Protecting the President of a country is considered the priority of its government. Regardless of the situation and condition, a country will do whatever it can to ensure the privacy and security of its President, whatever the cost.
Indonesia is the archipelago country in the Southeast Asia. With a population of over 250 million people, Indonesia is the fourth most populous in the world, and the third most populated in Asia, after China and India.
While many of its citizens are already connected to the internet, and the country is known to have several unicorn tech companies (and one decacorn), Indonesia still lacks the ability to properly secure data when it travels through the internet.
After experiencing massive data leak from its e-commerce giants, having its voters' data stolen by hackers, and seeing database of COVID-19 testers breached, this time, President Joko "Jokowi" Widodo has his COVID-19 vaccine certificates leaked to the internet.
This incident, again, shows how Indonesia is still weak in protecting its cybersecurity records, due to its poor online literacy.
And with the President's data leaked to the internet, Indonesians are expressing their concerns over the security of their own personal medical data.
Jokowi's leaked data, include his vaccine certificates that show his vaccine type and vaccination times. The data also include his national ID number and date of birth.
The photo caption also revealed that Jokowi had received the third dose of the COVID-19 vaccine as there was a third column on the page. However, the column was blank, as opposed to the other two columns that showed the vaccination certificates of the first and the second dose.
The President's personal data was leaked by users who found his data on official vaccine-monitoring app PeduliLindungi (Indonesia for "care protect"), the government said.
"Certain people have accessed the vaccine certificate of Mr. Joko Widodo by using a vaccine check feature available in PeduliLindungi," an official statement explained.
Indonesia's Communication and Information Ministry officials deflected blame, and said that Jokowi's data was actually accessed via the General Commission of Elections website.
In other stories, it is said that the leak comes days after researchers of encryption provider vpnMentor revealed the data of 1.3 million users of a government test-and-trace app had been compromised. But the company did not explicitly specify if the data had been leaked from PeduliLindungi.
"Data breaches happen more frequently in Indonesia because of the very high digital penetration in Indonesia which unfortunately is not followed by proper digital awareness from those who are managing the data," said cybersecurity analyst Alfons Tanujaya in Indonesia's capital, Jakarta.
Realizing this incident, many Indonesians complained that if the government itself cannot secure the data of its President, what would become data of its citizens? Others are also expressing their anger, saying that IT and data management in Indonesia is a failure.
Digital analyst Ismail Fahmi said the leak showed how easy it was to view or potentially use another individual's vaccination certificate, even that of a head of state.
"If there was protection, there would be an investigation into why this problem persists, why personal records can be easily mined," he said. "But there is no such protection."
"With good privacy standards and design, there should be limits on being able to check other people's data, let alone the President's," another user said.
Some social media users have also expressed dismay over flaws in the application, simply because PeduliLindungi has been made mandatory to have on phones of Indonesians who wish to travel, visit malls and other public places.
It is said that the leak happened because PeduliLindungi needed the ability for online services to retrieve its data to ease verification purposes. But the convenient it needed apparently became its biggest weakness.
Responding to the incident, officials said that they are already in the world to improve PeduliLindungi users' data security, with Health Minister Budi Gunadi Sadikin said officials' records could no longer be accessed.
“We are aware of that. So we are now closing sensitive data of some officials that have been breached,” Budi remarked.
Among the ways, the flaw was patched by removing the option to use mobile phone numbers to look up vaccination status.
Indonesia at this time, has a data protection bill, submitted in 2020, but has yet to be passed.
At this time, Indonesia is the world's sixteenth-largest nation when measured by GDP, and it is on a healthy trajectory to become an economic powerhouse of Asia. But still, its government services are neither well-distributed nor sophisticated.