JAKARTA, investor.id – The Indonesian Internet Governance Forum (ID-IGF) provides a number of recommendations to the government and related parties for improvements to improve the performance of the PeduliLindung application, which is currently increasingly widely used.
ID-IGF has submitted the recommendation to the Ministry of Communication and Information Technology, Ministry of Health, Ministry of Home Affairs, National Cyber and Crypto Agency (BSSN), and PT Telkom (Persero) Tbk.
“ID-IGF recommendations are divided into two sides, namely technical and governance,” said ID-IGF, through a statement, Thursday (9/9).
The first problem, the PeduliLindung application includes terms of use that do not guarantee that the service can always be accessed and does not guarantee accurate and safe data.
ID-IGF recommends changing the terms of use to comply with Government Regulation number 71 of 2019 concerning Electronic System and Transaction Operators (PP PSTE) article 3 which requires each PSE to be responsible for the operation of the system.
Regarding data security and confidentiality policies, ID-IGF conveyed, according to PP number 71 of 2019 article 31, PSE is also obliged to protect users and the wider community from losses caused by the electronic system it administers.
Therefore, PeduliLindung’s confidentiality policy must contain the above clause. In addition, PeduliLindung data must be encrypted and can only be decrypted by the PeduliLindung application.
App reviews on the App Store and Play Store also called forums have had a number of complaints from users. In general, complaints in the form of frequent hang due to the high number of users, the battery runs out quickly because the GPS must be active 24 hours, login repeated by entering NIK, to one-time password (OTP) which often fails to send.
Meanwhile, the recommended solution from ID-IGF is to improve the application architecture design in order to make optimal use of the features Software Development Kit (SDK) by applying the comprehensive DEVSECOPS standard method.
In addition, GPS does not need to be active 24 hours. Instead, provide four options for using GPS, namely use once, while in use, always on, and deny activation.
CareProtect also need to use message broker to anticipate failure request due to high concurrent user access. Users are given the option to stay login and no need to enter NIK every time.
“There must be quality OTP delivery services via SMS or SMS e-mail a maximum of three minutes. Or you can, use the 2FA model with the app token random number generator which is made by the developer himself,” said ID-IGF.
PeduliLindung is also advised to adopt best practices from ISO 27001 for information technology security and ISO 27701 for personal data protection.
Other
Meanwhile, regarding data collection that exceeds the application’s requirements, ID-IGF recommends removing this provision because it is not in accordance with the application’s function. In addition, if there is a leak of user data, it will be easily used to social engineering by another party.
System-related recommendations input applications regarding digitization form registration, so no need to re-register, just simply scan QR Code. It can also cut waiting time in mass vaccination to just 25 minutes/person.
Officer input data does not have to be a health worker (nakes) to reduce errors. Health workers can focus on being the vaccine injection team, so that the vaccination speed target can be achieved.
In terms of governance, the first thing that ID-IGF highlighted was that the application was not on the official PSTE list registered with the Ministry of Communication and Information. The recommended solution is to immediately register it as a PSTE, so that its status is legal and reliable.
Regarding application implementation, which is still hindered by smartphone penetration, which has only reached 58% of Indonesia’s population, ID-IGF recommends reversing the PeduliLindung application process, making it easier for people who do not have smartphones to continue their activities.
“So, every public place is provided with a terminal.” check-in manual with input NIK via screen dashboard connected to front-end PL through API,” concluded ID-IGF.
Editor : Abdul Muslim | ([email protected])