CYBERCRIME cases continue to rise this year despite the passage of the SIM Registration Act of 2022, which was supposed to curb such online offenses.
Notwithstanding this promise, data from the Philippine National Police's Anti-Cybercrime Group show there were 4,469 incidents of online crime in the first quarter of 2024, up 21.84 percent from the 3,668 reported in the preceding quarter.
Online selling scams topped the list of cybercrimes, followed by investment scams and debit or credit card fraud.
With the chickens clearly home to roost, lawmakers who led the legislative charge for SIM card registration are casting about for scapegoats, such as the National Telecommunications Commission (NTC), for failing to implement the law.
One senator, a co-author of the law, noted that it was the NTC's responsibility to ensure its effective implementation. That law, he said, was passed precisely to provide accountability for those using SIM cards and support law enforcement in tracking perpetrators of crimes committed through mobile phones.
The senator accused the NTC of "sleeping on the job" after recent raids on online casinos in Bamban, Tarlac, and Porac, Pampanga, yielded a stash of assorted SIM cards that had supposedly been used to carry out various online scams.
In response, the NTC said that although SIM registration was "an important tool" against crimes committed using mobile phones, it was "not a silver bullet against messaging scams."
It noted that scamming has become a regional phenomenon and is no longer confined to local players. Moreover, the use of over-the-top messaging platforms, such as WhatsApp, Viber, Telegram and Messenger, to perpetrate scams is not addressed by SIM registration.
Still, the NTC promised to "tighten its regulations pertaining to SIM registration to the fullest extent allowed under the existing law," perhaps as a way to get inquisitive senators off its back.
These same senators, however, really ought to be asked why, in their rush to push flawed legislation, they ignored the fact that even the GSMA, which represents the interest of some 750 mobile operators worldwide, had concluded that there is no empirical evidence that SIM card registration leads to a reduction in online crimes.
In fact, mandatory SIM card registration can pose a serious threat to mobile phone users because the creation of an extensive database of their user information — which may be all too tempting a target for hackers — puts them at risk of being tracked or targeted, and having their private information misused.
One need only consider the number of government agencies hacked last year to appreciate the danger of a massive data breach involving mobile users' personal data. In February 2023, the Facebook page of the Philippine Statistics Authority in Central Visayas was hacked. In September of that year, the Philippine Health Insurance Corp. was attacked by ransomware that resulted in the personal information of at least 13 million members being uploaded to the dark web. Indeed, the poor state of cybersecurity makes mandatory SIM registration a double-edged sword at best.
The Cybercrime Investigation and Coordinating Center (CICC), an attached agency of the Department of Information and Communications Technology, said the exploitation of vulnerable consumers' data had fueled a black market for "preregistered" SIM cards used in digital fraud.
In August 2023, police seized 30,000 of such SIM cards during a raid on the offices of a gaming company. The CICC said a large number of these cards had been used to receive the proceeds from crimes through online payment services, such as GCash and Maya.
"Despite mounting evidence that mandatory SIM registration is costly, intrusive and not the solution to the problem most countries are trying to solve, every year more governments try to roll it out," Privacy International says.
SIM card registration laws are often defended on the flawed assumption that they help fight crime, Privacy International notes, but the practice has been exposed as ineffective and inefficient in some countries that have adopted its use. For example, in Pakistan, requiring SIM card registration resulted in the emergence of black markets for unregistered SIM cards and a rise in identity fraud. Mexico's card registration law was enacted in 2009 but was repealed just three years later after yielding no improvement in the prevention, investigation and prosecution of associated crimes.
Instead of searching for scapegoats, lawmakers might more productively spend their time reviewing the legislation for flaws and correcting these. In the process, they might learn a lesson or two from the experiences of other countries that have gone down the same road.