Islands of Control, Islands of Resistance: Monitoring the 2013 Indonesian IGF

Terjemahan dalam bahasa Indonesia dari halaman ini tersedia disini.

Download the full report here.

Read the individual sections here:

Monitoring Information Controls During the Bali IGF

Between 22 and 25 October 2013, Indonesia hosted the eighth annual Internet Governance Forum (IGF), a multistakeholder dialogue on the issues and policies of Internet governance. The main theme of this year’s IGF was “Building Bridges: Enhancing Multistakeholder Cooperation for Growth and Sustainable Development.”

This post is the first in a series that explores online freedom of expression and the state of information controls in Indonesia in the context of its role as host of the IGF, comparing Indonesia’s information controls with similar practices in the region, the rest of the world, and in events similar to the IGF. We also analyze how these practices are driven by Indonesia’s social, political, and cultural context, and the role that international norms play in influencing information controls.

Major global events are frequently a focal point for the exercise of and contests over information control, including Internet censorship and surveillance, disruptions to mobile and other communications systems, and tampering with Internet connectivity. Such information controls are often highly dynamic, responding to the changing situation on the ground when information can have the greatest impact. We call such practices “just-in-time” information controls — denying, disrupting, manipulating, or monitoring access to information during important political moments.1 High-profile global events can have significant political, social, and economic consequences for host countries, and may come with new security and surveillance measures as a result.2

Several Citizen Lab researchers and associates who attended the IGF participated in the research for these posts, including those who have been situated in Indonesia for some time as part of the civil society stakeholder preparations for the 2013 IGF. Additionally, we are capitalizing on the expertise and input of Indonesian colleagues, including those who are part of the Cyber Stewards Network,3 to provide much-needed context and nuance around the analysis presented here. We are also mindful of others who are attending the IGF and are engaging in their own separate monitoring activities, and intend to reference their work as much as possible and when appropriate. Citizen Lab staff working remotely will be providing input into and support for network measurement and legal and policy analysis to provide much-needed context and nuance around the analysis presented here. We are also mindful of others who attended the IGF and are engaging in their own separate monitoring activities, and intend to reference their work as much as possible and when appropriate. Citizen Lab staff working remotely provided input into and support for network measurement and legal and policy analysis.

We frame our analysis with the following topics and questions:

Infrastructure and Governance

The application of information controls in a country is highly influenced by the domestic political, economic, and social context in which they are applied. Each country’s communication infrastructure is unique, differentiated by factors such as the number of Internet service providers (ISPs), telecommunication companies, the degree of market competition among them, and the overall level of Internet penetration and growth. In some countries numerous ISPs and a highly competitive market environment can act as a constraint on state-driven information controls, whereas in other countries with fewer ISPs and less democratic regimes, state regulations can be more centrally implemented and sometimes more constraining. International connectivity and upstream arrangements with peers can also shape the nature of information controls, as do regional and international governance regimes of which the country may be a member. Most importantly, the regime type of the country in question can have a major influence over the nature of information controls.

The Indonesian government has traditionally been supportive of ICT development. Internet penetration has increased since the beginning of the century, from less than 1 percent in 2000 to 15.36 percent in 2012. Cellular phone penetration has increased at an exponential rate over the same time period, from 1.72 to 115.20 cellular phone subscriptions per 100 inhabitants from 2000 to 2012. The government is planning to increase basic telephone services to thousands of villages across the country and is trying to increase Internet penetration to the country’s easternmost islands.

Indonesia has over 250 ISPs. The two largest telecommunications operators, PT Telekom and PT Indosat, were partially privatized in the mid-1990s after years of state control, although the government continues to own shares in both companies. As ICT penetration in Indonesia has increased, so have the regulations and laws, some having the perceived necessities of dealing with growing cybercrime issues as their impetus while others have to do with content controls. ISPs and telecommunications companies have voiced their concerns that these laws lack clarity and may place burdens on their services.4

Our post examines the following questions:

  • How is cyberspace constituted in Indonesia?
  • What is the political economy of Internet governance and use in the country?
  • How are laws and regulations over the Internet implemented?
  • What autonomy do ISPs have to implement laws and rules, and what practices inform implementation of controls in Indonesia? How do these practices compare to other countries?
  • Is the Indonesian government developing a cyber-security strategy? What policies does it include, and how will these affect information controls? How have issues of cybercrime been perceived in Indonesia and what have been the institutional and legal responses?
  • Does the Indonesian government have a “regional” or “foreign policy” for cyberspace?

Read the post.

Content Controls

Information controls involve control over what content is accessible to a population, including information posted online. Content controls can include laws and regulations that restrict free speech online or in certain media, as well as technical measures designed to limit access to information — otherwise known as “Internet filtering.” Since 2003, the Citizen Lab, as a founding member of the OpenNet Initiative,5 has tested Internet filtering in seventy-four countries, and found that forty-two of these seventy-four countries engage in some form of content filtering. The type of content being filtered varies across countries, and depends on local political, legal, social, and cultural contexts. We employ a multidisciplinary approach that includes technical testing of government-mandated Internet censorship policies and practices, field research by regional and country-level experts, as well as analysis of the country’s legal and regulatory filtering framework. The combination of technical investigation with political, social, and legal contextual work is essential for understanding both how and why information controls are applied.6 We also aim to determine the specific techniques and, where possible, which products are used to implement Internet content filtering.

OpenNet Initiative testing in 2010 on four Indonesian ISPs found that pornographic content, which is illegal under the country’s 2008 Anti-Pornography Law, is heavily filtered. Testing also revealed that Internet filtering across ISPs is unsystematic and inconsistent, with some ISPs blocking more than others and targeting a wider range of content such as anonymizer and circumvention websites, and websites containing controversial political or religious content. In 2011, smartphone maker BlackBerry began censoring pornographic content on their networks in the country following demands by the Indonesian government.

Our research on content controls is guided by the following questions:

  • What content controls are applied in Indonesia?
  • How are those content controls implemented or carried out?
  • What do network measurements of Internet accessibility reveal about the scope, scale, and character of information controls in Indonesia?
  • What restrictions are placed on free expression, both off and online, in Indonesia?
  • What steps have civil society groups taken in response?
  • What Internet users, if any, have been targeted for arrest and on what grounds?

Read the post.

Surveillance and Control

Surveillance is one of the most effective, if less obvious, forms of information control. Governments and private companies engage in surveillance for a wide range of reasons, many of them beneficial for society. For example, surveillance is an essential component of government responses to health crises and natural emergencies, and is a critical component of effective large-scale network management and law enforcement. However, surveillance can also be used to target dissidents and undermine privacy. If surveillance is undertaken without proper accountability, it can lead to the abuse of power. Surveillance of the Internet and other communications is now a huge growth industry, with many companies supplying governments with passive and targeted surveillance products and services.

Past Citizen Lab research has documented the use of surveillance technologies, products, and services in Indonesia. For example, command-and-control servers for the commercial malware product FinFisher were identified on the Indonesian ISPs PT Telkom, PT Matrixnet Global, and Biznet, as were devices that can be used for filtering and surveillance which were manufactured by the US-headquartered Blue Coat Systems. Indonesia’s Ministry of Defence recently signed a USD 6.7 million contract with Gamma TSE to provide undisclosed “wiretapping equipment” for use by the ministry’s Strategic Intelligence Agency. Gamma TSE is part of the Gamma Group, which includes Gamma Group International, the developer of FinFisher, a “lawful interception” product.

Smartphone maker BlackBerry has come under pressure from Indonesian authorities to locate infrastructure within the country as a means of facilitating surveillance of users, although it is not clear what, if any, arrangements have been made between the company and the Indonesian government.

  • What type of surveillance is undertaken by Indonesian authorities?
  • What oversight and accountability is associated with that monitoring?
  • What range of equipment, products, services, etc., does Indonesia use to implement surveillance? And how is that surveillance targeted?
  • Were any special security and surveillance measures been taken for the IGF? And if so, what type of surveillance, and for what purpose?

Read the post.

IGF Controls

Major global events like the IGF are often a significant focus of international attention and can have important political, economic, and social consequences for host countries. Information controls are customarily loosened during the hosting of the IGF event — particularly at the venue itself. The 2005 World Summit on the Information Society (WSIS) in Tunis, for example, provided unfettered access within the conference venue, while filtering remained in place elsewhere in the country.

Citizen Lab staff and associates have participated in every IGF since the first meeting was held in Athens in 2006 (as well as the WSIS meetings that preceded it in 2003 and 2005). At the 2005 WSIS meeting in Tunis, Citizen Lab researcher Nart Villeneuve’s presentation on Internet filtering was disrupted by Tunisian authorities and nearly cancelled. Our participation in the 2009 IGF in Egypt included having our book launch for the OpenNet Initiative’s Access Controlled disrupted by United Nations’ officials, following complaints by  Chinese government representatives concerning our reference to Tibet and the Great Firewall of China in our published material.

Our last post focuses on the dynamics surrounding the IGF itself:

  • What were the interests of the various Indonesian stakeholders (government, private sector, civil society) in hosting the IGF? What did different stakeholders hope to accomplish? Where did these interests clash? What value does the Indonesian government place in the IGF relative to other international forums, such as ICANN, the ITU, or non-cyberspace-related forums like APEC and ASEAN?
  • To what extent were Indonesian stakeholders able to influence and shape the agenda and outcomes of the IGF? How did they prepare for the meeting, and what were the obstacles to overcome in making it happen (e.g., budgetary issues)?
  • What impact did the forum have, if any, on Indonesian information controls and related practices?
  • How did Internet accessibility in the forum’s venue, or in any other area where attendees congregated (i.e., hotels, Internet cafés, etc.), compare to what the average Indonesian user experiences?
  • How did stakeholders in Indonesia organize themselves to host the IGF?
  • What were the political dynamics of the IGF meeting itself?
  • What were the processes to develop the agenda and program for the meeting — e.g., how did the multistakeholder advisory committee develop the key topics, agenda, and structures of the IGF? Which stakeholders held which positions, and who had input?
  • What were the outcomes?

Read the post.

Footnotes

1 For more background on “just-in-time” content controls, see Masashi Crete-Nishihata and Jillian C. York, “Egypt’s Internet Blackout: Extreme Example of Just-in-time Blocking,” OpenNet Initiative, January 28, 2011, https://opennet.net/blog/2011/01/egypt%E2%80%99s-internet-blackout-extreme-example-just-time-blocking;
and Ronald Deibert and Rafal Rohozinski, “Good for Liberty, Bad for Security? Global Civil Society and the Securitization of the Internet,” in Access Denied: The Practice and Policy of Global Internet Filtering, eds. Ronald Deibert, John Palfrey, Rafal Rohozinski, and Jonathan Zittrain (Cambridge, Massachusetts: MIT Press, 2008), http://access.opennet.net/wp-content/uploads/2011/12/accessdenied-chapter-6.pdf.
2 Russia’s Surveillance State, a joint project between Citizen Lab, Agentura.Ru and Privacy International, has documented the growth of surveillance measures in preparation for the 2014 Sochi Winter Olympics. See Irina Borogan and Andrei Soldatov, “Surveillance at the Sochi Olympics 2014,” Agentura.ru, October 2013, http://www.agentura.ru/english/projects/Project_ID/sochi.
3 The Cyber Stewards program Cyber Stewards is a global network of organizations and individuals that use evidenced-based research for policy advocacy to ensure and promote a secure and open Internet. We are building bridges between researchers and activists in the global North and South to form a space of peers for collaboration and organization at local, regional, and international levels.
4 Mariel Grazella, “ICT Businesses to Tackle Policy at Global Internet Forum,” The Jakata Post, March 02, 2013, available at http://www.thejakartapost.com/news/2013/03/02/ict-businesses-tackle-policy-global-forum-bali.html.
5 The OpenNet Initiative is a collaborative partnership of three institutions: the Citizen Lab at the Munk School of Global Affairs, University of Toronto; the Berkman Center for Internet & Society at Harvard University; and the SecDev Group (Ottawa).
6 See Masashi Crete-Nishihata, Ronald J. Deibert, and Adam Senft, “Not by Technical Means Alone: The Multidisciplinary Challenge of Studying Information Controls,” IEEE Internet Computing 17.3 (2013): 34-41.