03 June 2014

SIM Registration

'The rise of African SIM registration: The emerging dynamics of regulatory change' by Kevin P. Donovan and Aaron K. Martin in (2014) 19(2/3) First Monday states that
The African experience with mobile telephony has been extolled as a defining moment in the continent’s contemporary economic, social, and political development. Yet SIM (Subscriber Identity Module) registration schemes are threatening to throttle the technology’s developmental potential. These mandates, which require the registration of identity information to activate a mobile SIM card, are fast becoming universal in Africa, with little to no public debate about the wider social or political effects. Whereas some authors have explored the motivations behind these drives, as well as their potential economic impacts, this paper focuses its critique on the broader diversity of implications of this regulatory transformation. Viewing SIM registration through a lens that combines surveillance studies and information & communication technologies for development, it examines elements of resistance across a range of actors, as well as other emerging effects like access barriers, linkages to financialization, and Africa’s budding mobile surveillance society 
The authors comment
Justifying his support of SIM card registration requirements, the executive secretary of the East African Communications Organisation noted that “Our telephones have become a part of our identity.” This view of the centrality of mobiles to the daily lives of users is reflected in the social studies of mobile communications and is an important reminder of the seriousness of probing regulatory transformations such as SIM registration.
Given their relative importance in Africa (Kelly and Minges, 2012; Castells, et al., 2007; Donner, et al., 2010), it is perhaps not surprising that states would seek to monitor mobile communications. Yet, in considering SIM registration and resistance, it is crucial to consider it as a component of a growing surveillant assemblage that also incorporates other technologies such as biometric identity cards and electronic passport systems, new video surveillance technologies, and, especially important in the African context, electronic health systems. While doing justice to the breadth and complexity of these developments is beyond the scope of this paper, this closing discussion contends that African SIM registration requirements are part of a growing trend on the continent toward government monitoring and control of the communications infrastructures.
To emphasize the diversity of the phenomena that parallel — and sometimes explicitly intersect with — SIM registration, consider a few cases. In mid–2013, Benin became the site of a scandal around allegations of wiretapping. As Frowd (2013) summarized, the local affiliate of South African mobile operator MTN was accused of permitting the president of Benin to wiretap his political rivals from the isolation of his office and home. A few months prior, researchers at the University of Toronto revealed the presence of command and control servers for an offensive digital intrusion software called FinSpy in Ethiopia, Nigeria, and South Africa (Marquis–Boire, et al., 2013). This software, provided by British firm Gamma International, has been used from Malaysia to Bahrain to infiltrate opposition communications [23]. In each case, a population registry from SIM cards would significantly lower the barriers to identifying communications.
In Kenya, the government has established the so–called Integrated Population Registration System (IPRS) which merges “data from the birth and death register, citizenship register, ID card register, aliens register, passport register and the marriage and divorce register ... On top of these 6 registers, it compiles details from the elections register, tax register, drivers register, National Social Security Fund (NSSF) register, National Hospital Insurance Fund (NHIF) register and the Kenya National Bureau of Statistics (KNBS) register.” As Mbote (2013) reports, the “SIM registration exercise would not have been possible without the IPRS.” The amount of information in the IPRS led its chief to brag that, “We now have the 360 degree view of any citizen above the age of 18 years.”
Countries have also taken to monitoring and filtering mobile communications content. SIM registration in Zimbabwe is being pursued at least in part as a means to clamp down on political speech (e.g., ZimDiaspora, 2013). Zambia is using deep packet inspection (see Bendrath and Mueller, 2011) to block opposition media (Tor Project, 2013). An effort by the Malawi Communications Regulatory Authority to capture communications metadata (and potentially content) was rejected by a court in September 2012 (Gondwe, 2012). In Kenya during the lead up to the 2013 elections, MNOs were algorithmically blocking up to 300,000 SMS per day (Mukinda, 2013).
In an increasing number of African countries, these practices are being outsourced internationally. Uganda has inked a deal with the Korean Internet and Security Agency to help manage its domestic Internet (Businge, 2013). Zambia, Ethiopia, and Zimbabwe have sought Chinese assistance in monitoring domestic communications and the Chinese telecommunications giant Huawei has moved from simply providing infrastructure to actively managing communications networks in Africa (Reed, 2013). Pierskalla and Hollenbach [24] suggest that the capacity for mobile surveillance in Africa is low, however these dynamics suggest that even if that is the case, it is rapidly changing. Finally, Nigeria is currently in the process of awarding 25 contracts for mobile phone surveillance projects (Akwaja, 2013) despite concerns about the lack of judicial oversight, legislative buy–in, and rogue access to collected data (Collins, 2013).
Although surveillance is constitutive of modernity (Lyon, 2007) and sometimes even desirable, the manner in which SIM registration mandates and these related developments have been implemented is troublesome. In brief, they have been pursued without appropriate consultation, transparency, or ameliorative reforms such as fair information or privacy laws. In fact, in cases from Kenya and Tanzania to Nigeria, the very legal basis for the action is in question. Mobile communications surveillance has been tied to other pernicious problems, particularly corruption due to both the secrecy and substantial government contracts involved. Nigeria provided a US$40 million sole source contract to an Israeli firm for monitoring communications (Emmanuel, 2013) and a recent Kenyan tender for surveillance equipment was cancelled amid improprieties (Wabala, 2013).
This is exacerbated by the low level of democratic development in Africa. According to Freedom House (2012), only 10 countries qualify as free, and one of those — Mali — was the site of a recent coup. Whitehouse (2012) notes that, “the number of electoral democracies on the continent has fallen from 24 to 19 in the last seven years.” Indeed, non–democratic African countries have proved quite adept at subverting any potential liberatory effects of ICT (cf., Diamond and Plattner, 2012). Ethiopia has maintained a government monopoly on telecommunications and invested significantly in controlled networks (Gagliardone, 2009); Swaziland’s absolute monarch is a large shareholder in the monopoly mobile operator MTN, which also has his daughter on the board of directors (Lukhele, 2012) and has been accused of shutting down its network to impede political protests (Langeni, 2011). More broadly, mobile communications are a far more controlled infrastructure than the Internet (Benkler, 2010; Zuckerman, 2010). The addition of SIM registration requirements serves to lower the barrier to surveillance. The resulting chilling effects arise just as many are hoping that mobiles can be used to promote democracy on the continent.
As of 1999, no country in Africa had data privacy legislation (Banisar, 1999). In the intervening years, around 10 have enacted some form of data privacy law, and a number of others have such rules pending, but implementation and enforcement capacity remains limited (Makulilo, 2012). In particular, few African countries have corresponding legal duties on the collectors of personally identifiable information, such as not to make unauthorized disclosures. The secondary use of personally identifiable data is sure to grow, consolidating and linking to other emerging databases. Importantly, this is happening across borders, with the East African Community taking steps to share SIM registration across borders (Sato, 2013). Already, the CTO of MTN Nigeria is publicly advocating for SIM registration data to link to banking, health, and driving license data (Atili, 2012). It may be the case that normatively desirable outcomes emerge from these happenings — indeed, we agree that the exclusion of the poor from identity systems is often problematic (Setel, et al., 2007) — but the growing chorus of support for the positive aspects must be complemented by steps to avoid the downsides; in the case of SIM card registration in Africa, this has rarely happened. As suggested earlier in this paper (section II), the exclusion of surveillance from the dominant literature on the impact of mobiles in Africa is at least partly responsible for this silence and inattention.
There is an urgent need for enhanced scholarly and activist attention to SIM registration and associated trends that are establishing surveillance at the heart of the African mobile society. Too often, privacy is conceived as a technical problem to be fixed — an afterthought — rather than a complex political problem. Already the World Bank is thinking about “using digital identity to fight poverty” (Sudan, 2013) and the United Nations is pioneering “big data for development” (United Nations Global Pulse, 2012). More attention must be directed towards the privacy implications and politics of these trends. This attention can draw on international experience, but must be deeply aware of the particularities of the African context. For example, there is scope for learning from European data protection work, restrictions on secondary use, and fair information laws [25]. Already SIM registration data is being used for inappropriate ends such as electioneering (e.g., Zambian Watchdog, 2013) and worries about identity theft are emerging (Onwuegbuchi and Ugwu, 2013). However, the specifics of African political and economic development matter, and future work should draw on this history and context. By way of illustration, the outsourcing of network monitoring to foreigners mentioned above is directly a result of limited bureaucratic and technical acumen, and the impotence of the resistance to SIM registration can be attributed to the political arrangements in many African countries where civil society and opposition is weak. Scholars studying digital technologies would do well to connect with Africanists.
They conclude -
While many popular and academic narratives on the impact of mobile telephony on Africa’s development depict a positive outlook in which technology will bring sustained benefits to citizens as connectivity increases, parallel developments complicate these storylines. As we have shown, SIM registration represents a form of communications surveillance that reduces the anonymity once afforded — perhaps unintentionally — by prepaid airtime. These identification mandates may bring modest security benefits, although as noted, the evidence for such claims remains inconclusive. More importantly for the present discussion, however, is that SIM registration complicates the much–lauded developmental and emancipatory influences of these technologies. Of course, this pessimistic view ignores the resistance dynamics that were the focus of this article. In the case of SIM registration, it seems formal resistance to the imposition of the laws has been modest and ineffectual, but more everyday forms of resistance to compliance are proliferating. And, of course, these technologies never perform as seamlessly or perfectly as their proponents claim (cf., Magnet, 2011). At the very least, more debate is needed about these policies, including their political origins, effectiveness, and unintended consequences. We hope this paper has made a small contribution to these debates.
On the topic of future research, there is a lot of exciting work to do. We have ambitions to conduct deeper case studies of these programs across several countries on the continent. This will involve a closer engagement with stakeholders as well as an ethnographic examination of the everyday life of SIM registration, including documenting in detail what actually transpires at the point of enrolment (e.g., how discretionary are requirements in practice, what role does local knowledge play during registration when, for example, the enrollee is already known by the enrolment agent, and so forth), as well as post–registration realities. In addition, future research ought to explore more how African SIM registration policies conflict with other policy initiatives. As we have suggested above, it is already linked to the financial inclusion agenda, but other areas remain unassessed. For example, in Mexico the VidaNET program, which provides a treatment reminder system to those with HIV, has faced challenges as a result of the country’s SIM registration laws. Patients are understandably wary about participating in these mobile health programs because they fear medical confidentiality may be jeopardized by unrelated identity registration requirements (Feder, 2010). A separate regulatory development that deserves further study is the crackdown on counterfeit mobile devices, as is currently taking place in Kenya. This anti–counterfeit phone initiative led by the Communications Commission of Kenya and executed by MNOs aims to disconnect handsets with unrecognized IMEI numbers, which are believed to be fake (wa Chebusiri, 2012) [26]. This disconnection strategy has been linked with the country’s SIM registration efforts even though it is not immediately obvious how the two relate (that is, counterfeit phones seem to represent more of a trade regulation matter than a security problem). Finally, there is significant room for academics and civil society to work with government on the challenges raised in this paper for consumer protection laws, data protection laws, and constitutional safeguards. Best practice guidance with regard to SIM registration and network disconnection would also serve policy–makers.