body-container-line-1
19.01.2010 Technology

IMANI Alert: Compulsory SIM Card Registration Risky & Unnecessary

19.01.2010 LISTEN
By AfricanLiberty.org

Issued in Accra - 19/01/2010
On January 18th 2010, the Director General of the National Communications Authority announced on the late night TV Africa discussion program, Matters Arising, that from June 30th 2010 all new mobile SIM cards will have to be registered in the name of the user before they can be activated for use on any network. He added that existing subscribers will have a period of 18 months from that date to transition to the new regime.

In practical terms complying with this regulation will mean that new and existing subscribers will purchase SIM chips in the current manner but would be unable to use their numbers until after they have visited an office of the phone network, or some other authorised outlet, with suitable identification and successfully established their identity.

The rationale given for this new regulation was that it will enhance security, help eliminate fraud and crime, and improve upon the risk environment of businesses, redounding to the ultimate benefit of the ordinary subscriber who shall be better able to reclaim lost numbers, link their phone numbers to other commercial accounts, and enjoy the peace of mind that comes with knowing that their lines are secure.

The Director General of the NCA was quick to point out that SIM Card registration was not a “silver bullet” that can resolve all the negative effects of the largely positive telecommunications boom. But he seemed to base his reservations principally on what he called “inter-jurisdictional” issues, primarily the concern that communications that originate from outside Ghana may have similar negative implications, without being amenable to the objectives of the proposed regime. His belief nevertheless is that there was broad consensus within the country in favour of the proposal, a claim he bases on the results of widespread consultation with the “relevant stakeholders”. Furthermore, in his considered opinion, the costs of compulsory SIM registration are significantly outweighed by considerable benefits.

We disagree. Thoroughly.
We do not concur with the assertion of civil society organisations in this country having been sufficiently consulted, and we are certain these organisations too can lay claim to being “relevant stakeholders”, perhaps not on par with the “National Security” and “NIA” interests the NCA DG mentioned but certainly relevant in any consultative process.

We do not believe that any scheme that relies on compulsory, government sanctioned, registration would yield any of the benefits he describes. On the contrary there shall be substantial costs associated with setting up a system in a poorly networked society such as ours to match the scale and pace of the subscriber growth we have witnessed since the beginning of this decade. These costs shall be passed on to consumers both monetarily and in the form of inconvenience and inefficiencies.

We do not believe that the intervening six months before the launch of the scheme are sufficient to design protocols to prevent the misuse of the data that shall be generated or gathered and managed by private institutions whose core competence is not data privacy management. The NCA has not published any material to explain what precise steps they will be taking to manage the potential fallout from this overambitious scheme.

Our greatest concern however is the false security that such a system will create and how that may endanger the safety and peace of mind of citizens. This matter of false security is joined by another: the concentration of too much power in too few hands.

We shall give two useful illustrations of the above two-pronged danger.

Firstly, the relevance of SIM registration to crime prevention is premised on the fact that the identity of call makers can be established after the fact of their perpetration of some crime or abuse. That is to say the law enforcement authorities shall be able to establish the identity of the perpetrator through recourse to the databases of the telecommunications network in the wake of a particular incident or threat.

This is faulty logic.
To date, no official of the security services has cited even a single incident of crime or threat to national security that would have been better managed with the kind of electronic evidence supposedly obtainable from the proposed regime. The presence of a phone number in the phone logs of a complainant and the subsequent linkage between that number and a certain individual does not provide any durable evidence of significant weight in a law enforcement setting. This is especially so when the particular call is related in a general way to the security of an institution or is part of an array of connected incidents, which is the form that most criminal evidence nowadays take in our increasingly complex society.

It is clear that unless there is also a recording of the particular communication, and unless the quality of that recording as well as its admissibility in a court of law are acceptable, the linkage of a phone log to an identity does not offer anything of real use to law enforcement. A whole new infrastructure must of necessity be created simply to “operationalise” this scheme. This is especially poignant when one finds that one now has to convert certain intuitive perceptions to legally relevant data. The threshold of what constitute criminal communications has now to be clearly established beyond a doubt; otherwise, one can foresee telecom networks making ad hoc judgments about what complaint qualifies to trigger the provisions under this proposed scheme and which ones they can safely ignore.

Distinguishing pranksters from criminals, impersonators from actual owners of phones, pre-recorded messages from natural conversation, and a whole host of once dismissible details about the nuances of human communications, could easily lead to a nightmare.

We are convinced that for such a scheme to achieve the general security and national security ends foreseen for it, the contents of communications must be linked to logs of that communication in searchable databases since as we have explained above electronic data requires special processing before their admissibility for law enforcement purposes. This inevitability opens the door to another inevitably: abuse by those in the position to profit from such abuse.

We cannot ignore the possibility that governments shall be able to prevail upon telecom companies in order to obtain direct access to such “track, store and trace” databases. The widely known fact that sophisticated criminals can use a whole range of voice over internet systems to simulate cellular calls and text-messaging means that once again those at whom such anti-liberal measures are targeted are least likely to be the ones who shall be caught in the snares. People like us who consider it our calling to criticise and question those in authority are justifiably worried that this proposal represents a concentration of power open to misuse by those in authority.

The last and most striking illustration of the pointlessness of the proposed scheme is the principle of successful identification itself. Telecom networks have no core expertise in scrutinising national identification documents to establish genuine identity. People bent on wrongdoing shall have all the incentive to impersonate, doctor and outrightly fake documents in order to obtain SIM cards. The use of evidence thus drawn from such false origins shall complicate criminal investigations, lure citizens into dangerous complacency, and defeat the original purpose. This is especially so when you consider the wide range of scenarios where the authentication of identity can present challenges.

Foreigners resident in Ghana who present foreign identification instruments, for instance, shall pose exceptional challenges to the integrity of the scheme. Once more, this limitation can easily open the door for national security interests to request even closer “collaboration” with telecom companies under the guise of “assisting” them in this process, leading, as we have noted above, to unacceptable power concentration to the detriment of lawful dissidents and anti-establishment critics. The possibility that people could be framed through the contamination and infiltration of what shall become de facto law enforcement databases held at telecom companies should frighten all law-abiding and right-thinking Ghanaians. The possibility that certain individuals of interest to powerful groups can now be prevented more easily from accessing mobile communications by having their chips deactivated should sound alarm bells.

People who seek to avail themselves of the commercial benefits of SIM registration described by the NCA boss are best served by the current voluntary, consumer-oriented, offerings provided at a transparent cost by all the telecom companies. As far as electronic crimes are concerned the real need is at the level of law enforcement capacity. In a country where police emergency numbers are still far from reliable it is clearly a misplacement of priorities to focus on this giant, tottering, freedom-wounding, scheme.

What this measure is actually proposing is the devolution of law enforcement to the private sector domain without the corresponding infrastructure of accountability and responsibility. It is overambitious, ambiguous in its benefits, dangerous through its vulnerabilities, and frankly unnecessary.

A Statement by IMANI Center for Policy & Education (in cooperation with AfricanLiberty.org)

body-container-line