As the Indonesian Government seeks to harness the power of the metaverse, it is crucial that policymakers prioritise cyber security and data protection before diving headfirst into digital-led innovation, Albert Jehoshua Rapha writes.
Since Mark Zuckerberg announced his plan to realise the concept of a ‘metaverse’ – a network of virtual worlds – in October 2021, the hype has been widespread, including in Indonesia. The excitement to embrace this mixed-reality technology was not only felt by tech-savvy citizens, but also the public sector.
Governments are eager to harness the potential of the metaverse to increase the efficiency and quality of public services, as well as improve collaboration between local and national government agencies.
Indonesia’s Internet penetration is estimated to reach 82.5 per cent in the next five years, so this digital-led strategy makes sense, and it may invigorate people-centric governance through a technology-mediated relationship between the government and its citizens.
Across Indonesia, steps are already being taken to embrace metaverse technology. Earlier this year, the Governor of Jakarta, Anies Baswedan, agreed to establish a strategic partnership with WIR Group, a renowned augmented-reality technology company in Southeast Asia.
The partnership aims to improve the implementation of Jakarta’s Smart City vision, while harnessing a metaverse platform. The Jakarta Provincial Government aspires to provide more convenient experiences for citizens in accessing and gaining public services with this platform.
Similarly, the Ministry of Home Affairs’ Kovi Otda is a virtual platform that can assist local governments to conduct consultations with the central government. In practice, the local government would be able to hold real-time consultations in the metaverse.
By shifting to this model, the Director-General of Regional Autonomy, Akmal Malik hopes to reduce corruption in local government.
However, amidst the push to digitalise service delivery and government business, there is serious concern about the government’s cybersecurity capabilities.
According to the latest report by Estonia’s National Cyber Security Index, Indonesia’s performance against key cyber security indicators is poor. In particular, the Index found Indonesia’s cyber security policy development and its protection of digital and essential services to be lacking.
To date, there are two longstanding cyber security vulnerabilities within Indonesia’s public sector, namely digital attacks and data breaches.
Indonesia has a history of facing digital attacks targeting government websites. According to a report by SAFEnet, in 2021 there were 17 identified digital attacks against government. While this number is lower than the 38 incidents that occurred in 2020, the impact of these attacks have increased, with worrying consequences for citizens’ data.
One of the most shocking cases occurred in October 2021, when a hacker infiltrated a subdomain belonging to the National Cyber and Crypto Agency. The role of that agency is to prevent and detect cyber attacks – an unfortunate irony.
Second, data stored by government agencies at all levels remains prone to leaks. At the national level, one of the most severe data breaches in 2021 involved the Social Insurance Administration Organisation database, whereby the personal data of up to 279 million Indonesians was believed to have been leaked and put up for sale online. The SAFEnet report also highlighted two cases at the local level – the leaking of 815 teachers’ data in Tangerang District and that of more than 1,000 athletes from the Riau Provincial Youth and Sports Office.
Hope for government sectors grew when new legislation on information security management in government systems was officially announced in May 2021. However, it still needs to be supported by commitment from national and local governments for long-term enforcement.
The Indonesian Government also needs to enact clear guidelines for law enforcement agencies so they can penalise the illegal use of citizens’ data. This is an area where Indonesia compares poorly with other Southeast Asian nations, with Malaysia, Singapore, Philippines and Thailand all implementing legislation covering personal data privacy.
Thankfully, there is personal data protection legislation under deliberation in Indonesia’s House of Representatives. The long-awaited Protection of Private Personal Data bill, which has been shortlisted as priority legislation since 2014, should be introduced swiftly so Indonesia isn’t left further behind in this area.
Amidst the metaverse enthusiasm from the public sector, cyber resilience and personal data protection should be prerequisites before applying digital-led innovation in public services. Spurring digital innovation in public services is necessary, yet, for now, securing the government-owned cyber systems and protecting Indonesian citizens’ data must be a top priority.