SAFEnet campaign against state digital surveillance and ITE Law criminalization of civil society in Indonesia (2013–ongoing)

SAFEnet (Southeast Asia Freedom of Expression Network)'s multi-chapter campaign against the legal and technical infrastructure of state surveillance of civil society in Indonesia is the corpus's entry for the principal sustained Indonesian civil-society effort on this front. The campaign's structural spine is Indonesia's ITE Law (UU ITE, Law No. 11 of 2008 on Information and Electronic Transactions), which SAFEnet identified from the organisation's 2013 founding as the instrument through which the Indonesian state exercises systematic criminal surveillance over online expression. The campaign has expanded progressively to encompass judicial challenges to arbitrary internet shutdowns, civil-society documentation of commercial-spyware procurement by Indonesian security agencies, advocacy against the surveillance provisions of the proposed National Police Bill, and real-time reporting on digital repression during political protest cycles.

The ITE Law and the campaign's founding register

Indonesia's ITE Law was enacted in 2008 and was immediately criticised by digital-rights defenders for provisions that effectively weaponized defamation and hate-speech law against online expression: Article 27, covering obscene or defamatory content; Article 28, covering hate speech and false information; and Article 29, covering threats — all carrying criminal penalties that produce investigative and prosecutorial pressure far exceeding what a civil defamation action would generate. SAFEnet was founded in 2013 in direct response to this structure: the criminalisation pattern was already generating a documented chill on online expression across Indonesia, and the organisation's 2014 analysis of the law's threat to freedom of expression established the analytical framework that would anchor the campaign's subsequent monitoring and advocacy work. The ITE Law's mechanism as a surveillance instrument is both direct — police monitor social media and online expression to generate cases — and structural: the conviction rate under Articles 27–29 between 2016 and 2020 ran at 96.8%, with an imprisonment rate of 88%, creating a deterrence effect far greater than the number of prosecuted cases alone.

First revision and ongoing documentation

A first revision to the ITE Law was passed in 2016 following sustained civil-society pressure, removing some provisions but leaving the core Articles 27 and 28 intact. SAFEnet's documentation thereafter established the pattern: year-on-year monitoring of ITE Law criminalisation cases through the annual Digital Rights Situation Report of Indonesia, with the number, victims, and demographics of prosecutions tracked and published in Bahasa Indonesia and English. The series documents a civil-society criminalisation infrastructure in which the affected population shifted progressively toward the political: in 2021, activists ranked first among ITE Law victims for the first time since the law's 2008 passage — 10 of 38 victims — against a baseline in which journalists, ordinary netizens, and domestic-dispute parties had previously dominated the case record. In 2022 SAFEnet documented a spike to at least 97 criminalisation cases against 107 victims — the highest annual count since monitoring began — with activists and students among the five most-represented victim categories. The running total across 2019–2022 alone reached 1,021 prosecutions under Articles 27 and 28.

Papua internet shutdown litigation (2019–2020)

The campaign's most structurally significant single act is SAFEnet's successful court challenge to the August–September 2019 Papua and West Papua internet shutdowns. The background was a protest cycle triggered by claims of racist abuse and physical mistreatment of Papuan students: the government throttled internet access across the region from 19 August 2019 and then terminated access completely in 29 cities and districts in Papua province and 13 in West Papua province between 21 August and 4 September 2019 — 42 cities and districts in total — with bandwidth throttling extended in six further locations. Access Now and the broader #KeepItOn coalition documented the shutdowns as tools "used to silence the protests happening in the region and obscure transparency on arrests and alleged violence targeting protestors."

In November 2019 SAFEnet and the Alliance of Independent Journalists (AJI) Indonesia, represented by lawyers from LBH Pers, YLBHI, KontraS, Elsam, and ICJR, filed suit against the Ministry of Communication and Information and the President of Indonesia at the Jakarta State Administrative Court (PTUN), challenging all three categories of government action — throttling, complete blocking, and the extension phase — as unlawful. On 3 June 2020 a panel of PTUN Jakarta judges declared the shutdowns an unlawful act by a government agency and its officials, rejecting the government's invocation of Article 40 of the ITE Law as authority for total connectivity termination and ordering payment of Rp 457,000 in damages. The ruling established that arbitrary internet connectivity termination by the Indonesian state violates domestic administrative law — the most consequential Southeast-Asian internet-rights judicial outcome in the corpus. SAFEnet subsequently cited this precedent directly in its 2024 advocacy against the National Police Bill's proposed internet-shutdown authority under Article 16(1)(q).

Spyware documentation and response (2021–ongoing)

SAFEnet's surveillance-accountability register expanded into commercial-spyware accountability beginning in 2021, as civil-society investigations and international forensic researchers documented that Indonesia's National Police and the State Intelligence Agency (BIN) had acquired access to Pegasus, NSO Group's mercenary spyware. In November 2021 six senior Indonesian officials received Apple notifications warning them they had been targeted by state-sponsored attackers — placing Indonesian state-actor Pegasus deployment on the public record. SAFEnet's Executive Director characterised the misuse as constituting unlawful surveillance and joined regional and international civil-society condemnation of the procurement. The 2024 Amnesty International Security Lab investigation A Web of Surveillance identified substantial commercial-spyware exports to Indonesia between 2019 and 2022 and cited SAFEnet alongside the Lokataru Foundation and Privacy International as civil-society organisations documenting the attack landscape. The annual Digital Rights Situation Report tracked the rising digital-attack rate against civil society in parallel: 193 incidents in 2021 — a 38% increase from 2020 — with critical groups (activists, journalists, students, civil-society organisations) as targets in nearly 59% of all cases.

The second ITE Law revision and its failure (2023–2024)

The second revision to the ITE Law was processed through the Indonesian legislature in late 2023 against a backdrop of escalating civil-society criminalisation. SAFEnet joined the ASEAN Regional Coalition to #StopDigitalDictatorship — nine organisations including the Foundation for Media Alternatives, ELSAM, ILGA Asia, and the Manushya Foundation — in a December 2023 joint solidarity statement demanding postponement of the revision until problematic articles on defamation, hate speech, and false news were thoroughly addressed, meaningful public participation was guaranteed, and provisions enabling government content-blocking under vague "unlawful" justifications were removed. The law was ratified by the House of Representatives on 5 December 2023 and signed by President Joko Widodo on 2 January 2024 — with the problematic Articles 27 and 28 retained and a new Article 28(3) added criminalising "false statements" causing "public unrest" that the International Commission of Jurists characterised as vague, overbroad, and imprecise. Civil-society organisations recorded the outcome as an inadequate revision that preserved the core repression apparatus.

National Police Bill surveillance provisions (2024)

In July 2024 SAFEnet published a detailed analysis of digital-rights violations in the proposed National Police Bill, identifying four provisions that would materially expand the state's digital-surveillance capacity: Article 16(1)(q), granting the police authority to conduct internet shutdowns for national security purposes — the provision SAFEnet's 2020 Papua PTUN ruling directly constrains; Article 14(1)(b), assigning the police the task of "supervising and securing cyberspace," which SAFEnet argued would enable mass surveillance, documented as already operational through the Virtual Police program launched in 2021 that monitored social media and issued warnings to users; Article 14(1)(o), permitting police wiretapping within the scope of police duties — with SAFEnet noting that civil-society investigations had already documented police procurement of Pegasus spyware; and Article 14(2)(c), involving police in smart-city administration in ways that would enable facial-recognition deployment for protest surveillance, with documented suppression in Myanmar, Thailand, and Hong Kong cited as the harm model.

The #PeringatanDarurat moment and the August 2025 response

SAFEnet's 2024 Digital Rights Situation Report, Passing the Baton of Digital Repression, documented the campaign's most intensive single-month digital-attack spike: 40 incidents in August 2024, triggered by the #PeringatanDarurat pro-democracy protest cycle — students, academics, and civil-society activists demonstrating against the House of Representatives' move to override Constitutional Court rulings on regional-election nomination thresholds. The documented forms included WhatsApp intimidation campaigns against activists, doxxing, device confiscation by police during physical arrests, and information-distortion operations. Digital attacks for 2024 reached 330 incidents — the highest since SAFEnet began monitoring — with the ITE Law and the revised Criminal Code characterised in the report as extensively weaponised against citizens for online political expression during the protest cycle. The report's title framing — "passing the baton of digital repression" — was a finding that repression had been continuous across the Joko Widodo–Prabowo Subianto political transition, contradicting any expectation of discontinuity.

In August 2025 SAFEnet led a 57-organisation international civil-society statement condemning digital repression during national protests that had resulted in at least ten civilian deaths. The specific documented acts condemned included four young human-rights defenders charged under the ITE Law for social-media posts, TikTok's blanket suspension of its Live feature in Indonesia on 30 August 2025, Meta's removal of content and restriction of accounts belonging to pro-democracy organisations, and police cyber-patrol operations producing arrests for social-media comments.

Significance

This campaign is the corpus's entry for the principal sustained Indonesian civil-society effort to resist the legal and technical infrastructure of state digital surveillance — anchored on the ITE Law but extending progressively into commercial-spyware accountability, internet-shutdown litigation, police surveillance-capability advocacy, and platform-accountability as the Indonesian state's surveillance apparatus has grown in sophistication and operational reach. Its judicial core — the 2020 Papua PTUN ruling — is the corpus's only Southeast-Asian judicial precedent establishing that arbitrary internet connectivity termination violates domestic administrative law, and its subsequent citation by SAFEnet against the proposed National Police Bill's shutdown authority demonstrates how a litigation outcome translates into downstream apparatus constraint in the civil-society register. Its documentation core — the annual Digital Rights Situation Report — is the corpus's most sustained country-level monitoring record of the digital-rights attack surface that civil society in a major Global South democracy faces from its own state.

The campaign's arc also traces the structural failure of legislative reform as a primary accountability instrument in the Indonesian context: the first ITE Law revision (2016) retained core problematic provisions; the second revision (2024) retained and added to them in the face of sustained civil-society advocacy. SAFEnet's response to this pattern — pivoting toward litigation, commercial-spyware exposure, platform-accountability demands, and real-time political-protest documentation — illustrates the tactical adaptation of a country-level digital-rights anchor when legislative channels close. Against the corpus's other Southeast-Asian campaigns — the Foundation for Media Alternatives' SIM-card-registration campaign in the Philippines — it constitutes the region's fullest documented case of a civil-society organisation sustaining multi-decade advocacy against a state digital-repression infrastructure while maintaining the documentation record on which domestic and international accountability work depends.