Internet Society Hong Kong (ISOCHK) believes that the proposed Real-name Registration Programme for SIM Cards is damaging to Hong Kong’s reputation as a role model in the field of telecommunication policy. It will hinder the development of smart city, a commitment made by the Hong Kong Government, and deter technological innovation of the information technology industry. We oppose the proposed Programme and recommend a complete withdrawal of the Programme.
A matter of principle
As the United Nations Human Rights Council’s Special Rapporteur on freedom of opinion and expression reports, “encryption and anonymity tools have become vital for journalists, activists, artists, academics and others to exercise their professions and their human rights freely”. [1] Individuals and organizations should have the right to hold and freely express opinions without interference and conduct their legitimate everyday activities under adequate privacy protection. ISOCHK believes that the proposed regulation will only undermine decades of efforts Hong Kong has made to protect and promote freedom of speech and to maintain a favourable business environment, jeopardizing Hong Kong’s role as an international finance centre.
Proposal 1: SIM Real-name Registration Programme
ISOCHK does not support Proposal 1. The consultation paper depicts prepaid SIM cards (PPS) as a material factor in illegal activities. We do not believe it is true, and are of the opinion that PPS is a mere scapegoat. ISOCHK highlights the following:
According to the Secretary for Security Mr John Lee’s written reply to Hon Vincent Cheng in Legislative Council on 13 January 2021 [2], the majority of telephone deception cases originated from outside Hong Kong. We do not see how real-name registration of local SIM cards could address the problem and we can foresee the prevalence of similar phone scams even after the Registration Programme is put into effect. Without disclosing the ratio of telephone deception cases involving local SIM cards versus overseas callers, the claim made by the consultation paper is incomplete and misleading.
The consultation paper also argues that serious and violent crimes threaten public safety, hinting at the possibility that criminals would make use of local PPS to conduct their activities. ISOCHK would like to point out that it is easy for any serious criminal to obtain overseas SIM cards; they may also look for scapegoats to bypass the real-name SIM card registration. Worse still, it is also foreseeable that identity theft or SIM swapping attacks would become a more apparent concern once the registration programme comes into effect, imposing additional risks to innocent individuals and businesses.
If crime prevention is an important concern in the legislative exercise, ISOCHK regrets to comment that the proposed Programme will be gravely ineffective. The burden and restriction it places on service providers and consumers are utterly unnecessary and disproportionate vis-à-vis the purported purpose.
Hong Kong has been one of the safest cities in the world since the introduction of mobile telephone services back in the 1990s, and has always been a successful role model of a free city with low crime rate and high adoption of telecommunication technologies. The consultation paper’s accusations that the anonymous nature of PPS “undermines confidence in the integrity of telecommunication services” and “jeopardizes the genuine or legitimate use of telecommunication”, when scrutinized against the city’s experience, are utterly gratuitous and unsubstantiated.
Proposal 2: Three PPS cards restriction per user
ISOCHK does not support Proposal 2. It proposes to limit the number of SIM cards to three (3) per user, including company and corporate users. It is obvious that the authorities have not thoroughly considered reality, in this case, the increase of mobility devices per individual in the era of Internet of Things (IoT) and 5G. Based on the World Bank’s 2019 data [3], each person in Hong Kong subscribes to 2.89 mobile services on average. It is expected that this number would only increase in the coming years. The proposed restriction of three SIM cards per individual is no doubt unrealistic, disregarding the fact that many people use more than three PPS for their own devices for emergency internet access during network outages or have dual SIM cards in the same phone for extra mobile data quota.
The proposal does not detail any arrangement on SIM cards for machines, such as automobiles and shared bicycles, or fixed installation such as vending machines and advertising panels. Many of these devices require the use of SIM cards to perform remote management, security update, location tracking and content delivery. It is also common for the information technology industry to conduct research and test resiliency, compatibility and security of their products and services by using dozens or even hundreds of mobile devices simultaneously. The proposal illustrates not only the government’s ignorance and disregard of the IT industry’s real practices, causing inconvenience to the daily operation of hundreds of businesses, but also paints a very discouraging future for the industry, further accelerating the relocation of companies and emigration of talents since the establishment of the National Security Law.
Proposal 3: Registration endorsement for young persons
ISOCHK does not support Proposal 3. We do not think the registration endorsement could provide any substantial protection to young people. Speculating on the assumption that criminals would lure teenagers to register SIM cards for illegal use, the consultation paper proposes that adolescents be required to seek endorsement from parents, relatives or guardians before obtaining registered SIM cards. On a practical level, this only imposes extra difficulties upon service providers to prove such relationships, and is not at all helpful in preventing identity theft, or barring teenagers from selling their SIM to criminals for profit. It would, however, put teenagers into a disadvantageous position in which, with increasingly extraordinary law enforcement and prosecution practices, youngsters lacking legal knowledge and experience would be dragged into criminal proceedings and even challenged to prove their (legally presumed) innocence in case of SIM card misuse.
The registration would also bring obstacles to the promotion of STEM education to children. The added cost and endorsement procedure would discourage talented children from exploring and learning innovative technologies that involve the use of mobile networks. Children, especially those living in grassroots communities, might lose their opportunity to learn if access to mobile networks requires approval of adults who do not understand the importance of it.
Proposal 8: Record requests from Law Enforcement without warrant
ISOCHK does not support Proposal 8. The proposed regulation grants power to law enforcement agencies (LEAs) to request registration information under “urgent or emergency situations”. Yet, the definition of “urgent or emergency situations” is unclear and the power itself lacks independent checks and balances. As the National Security Law has already granted LEAs the right to request service providers to provide assistance whenever deemed necessary, it is redundant and excessive for the proposed legislation to grant LEAs access to the records without warrant.
In addition, there does not seem to be any clear mechanism to prevent abuse of such private information. It is foreseeable that the abusive power given to LEAs could easily be weaponized and become a tool to harass or threaten dissidents. As the UN opines, “when States legitimately need access to encrypted or anonymous information, they should only seek it through judicial process”. [1] ISOCHK only supports that LEAs may request licensees to provide SIM card registration records of relevant individuals and time ranges when a warrant is issued by a magistrate, where it is necessary for LEAs to conduct investigation and the magistrate is satisfied that all other less intrusive methods have been exhausted.
Internet Society Hong Kong
25th February, 2021
[1] https://www.ohchr.org/EN/NewsEvents/Pages/HRencryptionanonymityinadigitalage.aspx
[2] https://www.info.gov.hk/gia/general/202101/13/P2021011300541.htm
[3] https://data.worldbank.org/indicator/IT.CEL.SETS.P2?name_desc=false&locations=HK
Read more
