The death of data privacy in the Philippines: SIM Card Registration Act signed into law

[jobbautista9]

https://interaksyon.philstar.com/politi ... -act-anew/

180 days after the SIM Card Registration Act has been passed, all SIM cards in the Philippines that aren't registered with their owner's name will be deactivated. Burner phones are pretty much illegal now, as your identity is now tied to a single mobile phone number.

The passing of the said law came amid a surge of SMS scams that started during the pandemic. It is commonly believed that the ineffective COVID contact tracing is to be blamed for this recent increase, as usually people give out their cellphone numbers to establishments they enter, like restaurants, clinics, and barber shops. And worse, they're written next to their name and sometimes their place of residence. Looks the personal data from those records have been compromised, either deliberately or accidentally, as people report text scams that have their name written in the message.

I did receive some SMS spam myself, but I haven't received any which has my name written on their messages, at least not yet. But I think this is a lame excuse by the government for their encroaching on the Filipino people's data privacy. Telcos here are already combatting spam and scams since day one. The National Telecommunications Commission sends out regular reminders about text scams. Just recently, one of the major telcos have filtered out all person-to-person texts that contain clickable links. While I'm not a fan of this filtering (I believe there are still legitimate uses for sending clickable URLs over SMS even though they're being abuse by spammers), I'd rather take this than tying my identity to my SIM card.

It seems the government is successful in manufacturing consent. They gain the consent from the majority and pro-government people by exaggerating the SMS spam issue and lying about how only SIM card registration will solve this problem. They gain consent from the opposition by saying that with SIM card registration, troll farms will vanish, which I highly doubt considering the huge amounts of confidential funds in the offices of the president and vice president, which they could very much use to buy "anonymous" SIM cards from the black market and use them for their own troll farms.

Needless to say, I have VERY LITTLE trust in this government of mine. Even Rodrigo Duterte (whom I am definitely not a fan of) knew the privacy implications of this act when he vetoed it at the end of his term.

[moonbat]

Lol India has had this for years and continues to get tremendous amounts of spam. One can't live without Truecaller installed. There the reason was 'terrorism'.

[Pentium4User]

This is something that happened in Germany in 2017. Most governments want to spy out their people.

[FranklinDM]

I did receive some SMS spam myself, but I haven't received any which has my name written on their messages, at least not yet.

You're kinda lucky in that regard. I had the same experience until I was eventually forced to create a Gcash account (it wasn't even verified), after which, I've began receiving spam messages with my real name on it. I didn't use it for any cash-in or physical transaction and was used only for transfers from my friends. I'm suspecting that there are scam artists working for them or they probably had an undisclosed data breach at some point. I've neither filled any contact tracing form with my primary number, and if necessary, I often use a "nickname", or installed any of the contact tracing apps such as StaySafe, so I'd rule those sources out.

I also agree that SIM card registration is not the way to solve the problem with spam messages. Considering our government's history of questionable and poor data handling practices, I'd argue that our personal information is at an even higher risk with these measures in place. *sigh*

[jobbautista9]

You're kinda lucky in that regard.

I'm actually less careful than you. I've entered my main cellphone number in several contact tracing forms (though now I regret doing that) along with my real name. So I'm surprised I haven't received one of those personalized SMS scams yet!

I don't use Gcash or StaySafe though. I don't do much transactions online, and when I do have to buy something from an online store, I always opt for cash-on-delivery. As for StaySafe, well, I can't trust it when it's not open-source (last time I checked they still haven't published their source code, even if it's now owned by the government). For something as sensitive as contact tracing I definitely would want transparency on how exactly they handle my personal data.

I also agree that SIM card registration is not the way to solve the problem with spam messages. Considering our government's history of questionable and poor data handling practices, I'd argue that our personal information is at an even higher risk with these measures in place. *sigh*

And with that history which they seem to haven't still learned from yet, they're pushing everyone to get their own national ID. Good luck to them, lol. Speaking of the national ID, have you gotten yours yet (did you even apply for it)? I haven't received mine for months now...

[FranklinDM]

Speaking of the national ID, have you gotten yours yet (did you even apply for it)?

Nope, and as long as it's not mandatory, I'm not planning on getting one in the near future. I don't see the point when other forms of identification (e.g. passport) are still accepted.

[Lucio Chiappetti]

Cannot comment on the situation in your country. In Italy we always had identity cards (which one has to show when identification with public administration is needed, as well as when opening a bank account, or registering at an hotel). Identity cards (valid also to going abroad in the EU and a few other countries) are preferred to passport by most people, since the latter is (was ?) covered by an yearly stamp duty (I haven't had a passport for years, nor I have renewed mine when it expired).
And I believe an id document is necessary also when buying a SIM (at least it was when I bought the one for my phone, and the one for my router), unless perhaps corporate ones.
Also everybody has a CNS (National Service Card) which is required to access the national health service, and also contains one's fiscal code (which is an unique identifier). All these stuff are issued by the government (one might roightfully wonder why a CNS and an id card) and were never considered a privacy concern.
Recently, with the need to authenticate one's access to online public administration sites, they boosted a form of two-factor identification called SPID. For unknown reasons SPID can be issued by a variety of even private providers (chief one is the Post). And, besides personal identification, SPID requires a cell phone number. The concern for this is not privacy but the need to own a cell phone. Level-2 authentication (some sites just require level 1., i.e. username and password) require an OTK which can either be obtained via a smartphone app, or an SMS, but there is a 3-month quota on the number of SMS.
Since the boosting was the closure of previous per-administration personal accounts, and I want to use a dumb phone, I do not use SPID but CNS with a card reader. One can use CNS or CIE (the newer electronic version of the id card) but they require different kind of readers and shared libraries. For CNS a ministerial site distributes libraries for each different version of CNS. For CIE instead only version 3 is supported (mine is version 2 and cannot be used).

Anyhow none of the above has to do with privacy, in terms of spam. Personally I am not getting any spam on the cell phone, but perhaps I was lucky in the choice of a serious telecommunication company.

[Moonchild]

Personally I am not getting any spam on the cell phone, but perhaps I was lucky in the choice of a serious telecommunication company.

I don't think this had anything to do with spam but rather with the fact that your phone number would become directly tied to your verified registered national identity.

[Lucio Chiappetti]

Tham that seems not unlike the fact SPID in Italy requires a "certified phone number" ...