Herlambang P Wiratraman – The pandemic has justified governments around the world restricting certain rights. These include the imposition of quarantine or isolation, which limits freedom of movement, and intrusions on privacy in the name of "contact tracing".
In March, United Nations (UN) human rights experts urged that a declaration of emergency based on the COVID-19 outbreak should not be used as a basis for targeting specific individuals, groups or minority groups.
While not referring to particular countries, the experts said: "[An emergency declaration] should not function as a cover for repressive action under the guise of protecting health nor should it be used to silence the work of human rights defenders."
An Amnesty International investigation revealed in June that contact-tracing apps rolled out by Bahrain, Kuwait and Norway were among the most invasive. Such apps put the privacy and security of hundreds of thousands of people at risk.
Almost all countries face uncertainties in dealing with this outbreak and have therefore resorted to harsh measures.
Even countries that already have high standards of crisis management seem to have felt forced to adopt policies that tend to be repressive. Canada and Sweden have used military-controlled crisis management. In Brazil, the government has been accused of manipulating the death toll figures.
In Indonesia, only a few weeks after announcing the country's first COVID-19 cases in early March, President Joko "Jokowi" Widodo considered imposing civil emergency measures, drawing immediate criticism.
At the end of March, Jokowi declared a public health emergency. The next month he declared the outbreak a "non-natural national disaster" in a presidential decree.
Nine months into the pandemic, Indonesia has seen serious threats to civil liberties. These involve not only privacy but also freedom of expression and of the press in the digital realm, directed at people and institutions critical of the government's handling of the crisis.
We have seen infringements of human rights carried out through digital attacks. The various forms include hacking, doxxing, prosecution and spying.
For example, in April, outspoken government critic Ravio Patra was detained and accused of inciting riots through a WhatsApp message following an alleged hacking of his account.
In May, Gadjah Mada University cancelled a planned online discussion about the constitutional mechanism for removing a president from office after students received death threats and faced other forms of intimidation.
In August, Pandu Riono, an epidemiologist from the University of Indonesia and vocal critic of the government's pandemic management, reported that his Twitter account was hijacked. Prior to the hacking, he had criticised COVID-19 drug research conducted by Airlangga University in co-operation with the Indonesian Army and the State Intelligence Agency (BIN).
Indonesia still lacks a specific law on personal data protection. Other regulations include special provisions on personal data protection, but the mechanism is limited and the accountability doubtful.
This means personal data in Indonesia are vulnerable to digital attacks.
As internet use increased during the pandemic, attacks took many other forms. These included junk messages, "zoombombing", and third-party applications that claim to be able to track people infected with COVID-19 but contain data-stealing malware.
These digital attacks are easy to launch because of the limited digital security infrastructure throughout the world. According to International Telecommunication Union data, more than 90% of countries pay little attention to the importance of cybersecurity.
Indonesia is one of these countries. The 2018 Global Cybersecurity Index report ranks Indonesia 41st out of 175 countries, far from safe.
Digital attacks have also targeted media companies with cybersecurity vulnerabilities. In August, news websites tempo.co and tirto.id reported cyberattacks.
Tirto.id reported the attacker deleted at least seven articles, including some that scrutinised the drug research involving the army and the intelligence agency. Tempo.co had its website defaced and made inaccessible.
These attacks show not only the media's security weaknesses but also the direct threat to democracy and press freedom.
States often use emergency or conflict situations as a political justification to undermine human rights protection.
Without comprehensive personal data protection law and clear regulation limiting lawful surveillance action, threats and attacks against human rights in Indonesia will continue.
Surveillance of activists who voiced criticism of government policies increased during the pandemic.
To make matters worse, cybersecurity policymaking often focuses on cyber conflicts (such as the cebong vs kampret Twitter spats and social media bullying) and pays less attention to the other elements of cybersecurity.
Another sign of the increasing tendency to take an authoritarian approach in digital policy is a bill on cyberdefence and security proposed by the House of Representatives.
The bill has been criticised for giving excessive authority to the National Cyber and Encryption Agency (BSSN), which was established in 2017.
In the bill, some of the authority given to BSSN is to block internet contents deemed dangerous – without adequate definition – and to monitor internet and data traffic.
With more focus on security issues, rather than the protection of human rights, when passed into law the regulation would enable further encroachment of civil rights – especially during an emergency like the pandemic we are in today.
[Herlambang P Wiratraman is a lecturer of constitutional law, Universitas Airlangga.]