Ending text scams or filling a pot of gold for hackers?
Then-President Rodrigo Duterte vetoed the proposed SIM Card Registration Act. The former president’s veto message was ironic since he was accused of committing grave crimes against humanity, but he was worried about the state’s intrusion and freedom of expression. The proposed act did not find its way into the statute books.
Under Marcos Jr.’s helm, the bill became a law in a breeze. With the signing of Republic Act 11934 or the SIM Registration Act. The law requires establishing a system for selling and registering SIM cards. Mobile phone subscribers with prepaid SIM cards have 180 days from the time the law takes effect to register and verify their phone numbers with their respective public telecommunications entities (PTE). Failure to comply will lead to the SIM card’s deactivation.
The National Privacy Commission (NPC) expressed support for the intention of the law to prevent the proliferation of various and evolving electronic communication-aided criminal activities. Still, it cautioned that there is a strong need to develop a technology-neutral approach and to future-proof the law as it entails a massive collection of personal data.
But the law is not a welcomed development for privacy advocates. According to Privacy International, SIM registration has not effectively curbed crime but has fueled it. They said states that adopted SIM card registration have seen the growth of identity-related crime and have witnessed black markets quickly pop up to service those wishing to remain anonymous. Criminals can easily clone SIMs or use foreign SIMs in roaming mode or internet and satellite phones to avoid SIM registration requirements (ph.news.yahoo.com).
In our recent memory, three members of a hackers’ group were arrested due to the supposed data breach involving COMELEC’s poll software provider Smartmatic. The extent of the data breach is not clear. Just a month ago, Philippine Airlines disclosed that it had become a cyberattack victim after criminals targeted its information technology service provider and exposed the personal data of Mabuhay Miles members.
Since the Data Privacy Act became law, observers note that no one has been fined or jailed for violating the 2012 law. Doubts are deepening about the enforcement of the law and what that means to protect data-privacy in the Philippines (mlexmarketinsight.com).
The problem with our laws trying to regulate fast-changing technologies is obsolescence. The SIM Registration Act may soon become obsolete before it can curtail the evil sought to be avoided. By then, all our private information has been delivered like a pot of gold to enterprising criminals.