MANILA, Philippines – President Ferdinand Marcos Jr. on Monday, October 10, signed into law a measure requiring Filipinos to register their SIM cards along with any government-issued identification document in an ambitious move to combat fraud.
This is the first law signed by Marcos.
Here are the key features of Republic Act No. 11934 or the SIM Card Registration Act:
- The law requires telco companies and direct sellers to ask for a valid identification document first before selling SIM cards
- Those who already own a SIM card would be required to register with telcos within a given time period. Failure to do so would result in deactivation of SIM cards.
- The law directs telcos to disclose the full name and address of SIM card owners upon a subpoena or order of a court.
- Law enforcement agencies which conduct probes on crimes committed through phones may also request telcos to ask for details of the SIM card’s owner.
- Telecommunications entities are required to maintain a SIM card register of their subscribers. Companies must submit a verified list of their authorized dealers and agents nationwide to the National Telecommunications Commission with updates every quarter of the year.
- The use of false or fictitious information, the use of fictitious identities, and the use of fraudulent documents or identifications to register a SIM Card will be dealt with by appropriate penalties.
Marcos’ predecessor, former president Rodrigo Duterte, earlier vetoed the measure just before the bill lapsed into law. Duterte, much to his critics’ surprise, cited that the law would infringe on constitutionally protected rights.
The previous version included the mandatory registration of social media accounts. This provision has been taken out of the current version of the law.
While the law’s goal is to protect users from fraud and hasten law enforcement in probing phone-related scams, it presents gaping holes in data security and enforcement.
Analysts who opposed the measure also pointed out that scammers can easily shift to other means to fish out peoples’ information.
The law’s logic is simple: Registration of SIM cards unmasks fraudsters.
Telcos, banks, and data protection agencies support the legislation.
But privacy lawyers have said criminals can easily shift to other means to scam people.
Jamael Jacob, lawyer and privacy practitioner, earlier pointed out that bad actors can simply use foreign numbers, email platforms, or mobile applications.
“Once they do that, all that’s left is another massive state-sanctioned database that contains millions of pieces of personal identification information. Such databases are not only expensive to maintain but become honeypots for hackers and others to exploit,” Jacob said. Read his piece on the issue here.
Journalists, who rely on anonymous tips for leads and stories, are also set to be negatively affected by the measure.
What other countries are experiencing
Some 157 countries have enforced SIM card registration. Some of these countries’ experiences point to more drawbacks than advantages.
Hong Kong, which adopted registration in 2021, is facing email scams. Lennon Yao-chung Chang, a lecturer at Monash University in Australia, said some $31.3 million were lost to company email scams and $4.8 million to con artists on the phone, according to police data.
Saudi Arabia, which adopted a similar measure in 2019, was cited by Human Rights Watch and Amnesty International for abuse of the legislation against dissenters and reformists.
Here’s a story detailing how other countries implement SIM card registration:
The National Privacy Commission (NPC) earlier admitted that it is “fully aware” that implementation would entail a “massive collection of personal data.”
The NPC also admitted that some SIM card retailers may not have the resources to properly verify identities and authenticate identification cards.
To address these concerns, the NPC recommended that registration will be accomplished through a platform provided by telco companies.
The NPC also discouraged using a centralized server or database, as it would pose a greater risk in the event of a security breach. – Rappler.com