Running circles around SIM card law

It’s too early to conclude after only 11 months that the subscriber identity module (SIM) registration law is a failed experiment, but even its defenders must admit that it is teetering close to it. Since its enactment in October 2022, the envisioned benefits of the SIM Registration Act have borne little fruit, and any sign of progress has been muted at best.

At worst, it is fast turning into another example of a good piece of legislation rendered toothless by its implementation, a familiar ending for laws made in the Philippines.

For one, the online or mobile fraudsters that Republic Act No. 11934 was designed to catch are now running circles around law enforcers, regulators, and telecom companies, with phone users still receiving unsolicited messages embedded with phishing attacks. For another, authorities empowered by the law to track down anonymous perpetrators are foiled by the ease with which their targets can use fraudulent identities to obtain and register SIM cards, discarding these once their nefarious deed is done.

Nowhere was this more evident than during Tuesday’s hearing of the Senate public services committee when the chief of the National Bureau of Investigation’s cybercrime division, Jeremy Lotoc, revealed that his agents had tested the telcos’ system by enlisting SIM cards using photos of animals, including a grinning monkey.

The result: The monkey became the bearer of a registered SIM card.

“We entered the face of an animal with different names and it was still accepted,” Lotoc said. He showed the Senate body a sample application with the primate’s face on it, a comically absurd picture that left the lawmakers aghast.

That’s only one demonstration of how flaws in the registration process can be exploited by cybercriminals, making a mockery of what had been touted as the solution to online and mobile fraud. The government and the private sector, particularly the telcos, must work together to plug those loopholes post haste.

As the first law signed by President Marcos, RA 11934 had spurred hope of curbing widespread text scams, including spam messages of fake lottery winnings or too-good-to-be-true job offers that entice users to click on malicious links and give criminals access to users’ digital wallets or bank accounts.In almost a year, some 113.97 million SIM cards are now registered with the National Telecommunications Commission (NTC) after a series of grace periods, exceeding the target set by the Department of Information and Communications Technology (DICT).

It bears mentioning that to date, we have yet to hear of documented cases of SIM registration being used to sell subscribers’ private data to marketers, or of authorities weaponizing it to spy on activists and dissenters, as critics of the law had feared, prompting them to petition the Supreme Court to strike it down. As the high tribunal deliberates on those touchy issues, the public must remain watchful so that the doubters’ dire warnings are not realized.

In the meantime, the ballooning digital crimes cannot be ignored, as the modus operandi of their masterminds grow more sophisticated each day. On Tuesday, Sen. Grace Poe, an author of RA 11934, remarked: “If the scammers have become creative, we [in government] should be more creative.

“While we do not discount the warnings and notices sent by the agencies and telcos to the public, we must go above and beyond if we are to combat this plague in our telecom system,” she said.

Poe’s committee had launched an inquiry on the proliferation of scams despite the lapse of the registration period and the deactivation of unregistered SIM cards.

What they found was worrying: SIM cards aren’t only being used to send out phishing attacks, but even Philippine offshore gaming operator (Pogo) firms are cashing in on them, too. Some 107,000 unregistered and pre-registered SIM cards were being used for “love scam” operations, which came to light following raids on Pogo hubs in Las Piñas and Pasay cities.

These aren’t isolated incidents, either, because despite the passage of RA 11934, crimes using SIM cards have not declined at all. In fact, the number rose by 190 percent in the first half of 2023. Some 4,104 such cases were recorded by the Philippine National Police Anti-Cybercrime Group, compared with 1,415 from the same period in 2022.

But there is a silver lining that warrants giving RA 11934 the benefit of the doubt: Crime resolution rates went up from 70 percent in 2022 to 95 percent this year. That’s a small consolation, but a consolation nonetheless, and we urge authorities and regulators to build on this by improving their cyberdetective skills, ramping up their partnership with telcos to tighten the system, and elevating public awareness on digital fraud.

Nothing but seamless cooperation between and among the DICT, the NTC, law enforcement agencies, and telecom firms can drive the success of the hunt for these digital savvy thieves running scams and circumventing the law.

Read more...