24 Jun 2020

Cybercrime / Will mandatory SIM card registration rid Tanzania of cybercrime?

Putting in place regulatory frameworks to govern who accesses what data, at what time and for what purpose, would be a better option.

Tanzania has introduced mandatory SIM card registration to combat cybercrime and fraud. The country joins over 140 countries worldwide with this policy in place, despite some criticism that this may open an avenue for widescale surveillance, especially of particular social groups  or political opposition.

The authorities say using biometric data collected in the registration process will enable the police to track offenders and deter future crimes. ‘This kind of registration is important for national security and will help to address fraud incidents involving mobile phones,’ President John Magufuli said in December 2019.

This is the script many countries follow when enforcing mandatory SIM card registration. They say it will counter cybercrime, instil confidence, trust and transparency in the financial and e-commerce services sector, and enhance national security and due diligence by cellphone providers.

In Tanzania, stolen, forged or counterfeit registration documents are used to commit e-commerce and financial fraud via cellphones. Mobile phones are also used in crimes such as robbery and abduction. There are also concerns about whether unregistered cellphones are behind civil offences, and what the Tanzanian government calls ‘offences against the republic’.

There’s no empirical evidence to show that compulsory registration of prepaid SIM users mitigates crime

While spreading defamatory messages could be traced to cellphones, offences such as treason, inciting and aiding acts of mutiny, warlike activities, inducing desertion and aiding escape by prisoners of war would require more than just an unregistered cellphone.

Tanzania’s Electronic and Postal Communications Act 2010 criminalises the use, sale and distribution of unregistered SIM cards by anyone who owns or intends to use detachable SIM cards or built-in SIM card cellphones. Offenders face a fine of up to US$216 or three months in prison, which is not significant, and therefore not much of a deterrent. The law requires mobile service providers to maintain databases of information on each subscriber.

In January this year, the Tanzania Communications Regulatory Authority (TCRA) director-general James Kilaba told the media that the government would be switching off all SIM cards that had not been registered. ‘The information obtained from registered SIM cards will be directly linked to a subscriber’s national identification card, ensuring there is no more misinformation or forgery of the documents; no one can forge fingerprints,’ said TCRA spokesman Semu Mwakyanjala.

However, despite a relatively successful registration process, the TCRA is struggling to enforce compliance with the Electronic and Postal Communications Act. The absence of supporting legislation and policies, such as to safeguard personal privacy, make implementation difficult. Tanzania’s law for example doesn’t include provision for the immediate deregistration of SIM card users on state issuance of a death certificate to avoid a deceased holder’s information being used by criminals.

Most state data systems remain non-digitised due to poor information and communication infrastructure

Collecting subscribers’ biometric data may have documented benefits across the world, for instance in monitoring mobile money transactions. But there’s no empirical evidence to show that compulsory registration of prepaid SIM users mitigates crime. Neither is there evidence that mandatory SIM card registration enhances law enforcement and counter-terrorism efforts.

Tanzania’s neighbour Kenya still grapples with SIM card fraud five years after enforcing mandatory registration. Prisoners defraud Kenyans of millions of shillings using unregistered or irregularly registered SIM cards. This shows that criminals and even terrorists use SIM cards for anonymity and avoiding detection.

Mexico repealed its policies on SIM card registration in 2013 after an assessment showed it didn’t help in preventing, investigating or prosecuting associated crimes.

Also, the argument that only mandatory registration enables people to access e-government and e-commerce does not appear especially strong. Countries like Finland don’t have compulsory SIM card registration but people have access to retail, banking and e-government services.

An estimated five billion mobile internet users are expected by 2025

Mandatory SIM card registration also doesn’t take into account privacy and data protection laws. So people fear that governments will use collected information to monitor dissidents and opposition groups in societies with deep, unaddressed issues. This heightens resistance, and even possibly falsification of essential data needed for registration.

To enhance law enforcement, countries wanting mandatory SIM card biometric registration should establish integrated systems that would make the control of SIM card ownership as effective as that of car ownership. This would connect investigative agencies to a well-structured portal that facilitates crime tracking and prevention.

Only Ghana, Mauritius, South Africa and Tunisia are highly rated in the 2018 United Nations e-Government Development Index. Thirty other countries, including Kenya, Cameroon, Nigeria, Lesotho, Togo, Rwanda and Tanzania, have an average score. Most state data systems remain non-digitised due to poor information and communication infrastructure. Such systems make state departments work in silos, creating a complex maze of essential nodes of transfer and connectivity.

There are 5.9 billion cellphone subscribers worldwide – 71% of the world’s population

Therefore, most countries with legislation and policies in place lack the capacity to keep up with rapid technological changes and sophisticated criminal networks. Criminals circumvent mandatory registration and detection and remain ahead of law enforcement.

Tanzania needs a broad networked regulatory framework in order to effectively counter cybercrime. The government would need to integrate information in vital documents, such as national identity cards, driving licences, passports, birth certificates, etc. into a central system that facilitates linking such information to an individual. This will enable better crosschecking of information with other sources of data for authenticity and ease of referencing, especially when an individual engages in crime.

This will also enable Tanzanians to be more effective participants in the global market. There are 5.9 billion cellphone subscribers worldwide – 71% of the world’s population, with an estimated five billion mobile internet users expected by 2025. Mobile internet has made the cellphone the central bridging platform for the 21st century through e-commerce, financial services and a wide range of digitally delivered services and content.

The greatest challenge for Tanzania lies not in the millions of unregistered SIM cards that could fall into the wrong hands. It lies in the development of regulatory frameworks to govern who accesses what data, at what time and for what purpose.

It’s important to ensure the accuracy of collected data and to meet the competing needs of SIM card stakeholders, which principally manifest themselves in the security-privacy dilemma. With proper policies in place to deter criminality, there would be no need to resort to exercises that raise more questions than answers – like SIM card registration.

Deo Gumba, ENACT Regional Organised Crime Observatory Coordinator – East and Horn of Africa, ISS and Edward Wanyonyi, Strategic Communications and Systems Thinking Specialist, Camerafrica Consultants

Related

More +

EU Flag
ENACT is funded by the European Union
ISS Donors
Interpol
Global
ENACT is implemented by the Institute for Security Studies in partnership with
INTERPOL and the Global Initiative against Transnational Organized Crime.