The Government Isn’t Going to Shut Down Telkomsel and Indosat Following Australian Spying Allegations

Following the revelations by the New York Times that the Australian government has access to snoop in on phone communications made through Indonesia’s Telkomsel and Indosat cellular networks, Indonesia’s minister for communications Tifatul Sembiring issued a warning on Tuesday that both telco companies may face shutdown if found to be active parties in the breach. Telkomsel is the leading mobile company in the country with over 120 million subscribers and Indosat is among the top three with over 50 million subscribers.

The strong statement by Minister Sembiring is based on the 1999 law number 36 on telecommunications. Article 21 of the law prohibits telecommunications providers from activities that violate or disrupt public interest, decency, security, and public order. Proven violation of the article will result in revocation of operational permit.

Sembiring said on Tuesday, “If they abuse (that authority) there’s the 1999 Law number 36. If they do that, they can be shut down if found to actively assist in illegal wiretapping.”

Continuing allegations
The New York Times reported that “The Americans and the Australians secretly share broad access to the Indonesian telecommunications system, the documents show. The NSA has given the Australians access to bulk call data from Indosat”. This particular information, the Times said, was revealed from an NSA document from 2012.

From a 2013 document, “The Australians have obtained nearly 1.8 million encrypted keys, which are used to protect private communications from the Telkomsel mobile network in Indonesia, and developed a way to decrypt almost all of them”, reports the Times.

The serious allegations, which were put forward by NSA whistleblower Edward Snowden, are only the latest which pit Indonesia against Australia. Snowden’s previous release last November revealed how the Australian government under Prime Minister Kevin Rudd in 2009 attempted access to the phone lines of Indonesia’s president, his wife, as well as top government ministers.

Australian Prime Minister Tony Abbott avoided addressing the allegations directly saying that while the country collects intelligence, “we use it to protect our citizens, and citizens of other countries. We certainly don’t use it for commercial purposes”.

The report alleged that the Australian Signals Directorate offered information to America’s National Security Agency regarding commercial trade discussions between Indonesia and the United States which included telecommunications access.

Telecom companies deny involvement
Tribun News reported that Indosat spokesperson Adrian Prasanto on Tuesday has come out and denied that the company actively participated in the breach. In security matters, “we are audited twice a year” Prasanto said, referring to risk and information security management checks. “We are certain that none of our customers were breached”.

Telkomsel has yet to respond to the allegations, but back in November, Adita Irawati, vice president of corporate communications at Telkomsel, deferred to the 2006 ministerial regulation on lawful interception saying that the company has always complied with the law. The statement was a response to an earlier report by Guardian on Australia’s wiretapping activities against Indonesia.

It’s not impossible that external parties who allegedly have access to the network did so without the knowledge of their targets, masking their activities as legitimate to network logs.

Sembiring said on Tuesday that the government will investigate the matter with the two telcos before deciding how to proceed further. If they are found to be actively involved, the ministry will move to revoke their operational permits, but if they are mere victims of a breach, the ramifications will be much more limited.

Shut down unlikely
While the communications minister may have issued a very strong and harsh statement, the likelihood of the government shutting down the two largest mobile telecommunications companies in the country is slim to none.

First of all, the government will have to prove that the telcos were actively involved in providing information to access their networks to a foreign individual or entity. Proving this would actually mean that the telcos or someone inside have committed treason, a crime punishable by death. With regards to companies, it clearly means total shutdown.

Secondly, both companies combined have a customer base of over 170 million people, which is around 70 percent of the entire country’s population. Handing that sizable responsibility to other local telcos such as XL Axiata and 3 is beyond comprehension as they do not have the capacity to operate in such a scale.

If the government invites foreign telecommunications companies to take over and operate the networks that currently belong to Indosat and Telkomsel, it will be a massive political as well as commercial undertaking which will place a significant strain on the government itself, not least one that is about to come to an end with the legislative and presidential elections looming in just a matter of weeks.

The important issue for all of the parties concerned at this point is to discover how this breach may have happened, whether there were reasonable steps taken to prevent such an occurrence, and how to create even more secure infrastructure and operations to prevent the likelihood of this being repeated.

As University of Indonesia’s public policy observer Ichsanuddin Noorsy said yesterday, the Indonesian public and its government have yet to fully wake up to the reality that preventing these breaches require public participation and active government involvement in the technology space.

“Indonesian citizens, especially the youth in Bandung Yogyakarta, and Malang, are capable to build a cyber army. They are recognized in the United States, Singapore, and Malaysia. In Indonesia, they’re not even visible to the Indonesian government”, Noorsy said.

[header image from Shutterstock]

Leave a Reply

Your email address will not be published.