Indonesian Political, Business & Finance News

Cyber Expert Warns of Data Leakage Risks from Piles of e-KTP Photocopies

| By Faieq Hidayat | Source: KOMPAS Translated from Indonesian | Regulation
Cyber Expert Warns of Data Leakage Risks from Piles of e-KTP Photocopies
Image: KOMPAS

JAKARTA, KOMPAS.com - Piles of e-KTP photocopies that remain a requirement for various public services are considered to pose serious risks to personal data leaks.

The practice of collecting identity photocopies without clear storage and destruction standards opens up opportunities for the misuse of population information, from fraud to data exploitation.

Cybersecurity expert Alfons Tanujaya emphasised that the risk of data leaks from e-KTP photocopies collected by agencies or companies is very high because those documents can be easily accessed by anyone near the archives.

“Yes, it’s significant. There’s no control over it. So if an e-KTP is photocopied, anyone with access to that photocopy can access the information,” said Alfons when contacted by Kompas.com on Tuesday (12/5/2026).

“And not just agencies, companies too. Companies receiving job applications, we don’t know if they’re genuine or fake. They could be collecting data,” he added.

He stated that the habit of requesting e-KTP photocopies increases the chances of mass data collection without the knowledge of the identity owners.

Moreover, the modus operandi of misuse is not only through photocopies but also through digital documentation done without oversight.

“So it’s not just photocopies; even if the KTP is photographed, it’s vulnerable, right? The risk is quite large,” said Alfons.

Alfons stressed that the greatest danger is not merely requesting photocopies, but the management of documents after they are collected.

According to him, many agencies lack clear standards on who may access files, how long they should be stored, and how to destroy them when no longer needed.

“If an e-KTP is stored, there needs to be a timeframe for how long it’s required. The photocopy, then how long it must be destroyed,” said Alfons.

According to Alfons, data leaks do not always occur due to digital system hacking. In many cases, leaks can start from physical documents that are left piling up and unprotected.

“If misused, sold, or exploited,” he said.

Alfons noted that technologically, e-KTP photocopies are no longer necessary.

He believes identity verification can be done through the e-KTP chip with a card reader or through digital population identity (IKD) in the form of a QR code.

“Actually, there’s no need to show the e-KTP. The e-KTP has a chip. By tapping the e-KTP on an e-KTP reader, it should be readable,” said Alfons.

However, he acknowledged that card readers are not easily implemented on a large scale due to the relatively high cost of the devices and not all agencies can provide them.

“But the problem now is that the reader devices are expensive. That’s the issue,” he said.

“So every time, for example, entering a building or needing an e-KTP, just provide the QR code, scan it directly, and verify against the Dukcapil database. So nothing is stored there,” explained Alfons.

According to Alfons, QR codes cannot be read with the naked eye, making them safer than identity photocopies that display complete data.

“You can store the QR code; no one can read it. Only Dukcapil can read it,” he said.

Alfons emphasised that using the e-KTP chip and card reader could theoretically replace photocopies entirely. However, implementation needs to consider costs and infrastructure readiness.

“Clearly, if e-KTP readers and chips are everywhere, it can be done,” said Alfons.

He gave an example that currently, card readers are generally only owned by certain agencies such as banks, notaries, and mobile operators.

“Now, only certain agencies have them, for example, banks, notaries, and mobile providers,” said Alfons.

Therefore, he believes using QR IKD is more practical for widespread implementation, including in buildings or public services with high visitor volumes.

“It’s not realistic; using QR IKD in QR code form could be cheaper, just connect to the API,” said Alfons.

Without oversight and clear standards, old habits will continue, while piles of identity documents keep growing.

“If e-KTP photocopies are collected, there’s no control over it,” said Alfons.

He believes that as long as public services still consider e-KTP photocopies as the easiest way to verify, citizens will continue to be forced to surrender copies of their identities.

Kompas.com’s investigation at several health service facilities in Central Jakarta showed that the practice of requesting identity photocopies is still ongoing.

At the Menteng Sub-district Health Centre, for example, some administrative services still list e-KTP photocopies as part of the requirements.

View JSON | Print