Today, President Bongbong Marcos signed into law the SIM Card Registration Act. Under this new law, any public telecommunication entity or direct seller is required to verify their telco subscribers’ identities.
Why is this law being passed?
The primary reason this law is being pushed is to hinder phone-based scams and phishing. Clamor for the bill to be passed into law became more aggressive after the increase of scam texts during the lockdown period of the pandemic. According to Cheloy Garafil, officer-in-charge of the Office of the Press Secretary, this law “will significantly boost government initiatives against scams committed through text and online messages, which have become more prevalent this year.”
Who is affected by the bill?
Anyone who uses a Philippine SIM card, whether prepaid or postpaid, must provide the required information as identified by the act. All new subscribers of telco companies will also be required to give the necessary information.
If a user chooses not to get their SIM card registered, telco companies have the authority to automatically deactivate the SIM card and number.
What information do you need to provide?
Users need to prove their identity through a valid identification document, such as passport, driver’s license, and Philippine National ID, among others. Some information that will be asked of users are:
- full name
- complete address
- cellphone number and serial number of the SIM card
All of this collected information will be submitted by telco companies to the National Telecommunications Commission with updates every quarter of the year.
Can you get a SIM card for someone else?
Yes, this is still possible, but with additional requirements. You need to (1) be authorized through a duly notarized Special Power of Attorney and (2) present an original and true copy of any valid identification document with photo of both principal and representative. Minors need to have the written consent of their parent or guardian, along with valid IDs of the minor and the parent.
How can someone access your records?
Marcos assured the public that the collected information will be “treated as absolutely confidential unless access to this information has been granted by the written consent of the subscriber.”
However, when a subpoena or order of a court is issued upon finding probable cause, a telco company would need to disclose this information about the SIM card and its user. Another instance where information can be disclosed is when a law enforcement agency submits a written request due to the investigation of a SIM card number’s involvement in a crime.
What are the penalties and consequences?
Penalties will be imposed for those who breach confidentiality due to negligence, for spoofing a registered SIM card, for selling stolen SIM cards, and for the sale of a registered SIM card without updating the registration. Fines can go from PHP 100,000 to PHP 4 million, while imprisonment can be as long as 6 months to 2 years.
What concerns are being raised?
While other countries have enforced SIM card registration, it is important to note that some experienced more disadvantages and fewer benefits. For example, according to police data, Hong Kong lost millions of dollars to email scams and phone con artists. In Mexico, instead of curbing the kidnapping rate in the country as was intended, it increased instead after the implementation of cellphone registration.
In the Philippines, privacy experts have raised concerns regarding the new law, pointing out that scammers could simply move to a new platform like emails or mobile apps. “Once they do that, all that’s left is another massive state-sanctioned database that contains millions of pieces of personal identification information. Such databases are not only expensive to maintain but become honeypots for hackers and others to exploit,” wrote lawyer Jamael Jacob.
Are there any safeguards in place?
The National Privacy Commission (NPC) said they are “fully aware” of how “massive” of an endeavor this personal information collection would be. They discouraged the use of a centralized database to lower the risk of security breaches. They also suggested that instead of retailers or direct sellers, telco companies should be the ones to provide a platform or website where subscribers will register.
However, it seems that beyond these suggestions, there are no final plans for implementation yet.
What do you think of this new law?