Published by ISS Today

Tanzania has introduced mandatory SIM card registration to combat cybercrime and fraud. The country joins over 140 others worldwide with this policy, despite some criticism that it may enable widespread surveillance, especially of particular social groups or political opposition.

The authorities say biometric data collected in the registration process will allow police to track offenders and deter crime. “This kind of registration is important for national security and will help to address fraud incidents involving mobile phones,” President John Magufuli said in December 2019.

This is the script many countries use when enforcing SIM card registration. They say it will counter cybercrime, instil trust and transparency in the financial and e-commerce services sector, and enhance national security and due diligence by cellphone providers.

In Tanzania, stolen or forged registration documents are used to commit fraud via cellphones. Mobile phones are also used in crimes such as robbery and abduction. There are also concerns about whether unregistered cellphones are behind civil offences, and what the Tanzanian government calls ‘offences against the republic.’

Defamatory messages could indeed be traced to particular cellphones. But offences such as treason, inciting and aiding acts of mutiny, warlike activities, inducing desertion and helping prisoners of war escape, would require more than just an unregistered mobile phone.

Tanzania’s Electronic and Postal Communications Act 2010 criminalises the use, sale and distribution of unregistered SIM cards by anyone who owns or intends to use detachable SIM cards or built-in SIM card cellphones. Offenders face a fine of up to US$216 or three months in prison, which is unlikely to act as a deterrent. The law requires mobile service providers to maintain databases of information on each subscriber.

In January this year, the Tanzania Communications Regulatory Authority (TCRA) director-general James Kilaba told the media that government would be switching off all SIM cards that hadn’t been registered. ‘The information obtained from registered SIM cards will be directly linked to a subscriber’s national identification card, ensuring there is no more misinformation or forgery of the documents; no one can forge fingerprints,’ said TCRA spokesman Semu Mwakyanjala.

However, despite a relatively successful registration process, the TCRA is struggling to enforce compliance. The absence of supporting legislation and policies, such as to safeguard personal privacy, make implementation difficult. Tanzania’s law for example doesn’t provide for the immediate deregistration of SIM card users on state issuance of a death certificate to avoid a deceased’s information being used by criminals.

Collecting subscribers’ biometric data may have documented benefits across the world, for instance in monitoring mobile money transactions. But there’s no empirical evidence that compulsory registration of prepaid SIM users mitigates crime. Neither is there proof that mandatory SIM card registration enhances law enforcement and counter-terrorism.

Tanzania’s neighbour Kenya still grapples with SIM card fraud five years after enforcing mandatory registration. Prisoners defraud Kenyans of millions of shillings using unregistered or irregularly registered SIM cards. This shows that criminals and even terrorists use SIM cards for anonymity and avoiding detection.

Further afield, Mexico repealed its policies on SIM card registration in 2013 after an assessment showed it didn’t help prevent, investigate or prosecute associated crimes. And the argument that only mandatory registration enables people to access e-government and e-commerce services doesn’t appear especially strong. Countries like Finland don’t have compulsory SIM card registration but people have access to retail, banking and e-government services.

Mandatory SIM card registration also doesn’t take into account privacy and data protection laws. So people fear that governments will use information they collect to monitor dissidents and opposition groups. This heightens resistance, and even possibly falsification of essential data needed for registration.

To enhance law enforcement, countries wanting mandatory SIM card biometric registration should have integrated systems that make controlling SIM card ownership as effective as that of car ownership. This would connect investigative agencies to a well-structured portal that facilitates crime tracking and prevention.

In Africa, only Ghana, Mauritius, South Africa and Tunisia are highly rated in the 2018 United Nations e-Government Development Index. Thirty other countries, including Kenya, Cameroon, Nigeria, Lesotho, Togo, Rwanda and Tanzania, have an average score. Most state data systems on the continent remain non-digitised due to poor information and communication infrastructure.

This means that most African countries with SIM card registration laws and policies lack the capacity to keep up with rapid technological changes and sophisticated crime networks. Criminals often circumvent mandatory registration and detection and remain ahead of law enforcement.

Tanzania needs a broad regulatory framework to effectively counter cybercrime. A central system should link individuals’ information to their national identity cards, driving licences, passports and birth certificates. This will allow for speedy cross checking with other data sources, especially when an individual is suspected of engaging in crime.

It will also enable Tanzanians to more effectively participate in the global mobile phone market. There are 5.9 billion cellphone subscribers worldwide – 71% of the world’s population – with an estimated five billion mobile internet users expected by 2025. Mobile internet has made the cellphone the bridging platform for the 21st Century through e-commerce, financial services and a wide range of other digital services and content.

The greatest challenge for Tanzania isn’t the millions of unregistered SIM cards that could fall into the wrong hands. It lies in the development of regulatory frameworks to govern who accesses what data, when and for what purpose. With proper policies to deter criminality, exercises that raise more questions than answers – like SIM card registration – wouldn’t be necessary. DM

Deo Gumba is ENACT Regional Coordinator – East and Horn of Africa, ISS and Edward Wanyonyi, Strategic Communications and Systems Thinking Specialist, Camerafrica Consultants.

This article was first published by the ENACT project. ENACT is funded by the European Union (EU). The contents of this article are the sole responsibility of the author and can under no circumstances be regarded as reflecting the position of the EU.