Manila, Philippines – Like millions of other Filipinos, 18-year-old John Aguilar missed the government’s April 26 deadline to register a cellphone in his name.
Aguilar also isn’t sure he’ll make it past the July 26 extension deadline.
“I don’t have an ID, I don’t know what to do [to register]’ Aguilar told Al Jazeera.
Aguilar said he and his older brother tried to obtain ID cards from their barangay or village but were rejected because they could not provide proof of voting during last year’s presidential election.
Manila is requiring all SIM card holders to register their names under the SIM Registration Act signed into law by President Ferdinand Marcos Jr last year, with the stated goal of thwarting cybercriminals responsible for fraud, trolling and hate speech.
But the government’s efforts have proven challenging in a country where the lack of officially recognized ID is not uncommon.
In April, Department of Information and Communications Technology (DICT) Secretary Ivan John Uy reluctantly extended the registration deadline while targeting “recalcitrant” Filipinos who were slow to register.
Threatening those who disobeyed social media sites like Facebook and TikTok, Uy said, “Sometimes, you know, it’s the only language some of our fellow citizens understand.”
Last week, Uy announced that 95 million SIM cards had been registered, leaving only 5 million available for registration. DICT estimates that while there are 168 million SIM cards in circulation, only about 100 million are in use. Uy did not respond to a request for comment.
Last year, Globe Telecom, the Philippines’ largest telecommunications provider, said it blocked 2.72 billion text messages containing spam and malicious links.
Marcos hails the SIM card registration law as a tool for law enforcement agencies to “solve crimes committed using these SIM cards” [and] A powerful deterrent against the commission of wrongdoing.”
While the legislation’s stated goal is to stop cybercrime, including fraud, cyberattacks and hate speech, some cybersecurity experts warn that it could actually lead to more identity theft and fraud.
Despite Marcos’ pledge to protect mobile phone users’ data during the registration process and the resulting massive data collection, the government’s recent loosening of rules for obtaining IDs and registrations to meet registration goals has raised alarm among some cybersecurity experts.
Last month, Uy said he saw nothing wrong with SIM card sellers assisting registrants with a small fee.
Some Filipinos reported that they could register without documents proving their identity.
Dennis, a street vendor in Manila, told Al Jazeera that he was issued a barangay ID last month without papers — without asking any questions. Then he asked someone to register his SIM card for him.
Social entrepreneur and technologist Dominic Vincent Ligot said that due to “unreliable authentication and the possibility of obtaining identities, a black market has now formed in response to the regulation of SIM cards”.
Ligot, founder and executive director of Data Ethics PH, an organization that advocates for the ethical use of data and technology, noted that police arrested a Chinese businessman and his Filipino associates last month for allegedly selling pre-owned assets for as much as 2,500 pesos. Registered SIM cards cost $45 each, more than 50 times the typical price of an unregistered SIM card.
GMA News quoted Police Brigadier General Kirby John Craft as saying, “It’s scary because these could end up in the wrong hands.”
The SIM registration law could raise other issues, Ligot said.
“In the case of identity theft, the need for SIM card registration may actually increase the occurrence of this, as illegitimate agents exert pressure to obtain registered identities,” he said.
Section 11 of the law also authorizes law enforcement to impersonate any registered SIM card user as part of their “authorized activities,” a provision Ligot believes is open to abuse.
Ligot said the ambiguity of the clause, especially with regard to who is responsible, could lead to abuse.
“Many, many bad things can be done by spoofing the SIM, like intercepting text messages and giving the cheater a one-time password [OTPs]may provide access to electronic bank account transactions, account password resets, etc.,” he said.
Jamael Jacob, a lawyer who specializes in cyber law, said Uy’s suggestion that retailers could charge to register users was dangerous because they could “register other SIM cards and then sell those cards to others who might want to be excluded or at least hide their identities.” People “sign up to the system – just like criminals”.
“The National Telecommunications Commission and telcos have been warning people about scammers pretending to offer help to people trying to register their SIM cards for the past few months,” Jacob told Al Jazeera. “At the same time, they emphasized that the registration process is free.”
“Now, the DICT secretary himself has declared the exact opposite,” he added.
“He’s basically saying that there might be people out there now who are helping with the registration process — and those people aren’t scammers. He’s leaving it up to people to decide for themselves whether the individual offering the registration assistance is a scammer or not.”
Jacobs said the use of dodgy barangay IDs is just “further proof that the system will never solve the fraud and other crimes committed through the use of SIM cards, as its proponents have demonstrated.”
“Traditionally, barangay ID cards have not been considered proper government-issued identification and there is a reason for that. That is because they are unreliable [and] Can be easily obtained…if you know the right people in barangay. “