A public campaign on draft regulations to link South Africans’ biometric data to their SIM cards has attracted almost 21,000 comments, of which the overwhelming majority reject the proposal, according to a report. The campaign is run by the advocacy nonprofit organization Dear SA, which submits citizens’ comments to the government. In March, national regulator, the Independent Communications Authority of South Africa (ICASA), published draft regulations proposing to tie biometric data of phone users to their SIM cards, with a deadline for comments of 11 May.
The regulations define biometric data as the measurement and statistical analysis of people’s unique physical and behavioral characteristics. If the draft regulation is passed into law, mobile operators will have access to users’ fingerprint mapping, facial recognition, retina scans, and biometric and behavioral data, tied to their SIM cards and phone numbers. Those who commented on the Dear SA website have expressed concerns that this would be a violation of their right to privacy, alleging that certain elements of the rule are a contravention of existing laws.
According to ICASA, the strict security measures must be introduced because mobile numbers have been hijacked either through porting and/or SIM swap transactions. SIM swap fraud has been on the rise in South Africa over the past year, with fraudsters posing as a legitimate mobile phone account holder by using fake identity documents.
In the mobile telecom space, priorities sometimes clash, and given the fact that mobile devices and networks now pervade every aspect of life, these conflicts are bound to occur. The necessity of mobile networks for transactions of all types makes security a pressing issue, and unfortunately security measures can be a double-edged sword.
In South Africa, as elsewhere, SIM fraud has become a serious problem, with large amounts of money lost to users and companies each year to guard against it, the South African regulator has understandably been casting about for ways to ensure that SIMs are matched with their legitimate account holders and no one else. With the rise of biometric data gathering and recording—facilitated by the very technologies that the regulator seeks to protect—a seemingly easy and powerful method of guaranteeing the security of SIMs has presented itself. So it is understandable that the regulator has pushed this plan to gather and utilize mobile customers’ personal data.
However, they may have overlooked the fact that personal privacy is of paramount concern to users in today’s marketplace. Presented with the biometric data plan, users reacted in a way that indicates that they are more afraid of having their privacy invaded than they are of SIM fraud. Apparently they would rather risk losing money than losing privacy. And considering the long-term implications of having one’s physical and behavioral characteristics divulged to the government, the shorter-term inconveniences of SIM fraud may seem less threatening. In any case, since users face having their privacy invaded (albeit in quite different ways) by both fraudsters and government entities, regulators and mobile operators need to be extremely sensitive to the psychological aspects of these questions. If they are to retain the confidence of the public, they must move forward cautiously and respectfully.