A rundown on what makes the bill controversial
In case you were wondering, the SIM Card Registration Act (which you can read here) was recently lapsed into law as President Rodrigo Duterte neither vetoed or signed it. TL;DR, this bill requires everyone to register with a valid ID and sensitive information such as full birth names and addresses before purchasing a SIM card. Anyone found to be using these channels to engage in related crimes, such as terrorism, text scams, obscene messages, bank fraud and disinformation will face the court of law and will be penalized with fines up to P200,000.
Private telecommunication companies (PTEs) have expressed support over the passage of the law. However, groups from different sectors, such as the LGBTQIA+, internet and tech coalitions and other citizens, rallied either veto the bill or have certain sections amended and repealed before its ratification.
Why is there clamor against it in the first place? Isn’t it the opportune time to add safeguards against trolls, scams, unwanted data leaks and hate speech? Unfortunately, the issue is a bit more complex than you think. Up ahead, we cover the the reasons why groups are against its passage.
Anonymity is highly accessible but misused.
Acquiring a prepaid SIM card in the Philippines is easy. Buying your own requires a trip to the nearest supplier, which can be through a convenience store, accredited shops and even online. Not to mention it requires no registration at all. But, of course, a downside to this is the accessibility that lets these cheap SIMs get misused, from fraudulent participation in online games to elaborate phishing scams, especially with the added layer of anonymity. Do we remember the great wave of shady job offer messages in late 2021? While telcos promptly blocked thousands of numbers and messages, it feels a bit odd that no one was penalized for the alleged data breach and scam. However, with the SIM Card Registration Act in place and the numbers used were associated with a person, maybe law enforcement would have a lead to the mastermind. In an ideal world, anyway.
However, despite the promise it holds in keeping us safe from scammers, groups and citizens are alarmed by specific provisions and scenarios.
Provisions that go against gender expression and free speech.
In Section 10, Clause C, the bill states penalties over P200,000 for those caught purchasing a SIM card using “fictitious identities.” However, the bill did not define what constitutes these fictitious identities in the first place. For LGBTQIA+ advocacy organization Bahaghari, this line allows the criminalization of transgender people and other members of the community who use lived names in place of their legal names. This claim is supported by the International Coalition of Jurists (ICJ), as transgender people in the country still cannot change the names and gender markers they’re assigned at birth.
Both groups also point out that the SIM Card Registration Act comes hand-in-hand with the rampant red-tagging and controversial Anti-Terrorism Law to conduct surveillance on regular citizens expressing dissent. Section 8 declares that PTEs shall treat all information gained with the utmost confidentiality. But Section 11 states that PTEs will be requested to disclose the sensitive information once there is a written and sworn complaint that a specific number is used for “malicious, fraudulent or unlawful purpose.” Given the possible implications of the Anti-Terrorism Law, any expression of dissent might be taken as such.
What happens when third-party sellers gain a lot of sensitive information?
Aside from its possible infringement of human rights, the high concentration of sensitive information, especially for third-party sellers, makes these databases required by the SIM Card Registration Act attractive to cybercriminals. The Asia Internet Coalition (AIC) expressed the security and privacy concerns they found in the bill. The coalition emphasizes there will be an abundance of potential abuse scenarios once implemented, as third-party resellers usually should not be asking for sensitive information. Many people could be at risk if there is a minor breach in their databases, hence more individuals being targets of cybercrimes.
These groups and coalitions already cite other countries that implemented such measures, and those who discovered that these do not curb cybercrime. But since the bill has already lapsed into law, we can only hope that the Implementing Rules and Regulations (IRR) would consider the questions raised by different communities. After all, the bill stipulates that the National Telecommunications Commission (NTC) should work closely with the Department of Information Communication Technology (DICT), Department of Trade and Industry (DTI), National Privacy Commission (NPC) and major consumer groups in crafting the guidelines. All experts and all stakeholders should come together to implement this bill without it making vulnerable to all sorts of misuse from any entity.
Art Macky Arquilla