Citizens reject proposed SA law linking biometrics to SIM cards

Sibahle Malinga
By Sibahle Malinga
Johannesburg, 06 May 2022

A public campaign on proposed draft regulations seeking to link South Africans’ biometric data to their SIM cards has attracted almost 21 000 public comments, with the overwhelming majority rejecting the proposal.

The campaign is run by advocacy non-profit Dear SA, which individually submits each comment made by citizens to government.

In March, the Independent Communications Authority of South Africa (ICASA) published draft regulations proposing to tie the biometric data of phone users in SA to their SIM cards.

The proposal, included alongside other draft regulations, is out for public comment until 11 May.

The regulations define biometric data as the measurement and statistical analysis of people's unique physical and behavioural characteristics.

If passed into law, mobile operators will have access to users’ fingerprint mapping, facial recognition, retina scans, and biometric and behavioural data, tied to their SIM cards and phone numbers.

However, according to comments made on the Dear SA website, citizens are up in arms over the draft regulations, expressing concerns that the move is a violation of their right to privacy, noting that certain elements of the rule are a contravention of the law.

One comment states: “No, I DO NOT support the proposed regulation! Yet again another mechanism to track and trace one under the disguise of 'security'. Clearly preparing us for the One World Government where you will own nothing and be happy and be forced to live off Universal Basic Income. It's an invasion of privacy and it WILL 100% be abused by the government.”

“My main concern is the South African communist government attempting to turn South Africa into a surveillance state mirroring the Chinese social credit score which I feel as with hate speech laws, infringes on South Africans’ freedom and rights,” says another, in opposition to the proposal.

Another citizen believes the proposed regulation is unlawful: “This is unconstitutional and a breach of privacy. It is also overbearing and discriminatory. My behaviour has got nothing to do with anyone as long as I don't break the law.”

“Why do you have to have all my personal information; it feels like the only way government can resolve any issue is by stripping freedoms from people and invading their right to privacy,” reads another comment posted on Dear SA.

Anti-hijacking measure

According to ICASA, the strict security measures will be introduced due to ongoing concerns where mobile numbers have been hijacked either through a porting and/or SIM swap transaction.

“The authority is of the view that the association of mobile numbers with the biometric data of a subscriber will assist to curb the hijacking of assigned subscriber mobile numbers. The hijacking of mobile numbers is a small but integral part of a wider form of fraud where sensitive data is diverted or comes in the control of criminal elements,” says ICASA.

SIM swap fraud has been on the rise in SA over the past year, with fraudsters posing as a legitimate cellphone account-holder by using fake identity documents.

The latest South African Banking Risk Information Centre figures from November 2021 show SIM-swap incidents increased 91% year-on-year when looking at digital banking fraud across all platforms.

To commit the crime, assailants request a SIM swap from the real cellphone account-holder’s mobile network provider so they can have access to their account and number on a different device. This is then used to access several financial accounts, including bank accounts.

In March, Vodacom, MTN and Cell C told ITWeb they acknowledged the problem, noting any type of illegal activity that occurs on their networks is taken very seriously and there are measures in place to prevent it.

Governments across the globe that introduced biometrics in SIM cards as part of the on-boarding process, to clamp down on fraud, include China, Afghanistan, Mexico, Pakistan, Nigeria, Saudi Arabia, Jordan and Venezuela.

Local security experts had also expressed concerns that the new laws may infringe on compliance requirements set out in the Protection of Personal Information Act (POPIA).

However, Mothibi Ramusi, CIO of the National Lotteries Commission, allayed public fears over the proposed regulations during a Public Sector ICT Forum event, held this week in Johannesburg.

Ramusi stated that citizens should trust government does not have any ulterior motive, other than to protect users from being victims of crime.

“I want to encourage all of us here to trust that government knows what it is doing and they will ensure utmost safety of citizens’ data. Anyone that talks about this type of innovation being a threat to us should focus on the ultimate outcome of what government intends to achieve through this proposed regulation, which has been introduced across the globe, not only in South Africa.

“When citizens place too much emphasis and fears on the potential violation of POPIA compliance, they will miss out on the benefits they can reap through safety, and the endless innovation opportunities that can be unlocked for them by being able to walk around carrying their biometrics data on their phones.”

Ramusi believes that if passed, the proposed law can be implemented within the confines of POPIA.