Preventing AI-based phishing crimes across national borders through the reconstruction of personal data protection laws

Gunsu Nurmansyah; I Gede Arya Bagus Wiranata; A. Irzal Fardiansyah; Stanislav Vladimirov Mladenov

Authors

Gunsu Nurmansyah Universitas Lampung
I Gede Arya Bagus Wiranata Lampung University
A. Irzal Fardiansyah Lampung University
Stanislav Vladimirov Mladenov Kazan (Volga Region) Federal University

Keywords:

Legal Reconstruction, Personal Data Protection, AI-based phishing Crime (Artificial Intelligence), Across National Borders

Abstract

Introduction to The Problem: This study focuses on a new form of cybercrime due to advancing technology: AI-based phishing crimes. These crimes involve using artificial intelligence to misuse personal data on digital platforms or applications. Such illicit activities have significant implications and require attention. One significant threat in this context is the rise in AI-based phishing crimes, where attackers use sophisticated AI algorithms to deceive individuals and gain access to their data and information. Establishing solid and comprehensive personal data protection laws is critical to combating AI-based phishing crimes and protecting individuals across national borders.

Purpose/Study Objectives: The study's object is cross-border AI-based phishing crimes, a new form of cybercrime due to technological advances. This study aims to analyze the concept of personal data protection in Law Number 27 of 2022 from the perspective of substantive justice and the prevention of AI-based phishing crimes.

Design/Methodology/Approach: The author has conducted normative legal research or literature review with a meticulous approach to the principles of criminal law, a comprehensive comparative study of cybercrime law, and an in-depth exploration of the legal history of personal data protection law. Technical analysis, in the form of content analysis, is a series of methods that rigorously analyze the content of all forms of communication, categorizing them into matters related to AI-based cyber phishing, personal data protection regulations, information regulations, and technology.

Findings: Law Number 27 of 2022 on Personal Data Protection can prevent phishing crimes through AI by implementing PDP principles adopted from international PDP principles. This can be done by referring to the OECD Guidelines Governing Privacy Protection and Cross-Border Flow of Personal Data and the data protection regulations in Indonesia.

Paper Type: Research Article

Author Biography

Gunsu Nurmansyah, Universitas Lampung

Law

References

Aggarwal, A., Rajadesingan, A., & Kumaraguru, P. (2012). PhishAri: Automatic realtime phishing detection on Twitter. 2012 ECrime Researchers Summit, 1–12. https://doi.org/10.1109/eCrime.2012.6489521

Akbar Galih Hariyono. (2022). Perlindungan hukum korban pencurian data pribadi (phishing cybercrime) dalam perspektif kriminologi. Bureaucracy Journal : Indonesia Journal of Law and Social-Political Governance, 3(1), 428–439. https://doi.org/10.53363/bureau.v3i1.191.

Akdemir, N., & Yenal, S. (2021). How phishers exploit the coronavirus pandemic: A content analysis of COVID-19 Themed Phishing Emails. SAGE Open, 11(3). https://doi.org/10.1177/21582440211031879

Alan F. Westin. (1967). Privacy and freedom. 25 Wash. & Lee L. Rev. 166. Available at: https://scholarlycommons.law.wlu.edu/wlulr/vol25/iss1/20.

Ananthia. (2019). Perlindungan hak privasi atas data diri di era ekonomi digital. Hasil Penelitian, Pusat Penelitian Dan Pengkajian Perkara, Dan Pengelolaan Perpustakaan Kepaniteraan Dan Sekretariat Jenderal Mahkamah Konstitusi, Jakarta

Andi Hamzah. (2015). Delik-delik tertentu (speciale delicten) didalam KUHP edisi kedua. Sinar Grafika.

Ansari, M. F., Panigrahi, A., Jakka, G., Pati, A., & Bhattacharya, K. (2022). Prevention of phishing attacks using AI algorithm. 2022 2nd Odisha International Conference on Electrical Power Engineering, Communication and Computing Technology (ODICON), 1–5. https://doi.org/10.1109/ODICON54453.2022.10010185

APWG Phishing. (2022). Phishing activity trends report, 4th Quarter 2022.

Bielova, M., & Byelov, D. (2023). Challenges and threats of personal data protection in working with artificial intelligence. Uzhhorod National University Herald. Series: Law, 2(79), 17–22. https://doi.org/10.24144/2307-3322.2023.79.2.2

Bringas Colmenarejo, A., Nannini, L., Rieger, A., Scott, K. M., Zhao, X., Patro, G. K., Kasneci, G., & Kinder-Kurlanda, K. (2022). Fairness in agreement with European Values. Proceedings of the 2022 AAAI/ACM Conference on AI, Ethics, and Society, 107–118. https://doi.org/10.1145/3514094.3534158

Carmody, J., Shringarpure, S., & Van de Venter, G. (2021). AI and privacy concerns: A smart meter case study. Journal of Information, Communication and Ethics in Society, 19(4), 492–505. https://doi.org/10.1108/JICES-04-2021-0042

Chandra, M. A., Bedi, S. S., Chandra, S., & Quraishi, S. J. (2019). Phishing website classification using least square twin support vector machine. International Journal of Innovative Technology and Exploring Engineering, 9(1), 2063–2068. https://doi.org/10.35940/ijitee.A3905.119119

Chen, Y.-H., & Chen, J.-L. (2019). AI@ntiPhish — machine learning mechanisms for cyber-phishing attack. IEICE Transactions on Information and Systems, E102.D(5), 878–887. https://doi.org/10.1587/transinf.2018NTI0001

Clifford, D., Richardson, M., & Witzleb, N. (2020). Artificial intelligence and sensitive inferences: New challenges for data protection laws. SSRN Electronic Journal. https://doi.org/10.2139/ssrn.3754037

Dang, T. T., Dang, K. T., & Küng, J. (2020). Interaction and visualization design for user privacy interface on online social networks. SN Computer Science, 1(5), 1–12. https://doi.org/10.1007/s42979-020-00314-9

Danrivanto Budhijanto. (2014). Teori hukum konvergensi. Refika Aditama.

Danrivanto Budhijanto. (2023). Hukum perlindungan data pribadi di Indonesia Cyberlaw dan Cybersecurity). PT. Refika Aditama.

Gulo, A. S., Lasmadi, S., & Nawawi, K. (2021). Cyber crime dalam bentuk phising berdasarkan Undang-Undang Informasi dan Transaksi Elektronik. PAMPAS: Journal of Criminal Law, 1(2), 68-81. https://doi.org/10.22437/pampas.v1i2.95 74

Gupta, B. B., Tewari, A., Jain, A. K., & Agrawal, D. P. (2017). Fighting against phishing attacks: state of the art and future challenges. Neural Computing and Applications, 28(12), 3629–3654. https://doi.org/10.1007/s00521-016-2275-y

GW Jonimandala, D. S. (2023). Peran direktorat tindak pidana siber (DITTIPIDSIBER) bareskim polri dalam melakukan penegakan hukum terhadap kejahatan pencurian dan penyalahgunaan data pribadi. innovative: Journal Of Social Science Research , 3(4), 680–692. https://doi.org/10.31004/innovative.v3i4.2874.

H. Zuhir, A. S. and M. S. (2015). The effect of feature selection on phish website detection an empirical study on robust feature subset selection for effective classification. International Journal of Advanced Computer Science and Applications, 6(10). 10.14569/IJACSA.2015.061031.

Hariyono, A. G., & Simangunsong, F. (2023). Perlindungan hukum korban pencurian data pribadi (phishing cybercrime) dalam perspektif kriminologi. Bureaucracy Journal: Indonesia Journal of Law and Social-Political Governance, 3(1), 428–439. https://doi.org/10.53363/bureau.v3i1.191

Heppy Endah Palupy. (2011). Privacy and data protection : Indonesia legal framework. Universiteit van Tilburg.

Indonesia Anti Phising Data Exchange (IDADX). (2023). Laporan aktivitas phishing Q1 2023.

Kardos, V. (2022). Data protection challenges in the era of artificial intelligence. Central and Eastern European EDem and EGov Days, 341, 285–294. https://doi.org/10.24989/ocg.v341.21

King, T. C., Aggarwal, N., Taddeo, M., & Floridi, L. (2020). Artificial intelligence crime: An interdisciplinary analysis of foreseeable threats and solutions. Science and Engineering Ethics, 26(1), 89–120. https://doi.org/10.1007/s11948-018-00081-0

Komarudin, W. D. dan A. (2014). Perlindungan hak atas privasi di internet-beberapa penjelasan kunci. Elsam.

Lastdrager, E. E. H. (2014). Achieving a consensual definition of phishing based on a systematic review of the literature. In Crime Science (Vol. 3, Issue 1). https://doi.org/10.1186/s40163-014-0009-y

Lee, J., Kim, J., Kim, I., & Han, K. (2019). Cyber threat detection based on artificial neural networks using event profiles. IEEE Access, 7, 165607–165626. https://doi.org/10.1109/ACCESS.2019.2953095

Lilis Ekayani. (2023). Perlindungan hukum nasabah terhadap kejahatan pencurian data pribadi (phising) di lingkungan perbankan. Journal Of Lex Philosophy (JLP), 4(1), 22–40. https://doi.org/10.52103/jlp.v4i1.1485.

M. Al-diabat. (2016). Detection and prediction of phishing websites using classification mining techniques. International Journal of Computer Applications, 147(5). https://doi.org/10.5120/ijca2016911061.

Mahameru, D., Nurhalizah, A., Wildan, A., Badjeber, M., & Rahmadia, M. (2023). Implementasi UU perlindungan data pribadi terhadap keamanan informasi identitas di Indonesia. Jurnal Esensi Hukum, November 2023. https://www.researchgate.net/publication/375989201_Implementasi_Uu_Perlindungan_Data_Pribadi_Terhadap_Keamanan_Informasi_Identitas_Di_Indonesia.

Makarim, E. (2004a). Kompilasi hukum telematika, Jakarta hlm. 3. Lihat juga M. Arsyad Sanusi, Teknologi Informasi & Hukum E-commerce, PT. Dian Ariesta, Jakarta, 2004. PT. Raja Grafindo Perkasa.

Masyhar, A., & Emovwodo, S. O. (2023). Techno-prevention in counterterrorism: between countering crime and human rights protection. Journal of Human Rights, Culture and Legal System, 3(3), 625-655. https://doi.org/10.53955/jhcls .v3i3.176

Meurisch, C., & Mühlhäuser, M. (2022). Data Protection in AI services. ACM computing surveys, 54(2), 1–38. https://doi.org/10.1145/3440754

Mihai, I.-C. (2012). Overview on phishing attacks. International Journal of Information Security and Cybercrime, 1(2), 61-67. https://doi.org/10.19107/ijisc.2012.02.0 7

Muir, A., & Oppenheim, C. (2002). National information policy developments worldwide IV: Copyright, freedom of information and data protection. Journal of Information Science, 28(6), 467-481. https://doi.org/10.1177/0165551502028 00603

Pagallo, U. (2011). Designing data protection safeguards ethically. Information, 2(2), 247–265. https://doi.org/10.3390/info2020247

Petar Radanliev, & Omar Santos. (2023). Ethics and responsible AI deployment. Frontiers in Artificial Intelligence, 7(1).

Purwaningsih, R., & Putranto, R. D. (2023). Tinjauan yuridis terhadap penetapan locus delicti dalam kejahatan dunia maya (cyber crime) berkaitan dengan upaya pembaharuan hukum pidana di Indonesia. Mimbar Keadilan, 16(1), 130–138. https://doi.org/10.30996/mk.v16i1.8021

Rangaraju, S. (2023). Secure by intelligence: enhancing products with AI-driven security measures. EPH - International Journal of Science And Engineering, 9(3), 36–41. https://doi.org/10.53555/ephijse.v9i3.212

Rao, R. S., & Pais, A. R. (2019). Detection of phishing websites using an efficient feature-based machine learning framework. Neural Computing and Applications, 31(8), 3851–3873. https://doi.org/10.1007/s00521-017-3305-0

Riskawati, A. A. A. dan. (2016). “Penanganan kasus cybercrime di Kota Makassar (studi pada kantor kepolisian resort Kota Besar Makassar). Jurnal Supremasi, 10. https://doi.org/10.26858/supremasi.v11i1.3023.

Sahingoz, O. K., Buber, E., Demir, O., & Diri, B. (2019). Machine learning based phishing detection from URLs. Expert Systems with Applications, 117, 345–357. https://doi.org/10.1016/j.eswa.2018.09.029

Sameen, M., Han, K., & Hwang, S. O. (2020). PhishHaven-an efficient real-time AI phishing URls detection system. IEEE Access, 8, 83425-83443. https://doi.org/1 0.1109/ACCESS.2020.2991403

Selyanin, Y. (2021). Budget funding priorities and development prospects of the US artificial intelligence. Analysis and Forecasting. IMEMO Journal, 3, 65–93. https://doi.org/10.20542/afij-2021-3-65-93

Setiawan, D. A. (2020). Cyber terrorism and its prevention in Indonesia. Jurnal Media Hukum, 27(2). https://doi.org/10.18196/jmh.20200156

Situmeang, S. M. T. (2021). Penyalahgunaan data pribadi sebagai bentuk kejahatan sempurna dalam perspektif hukum siber. SASI, 27(1), 38. https://doi.org/10.47268/sasi.v27i1.394

Sulistianingsih, D., Ihwan, M., Setiawan, A., & Prabowo, M. S. (2023). Tata kelola perlindungan data pribadi di era metaverse (telaah yuridis undang-undang perlindungan data pribadi). Masalah-Masalah Hukum, 52(1), 97–106. https://doi.org/10.14710/mmh.52.1.2023.97-106

Tan, J. G. (2008). A Comparative study of the APEC privacy framework- a new voice in the data protection dialogue? Asian Journal of Comparative Law, 3, 1–44. https://doi.org/10.1017/S2194607800000181

Tarafdar, S. A., & Fay, M. (2018). Freedom of information and data protection acts. Innovait: Education and Inspiration for General Practice, 11(1), 48–54. https://doi.org/10.1177/1755738017735139

Tchinaryan, E. O., Lavrentieva, M. S., Kuchenin, E. S., & Neznamova, A. A. (2019). Digital technologies of the European Union in personal data protection. International Journal of Innovative Technology and Exploring Engineering, 8(12), 3600–3604. https://doi.org/10.35940/ijitee.L3798.1081219

Teguh Prasetyo. (2013). Hukum pidana. PT. Raja Grafindo Persada.

Tripathi, K., & Mubarak, U. (2020). Protecting privacy in the era of artificial intelligence. SSRN Electronic Journal. https://doi.org/10.2139/ssrn.3560047

Urban, T., Tatang, D., Degeling, M., Holz, T., & Pohlmann, N. (2018). The unwanted sharing economy: An analysis of cookie syncing and user transparency under GDPR. https://doi.org/10.1145/3320269.3372194

Vania, C., Markoni, M., Saragih, H., & Widarto, J. (2023). Tinjauan yuridis terhadap perlindungan data pribadi dari aspek pengamanan data dan keamanan siber. Jurnal Multidisiplin Indonesia, 2(3), 654-666. https://doi.org/10.58344/jmi.v2i 3.157

Vishwanath, A., Harrison, B., & Ng, Y. J. (2018). Suspicion, cognition, and automaticity model of phishing susceptibility. Communication Research, 45(8), 1146–1166. https://doi.org/10.1177/0093650215627483

Wachter, S., & Mittelstadt, B. D. (2018). A right to reasonable inferences: Re-thinking data protection law in the age of big data and AI. Columbia Business Law Review, 494–620. https://doi.org/10.31228/osf.io/mu2kf.

Wahyu Sudrajat. (2021). Relativitas peraturan dalam hukum. Https://Www.Hukumonline.Com/Berita/a/Relativitas-Peraturan-Dalam-Hukum-Lt60e5205a1d473/.

Weber, R. H. (2010). Internet of things – new security and privacy challenges. Computer Law & Security Review, 26(1), 23-30. https://doi.org/10.1016/j.clsr.2 009.11.008

Wu, W., & Liu, S. (2023). Compliance costs of AI technology commercialization: A field deployment perspective. Computer Science, Business, Economics. DOI:10.48550/arXiv.2301.13454

Xun Dong, Clark, J. A., & Jacob, J. L. (2008). User behaviour based phishing websites detection. 2008 International Multiconference on Computer Science and Information Technology, 783-790. https://doi.org/10.1109/IMCSIT.2008.4747 332

Yuniarti, S. (2019). Perlindungan hukum data pribadi di Indonesia. Business Economic, Communication, and Social Sciences (BECOSS) Journal, 1(1), 147–154.https://do i.org/10.21512/becossjournal.v1i1.6030

Yuniarti S., AM Ramli, SD Rosadi, D. B. (2023). The new chapter of Indonesia’s data protection on digital economy perspective. Journal of Southwest Jiaotong University, 58(3). https://doi.org/10.35741/issn.0258-2724.58.3.9

Yuspin, W., Wardiono, K., Budiono, A., & Gulyamov, S. (2022). The law alteration on artificial intelligence in reducing Islamic bank’s profit and loss sharing risk. Legality : Jurnal Ilmiah Hukum, 30(2), 267-282. https://doi.org/10.22219/ljih.v 30i2.23051