Balancing cybercrime prevention and data privacy

Balancing cybercrime prevention and data privacy

This May, the world celebrates Privacy Awareness Week. The National Privacy Commission commemorated this last week with the theme “Ang PAWer ng Data Privacy Mo: Praktikal, Angkop, at Wastong Paggamit ng Datos ni Juan at Juana” (The power of your data privacy: practical, appropriate and correct usage of Juan and Juana’s data).

This year’s theme aims to encapsulate the importance of the individual—how each of us serves as the first line of defense when it comes to protecting our personal data. This is crucial because we always store, process and release data in print or digitally, or whenever we use gadgets such as our mobile phones.

With mobile phones, we can now get our news anywhere, post our activities, pay our bills, make bank transfers—along with a myriad of other activities limited only by the creativity and imagination of app developers.

These conveniences have made mobile phones a necessity for a lot of Filipinos, but the benefits come with risks.

The mobility restrictions during the pandemic increased our vulnerabilities to cybercrimes. Since we were forced to do most of our transactions through phones and computers, criminals migrated their operations to the mobile and digital space as well. Criminals also took advantage of the increase in unemployment during the pandemic by offering jobs or get-rich-quick schemes. Most of these scams involve tricking victims into giving their bank credentials and other crucial information.

Victims of these scams do not fit into a single profile—from Sen. Sherwin Gatchalian being a victim of credit card hacking in 2021 to the government teachers who lost their savings due to unauthorized online funds transfers early this year. Anyone who owns a phone or uses the internet can fall prey to these crimes. A clear enabler of these scams are unregistered SIM cards that provide the anonymity needed to protect scammers from being caught.

Enabling law wanted

In response to these incidents, legislators introduced the SIM Card Registration Act, which aims to prevent the use of unregistered cellphone numbers to commit crimes. Its key provisions include mandating public telecommunication entities (PTEs) to require the registration of SIM cards as a prerequisite to sale and activation, requiring existing SIM card subscribers to register within 180 days from the effectivity of the law, and authorizing PTEs to deactivate unregistered SIM card numbers within the prescribed period.

Apart from curbing scams, the bill also aims to address fake news and disinformation by mandating social media platforms to require the real name and phone number of users upon account creation. In addition, the bill states that the data collected from registration shall be kept by the PTE in a centralized database, which will only be used for registration, activation, and deactivation of SIM cards. After months of deliberation, the proposed bill was ratified by the Bicameral Conference Committee on Feb. 2, 2022. However, President Duterte vetoed the bill due to the privacy concerns surrounding the social media provision.

The advantages of this proposed policy are clear. Fraudsters will find it difficult to use fake identities and prepaid SIM cards to impersonate companies and target unwitting victims to obtain sensitive data such as online banking login credentials, one-time PINs and credit card details. The social media provision has the potential to address troll accounts and mitigate cyberbullying and distribution of false information—all of which can be particularly damaging to the fabric of our society.

Safeguarding personal data

However, the bill poses potential data privacy issues. Members of civil society have pointed out that it will restrict the right to freedom of expression. Privacy advocates have argued that there are individuals who need to be anonymous in their work (journalists, rights advocates, whistleblowers, etc.) to avoid harassment and persecution. A study conducted by Privacy International, a non-profit organization, reveals that SIM card registration laws in different countries from 2002 to 2022 state that mandatory registration makes it easier for authorities to track and monitor individuals, which could undermine their right to privacy and freedom of expression.

But for banks and financial institutions, the bill has the potential to help curb financial cybercrimes. This will be particularly helpful in investigating phishing, smishing (SMS phishing), and vishing (voice phishing) cases where scammers employ social engineering tactics to get a bank client’s credit card details or login credentials. Law enforcement agencies can more easily track and catch criminals with the transparency that the bill promises.

It is critical for the government to address the continued rise of cybercrime in the country. Hopefully, with the elections out of the way, legislators will take this opportunity to revisit the bill—taking into account valid reservations—and create a new version acceptable to most. Safeguards against potential abuse should be at the top of prospective improvements. It is important to establish the relationship between SIM card registration and crime prevention and to ensure that there are strong data protection measures for the storage of information gathered from registration. Ultimately, passing this bill requires a balancing act between preventing SIM card- aided crimes and protecting the privacy of Filipinos.

In the bank, we always say that cybersecurity and data privacy are shared responsibilities. Let me reinforce the importance of each citizen in the fight against cybercrime. Policies can help address cybercrime, but it is equally critical for us to be aware of the ways we can protect our personal data—a key theme in this year’s Privacy Awareness Week. —CONTRIBUTED

Read more...