SIM card registration: The bill is dead, long live the bill!
September 21, 2022 / Current Affairs, Dev Diary / By Jamael Jacob
Jamael Jacob is a lawyer and privacy practitioner wearing many hats including: data protection officer of a private university, policy and legal advisor of a non-profit, and data protection consultant. He is also the former (and first-ever) head of the policy unit of the country’s data protection authority.
The Philippines is yet again exploring legislation which would require people to link their national identity card or passport to register a SIM card. After similar laws were squashed in shocking fashion earlier this year, new bills are enjoying renewed support from a number of influential groups in the country.
The registration of a SIM card, where your national identity card or passport is linked to it, has become the norm in over 150 countries around the world, despite questions over its effectiveness and other collateral issues like security risks, state surveillance, and social exclusion.
Its most ardent supporters hail from law enforcement and national security agencies that are fond of pitching the idea that requiring a proof of identity to register a SIM and thus use a mobile device will deter and hamper the efforts of a wide array of boogiemen: terrorists, criminals, and a bevy of other bad actors.
Things have played out the same way in the Philippines. For years, the uniformed services and their patrons in Congress have lobbied hard for a SIM card registration law. In the wake of bombings or a spike in phone-enabled fraud, they influence public conversations to stoke support for a central SIM card registry—as if it were a panacea for many of society’s ills.
Bills do get filed but they always fade into irrelevance as other priority policies end up hogging the spotlight. Opposition to the measure has always been there— usually citing privacy and security concerns—but its impact has been minimal. It cannot take credit for the consecutive failures SIM card registration efforts have suffered for the past decade or so.
Things changed these last six years. In President Rodrigo Duterte, proponents found their perfect ally. A leader who shamelessly pandered to the country’s armed forces and stood by them even amid scathing criticisms and countless allegations of human rights violations.
With him in power, few were surprised to see the SIM card registration proposal breeze through Congress. Everyone, including civil society, felt its approval was a foregone conclusion.
To everyone’s surprise, however, Duterte himself squashed the incoming registration requirement. Right before the bill lapsed into law, the President vetoed the proposal, citing (of all things) human rights considerations. He argued that the law’s requirement for the registration of social media users would infringe on people’s constitutionally-protected rights.
Few people bought into that narrative. For some, at least, the more likely reason was that the President himself and the troll army he is suspected of maintaining benefit tremendously from online anonymity. At any rate, it was an odd yet comforting conclusion to a bizarre tale for rights advocates. Unfortunately, their comfort was ultimately short-lived.
Today, just months after the proposal’s demise, and with now-President Ferdinand Marcos, Jr., in power, at least 18 bills have already been filed in the legislature calling for its resurrection. Two of them even feature the same social media component that spelled their immediate predecessor’s doom.
By all accounts, the renewed push is even stronger than the last one, drawing support from nearly all sides. Apart from the usual suspects, the banking industry is all for it, too, as are some consumer groups, the data protection authority, and even the telecommunications sector. The latter two are noteworthy. Given its mandate, a privacy regulator is expected to keep its distance from measures that are privacy-intrusive by design. It is not supposed to favor them, let alone make an active endorsement. With telcos, their express support is a recent development. For years, they openly resisted this type of policy, carefully citing its human rights impact and significant cost implications, while questioning its effectiveness. They have completely reversed course without giving even a hint of an explanation.
To more suspicious minds, however, the most likely reason may be the enactment of the number portability law in 2021. That statute already requires telcos to establish a database in order to facilitate the transfer of mobile number accounts from one provider to another. This effectively takes away their foremost objection to SIM card registration: the substantial cost of database management.
But the telcos are hardly alone. Another group that stands to be affected negatively by a SIM card policy are journalists and their data gathering practices. And yet some of their peers have also now lent their voice to the proposal’s chorus of supporters. In a recent editorial, one of the country’s leading news dailies even called on legislators to fast track the passage of the law. Either they are oblivious to the fact that it would actually make their jobs exponentially more difficult, or they simply do not care enough. Journalists, after all, rely heavily on anonymous tips and confidential informants given the nature of their work.
This surprising turn of events notwithstanding, the massive support SIM card registration enjoys is not hard to explain. It offers a simple logic with an appealing hook: by requiring SIM card registration, you take away anonymity and unmask the people behind all these harmful (or at least annoying) calls and messages. In simpler terms, you facilitate accountability.
This message is quite effective, especially now that people are fuming at the deluge of unsolicited communications they are getting daily—many of which are full-on vishing and smishing attempts. Of course, they want to get their hands on the perpetrators and hold them to account!
There’s just one problem. The proposition has a fundamental flaw: it is premised on the false notion that anonymous calls or messages are only possible through the use of SIM cards. That is untenable. On the contrary, with the technologies available today, the list of ways spammers and criminal elements are able to communicate anonymously is constantly growing. SIM card registration is specifically designed to eliminate only one of them, while taking with it plenty of excess baggage.
That is the grim reality. Bad actors can quickly render SIM card registries ineffective just by shifting gears and choosing a different delivery mechanism (e.g., using foreign numbers, email platforms, mobile applications, etc.). Once they do that, all that’s left is another massive state-sanctioned database that contains millions of pieces of personal identification information. Such databases are not only expensive to maintain but become honeypots for hackers and others to exploit.
Yet no one is paying any attention to any of this. In fact, SIM card registration may already find itself a new home in the Philippines very soon. With both houses of Congress keen on making this happen and a new President not exactly known for his affinity towards human rights, there is little reason to doubt it becoming law. And this time around, there will be no surprise veto to save the day.
Nothing about this bodes well for a country that barely survived a half-dozen years marked with extra-judicial killings, intense suppression of government critics, and a calculated and sustained attack on human rights. One would be looking at a future where civic spaces will be smaller and much further apart, wretched symptoms of a once-promising democracy in decay.
At the time of writing, the SIM Card Registration Act is on the verge of being made into law.
Latest blog posts
The OPTF and Session
The OPTF is transferring its responsibilities as steward of the Session project to the newly established Swiss foundation, the Session Technology Foundation.
READ MORE »
October 15, 2024
Cyber laws around the world: Privacy is not the policy
There is no doubt that the European Union’s GDPR has changed the cyber regulation landscape forever. As onlookers from non-EU countries urge their governments and regulators to adopt similar legislation, countries are rapidly adopting their
READ MORE »
December 04, 2022
The long and winding road : Striving for data protection in Indonesia
Juliana Harsianti is an independent researcher and journalist working at the intersection of digital technology and social impact. The long awaited Indonesian Personal Data Protection Bill was approved by the parliament on 20 September 2022.
READ MORE »
November 17, 2022