Philippines’ crackdown on anonymous SIM cards prompts backlash
Some cybersecurity experts fear the SIM Card Registration Act will encourage identity theft and fraud.
Manila, Philippines – Like millions of other Filipinos, John Aguilar, 18, missed the April 26 deadline set by the government for registering his mobile phone under his own name.
Aguilar is not sure he will meet the extended deadline of July 26 either.
“I have no ID and I don’t know how [to register],” Aguilar told Al Jazeera.
Aguilar said he and his older brother tried to get an ID from their barangay, or village, but were refused after they were unable to provide proof of voting during last year’s presidential elections.
Manila is requiring all SIM card holders to register their name under the SIM Card Registration Act that President Ferdinand Marcos Jr signed into law last year with the stated aim of thwarting cybercriminals responsible for fraud, trolling and hate speech.
But the government’s effort is proving to be fraught in a country where it is not uncommon to lack officially recognised IDs.
In April, Secretary Ivan John Uy of the Department of Information and Communications Technology (DICT) reluctantly extended the deadline for registration while taking aim at “hardheaded” Filipinos who were slow to register.
Uy threatened those not in compliance with being cut off from social media sites such as Facebook and TikTok, saying, “Sometimes, you know, that’s the only language that some of our countrymen can understand.”
Last week, Uy announced that 95 million SIM cards had already been registered, leaving only five million more to sign up. The DICT has estimated that while there are 168 million SIM cards in circulation, only about 100 million are in active use. Uy did not respond to a request for comment.
Last year, Globe Telecom, the Philippines’ largest telecom provider, said it blocked 2.72 billion texts containing spam and malicious links.
Marcos hailed the SIM Card Registration Act as a tool for law enforcement agencies “to resolve crimes perpetrated with the use of these SIM cards [and] a strong deterrence against the commission of wrongdoing”.
While the stated aim of the legislation is to thwart cybercrime, including fraud, trolling and hate speech, some cybersecurity experts have warned that it could in fact lead to more identity theft and fraud.
While Marcos has promised to protect mobile phone users’ data during registration and the resulting massive data collection, the government recently relaxed the rules for obtaining IDs and registration in order to meet the sign-up target, prompting alarm among some cybersecurity experts.
Last month, Uy said he saw nothing wrong with sellers of SIM cards assisting registrants for a small fee.
Some Filipinos have reported being able to register without documents proving their identity.
Dennis, a street vendor in Manila, told Al Jazeera he was able to obtain a barangay ID last month without papers – no questions asked. He then asked someone to help him register his SIM.
Dominic Vincent Ligot, a social entrepreneur and technologist, said that because “ID verification is not solid, identities may be procured, and a black market has now formed in response to the regulation” of SIMs.
Ligot, founder and executive director of Data Ethics PH, a group that advocates for the ethical use of data and technology, noted that police last month arrested a Chinese businessman and his Filipino companion for allegedly selling pre-registered SIM cards for up to 2,500 pesos ($45) each, more than 50 times the typical price of an unregistered SIM.
GMA News quoted Police Brigadier General Kirby John Kraft as saying, “This is scary because these could get into the hands of criminals.”
Ligot said the SIM registration law may spawn other problems.
“In the case of identity theft, the need for SIM registration may actually increase the incidence of this as there is pressure from illicit agents to obtain registered identities,” he said.
Section 11 of the law also empowers law enforcement to impersonate any registered SIM user as part of its “authorised activities”, a provision Ligot argues is susceptible to abuse.
The vagueness of the provision particularly on who is accountable could lead to abuse, Ligot said.
“Many, many bad things can be done by spoofing a SIM, such as interception of SMS, giving the spoofer access to one-time passwords [OTPs], potentially giving access to e-banking account transactions, account password resets, etc,” he said.
Jamael Jacob, a lawyer who specialises in cyber law, said Uy’s suggestion that retailers could register users for a fee is dangerous because they could “register other SIM cards and then sell these to other people who may want their identities excluded or at least hidden from the registration system – like criminals, for instance”.
“The National Telecommunications Commission and the telcos just spent the past few months warning people about scammers who pretend to offer assistance to people trying to register their SIM cards,” Jacob told Al Jazeera. “In the same breath, they emphasised that the registration process is free of charge.”
“Now, here comes no less than the DICT secretary himself declaring the exact opposite,” he added.
“He is essentially saying that there may now be people who will in fact be offering assistance during registration – and these people are not scammers. He is leaving it up to people to determine if the individual offering registration assistance is a scammer or not.”
Jacob said the use of unreliable barangay IDs is just “more proof that this system will never be the solution to scams and other crimes committed through the use of SIM cards, which its proponents made it out to be.”
“There is a reason why barangay IDs have traditionally not been recognised as a proper government-issued ID. And that is because they are unreliable [and] can be easily obtained … if you know the right people in a barangay.”