 at 12:51 PM Dimitar Parvanov Dimitrov < dimitar.parvanov.dimitrov@gmail.com> wrote:
Hi David,
Thank you for reaching out to the list and I hope we can help. I definitely think we should put our heads together on this!
One thing that I am struggling to understand is the following: "unmask IP addresses of websites that are user-generated". What is the current system? Who and under which circumstances can unmask IP addresses right now? Why would it in this case only target user-generated sites and not all sites hosting (allegedly) illegal activities?
Generally there are two strategies: Either you try to stop the entire law/paragraph or to get an exception for what you care. Stopping a paragraph could also mean replacing it with something else.
Has there been some concrete event that triggered the Ministry to move in this direction?
Thank you again and sorry for asking more questions right now than I have answers for you!
Cheers, Dimi
На сб, 13.03.2021 г. в 4:52 ч. DW Fisher-Freberg < dwfisherfreberg@gmail.com> написа:
Hello everyone,
In November 2020, Indonesian Ministry of ICT passed a new regulation (Permenkominfo 5/2020 https://jdih.kominfo.go.id/produk_hukum/view/id/759/t/peraturan+menteri+komunikasi+dan+informatika+nomor+5+tahun+2020) on "Private Electronic System''. Among others, the regulation would allow the government to force ISPs and basically any web operator to unmask IP addresses of websites that are user-generated for a very broad set of reasons, including but not limited to "inflammatory contents" and "public disorder". The Electronic Frontier Foundation has discussed this new regulation at length here https://www.eff.org/deeplinks/2021/02/indonesias-proposed-online-intermediary-regulation-may-be-most-repressive-yet .
At Indonesian Wikipedia village pump https://id.wikipedia.org/wiki/Wikipedia:Warung_Kopi_(Kebijakan)#Permenkominfo_No._5/2020, we concluded that this regulation will invariably make Wikimedia projects and affiliates in Indonesia subject to it. We are very concerned about the possibility of a broad interpretation of this regulation by the government and its effect on Wikimedia projects here, especially observing the increasingly illiberal attitude https://www.thejakartapost.com/news/2019/11/07/from-buzzers-to-prosecutions-indonesias-internet-freedom-under-threat.html of the current government on Internet and data policy.
We would very much welcome suggestions, warning tales, and/or practical experiences that we could learn in anticipating this regulation's incoming enforcement.
Best,
*David W. Fisher-Freberg* meta https://meta.wikimedia.org/wiki/User:David_Wadie_Fisher-Freberg id.wp https://id.wikipedia.org/wiki/Pengguna:David_Wadie_Fisher-Freberg min.wp https://min.wikipedia.org/wiki/Pangguno:David_Wadie_Fisher-Freberg commons https://commons.wikimedia.org/wiki/User:David_Wadie_Fisher-Freberg _______________________________________________ Publicpolicy mailing list Publicpolicy@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/publicpolicy
Publicpolicy mailing list Publicpolicy@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/publicpolicy
Hi David,
Thanks for explaining this. I sometimes struggle to filter out the activist noise in EFF articles.
As you seem quite knowledgeable with the national situation and the activities of other groups on digital rights, do you have actions in mind that would make sense for us? And how can we, as a global community, help you?
In Europe we'd basically analyse the law, draft amendments (if it is "fixable") and reach out to policy makers, other stakeholders plus the media. But not sure what actions could make sense in Indonesia.
Cheers, Dimi
На пт, 19.03.2021 г. в 12:06 ч. DW Fisher-Freberg dwfisherfreberg@gmail.com написа:
Hi Dimitar,
Thank you for your reply. Ministerial Regulation No. 5/2020 repealed two existing regulations:
- The Ministerial Regulation on "Supervision of Internet Sites with
Negative Contents" (No. 19/2014) https://jdih.kominfo.go.id/produk_hukum/view/id/215/t/peraturan+menteri+komunikasi+dan+informatika+nomor+19+tahun+2014+tanggal+17+juli+2014: primarily oriented towards sites containing contents of child pornography, incitement of violence, and two vaguely-worded standings: "ethnicity, religion, race, and other groups" and "other illegal activities based on the provisions of laws and regulations". It allowed ISPs to block contents on those two sites under two-mechanisms: self-block or using third-party "blocking services".
- The Ministerial Regulation on "Electronic System Operator
Registration Procedures" (No. 36/2014) https://jdih.kominfo.go.id/produk_hukum/view/id/235/t/peraturan+menteri+komunikasi+dan+informatika+nomor+36+tahun+2014+tanggal+30+september+2014: specified what kind of Internet provider that has to register with the government. Under this one, it was *mandatory* to register for "providers of Internet services for public necessities" (which covered government agencies, state-owned corporations, and courts), but it was *optional* for those *not* providing Internet services for public necessities, which are the commercial, non-profit, and/or UGC Internet enterprises. There was no specified mechanism for IP unmasking or any other form of online identity unmasking in this regulation. Therefore, Wikimedia project sites were never subject to any kind of registration to the government under this regulation
MR No. 5/2020 expanded the mandatory registration for *all* providers of Internet services and enterprises (public or private, providing services for public necessities or not, registered in Indonesia or in abroad, UGC or not) with the government, and introduced a whole new set of mechanism that would inevitably force them to share the online identity of their users upon request of the government, law enforcement agencies, and/or the court *without *having to establish any form of reasonable suspicion. No court order is needed for the request to be executed, nor any form of appeal are provided to challenge the legality of such request. There is no reason why the government includes UGC sites, either. Reasons to request an unmasking of users identity including terrorism, child pornography, gambling, and two vaguely-worded reasons: "content which is prohibited under its authority" and "content that disrupts public order".
There is *no* explicit threat of criminal or civil punishment if a PSE under MR 5/2020 refuses to register; but refusal to cooperate with the government, law enforcement agencies, and/or the court upon a request of user identity unmasking may subject to written warning, temporary or permanent block of access to the site, de-registration of the PSE, and up 2 to 5 years of imprisonment.
I could imagine a request to unmask the identity of a registered user at a Wikimedia project which had contributed or edited an article that was viewed as contrary to the government's official narrative of an event or subject to increasing public controversy. Such requests would inevitably go to the CheckUser, which is subject to the said penalties if they refuse to cooperate. That being said, the Indonesian affiliate of Wikimedia and sysops of Indonesia's Wikimedia projects are the ones with the greatest exposure to criminal charges under this regulation; adding more burden to their already vulnerable positions due to an incident that happened as recently as June 2020, when users and sysops of Indonesian Wikipedia are doxxed and cyber attacked https://wikimedia.or.id/pers/wikipedia-dan-topik-kontroversial-netralitas-dalam-urun-daya-pengetahuan-di-wikipedia/ for historical articles that do not present the government-friendly narrative https://inet.detik.com/cyberlife/d-5039752/ramai-ramai-boikotwikipedia-gara-gara-artikel-pki [id].
On the question of what event triggered MR No. 5/2020: a combination of political and security situation https://www.thejakartapost.com/news/2020/06/03/internet-ban-during-antiracism-unrest-in-papua-deemed-illegal.html, social situation https://www.thejakartapost.com/news/2020/10/26/growing-fear-of-speaking-out-survey-finds-indonesias-civil-liberties-under-threat.html, and other issues https://carnegieendowment.org/2020/11/17/indonesia-s-shrinking-civic-space-for-protests-and-digital-activism-pub-83250; as well the increasingly illiberal and anti-open Internet digital policies https://www.tandfonline.com/doi/pdf/10.1080/00074918.2020.1846482 [pdf] of the current administration. For better understanding, please find SAFEnet's full report on the state of digital rights in Indonesia here https://safenet.or.id/2020/10/digital-rights-situation-report-indonesia-2019-the-rise-of-digital-authoritarian/ .
*David W. Fisher-Freberg* meta https://meta.wikimedia.org/wiki/User:David_Wadie_Fisher-Freberg id.wp https://id.wikipedia.org/wiki/Pengguna:David_Wadie_Fisher-Freberg min.wp https://min.wikipedia.org/wiki/Pangguno:David_Wadie_Fisher-Freberg commons https://commons.wikimedia.org/wiki/User:David_Wadie_Fisher-Freberg
On Fri, Mar 19, 2021 at 12:51 PM Dimitar Parvanov Dimitrov < dimitar.parvanov.dimitrov@gmail.com> wrote:
Hi David,
Thank you for reaching out to the list and I hope we can help. I definitely think we should put our heads together on this!
One thing that I am struggling to understand is the following: "unmask IP addresses of websites that are user-generated". What is the current system? Who and under which circumstances can unmask IP addresses right now? Why would it in this case only target user-generated sites and not all sites hosting (allegedly) illegal activities?
Generally there are two strategies: Either you try to stop the entire law/paragraph or to get an exception for what you care. Stopping a paragraph could also mean replacing it with something else.
Has there been some concrete event that triggered the Ministry to move in this direction?
Thank you again and sorry for asking more questions right now than I have answers for you!
Cheers, Dimi
На сб, 13.03.2021 г. в 4:52 ч. DW Fisher-Freberg < dwfisherfreberg@gmail.com> написа:
Hello everyone,
In November 2020, Indonesian Ministry of ICT passed a new regulation (Permenkominfo 5/2020 https://jdih.kominfo.go.id/produk_hukum/view/id/759/t/peraturan+menteri+komunikasi+dan+informatika+nomor+5+tahun+2020) on "Private Electronic System''. Among others, the regulation would allow the government to force ISPs and basically any web operator to unmask IP addresses of websites that are user-generated for a very broad set of reasons, including but not limited to "inflammatory contents" and "public disorder". The Electronic Frontier Foundation has discussed this new regulation at length here https://www.eff.org/deeplinks/2021/02/indonesias-proposed-online-intermediary-regulation-may-be-most-repressive-yet .
At Indonesian Wikipedia village pump https://id.wikipedia.org/wiki/Wikipedia:Warung_Kopi_(Kebijakan)#Permenkominfo_No._5/2020, we concluded that this regulation will invariably make Wikimedia projects and affiliates in Indonesia subject to it. We are very concerned about the possibility of a broad interpretation of this regulation by the government and its effect on Wikimedia projects here, especially observing the increasingly illiberal attitude https://www.thejakartapost.com/news/2019/11/07/from-buzzers-to-prosecutions-indonesias-internet-freedom-under-threat.html of the current government on Internet and data policy.
We would very much welcome suggestions, warning tales, and/or practical experiences that we could learn in anticipating this regulation's incoming enforcement.
Best,
*David W. Fisher-Freberg* meta https://meta.wikimedia.org/wiki/User:David_Wadie_Fisher-Freberg id.wp https://id.wikipedia.org/wiki/Pengguna:David_Wadie_Fisher-Freberg min.wp https://min.wikipedia.org/wiki/Pangguno:David_Wadie_Fisher-Freberg commons https://commons.wikimedia.org/wiki/User:David_Wadie_Fisher-Freberg _______________________________________________ Publicpolicy mailing list Publicpolicy@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/publicpolicy
Publicpolicy mailing list Publicpolicy@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/publicpolicy
Publicpolicy mailing list Publicpolicy@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/publicpolicy
Hi everyone, [1]
Human Rights Watch has sent a letter https://www.hrw.org/news/2021/05/21/indonesia-suspend-revise-new-internet-regulation asking Indonesian government to suspend the enforcement of MR 5/2020, in which the deadline for the PSEs to register with the Ministry would be next Monday, May 24th https://www.cnnindonesia.com/teknologi/20210521131950-185-645261/facebook-tiktok-tak-daftar-ke-kominfo-24-mei-akan-diblokir .
To answer your question, Dimi: SAFENet has recommended the Indonesian Parliament https://twitter.com/safenetvoice/status/1395586406983081984 to pass the now-stalled Data Privacy Law https://www.ssek.com/blog/indonesia-data-protection-laws-and-regulations-processing-personal-data; although I personally did not see that happening in the current parliamentary term and I am not really sure how even with the legislation's passage we could prevent a mass block of PSEs by the government after next Monday's deadline. I have not seen any digital rights group preparing or planning for an immediate reaction.
--- [1] dwf² https://meta.wikimedia.org/wiki/User:David_Wadie_Fisher-Freberg on my personal account here.
On Mon, 22 Mar 2021 at 17:28, Dimitar Parvanov Dimitrov < dimitar.parvanov.dimitrov@gmail.com> wrote:
Hi David,
Thanks for explaining this. I sometimes struggle to filter out the activist noise in EFF articles.
As you seem quite knowledgeable with the national situation and the activities of other groups on digital rights, do you have actions in mind that would make sense for us? And how can we, as a global community, help you?
In Europe we'd basically analyse the law, draft amendments (if it is "fixable") and reach out to policy makers, other stakeholders plus the media. But not sure what actions could make sense in Indonesia.
Cheers, Dimi
На пт, 19.03.2021 г. в 12:06 ч. DW Fisher-Freberg < dwfisherfreberg@gmail.com> написа:
Hi Dimitar,
Thank you for your reply. Ministerial Regulation No. 5/2020 repealed two existing regulations:
- The Ministerial Regulation on "Supervision of Internet Sites with
Negative Contents" (No. 19/2014) https://jdih.kominfo.go.id/produk_hukum/view/id/215/t/peraturan+menteri+komunikasi+dan+informatika+nomor+19+tahun+2014+tanggal+17+juli+2014: primarily oriented towards sites containing contents of child pornography, incitement of violence, and two vaguely-worded standings: "ethnicity, religion, race, and other groups" and "other illegal activities based on the provisions of laws and regulations". It allowed ISPs to block contents on those two sites under two-mechanisms: self-block or using third-party "blocking services".
- The Ministerial Regulation on "Electronic System Operator
Registration Procedures" (No. 36/2014) https://jdih.kominfo.go.id/produk_hukum/view/id/235/t/peraturan+menteri+komunikasi+dan+informatika+nomor+36+tahun+2014+tanggal+30+september+2014: specified what kind of Internet provider that has to register with the government. Under this one, it was *mandatory* to register for "providers of Internet services for public necessities" (which covered government agencies, state-owned corporations, and courts), but it was *optional* for those *not* providing Internet services for public necessities, which are the commercial, non-profit, and/or UGC Internet enterprises. There was no specified mechanism for IP unmasking or any other form of online identity unmasking in this regulation. Therefore, Wikimedia project sites were never subject to any kind of registration to the government under this regulation
MR No. 5/2020 expanded the mandatory registration for *all* providers of Internet services and enterprises (public or private, providing services for public necessities or not, registered in Indonesia or in abroad, UGC or not) with the government, and introduced a whole new set of mechanism that would inevitably force them to share the online identity of their users upon request of the government, law enforcement agencies, and/or the court *without *having to establish any form of reasonable suspicion. No court order is needed for the request to be executed, nor any form of appeal are provided to challenge the legality of such request. There is no reason why the government includes UGC sites, either. Reasons to request an unmasking of users identity including terrorism, child pornography, gambling, and two vaguely-worded reasons: "content which is prohibited under its authority" and "content that disrupts public order".
There is *no* explicit threat of criminal or civil punishment if a PSE under MR 5/2020 refuses to register; but refusal to cooperate with the government, law enforcement agencies, and/or the court upon a request of user identity unmasking may subject to written warning, temporary or permanent block of access to the site, de-registration of the PSE, and up 2 to 5 years of imprisonment.
I could imagine a request to unmask the identity of a registered user at a Wikimedia project which had contributed or edited an article that was viewed as contrary to the government's official narrative of an event or subject to increasing public controversy. Such requests would inevitably go to the CheckUser, which is subject to the said penalties if they refuse to cooperate. That being said, the Indonesian affiliate of Wikimedia and sysops of Indonesia's Wikimedia projects are the ones with the greatest exposure to criminal charges under this regulation; adding more burden to their already vulnerable positions due to an incident that happened as recently as June 2020, when users and sysops of Indonesian Wikipedia are doxxed and cyber attacked https://wikimedia.or.id/pers/wikipedia-dan-topik-kontroversial-netralitas-dalam-urun-daya-pengetahuan-di-wikipedia/ for historical articles that do not present the government-friendly narrative https://inet.detik.com/cyberlife/d-5039752/ramai-ramai-boikotwikipedia-gara-gara-artikel-pki [id].
On the question of what event triggered MR No. 5/2020: a combination of political and security situation https://www.thejakartapost.com/news/2020/06/03/internet-ban-during-antiracism-unrest-in-papua-deemed-illegal.html, social situation https://www.thejakartapost.com/news/2020/10/26/growing-fear-of-speaking-out-survey-finds-indonesias-civil-liberties-under-threat.html, and other issues https://carnegieendowment.org/2020/11/17/indonesia-s-shrinking-civic-space-for-protests-and-digital-activism-pub-83250; as well the increasingly illiberal and anti-open Internet digital policies https://www.tandfonline.com/doi/pdf/10.1080/00074918.2020.1846482 [pdf] of the current administration. For better understanding, please find SAFEnet's full report on the state of digital rights in Indonesia here https://safenet.or.id/2020/10/digital-rights-situation-report-indonesia-2019-the-rise-of-digital-authoritarian/ .
*David W. Fisher-Freberg* meta https://meta.wikimedia.org/wiki/User:David_Wadie_Fisher-Freberg id.wp https://id.wikipedia.org/wiki/Pengguna:David_Wadie_Fisher-Freberg min.wp https://min.wikipedia.org/wiki/Pangguno:David_Wadie_Fisher-Freberg commons https://commons.wikimedia.org/wiki/User:David_Wadie_Fisher-Freberg
On Fri, Mar 19, 2021 at 12:51 PM Dimitar Parvanov Dimitrov < dimitar.parvanov.dimitrov@gmail.com> wrote:
Hi David,
Thank you for reaching out to the list and I hope we can help. I definitely think we should put our heads together on this!
One thing that I am struggling to understand is the following: "unmask IP addresses of websites that are user-generated". What is the current system? Who and under which circumstances can unmask IP addresses right now? Why would it in this case only target user-generated sites and not all sites hosting (allegedly) illegal activities?
Generally there are two strategies: Either you try to stop the entire law/paragraph or to get an exception for what you care. Stopping a paragraph could also mean replacing it with something else.
Has there been some concrete event that triggered the Ministry to move in this direction?
Thank you again and sorry for asking more questions right now than I have answers for you!
Cheers, Dimi
На сб, 13.03.2021 г. в 4:52 ч. DW Fisher-Freberg < dwfisherfreberg@gmail.com> написа:
Hello everyone,
In November 2020, Indonesian Ministry of ICT passed a new regulation (Permenkominfo 5/2020 https://jdih.kominfo.go.id/produk_hukum/view/id/759/t/peraturan+menteri+komunikasi+dan+informatika+nomor+5+tahun+2020) on "Private Electronic System''. Among others, the regulation would allow the government to force ISPs and basically any web operator to unmask IP addresses of websites that are user-generated for a very broad set of reasons, including but not limited to "inflammatory contents" and "public disorder". The Electronic Frontier Foundation has discussed this new regulation at length here https://www.eff.org/deeplinks/2021/02/indonesias-proposed-online-intermediary-regulation-may-be-most-repressive-yet .
At Indonesian Wikipedia village pump https://id.wikipedia.org/wiki/Wikipedia:Warung_Kopi_(Kebijakan)#Permenkominfo_No._5/2020, we concluded that this regulation will invariably make Wikimedia projects and affiliates in Indonesia subject to it. We are very concerned about the possibility of a broad interpretation of this regulation by the government and its effect on Wikimedia projects here, especially observing the increasingly illiberal attitude https://www.thejakartapost.com/news/2019/11/07/from-buzzers-to-prosecutions-indonesias-internet-freedom-under-threat.html of the current government on Internet and data policy.
We would very much welcome suggestions, warning tales, and/or practical experiences that we could learn in anticipating this regulation's incoming enforcement.
Best,
*David W. Fisher-Freberg* meta https://meta.wikimedia.org/wiki/User:David_Wadie_Fisher-Freberg id.wp https://id.wikipedia.org/wiki/Pengguna:David_Wadie_Fisher-Freberg min.wp https://min.wikipedia.org/wiki/Pangguno:David_Wadie_Fisher-Freberg commons https://commons.wikimedia.org/wiki/User:David_Wadie_Fisher-Freberg _______________________________________________ Publicpolicy mailing list Publicpolicy@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/publicpolicy
Publicpolicy mailing list Publicpolicy@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/publicpolicy
Publicpolicy mailing list Publicpolicy@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/publicpolicy
Publicpolicy mailing list Publicpolicy@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/publicpolicy
A timely update, for those interested in MR5's development:
1. As of 24 May, the Indonesian government has decided https://kominfo.go.id/content/detail/34673/siaran-pers-no-182hmkominfo052021-tentang-lindungi-warga-di-ruang-digital-kominfo-terapkan-tiga-kebijakan/0/siaran_pers "to extend the period of registration for PSE" until November 2021. 2. The Global Network Initiative, of which WMF is a member, issued a statement of concern https://globalnetworkinitiative.org/mr5-indonesia/ back in June. 3. Today, Article 19 released a comprehensive legal analysis https://www.article19.org/resources/indonesia-ministerial-regulation-5-will-exacerbate-freedom-of-expression-restrictions/ of MR5's provisions, recommending the government to immediately revoke it. 4. We are yet to see a detailed implementation plan for MR5 from the government.
Best, Ramzy
On Fri, 21 May 2021 at 14:44, Ramzy Muliawan muhammadaramzy@gmail.com wrote:
Hi everyone, [1]
Human Rights Watch has sent a letter https://www.hrw.org/news/2021/05/21/indonesia-suspend-revise-new-internet-regulation asking Indonesian government to suspend the enforcement of MR 5/2020, in which the deadline for the PSEs to register with the Ministry would be next Monday, May 24th https://www.cnnindonesia.com/teknologi/20210521131950-185-645261/facebook-tiktok-tak-daftar-ke-kominfo-24-mei-akan-diblokir .
To answer your question, Dimi: SAFENet has recommended the Indonesian Parliament https://twitter.com/safenetvoice/status/1395586406983081984 to pass the now-stalled Data Privacy Law https://www.ssek.com/blog/indonesia-data-protection-laws-and-regulations-processing-personal-data; although I personally did not see that happening in the current parliamentary term and I am not really sure how even with the legislation's passage we could prevent a mass block of PSEs by the government after next Monday's deadline. I have not seen any digital rights group preparing or planning for an immediate reaction.
[1] dwf² https://meta.wikimedia.org/wiki/User:David_Wadie_Fisher-Freberg on my personal account here.
On Mon, 22 Mar 2021 at 17:28, Dimitar Parvanov Dimitrov < dimitar.parvanov.dimitrov@gmail.com> wrote:
Hi David,
Thanks for explaining this. I sometimes struggle to filter out the activist noise in EFF articles.
As you seem quite knowledgeable with the national situation and the activities of other groups on digital rights, do you have actions in mind that would make sense for us? And how can we, as a global community, help you?
In Europe we'd basically analyse the law, draft amendments (if it is "fixable") and reach out to policy makers, other stakeholders plus the media. But not sure what actions could make sense in Indonesia.
Cheers, Dimi
На пт, 19.03.2021 г. в 12:06 ч. DW Fisher-Freberg < dwfisherfreberg@gmail.com> написа:
Hi Dimitar,
Thank you for your reply. Ministerial Regulation No. 5/2020 repealed two existing regulations:
- The Ministerial Regulation on "Supervision of Internet Sites with
Negative Contents" (No. 19/2014) https://jdih.kominfo.go.id/produk_hukum/view/id/215/t/peraturan+menteri+komunikasi+dan+informatika+nomor+19+tahun+2014+tanggal+17+juli+2014: primarily oriented towards sites containing contents of child pornography, incitement of violence, and two vaguely-worded standings: "ethnicity, religion, race, and other groups" and "other illegal activities based on the provisions of laws and regulations". It allowed ISPs to block contents on those two sites under two-mechanisms: self-block or using third-party "blocking services".
- The Ministerial Regulation on "Electronic System Operator
Registration Procedures" (No. 36/2014) https://jdih.kominfo.go.id/produk_hukum/view/id/235/t/peraturan+menteri+komunikasi+dan+informatika+nomor+36+tahun+2014+tanggal+30+september+2014: specified what kind of Internet provider that has to register with the government. Under this one, it was *mandatory* to register for "providers of Internet services for public necessities" (which covered government agencies, state-owned corporations, and courts), but it was *optional* for those *not* providing Internet services for public necessities, which are the commercial, non-profit, and/or UGC Internet enterprises. There was no specified mechanism for IP unmasking or any other form of online identity unmasking in this regulation. Therefore, Wikimedia project sites were never subject to any kind of registration to the government under this regulation
MR No. 5/2020 expanded the mandatory registration for *all* providers of Internet services and enterprises (public or private, providing services for public necessities or not, registered in Indonesia or in abroad, UGC or not) with the government, and introduced a whole new set of mechanism that would inevitably force them to share the online identity of their users upon request of the government, law enforcement agencies, and/or the court *without *having to establish any form of reasonable suspicion. No court order is needed for the request to be executed, nor any form of appeal are provided to challenge the legality of such request. There is no reason why the government includes UGC sites, either. Reasons to request an unmasking of users identity including terrorism, child pornography, gambling, and two vaguely-worded reasons: "content which is prohibited under its authority" and "content that disrupts public order".
There is *no* explicit threat of criminal or civil punishment if a PSE under MR 5/2020 refuses to register; but refusal to cooperate with the government, law enforcement agencies, and/or the court upon a request of user identity unmasking may subject to written warning, temporary or permanent block of access to the site, de-registration of the PSE, and up 2 to 5 years of imprisonment.
I could imagine a request to unmask the identity of a registered user at a Wikimedia project which had contributed or edited an article that was viewed as contrary to the government's official narrative of an event or subject to increasing public controversy. Such requests would inevitably go to the CheckUser, which is subject to the said penalties if they refuse to cooperate. That being said, the Indonesian affiliate of Wikimedia and sysops of Indonesia's Wikimedia projects are the ones with the greatest exposure to criminal charges under this regulation; adding more burden to their already vulnerable positions due to an incident that happened as recently as June 2020, when users and sysops of Indonesian Wikipedia are doxxed and cyber attacked https://wikimedia.or.id/pers/wikipedia-dan-topik-kontroversial-netralitas-dalam-urun-daya-pengetahuan-di-wikipedia/ for historical articles that do not present the government-friendly narrative https://inet.detik.com/cyberlife/d-5039752/ramai-ramai-boikotwikipedia-gara-gara-artikel-pki [id].
On the question of what event triggered MR No. 5/2020: a combination of political and security situation https://www.thejakartapost.com/news/2020/06/03/internet-ban-during-antiracism-unrest-in-papua-deemed-illegal.html, social situation https://www.thejakartapost.com/news/2020/10/26/growing-fear-of-speaking-out-survey-finds-indonesias-civil-liberties-under-threat.html, and other issues https://carnegieendowment.org/2020/11/17/indonesia-s-shrinking-civic-space-for-protests-and-digital-activism-pub-83250; as well the increasingly illiberal and anti-open Internet digital policies https://www.tandfonline.com/doi/pdf/10.1080/00074918.2020.1846482 [pdf] of the current administration. For better understanding, please find SAFEnet's full report on the state of digital rights in Indonesia here https://safenet.or.id/2020/10/digital-rights-situation-report-indonesia-2019-the-rise-of-digital-authoritarian/ .
*David W. Fisher-Freberg* meta https://meta.wikimedia.org/wiki/User:David_Wadie_Fisher-Freberg id.wp https://id.wikipedia.org/wiki/Pengguna:David_Wadie_Fisher-Freberg min.wp https://min.wikipedia.org/wiki/Pangguno:David_Wadie_Fisher-Freberg commons https://commons.wikimedia.org/wiki/User:David_Wadie_Fisher-Freberg
On Fri, Mar 19, 2021 at 12:51 PM Dimitar Parvanov Dimitrov < dimitar.parvanov.dimitrov@gmail.com> wrote:
Hi David,
Thank you for reaching out to the list and I hope we can help. I definitely think we should put our heads together on this!
One thing that I am struggling to understand is the following: "unmask IP addresses of websites that are user-generated". What is the current system? Who and under which circumstances can unmask IP addresses right now? Why would it in this case only target user-generated sites and not all sites hosting (allegedly) illegal activities?
Generally there are two strategies: Either you try to stop the entire law/paragraph or to get an exception for what you care. Stopping a paragraph could also mean replacing it with something else.
Has there been some concrete event that triggered the Ministry to move in this direction?
Thank you again and sorry for asking more questions right now than I have answers for you!
Cheers, Dimi
На сб, 13.03.2021 г. в 4:52 ч. DW Fisher-Freberg < dwfisherfreberg@gmail.com> написа:
Hello everyone,
In November 2020, Indonesian Ministry of ICT passed a new regulation (Permenkominfo 5/2020 https://jdih.kominfo.go.id/produk_hukum/view/id/759/t/peraturan+menteri+komunikasi+dan+informatika+nomor+5+tahun+2020) on "Private Electronic System''. Among others, the regulation would allow the government to force ISPs and basically any web operator to unmask IP addresses of websites that are user-generated for a very broad set of reasons, including but not limited to "inflammatory contents" and "public disorder". The Electronic Frontier Foundation has discussed this new regulation at length here https://www.eff.org/deeplinks/2021/02/indonesias-proposed-online-intermediary-regulation-may-be-most-repressive-yet .
At Indonesian Wikipedia village pump https://id.wikipedia.org/wiki/Wikipedia:Warung_Kopi_(Kebijakan)#Permenkominfo_No._5/2020, we concluded that this regulation will invariably make Wikimedia projects and affiliates in Indonesia subject to it. We are very concerned about the possibility of a broad interpretation of this regulation by the government and its effect on Wikimedia projects here, especially observing the increasingly illiberal attitude https://www.thejakartapost.com/news/2019/11/07/from-buzzers-to-prosecutions-indonesias-internet-freedom-under-threat.html of the current government on Internet and data policy.
We would very much welcome suggestions, warning tales, and/or practical experiences that we could learn in anticipating this regulation's incoming enforcement.
Best,
*David W. Fisher-Freberg* meta https://meta.wikimedia.org/wiki/User:David_Wadie_Fisher-Freberg id.wp https://id.wikipedia.org/wiki/Pengguna:David_Wadie_Fisher-Freberg min.wp https://min.wikipedia.org/wiki/Pangguno:David_Wadie_Fisher-Freberg commons https://commons.wikimedia.org/wiki/User:David_Wadie_Fisher-Freberg _______________________________________________ Publicpolicy mailing list Publicpolicy@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/publicpolicy
Publicpolicy mailing list Publicpolicy@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/publicpolicy
Publicpolicy mailing list Publicpolicy@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/publicpolicy
Publicpolicy mailing list Publicpolicy@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/publicpolicy
-- *Ramzy Muliawan **Q106762396* https://www.wikidata.org/wiki/Q106762396 Pekanbaru, Riau, Indonesia
publicpolicy@lists.wikimedia.org