Scams, potential privacy violations plague SIM registration process

THE registration process for Subscriber Identity Module (SIM) cards has been beset by scams, potential violations of phone subscriber privacy, and technical issues, the non-profit Foundation for Media Alternatives (FMA) said.

“All the glitches, setbacks, and failures documented throughout the ongoing registration period demonstrate how unprepared, ill-equipped, and weak-willed the Philippine government is in establishing and maintaining another massive database of personal information,” the FMA, which advocates for information and communications technology users, said in a report.

FMA said the SIM card registration process, which was required under the Subscriber Identity Module Registration Act, also featured low turnout, function creep, surveillance, and the exclusion of some users.

The National Telecommunications Commission (NTC) estimated that as of May 15, only around 95.99 million subscribers or 57.13% of the total have registered.

“This problem is hardly surprising. Even before the system’s implementing rules took effect, one telco official acknowledged the ‘big challenge’ the industry was bracing for was how to encourage people to actually register,” FMA said.

It added that the NTC encountered many technical snags during the rollout, including unsuccessful registration, inaccessible registration portals, and the failure to send registrants their one-time PINs to proceed with registration.

“At any rate, the NTC became so concerned that it issued a memorandum directing telcos to report the problems encountered by their respective subscribers during registration. For its part, the Department of Information and Communications Technology launched a 24/7 complaint center meant to address SIM card registration issues and concerns,” FMA said. 

Once the registration began, reports surfaced about scammers offering to assist would-be registrants and asking for their personal details, according to FMA, in the face of warnings from telcos, the NTC, and the National Privacy Commission.

FMA said that the SIM registration could also be used by telcos for their own purposes such as for advertising and promotional offers.

“Controversy arose almost immediately after people complained of tick boxes put up by some telcos asking for their consent to the use of their personal data for marketing and profiling purposes, as well as the sharing of their personal data with third parties,” FMA said. 

“It is not inconceivable that the SIM card registration system will be weaponized and used as a tool of mass surveillance and authoritarianism,” FMA said.

FMA said the Philippine National Police has not given assurances that the data collected from the registration will solely be used to investigate SIM card-aided crimes.

“Like any ID mechanism, a SIM card registration system has that inherent potential to exclude, and, more often than not, impacts people that are already disadvantaged,” FMA said.

FMA said such disenfranchisement happened in Nigeria and Kenya after registration was required.

“Today, telcos appear to have made peace with that outcome given their full support for the system. They seem content with just ramping up their assisted registration initiatives,” it said.

“Despite these efforts, however, there remains no credible solution to the problem that a significant portion of the population do not have IDs or even civil registration papers needed for registration,” it added.

FMA said that the databases that will be created as a result of SIM registration will become security liabilities.

“Centralized databases are widely known to be honeypots that attract a lot of unwanted attention from bad actors,” it said.

“In the meantime, the responsibility of the NTC, the NPC, and other regulators to protect the people and their personal data, as well as to holding telcos and other stakeholders (including fellow government agencies) to account is going to be critical,” it added. — Justine Irish D. Tabile