In the debate about the re-registration of SIM cards for mobile phone users – as the new regulation dictates – which ‘coincides’ with the introduction of the mobile ID – it is difficult not to get lost or even appreciate the protests of citizens, many of whom have hit our courts of law to explain how this infringes their privacy. We speak to Parmesh Pallanee, a seasoned IT Solutions Architect, specialised in Information Systems, Process Engineering and Data Technology, for more clarification. The story that transpires is rather scary.

To re-register or not to re-register. What is your answer to the question?

Not to re-register at all, unless full transparency prevails as to how the data collected will be processed, stored and destroyed, which is not the case right now. Under the current circumstances, re-registering the SIM is a very dangerous move.

The adoption of new technologies sometimes comes at a cost and one has to look at the benefits.

And what are the benefits?

From what I understand, the re-registration of SIM cards came up as a recommendation in the Lam Shan Leen report on Drug Trafficking. So it is a way to control drug trafficking. Let’s just agree on that benefit first and then balance it out with the costs.

We can’t agree that this process will help curb drug trafficking in any fashion or manner. To begin with, the Lam Shan Leen report came out in 2018! It is only now, with the general elections looming on the horizon that someone suddenly realised that the re-registration of the SIM cards was one of the key measures to fight drug trafficking. But even without focusing on the timing and the pretexts being used, I can assure you that even before the SIM re-registration regulation was initially promulgated in 2022, the drug traffickers would have already set up untraceable communication channels through foreign-registered SIM cards using dedicated Virtual Private Networks located outside the country or simply foreign SIM cards registered outside the country. Drug dealing is a very lucrative business and these traffickers are prepared to invest in telecommunication frameworks to avoid being caught.

Don’t the authorities know that?

They do, or should do, if they are really serious about catching drug traffickers. Besides, the government cannot impose this re-registration exercise on the whole population just for the sake of implementing one recommendation of the Lam Shan Leen report. So the real objectives of SIM registration lie elsewhere i.e. in what the government is NOT openly saying.

So if this measure is useless, why did it come up as a recommendation in the Lam Shan Leen report on Drug Trafficking?

It was one of the 460 recommendations. What happened to the other 459? There are so many other ways of controlling drugs with the technology available today that putting people’s privacy at risk is not at all a necessity.

What kind of technological measures are you thinking about?

What about the use of mobile device jammers in prisons? What about a relentless fight against contraband cell phones in prisons? What about mobile phone detection in prisons? Cell Phone Detectors come with bugs which are meant to detect Radio Frequency (RF) transmission signals from a mobile phone. The moment this bug detects the RF transmission signal from an activated cell phone, it triggers beep alarms, until the mobile phone is seen and seized by prison officers. Nowadays with technology, there’s no limit to what you can do if prison authorities really want to completely eradicate mobile telecommunications within and outside the perimeters of prisons. Even those outside prison can be easily tracked with a judge’s order based on solid grounds coming from field intelligence reports. My point is that we cannot jeopardise the personal data privacy and confidentiality of all the SIM card holders just to target a few suspects.

So what you are telling me is that this measure is not necessary.

Yes. Definitely not.

But you haven’t yet convinced me of why you think it’s dangerous to the point that lawyer Pazhany Rangasamy and others have to go to court and ask for an injunction…

I sincerely don’t see any reason why the ICTA, through the public operators, requires a photo from the mobile phone users who are coming for re-registration. Except if the reason behind this is to obtain a recent biometrically enabled photo to ensure that the real person is re-registering his/her SIM card and not a fake person re-registering a SIM card for another mobile user. Again to ensure that the true and real person is re-registering his/her SIM card, the biometric data has to be compared to an existing biometric database kept somewhere. We are all aware that biometric data had to be deleted following the judgement in the Dr Raja Mahadewoo case. My second point is that no mention is made as to where the recent biometric data taken during re-registration are kept because, for the purpose of comparing data, to ensure its authentication, it has to be stored somewhere, prior to its comparison with the existing biometric database. Not only is biometric data stored somewhere (could be both by the operators and ICTA), but so are other personal data such as names, SIM card numbers and recent proof of address. The way the whole process is laid out points towards the possibility that the ICTA is helping to build an updated citizen database that can be used for many purposes.

Such as what?

For instance, there is the risk of such valuable data being used in the forthcoming general elections, giving the party/alliance in power a tremendous edge to reach electors massively and, wherever necessary, to bring down political opponents by easily tampering with their mobile devices and using this data lake to build all kinds of propaganda using biometric data in fake photos, videos etc.

**But don’t they have these data anyway from the first registration?

They do. But they can only disclose them if there is a court case, a judge’s order etc. There is no such guarantee with the re-registration of SIM cards. There is an agreement signed between the ICTA and the operators which outlines each party's responsibilities in regard to data privacy. But the authorities have never disclosed it. We need to force them to disclose the agreement since public data is being captured and there’s no traceability at all. According to the Data Protection Act (2017), a data subject (a member of the public) should be informed where his/her data are being stored, by whom they are processed and for what purpose. Now, what is even stranger is the coincidence between this sudden urge to re-register everyone’s SIM card and the introduction of the digital biometric card.

What is the connection?

Let me give you a case study. Once the data you gave your phone operator has been stored and since there is no formal agreement to protect it, with the new mobile ID, your data can be used to manipulate that. Suppose I was really devious and prepared to use any means to win the election, once I have your photo, I can use it on the new mobile ID which will be on mobile phones. And suppose you are out of the country, I can send someone with your ID with his photo on it and s/he can vote instead of you! Placing a photo on someone else’s mobile ID on a mobile phone is child’s play. This can only be done with the mobile ID, not with the physical one. The government has not announced anything about safeguards that will be introduced to prevent the fraudulent use of Mobile IDs. Will the mobile ID be read using a read-only scanner (like touch & pay)? Will it require a PIN as well, like the system in place for credit cards? What prevents fraudsters from superimposing the photos of third parties on the mobile IDs?

Isn’t that for the electoral commissioner to take care of?

Indeed. But how will the electoral commissioner verify and validate the identity of voters who call into voting rooms? Will the photo of the voter be shown on a screen for all agents to see? Or will a QR be used that will only show the name of the voter on the scanner/reader? Again, by reference to bank credit cards, if Mr Thief steals the card of Mr Honest, he can simply go to any shop and pay by using touch & pay or, if a PIN is required, by also inserting the PIN if he knows it. Remember that, even if PINs would be mandatory for mobile IDs, all PINs will be delivered by MauPass and all PIN changes will similarly be recorded on the MauPass server and we have no visibility on who “handles” the data at the level of MauPass.

Well, surely they will be handled by some independent Mobile ID Unit…

(Laughs) I have no doubt as the Mobile ID Unit will be under the Prime Minister’s Office and Pravind Jugnauth will appoint its CEO! This unit will therefore be as independent as the Independent Commission Against Corruption, the Bank of Mauritius, The Police Force, the Passport and Immigration Office, the State Informatics Ltd, and Immigration Office, the Financial Intelligence Unit etc. To cut it short, it will be as independent as virtually all the institutions today. Worse, the use of Mobile IDs in voting rooms will enable a live reporting of who has voted and this is in breach of the Representation of People’s Act which prevents the dissemination of any information that could identify who has voted and who has not. This might in turn enable the government candidates to incentivise voters to go and vote for them.

So to cut a long story short, what you are asking us to do is not re-register our SIM cards. But if we don’t, we will be cut off from the world, won’t we?

This is a call for action by citizens of this country because it is about people’s privacy. Possible electoral fraud is only one aspect of it. With Safe City cameras everywhere and home cameras, there is also the danger of spying on you in your own house. You know, all the machine-to-machine SIM cards and cameras are linked to your mobile phone. When you are at work and you want to check if your babysitter is looking after your child at home, how do you do that? When you want to check from abroad if your home is safe, how do you go about doing that? Your mobile phones connect to all SIM enabled machines that you use at home and in your business and this is done through your SIM cards. So there is a danger of whoever is ill-intentioned to spy on you in real time and know where you go, who you visit etc. Worse, with AI use in the development of deep fake photos and videos, they can even put you somewhere where you have never been. It is this level of intrusion into citizens’ private lives that we are asking people to prevent.

What difference will the action of a few hundred or thousand citizen make?

If even 100,000-200,000 people don’t register their SIM cards, it’s a big loss of revenue for the phone operators. So they can put pressure on the authorities. That is the only way we can stop the danger of intrusion into people’s private lives while waiting for the court cases now before the court to hopefully take a stand for better transparency.

You are referring to Pazhany Rangasamy’s case, aren’t you?

Yes, and others. Pazhany is a good case because as a lawyer, he has to protect the confidentiality of the information exchanged with his clients. Professionals exercising within the legal sector take an oath of confidentiality to protect their clients, the information exchanged between them, photos and documents. If ever there is leakage of information in a case which is underway, the lawyer or barrister can face radiation from the legal profession. Medical practitioners are also directly concerned by this issue. That’s why Pazhany’s case is challenging this regulation.

But these cases may take months at best and at worst years. How do we communicate with the outside world in the meantime?

This is a constitutional case so it may not take long. Have you by the way noticed that since the cases started hitting the courts of law, the authorities have increased the adverts to try and convince people to re-register their SIM cards? They must have thought that Mauritians were going to quickly line up and give their confidential information to them on a tray.

How many people have?

It has been recently announced by Mauritius Telecom that only 600,000 SIM cards have been re-registered out of the 2.4 million being used.

I will ask the question again: what do we do once they cut off our links with the outside world?

We have to make a difficult choice. Are we prepared to live in a country where we do not really know to what extent we are being monitored and watched? The price of freedom always comes with tremendous pain. The Great Nelson Mandela said: “Real leaders must be ready to sacrifice all for the freedom of their people”. I think we should take inspiration from his statement and from his own journey in general. Our sacrifice is much less.