Source:
https://scmp.com/week-asia/people/article/3205183/philippines-new-sim-card-law-could-be-abused-corrupt-officials-critics-say
This Week in Asia/ People

Philippines’ new SIM card law could be abused by corrupt officials, critics say

  • The SIM Card Registration Act is meant to crack down on mobile phone scams and other crimes, but has raised concerns of data privacy and abuse
  • Critics also point to a section of the law that lets authorities carry out ‘spoofing’ of a registered SIM, in which a caller displays a different number to deceive someone during an investigation
The Philippine government has given some 150 million active SIM card owners up to next August to register, including those retained by overseas Filipino workers in cities like Hong Kong. Photo: AFP

As more than 4 million mobile phone users in the Philippines registered their SIM cards to comply with a new law this week, a manager at a small computer shop in Metro Manila said he would not rush to do the same.

His shop assistant said he would not register at all: “They’re collecting personal data and you don’t know what they’ll do with it.”

President Ferdinand Marcos Jnr in October signed into law the SIM Card Registration Act, a move meant to crack down on mobile phone scams and other crimes but has raised concerns of data privacy and abuse.

Chief among the worries by critics is a section of the law that allows authorities to carry out “spoofing” of a registered SIM during “authorised activities of law enforcement agencies”.

Spoofing, according to the US Federal Communications Commission, is done when a caller “deliberately falsifies the information transmitted to your caller ID display to disguise their identity”. In other words, the caller could display the number of a company, state agency, or person a victim knows or trusts.

Jamael Jacob, a former director of the Privacy Policy Office of the National Privacy Commission, noted that the law did not spell out any procedures that require users of government-owned SIM cards to register their own numbers.

This gap in the law, as well as this express ability to spoof numbers, would make it “very difficult, if not impossible” to hold government agents accountable for any misdeeds, Jacob said.

“While … law enforcement are sometimes allowed to carry out some type of deception when they perform their work (such as when they carry out entrapment operations), there needs to be appropriate guardrails so that such ability is not abused or misused,” Jacob said.

“In this case, the law doesn’t really explain what it considers to be ‘authorised activities’ of law enforcement agencies. It is then very susceptible to abuse or misuse, placing a number of rights – like those of the accused – at risk.”

President Ferdinand Marcos Jnr recently signed a law requiring all SIM cards to be registered in a bid to crack down on mobile-phone scams and other crimes. Photo: EPA-EFE
President Ferdinand Marcos Jnr recently signed a law requiring all SIM cards to be registered in a bid to crack down on mobile-phone scams and other crimes. Photo: EPA-EFE

Jacob said the loopholes could be “easily exploited by government agents or personnel to commit unlawful or at least questionable activities”.

“An optimist might simply assume that government agencies or entities – just like their private sector counterparts – will also be required to register SIM cards they purchase and issue in favour of their respective personnel,” Jacob said.

Unfortunately, unlike the private sector, the government has the unique ability to invoke numerous justifications to exempt itself from many legal requirements,” Jacob said.

“Thus, if government personnel were to use government-issued numbers for illegal activities, it does not look like there are enough safeguards in the law that guarantees those responsible will be held to account.”

Meanwhile, as telecommunications companies rolled out the registration forms, National Privacy Commissioner John Henry Naga asked providers to explain why some of their websites included check boxes that asked for “the users’ permission or consent in using their personal data submitted for marketing, profiling, or sharing with third-party partners” – which is not part of the Subscriber Identity Module (SIM) Registration Act.

Both Globe Telecom and Smart Communications Inc told Naga that these were “just optional”. A third telco firm, Dito Telecommunity – which is partly owned by Chinese state-owned China Telecommunications Corporation – said its registration website had no such check boxes.

The Philippine government has given some 150 million active SIM card owners up to this April, extendable to next August to register, including those held by overseas Filipino workers in cities like Hong Kong. Those who fail to do so by the deadline would have their cards deactivated.

Lawyer Ariel Tubayan, Globe’s head of the policy division, corporate and legal services group, noted that the law allowed people to produce 17 different kinds of government ID cards, including those issued by a barangay (village) chief where the registrant lives, in cases where the person’s birth was never officially registered with the government.

But Jacob said many from vulnerable sections of society are unable to produce IDs which could hamper their ability to communicate via mobile phones.

Filipino workers enjoy their day off in Hong Kong. Photo: Dickson Lee
Filipino workers enjoy their day off in Hong Kong. Photo: Dickson Lee

The law is intended to prevent scams and spam and to “provide law enforcement agencies the tools to resolve crimes”. In the first seven months of this year alone, Globe said it had blocked 784 million spam and scam mobile messages and deactivated 14,058 SIM cards.

Globe has 87.9 million pre and postpaid subscribers, while Smart accounts for 67 million subscribers and Dito close to 15 million, according to the companies.

Jacob criticised the government for its “very narrow and shallow view of the problem”. He pointed out that the law failed to take into account spam messages coming from foreign numbers. He also worried over the “vulnerability of SIM case databases to hacking data breaches”.

“The experiences of Indonesia, Malaysia, and Australia prove that this risk is very real,” he said.

A 2017 cyberattack exposed 46.2 million mobile numbers and home addresses stored by telco companies in Malaysia. In 2021, hackers stole “tens of thousands” of SIM card data from the Australian firm Telstra’s cloud storage. The data of 1.3 billion registered mobile phone users in Indonesia was leaked online in August by a hacker called Bjorka.

Globe’s Tubayan said the law would mean “less spam, hopefully”. But he added, “what [spammers] will do is migrate to messaging apps like Telegram or Viber”.

He also said that the authorities’ power to spoof could be restricted by the Supreme Court issuing an implementing circular in the same way it did for the issuance of cyber warrants. “This may include a process where telcos are informed of the numbers that will be used,” he suggested.

However, for human rights advocates like left-wing Bayan Muna former congressman Carlos Zarate, the law would mean giving the government the ability to spy on its critics which he said was unconstitutional.

A Globe Telecom outlet in Manila. Photo: Bloomberg
A Globe Telecom outlet in Manila. Photo: Bloomberg

Jacob questioned the National Telecommunications Commission’s decision to give users only five days after the registration period to “reactivate” their SIM before it was permanently deactivated. According to the law, he said “a deactivated SIM may still be revived after registration and it doesn’t impose a prescriptive period for the reactivation.”

He also added that “people can really question” the panel’s other contentious move which required customers to submit a selfie on top of the ID to the telco firms.

Globe’s Tubayan said allowing deactivated SIMs to be reactivated indefinitely would “in fact be extending the period of activation” and be “difficult” to implement. Globe updated its policy stating that if a user fails to register “before the deadline, the SIM will be deactivated permanently.”