MEXICO CITY (Reuters) – A plan by Mexican lawmakers to put millions of cell phone users’ data in a biometric registry, billed as a tool to fight kidnapping and extortion, has sparked a backlash from telecoms companies and rights groups who warn it could lead to stolen data and higher costs.
Already approved in the lower house of Congress, the reform is in line with President Andres Manuel Lopez Obrador’s vow to counter crime using intelligence methods rather than force, but critics say it reveals the pitfalls of governments seeking to gather more citizen data for law enforcement purposes.
The bill is scheduled to be taken up in the current session in the Senate, where the ruling MORENA party and allies hold a majority.
Under the plan, America Movil, AT&T Inc and other carriers would be responsible for collecting customers’ data, including fingerprints or eye biometrics, to submit to a registry managed by Mexico’s telecoms regulator.
But a telecoms industry group that counts some major companies as members warned in an open letter that the reform could increase phone theft as criminals look to get around the registry by stealing devices and could risk customers’ safety if personal data were misused.
America Movil — owned by Mexican billionaire Carlos Slim — AT&T and Telefonica declined to comment.
The Mexico Internet Association, which includes Slim’s Telcel wireless company as a partner, said the registry would cost the industry hundreds of millions of dollars to implement, could put jobs at risk and create a human rights violation by compromising personal data protection.
Rights groups describe the plan as no better than a similar registry, which did not include biometric data, that Mexico dismantled in 2012 after a review found extortion calls, many of which come from inside prisons, actually increased by 40% after the data was leaked on the black market.
The new reform could lead people being exploited by bad actors and potentially wrongly convicted of crimes, according to Irene Levy, the president of Mexican telecommunications watchdog Observatel.
“El Chapo Guzman is not going to say, ‘This is my phone number and I am El Chapo Guzman,'” Levy said, referring to the Sinaloa Cartel kingpin who is in prison in the United States.
“What criminals do is ask someone to go and buy certain telephone lines, and when there is a crime committed with these numbers, this boy or girl – who took the money out of necessity and registered without knowing the consequences – will go to jail.”
Given the government’s strong support in Congress, the bill has a good chance of being passed, said Jorge Bravo, a political science professor at Mexico’s National Autonomous University (UNAM). However, a rethink is possible if public concern grows ahead of June mid-term elections.
EXTORTION CALLS
However, Maria de los Angeles Huerta, a lawmaker with the ruling MORENA party, said the registry was needed to help fight kidnapping in Mexico, which has the highest incidence of the crime in the Americas and the third-highest globally, according to international consultancy Control Risks.
Criminals have been known to use up to 17 prepaid phones to carry out one kidnapping, making it nearly impossible for police to track them down, Huerta said.
The reform’s supporters argue there is too little control of the country’s more than 120 million mobile lines, 83% of which use pre-paid SIM cards available at corner stores.
As things now stand, you can “buy a card and put it on your phone…. make an extortion call and then throw the phone in the garbage,” said Huerta.
The registry would make it harder for mobile users to remain anonymous by requiring proof of identification alongside hard-to-fake biometric data for anyone opening a new line. That information would then be available to law enforcement upon request.
Huerta called it a necessary tool in Mexico’s fight against extortion.
“Biometric data is not so falsifiable. If you are a horrendous criminal, you can tell your mother to open (a line), but at least you’re going to find the criminal’s mother, right?” she said.
The new registry would mandate the installation of biometric equipment, either to capture fingerprints or iris scans, anywhere mobile lines are sold.
While 155 countries around the world maintain cellphone user registries, Mexico’s collection of biometric data would go further than most.
Only about 8% of countries with registries also require biometrics, mainly for prepaid SIM card users, according to global telecoms industry lobby GSMA. Mexico’s registry would collect biometric data from all cellphone users in the country including from postpaid customers who are normally seen as unlikely criminals.
Many of those countries which do retain biometric data have questionable records on human rights, including China, Saudi Arabia and Pakistan. No Western countries collect biometric data from cellphone users.
Still, Mexico could serve as a model for other countries in the region, including Chile, where SIM registration is under consideration, experts said.
The reform implies a sweeping change for telecoms companies by making them responsible for the cost of collecting the data and then submitting it to the registry.
Others say the registry will obstruct mobile access for indigenous people who may lack official forms of identification.
Peru introduced fingerprint collection in 2016 for a regulator-managed registry, but it led to complications in rural areas where mobile phone penetration was already a challenge.
If users fail to submit the data, mobile carriers will have to cut their lines, further isolating people who rely on their phones for internet access, said Elena Estavillo, a former commissioner of the IFT, Mexico’s telecoms regulator.
“We should highlight this as something very worrying because it can be a circumstance that discourages or, for some people, makes it impossible to have access to these services, which is a fundamental right,” Estavillo said.
(Refiles story to add dropped name in paragraph two)
(Reporting by Cassandra Garrison; Editing by Christian Plumb and Alistair Bell)