Crime: Has simcard registration achieved objective?

Dar es Salaam. There is mounting evidence that the information captured from holders of subscriber identification modules (‘SIM cards’) during a registration process is not always reliable in curbing cybercrime.

Indeed, experts have warned of increased risk of citizens’ exposure to state surveillance through that technology.

The argument, as raised by experts in various studies, is also based on the fact that the SIM card registration process has been typically left to vendors. In the event, there is little quality control of the process – and this makes the registered information unreliable for purposes of fighting crime.

“It is a well-known fact that SIM card registration databases are often full of unreliable information,” Prof Jane Duncan of the University of Johannesburg in South Africa told The Citizen in a recent exclusive interview.

Prof Duncan – who is the author of a newly-published book titled Stopping the Spies – advises against SIM card registration, citing privacy concerns.

“[This is] because it [exposes people to surveillance by their states], including people whose communications are likely to be sensitive, such as journalists, lawyers and activists,” Prof Duncan explains.

Relying on SIM registration to curb crime has proved to be challenging, especially when criminals typically find ways around the system – by, for instance, buying pre-registered SIMs. This means that the SIM card information of innocent people is generally collected by the state.

In Tanzania, SIM card registration started being implemented following the passage, in 2010, of the Electronic and Postal Communications Act (EPOCA), which is intended to – among other things – regulate the sale, registration and use of SIM cards in the country.

Not registering one’s SIM card renders one liable to penalties in the forms of pecuniary fines and imprisonment.

When it announced the SIM card registration plan in 2009, the Tanzania Communications Regulatory Authority (TCRA) said that, while most users of mobile telephony were trustworthy, some were abusing the technology as a matter of course.

‘To promote good use of telecommunication services, and in the interest of security, I urge all telecommunication service operators to introduce SIM card registration of mobile phone subscribers,’ reads the notice from TCRA in part.

Furthermore , TCRA launched a pilot project for biometric SIM card registration in March last year, whereby SIM card registration could be used to combat crime.

Ms Kitolina Kappa, who represented the Permanent Secretary in the ministry of Works, Transport and Communication at the launch of the pilot project, said: “As we all know, there are some people who are using the loophole in the current analogue SIM card registration to commit crimes. TCRA has come up with a lasting solution to this problem.”

TCRA has since then insisted SIM card registration aims to protect consumers from misuse of communication services, and enable them to be identified as they use value-added services such as mobile banking. It also enables communication networks operators to know their customers.

As this goes on, various studies have shown that there is no practical evidence to prove that mandatory SIM card registration directly helps to curb crime. But, on a number of occasions, TCRA and the Police have insisted that SIMs registration helps to curb crime.

Has this worked in other countries?

In Zimbabwe, SIM registration has become controversial due to surveillance concerns. In its 2014 State of Privacy Report, Privacy International (PI) noted how Zimbabwe’s SIM card registration law essentially rendered obsolete the potential for anonymity in communications, and enabled location-tracking. It also significantly simplified communications surveillance and interception.

In Pakistan, requiring SIM card registration resulted in the emergence of a black market for unregistered SIM cards, and a rise in identity fraud, reports the New York-based International Business Times in its story titled ‘Peshawar School Attack: 4 Suspects Arrested In Bahawalpur, Pakistani. Taliban Used Woman’s SIM Card.’

In Canada, a proposal to register SIM cards was scuttled after consultations offered no proof of crime reduction resulting from SIM registration.

For its part, Mexico repealed its mandatory registration law after three years of implementation, having seen no improvement in the prevention, investigation and prosecution of crimes.

Similar evidence has been collated in Africa. In February last year, the government of Malawi suspended SIM card registration over what it called “public concerns over the process.”

The Malawi minister for Information and Civic Education, Mr Nicholas Dausi, announced that the exercise had been suspended until further notice.

Media reports from Malawi show that some of the concerns raised by the general public were based on the suspicion that SIMs registration was a ploy by their government to tap into people’s phones.

Privacy versus security debate in Tanzania

Without devaluing the importance of national security, concerns have been raised about SIM card registration and the possibility of intrusion in people’s right to privacy.

A researcher, Alex B. Makulilo, raised the matter in a detailed report in 2010 that focused on the legal implications which the Epoca law had over the constitutional right to privacy.

The review was published on the Open University of Tanzania (OUT) website (/repository.out.ac.tz>) as it set out to evaluate the constitutionality of the provisions of the law, including regulation of the registration of SIM cards in Tanzania.

The researcher’s argument was that the Act, being broadly and loosely framed, legalised the secret interception of private communications by the state rather than achieving its declared principal aims.

While the effectiveness of other motives that led to SIM card registration remains highly debatable, local crime reports still show an increase in criminal cases generally. It is yet to be established, by research, how SIMs registration could have helped in reducing crime.

According to the 2016 Crime and Traffic Incidents Statistics Report by the Tanzania Police Force and the National Bureau of Statistics (NBS), there was an increase of 120,071 criminal offences between 2015 and 2016 alone.

This is the equivalence of 23.1 per cent compared with the 639,274 cases which were reported from January to December 2016 – and 519,203 cases reported in the same period in 2015.

But, the police do not point out the unregistered SIM cards usage as the force behind the increase of criminal activities in the country. The police themselves single out social and economic factors as being responsible for the trend – and urge that more education be provided on the matter, as well as diversifying economic opportunities among youths in particular.

It has been shown that rising numbers of offences bear a close relationship with the increasing population.

A closer examination of police reports reveals that there is a negative relationship between the number of police officers and poverty. But also – apart from the social and economic factors – another factor associated with the increase in criminal activities is the police/population ratio.

On average, one police officer serves 1,049 Tanzanians, as against the international standard requiring one police officer to serve 450 persons maximum.

Interestingly enough, the police officers per geographical area is an average of 5 police officers per 100 square kilometres of area served – or one police officer for every 20 square kilometres.

If mandatory SIM card registration was indeed an antidote to increasing criminality – as claimed by Tanzanian regulators and security organs – one would expect to find this documented in official reports on fighting crime.

In so far as cybercrime is concerned, the Tanzania Cyber Security Report-2016 by the Serianu Cyber Threat Intelligence Team showed that the number of threats and data breaches increased, with clear evidence that home-grown cyber criminals are becoming craftier and craftier...

Despite all this, former police spokesperson Barnabas Mwakalukwa (this piece was done before a new spokesperson was appointed) told The Citizen that SIM card registration was helpful to law enforcement organs.

Mr Mwakalukwa cited the increased number of criminal incidents reported at various police stations as evidence that SIM card registration is effective in curbing crime.

Regarding claims that the government intercepts people’s communications through the registered SIM card, Mr Mwakalukwa responds curtly: “It’s not true. [But, even if it is true] What’s more important between privacy and security?” That argumentation is supported by the TCRA acting Corporate Communications Manager, Mr Semu Mwakyanjala, who – without going into details and responding to other questions – insisted that SIM card registration had been helpful in curbing crime.

However, Mr Mwakyanjala didn’t give any evidence to support his claim.

The clear insistence by both the police and the TCRA on the need for mandatory SIM card registration echoes the opinions of many African governments which also insist on carrying out the registration exercise. This is despite evidence showing that SIM card registration has little value in the fight against threats to national security, including terrorism.

What pundits say on breach of privacy

Perhaps the most alarming risk of mandatory SIM card registration is its potential use for surveillance, pundits in the field warn.

Commenting on the security/privacy debate, Prof Jane Duncan of the University of Johannesburg – who has researched extensively on state surveillance – is of the view that the issue of whether or not privacy is more important than national security cannot be debated in the abstract.

There are those who argue that SIM card registration gives rise to significant risks for a wide spectrum of individuals, among whom are investigative journalists, whistle-blowers, witnesses, marginalised groups, as well as victims of discrimination and other forms of oppression, Prof Duncan says.

If one needs to register a SIM card in order to communicate on a mobile phone, then this means that the SIM can be linked to an individual, their identity number, their address – and even their biometrics, which enable a person to be identified and authenticated based on a set of recognizable and verifiable data.

This, the good professor says, is likely to have a chilling effect on communications, as people are likely to censor themselves, knowing that their metadata (information that describes other data by providing information about a certain item’s content) could be traced back to them.

“As a matter of principle, mobile phone users should not be expected to register their SIMs before using them,” says Prof Duncan.

“This is true in many countries in the world – even those with significant terrorism problems such as the UK, where a person can buy a SIM card without having to register any personal facts!”

According to Prof Duncan, this can be done in part by having specific legislation that regulates surveillance, and which doesn’t include SIM cards, but which requires judicial authorisation for interceptions on narrowly-defined grounds.

[At present, there is no such law in Tanzania. But, the authorities do intercept private communications under the Cybercrimes Act of 2015].

Prof Duncan counsels that the government must ensure that the law includes user notification. That is: people are informed about the surveillance after investigations reach a non-sensitive stage.

This should go hand in hand with having an independent oversight of the processes, and annual reporting to Parliament – as well as the reports being released for public consumption.

“Mass surveillance must be outlawed, and stricter criteria for highly-intrusive forms of surveillance should be applied – such as hacking and using IMSI catchers (a telephone eavesdropping device used for intercepting mobile phone traffic and tracking location data of mobile phone users),” she suggests.