Allegations that an Australian spy agency tried to tap mobile phones belonging to President Susilo Bambang Yudhoyono, his wife and several Cabinet members surfaced less than a month after Indonesia hosted the eighth annual UN Internet Governance Forum (IGF) in Bali.
From the opening remarks by Citizen Lab's director, Ronald J. Deibert, which mentioned the 'E' word (E for Edward Snowden), to the final session on Internet surveillance, it was clear that IGF discussions were influenced by the impact and significance of the US government's mass surveillance program.
Responding to a letter of explanation sent by Prime Minister Tony Abbott, Yudhoyono said bilateral relations between the two countries would not fully resume until a new protocol and code of ethics were agreed and implemented.
The spying scandal occurred at a time when the international community is becoming increasingly aware of the extent of the National Security Agency's surveillance programs and the ensuing violations of basic human rights.
The Citizen Lab at the Munk School of Global Affairs, University of Toronto, has actively been conducting research on the commercialization of surveillance software developed by Western companies. The Lab has partnered with Indonesian civil society organizations to raise awareness on why and how surveillance tools may be used and the role of government and intelligence agencies in acquiring and deploying these products.
One of these tools is FinFisher, a network intrusion malware that is marketed and sold exclusively to law enforcement and intelligence agencies by Gamma TSE, part of UK-based Gamma Group. FinSpy, a component of the FinFisher suite, is capable of intercepting email, instant messaging and VoIP communications, as well as spying on users through webcams and microphones and transmitting the data to a designated command-and-control server.
The Citizen Lab has found evidence of FinFisher being used to target Bahraini human rights activists and against political opposition groups in Ethiopia in general and in Malaysia during the 2013 elections in particular. The Citizen Lab has also uncovered FinFisher's presence in Indonesia.
In August 2012, Citizen Lab researchers scanned IP addresses and fingerprinted for FinSpy's characteristic command-and-control protocol. Among the observed servers was an IP (126.96.36.199) owned by Biznet. In a follow-up investigation published in March, researchers documented four additional command-and-control servers in Indonesia on three IP addresses belonging to Biznet (188.8.131.52), PT Matrixnet Global Indonesia (103.38.xxx.xxx), and PT Telkom (118.97.xxx.xxx).
There was also a sample of a mobile phone version of FinFisher that contained a phone number in Indonesia, which the spyware used to send stolen data back over SMS.
The lack of harmonized laws and regulations and the absence of independent oversight and accountability over the wiretapping program in Indonesia mean that there is an increase in the potential risk of misuse. Currently, there are at least twelve laws, two government regulations and two ministerial regulations that govern wiretapping. The Indonesian Military's (TNI) Strategic Intelligence Agency (BAIS), one of five institutions that have surveillance capabilities, recently signed a contract worth US$6.7 million through the Defense Ministry with Gamma TSE for unspecified wiretapping equipment.
Concerns about the abuse of surveillance are warranted considering that there are uneven monitoring standards for agencies conducting wiretapping and that the military faces allegations of human rights violations. These issues are in addition to the controversial nature of Gamma TSE, whose products have turned up in several authoritarian regimes. Husnan Bey Fananie, a member of the House of Representatives' Commission I on defense, said the commission would meet the Defense Ministry and the TNI commander to find out how and why the FinFisher software would be used.
In the wake of the scandal, Indonesia is establishing a Central Intelligence Committee, which will be coordinated under the State Intelligence Agency (BIN). Despite claims by Foreign Minister Marty Natalegawa that Indonesia has no need to spy on foreign governments, Indonesia is likely to use equipment purchased from Gamma TSE as part of these efforts. These developments, in addition to Indonesia's upcoming elections, create a pressing need for Indonesia to have a single, comprehensive legislation regulating wiretapping and interception.
The uproar that followed the spying saga has caused governments and the general public alike to acknowledge the security and human rights concerns involved with surveillance. Some fear that there could be a race to the bottom as governments around the world establish surveillance programs to outdo each other in intelligence gathering. At the same time, the public's increased awareness of surveillance practices has created an opportunity for civil society to push back at corporations and governments.
The time is now for Indonesia to play an active role in ensuring that surveillance protocols and codes of ethical conduct exist not just abroad, as part of efforts to normalize its relations with Australia and other countries, but also at home.
The writer is communications officer at Citizen Lab and Canada Centre for Global Security Studies, Munk School of Global Affairs, at the University of Toronto. The views expressed are personal.