SIM registration, a silver bullet?
Text scams impact on a much bigger cybersecurity aspect — that of consumer databases being breached due to the fault of companies mandated to keep them secure and private.
Flying through the legislative mills of the Senate and the House of Representatives are measures proposed to make mandatory the registration of all postpaid and prepaid smartphone SIM or subscriber identity modules.
For postpaid clients of the various telecom companies, the registration requirement need not be written into law because that has always been the case for this sector.
If you want a postpaid account, there’s no going around being asked by telcos for your personal data, identification cards and bank details, etc. But for prepaid SIM buyers, if the proposals are passed into law, they would have to submit some requirements asked of postpaid users.
That would be the end of buying prepaid SIM cards without providing any identification and using the same to harass other people or, worse, perpetrate scams on them like balance or load transfers.
In the House, its Committee on Information and Communications Technology has approved a consolidated measure requiring the registration of all SIM cards. The panel consolidated into House Bill 14, HBs 59, 116, 506, 794, 841, 951, 1528, 2113, 2478, 2819, 2923, 3299 and 3327.
Yes, they’re that many, which only goes to show that our lawmakers think that a SIM card registration law would serve as the silver bullet against their use in criminal activities. In fact, HB 14, the mother bill, was already approved on third and final reading during the previous 18th Congress.
In sponsoring the bill, one congressman blamed the unregulated SIM card market as being behind several mobile phone scams, including the use of sophisticated voice phishing methods and marketing spams to gain unauthorized access to the sensitive personal information of phone users.
While cellular phone service providers are blocking SIM cards by the millions due to complaints from subscribers, prepaid SIM cards sell for as low as P30 at any sari-sari store that scammers merely throw away and replace those that had been blocked by the telcos.
“Due to the lack of SIM card registration, it becomes nearly impossible to trace the persons behind the text scams and hold them accountable for fraud, breach of data privacy, or other punishable offenses that they committed using an unknown mobile number,” one lawmaker said.
SIM registration, according to its proponents, would promote end-user accountability, help law enforcement agencies collar scammers and prevent the proliferation of mobile phone scams.
However, even if it’s true that the Philippines and Israel are the only two countries where the registration of prepaid SIMs is not mandated by law, it would be naive to think that the present massive text scams that already include the names and other details of the targets are being perpetrated on a piecemeal basis, using one SMS at a time from the scammers’ phone.
Information technology, data privacy and cybersecurity experts are nearly unanimous in saying that the smishing attempts we are seeing now through SMS are being done through so-called text blast machines or programs and applications run by computers.
But whether sent through laptops or phones, the text scams impact on a much bigger cybersecurity aspect — that of consumer databases being breached due to the fault of companies mandated to keep them secure and private.
This should be one of the thrusts that congressional investigations must look into, because it is very clear that such databases had either been hacked or sold in the Dark Net to malevolent Internet parties now using them for smishing operations.
Some telcos were quick to blame players overseas for unauthorized access to their customers’ accounts. Granting that the end-user attacks are coming from abroad, the duty to provide security to the databases of Filipinos lies in the hands of those who, in the first place, gathered that information.
With the registration of prepaid cards, we will just be creating another database of Filipinos and their sensitive personal information for the taking of online criminals. Before we seek to create such databases, we must first guarantee their security and privacy.
Read more Daily Tribune stories at: https://tribune.net.ph/
Follow us on social media