SURIGAO del Norte Rep. Robert Ace Barbers says the SIM Registration Act needs "more teeth" to stop online scams, noting that such criminal activities continue unabated despite the law's passage in 2022. The lawmaker does not specify the amendments he proposes, but the rationale for his call to action dovetails with the arguments that some critics of the law made when it was first being considered.
In other countries, SIM registration has not been effective in curbing crime but instead has fueled it, says Privacy International, a United Kingdom-based registered charity that defends and promotes the right to privacy across the world. States that have adopted SIM card registration have seen the growth of identity-related crime and have witnessed black markets quickly pop up to service those wishing to remain anonymous, the group adds.
Moreover, SIMs can be illicitly cloned, or criminals can use foreign SIMs on roaming mode or internet and satellite telephones to circumvent SIM registration requirements.
In Pakistan, requiring SIM card registration resulted in the emergence of black markets for unregistered SIM cards and a rise in identity fraud. Mexico's card registration law was enacted in 2009 but was repealed just three years later after yielding no improvement in the prevention, investigation and prosecution of associated crimes.
Closer to home, Darius Delgado, head of Globe Telecom Inc.'s Consumer Mobile Business, said in a published interview in January 2024 that since all unregistered SIMs were deactivated following the July 2023 deadline under the law, the scams that persist may have been obtained from the black market of SIMs registered with false identities. He said there was also a market for selling or loaning legitimately registered SIMs to be used as "mules" by criminals.
On a fundamental level, it is important to note that many of the burgeoning spam and scam messages these days are perpetrated using over-the-top, or OTT, media services or chat apps and social media accounts such as Facebook, Instagram and TikTok, which are clearly outside the scope of telecommunications companies — and beyond the ambit of the SIM Registration Act. Giving this law more teeth, as some lawmakers propose, would do nothing to curb online scams and would be akin to installing speed bumps on the road to stop cars with faulty brakes. The "solution" is no solution at all.
Finally, lawmakers and policymakers must recognize the vulnerability of our information technology systems.
Statista reports that the number of data breaches in the Philippines reached roughly 140,000 during the fourth quarter of 2023 alone. Rapid digitalization, evolved hacking and lack of adequate cybersecurity measures are some of the main reasons behind these growing security threats.
Last year, a cybersecurity firm placed the Philippines fifth in the most number of data breaches in Asia since 2004 and 17th globally. According to its Global Data Breach statistics, 124 million accounts had been breached in the Philippines — the second-highest count in Southeast Asia.
In October 2023, the government confirmed that a ransomware attack on the state-owned Philippine Health Insurance Corp., or PhilHealth, the month before had stolen the personal information of 8.5 million senior citizens.
In June, Jollibee Foods Corp. admitted to being the victim of a data breach that could affect about 11 million customers and its connected companies. In a report to the National Privacy Commission, the fast food giant said the breach compromised sensitive personal information in the largest data breach in Philippine history. The exposed data included dates of birth and senior citizen identification numbers.
Consumer rights organizations, such as Rights Action Philippines, note that several high-profile data breaches highlight significant gaps in the ability of organizations to protect personal information.
Telecom Review notes that the Philippines is facing heightened risks of cyberattacks and security breaches due to its tech-savvy population and limited data protection measures.
"One of the significant issues contributing to data privacy concerns is the mandatory SIM card registration implemented by the government," Telecom Review writes. "While intended to enhance national security and combat illegal activities, such as terrorism and fraud, this initiative has raised apprehensions regarding the protection of personal data."
In a country like ours, where cybersecurity is demonstrably poor, the collection of huge databases with the personal information of millions of consumers is an open invitation to hackers — and a portal to even more cybercrimes based on identity theft. All these must be considered before lawmakers try to tweak a defective law and make matters worse.