The privacy concerns of tying SIM cards to real identities

The registration of SIM cards tied to a verified identity is back in the news, off the back of large-scale phone fraud. In what some may call a knee-jerk response to a problem, there are calls to revive a legal bill and make it law. What’s happening, and what are the potential ramifications?

Hitting spam with the registration hammer

More than 1 billion suspicious messages and spam texts have been sent in the Philippines in 2022 so far. These messages run the usual range of phishing and fraudulent transaction attempts. This is enough to have Senators calling for “tougher measures” on cybercrime.

This would be in the form of a bill drafted earlier in the year, aiming to have social media users register legal identities and phone numbers. Turned down due to a lack of detail and guidelines which “may give rise to a situation of dangerous state intrusion and surveillance threatening many constitutionally protected rights”, it’s now back on the table. The problem is, there appears to be no fix for privacy invasion and the more general concerns outside of social media use.

The weaving web of SIM registration

Tying SIM cards to real world identity registration is an idea which has been around for a long time. In many places, there doesn’t appear to be much of an appetite for such a policy. In the UK, for example, you can buy any SIM of your choosing with cash and start using it in your phone, although that’s not to say mandatory registration of one form or another doesn’t exist.

China has a well known daisy-chain of registrations for all manner of online and offline activities. Real name registration is tied to online accounts, which as noted by Comparitech means there’s no way to make anonymous accounts when combined with SIM registration.

Elsewhere, several nations have put it forward as a legal suggestion only to go on and retract the idea. It’s the very definition of a “blowing hot and cold” topic.

The risks of SIM registration

There are many potentially harmful privacy issues where tying ID to SIM purchasing is concerned.

  1. Oppressive regimes are only too happy for people trying to evade censorship to become tangled up in registration schemes. The chilling effect on free speech is overt in these scenarios.

  2. People and families at risk from domestic abuse may struggle to register a SIM, especially in situations where money is tight or they’re on the run without identity documents. It’s also one more database for all their information to wind up on, with the possibility of a breach and leak down the line.

  3. You can almost guarantee any such data will be plugged into marketing and advertising, especially in places where there’s no provision to expressly forbid such a thing. This could easily tie back to point 2 in several ways which aren’t beneficial to the person under threat.

Kicking the can down the road?

At a time when tracking, data disclosure, and location issues are coming under increasing scrutiny, this feels very much like something not likely to get off the ground in places where it doesn’t already exist. We suspect that if you don’t have this in place currently, it’s not something you should be overly concerned about for the time being.

https://blog.malwarebytes.com/feed/