Since the ratification of the No. 11 of 2008 Law on Electronic Information and Transactions in Indonesia, infamously known as UU ITE, SAFEnet has noted that 393 people have been criminalized from 2013 to 2021. In 2021 alone, there were 38 criminalization cases with the UU ITE. Victims came from various backgrounds, such as activists (26), victims/victim supporters (21), civil society organizations (18), journalists (13), workers (11), civil society organizations (3), academics (3), politicians (3) and university students (3).¹

Apart from criminalization, we have seen activists and CSOs suspected of being attacked digitally with cyber hacking and also through misinformation and disinformation. In 2021, 8 activists from Indonesian Corruption Watch were suspected of being digitally attacked during a press conference. The digital attacks were manifested in the presence of pornographic pictures and videos in the virtual meeting room, an effort to turn off the mic of the speaker, and multiple attempts to log into the staff’s WhatsApp accounts. The staff also experienced unknown calls from abroad and from Indonesian numbers, distracting their focus. Digital attacks in the form of WhatsApp login attempts were suspected of being experienced by ICW’s staff and LBH Jakarta and Lokataru members, sourcing from Kumparan.com, a collaborative news platform in Indonesia.² ICW suspected that these digital attacks experienced by its staff and other civil society organizations were coming from groups of people who disagreed with their agenda. Although the disruption of communications devices has been evidently experienced but it has not been further cleared post-event.

Proving this suspicion will not be easy, and this is typical in digital attacks —at least the better-executed ones. Evidence aside, to stay safe and secure, CSOs, NGOs, activists, and civilians need to be equipped with proper tools to avoid being attacked digitally

Before we understand the tools, we need to understand and learn about the potential attacks that CSOs and activists may face. These are the most common digital attacks:

• Hacking, the act of compromising digital devices and networks through unauthorized access to an account or computer system.
• Hijacking, a form of network security attack in which the attacker gains control of computer systems, software applications, and/or network communications.
• Doxxing, a type of cyberbullying that exploits sensitive or confidential information, words, or records to harass, expose, cause financial harm, or exploit targeted individuals³
• Using the Law on Electronic Information and Transactions to accuse CSOs and activists of defamation regarding their publications online.

As we gear up for any digital attacks, we may as well equip ourselves with the knowledge of digital safety and security. CSO and grassroots activists need to understand that their accounts can be hacked any time.
Here are some tools to mitigate digital security risks.

1. Create and customize your social media policy as guidelines for responsible use of social media by CSO. These guidelines encompasses of rules for using personal social media on office assets, things to avoid doing on social media such as answering personal information in quizzes, which teams or departments are in charge of each social media account, who is in charge for coming up with a strong password and how often to change it, software updates on gadgets; recognize and steer clear of scams, assaults, and other security threats, who to contact and how to handle if there is a question about social media security.
2. Use a two-factor authentication as an additional level of security for your social media accounts. Attackers have a harder time getting into someone's devices or online accounts with two-factor authentication because a victim's password alone is not enough to pass the authentication check. Therefore, this process becomes an added layer of security for your CSO accounts and your private accounts.
3. Train your staff on digital security so they can recognize vulnerabilities. This training will allow employees to engage, ask questions, and understand the importance of following up on potential threats.
4. Regularly check who is currently logged in to your devices. You can check this in your settings and privacy tab under “where you’re logged in.” This section is available in almost all social media channels to help you keep track of who is logged in to your account.

Digital attacks are becoming bigger threats to civil society groups, activists, and citizens, so it's important to put in place robust security measures. People and organizations can better protect democratic ideals and freedom of speech in the digital world by improving security. You can contact C4C for further discussion related to CSO digital security and also how to stay safe from delegitimization attacks.