Security vs Privacy
In 2022, when the SIM Registration law was passed, I expressed concern about the creation of a national SIM registration database. This database consolidates personal data, including names, photographs, IDs, mobile numbers, and other sensitive information, thus forming a substantial digital footprint. Such databases could easily become targets for hackers or malicious actors aiming to misuse or exploit the stored information.
At that time, I challenged policymakers, regulators, government officials, and industry leaders to prioritize data security and privacy protection. Achieving this, I argued, demands the implementation of advanced, next-generation cybersecurity measures.
Of late, the government chose to request Congress to establish a regulatory body dedicated to monitoring fake news and identifying troll farms. Additionally, the National Telecommunications Commission (NTC) proposed that mobile users register their SIM cards in person rather than online.
Both initiatives, in my view, fundamentally miss the mark and could lead to unintended negative outcomes. Mandatory SIM registration, along with online content regulation, presents opportunities for increased state surveillance and potential authoritarian abuses. Authorities could misuse these mechanisms to suppress political dissent, monitor opposition figures, and restrict freedom of expression.
The core of the debate lies in whether mobile telephony and the use of frequencies for voice and data should be viewed as a regulated privilege or recognized as critical infrastructure essential for modern societal functions, warranting easier access and greater convenience.
Mobile phones have become indispensable tools for social interaction, economic participation, and financial inclusion, especially in areas where mobile internet is the primary means of connectivity. Consequently, excessively stringent registration requirements might inadvertently restrict access for marginalized groups such as the urban poor, rural communities without formal identification, and economically disadvantaged sectors.
Strict regulation can unintentionally erect barriers to digital inclusion, undermining broader socioeconomic development goals. Policies that impose excessive burdens on SIM card acquisition conflict directly with international initiatives promoting digital accessibility and financial inclusion.
Therefore, SIM registration policies should carefully balance security and privacy without unnecessarily restricting accessibility. Other countries, like the Philippines, already adopted hybrid registration models that blend online and offline procedures. These models provide greater convenience, reduce logistical difficulties, and leverage digital technology to maintain secure verification without creating significant exclusionary risks.
That is why I find it perplexing why the NTC now insists on reversing course by mandating in-person registration — a method that is cumbersome, inconvenient, and not inherently more secure. Requiring physical presence for registration consumes substantial resources, creates logistical bottlenecks, and disadvantages individuals in rural or remote areas with limited access to registration facilities.
The inefficiencies and inconveniences associated with exclusively in-person registration are considerable. It is a costly, time-consuming, and often inaccessible process, particularly in densely populated urban settings and isolated rural communities with inadequate infrastructure. This approach disproportionately impacts low-income groups, exacerbating existing social inequalities.
Even if registration is permitted at points of sale, in-person methods remain vulnerable to human error, fraud, and corruption. Instances of bribery, identity theft, and mismanagement are significantly higher in manual registration processes. Countries relying heavily on physical forms managed by officials frequently experience these vulnerabilities, undermining the security goals that mandatory registration aims to achieve.
Concerns about scams and criminal activities will not necessarily diminish through in-person registration. Modern technology allows individuals to circumvent SIM registration entirely. Technologies such as virtual SIM cards (eSIMs) and Voice over Internet Protocol (VoIP) services — including popular apps like WhatsApp, Telegram, Signal, and Skype — enable anonymous communication without requiring a traditional SIM card linked to a personal identity.
Furthermore, advancements in virtual private networks (VPNs) and virtual phone number services provide anonymity and significantly weaken the intended effectiveness of SIM registration in deterring criminal activity. Scammers and criminals regularly exploit these technologies, reducing the practical value of mandatory SIM registration as a crime prevention tool.
Scammers are continuously adapting, using increasingly sophisticated methods such as spoofing caller IDs, cloning registered SIM cards, and exploiting vulnerabilities in mobile networks. The availability of fake identification documents and registration circumvention services on dark-web marketplaces further undermines the effectiveness of mandatory SIM registration laws.
In essence, mandatory SIM registration — whether conducted online or in person — cannot guarantee comprehensive security. Instead, ensuring robust cybersecurity, raising public awareness, and enacting strong data protection legislation are crucial to addressing these threats effectively. I have consistently advocated for this comprehensive approach since 2022.
I support mandatory SIM card registration to the extent that it contributes to security, crime prevention, and anti-terrorism efforts. However, in-person registration should remain optional, not mandatory. The fundamental benefit of mandatory registration lies in increased accountability, as mobile users become aware that authorities can trace their activities, potentially encouraging more responsible usage.
However, security measures must be balanced by robust privacy protections, transparency, and digital inclusivity. Mandatory SIM registration alone is insufficient to ensure comprehensive security. Centralized databases, if compromised, pose significant risks such as identity theft, stalking, blackmail, or other forms of harassment to millions of individuals.
We could retain existing practices regarding SIM registration while prioritizing secure digital identification systems for online registration. Integrating the national digital ID system with SIM registration would streamline processes and enhance security. However, this integration requires first addressing existing issues within the national ID infrastructure.
Additionally, we must strengthen legislation, regulations, and systems to ensure effective data protection, transparent data handling, strict access control measures, robust encryption, and clear accountability mechanisms. Public education campaigns should also inform users about protecting personal information, recognizing potential scams, and adopting secure mobile usage practices. In preserving security, we must respect privacy.
Marvin Tort is a former managing editor of BusinessWorld, and a former chairman of the Philippine Press Council
