Mandated Service Restriction Orders

Background

In a number of countries, customers of prepaid or pay-as-you-go services can anonymously activate their subscriber identity module (SIM) card by simply purchasing credit, as formal user registration is not required. Around 150 governments around the world 1 have mandated prepaid SIM registration citing a perceived, but unproven, link between the introduction of such policies and the reduction of criminal and anti-social behaviour. Mandated prepaid SIM registration is most prevalent in Africa, where 90 per cent of UN-recognised states have such laws.

Some governments — including the Czech Republic, the United Kingdom and the United States — have decided against mandating registration of prepaid SIM users, concluding that the potential loopholes and implementation challenges outweigh the merits.

SIM registration can, however, allow many consumers to access value-added mobile and digital services that would not otherwise be available to them as unregistered users, including identity-linked services such as mobile money, e-health and e-government services.

For a SIM registration policy to lead to positive outcomes for consumers, it must be implemented in a pragmatic way that takes into account local market circumstances, such as the ability of mobile operators to verify customers’ identity documents. If the registration requirements are disproportionate to consumers’ ability to meet them in a specific market, mandating this policy may lead to implementation challenges and unforeseen consequences. For example, it could unintentionally exclude vulnerable and socially disadvantaged consumers or refugees who lack the required identity documents. It might also lead to the emergence of a black market for fraudulently registered or stolen SIM cards, based on the desire by some mobile users, including criminals, to remain anonymous.

Debate

To what extent do the benefits of mandatory prepaid SIM registration outweigh the costs and risks?
What factors should governments consider before mandating such a policy?


Industry Position

The GSMA discourages the use of SROs. Governments should only resort to SROs in exceptional and pre-defined circumstances, and only if absolutely necessary and proportionate to achieve a specified and legitimate aim that is consistent with internationally recognised human rights and relevant laws.

In order to aid transparency, governments should only issue SROs to operators in writing, citing the legal basis and with a clear audit trail to the person authorising the order. They should inform citizens that the service restriction has been ordered by the government and has been approved by a judicial or other authority in accordance with administrative procedures laid down in law. They should allow operators to investigate the impacts on their networks and customers and to communicate freely with their customers about the order. If it would undermine national security to do so at the time when the service is restricted, citizens should be informed as soon as possible after the event.

Governments should seek to avoid or mitigate the potentially harmful effects of SROs by minimising the number of demands, the geographic scope, the number of potentially affected individuals and businesses, the functional scope and the duration of the restriction.

For example, rather than block an entire network or social media platform, it may be possible for the SRO to target particular content or users. In any event, the SRO should always specify an end date. Independent oversight mechanisms should be established to ensure these principles are observed.

Operators can play an important role by raising awareness among government officials of the potential impact of SROs. They can also be prepared to work swiftly and efficiently to determine the legitimacy of the SRO once it has been received. This will help establish whether it has been approved by a judicial authority, whether it is valid and binding and whether there is opportunity for appeal, working with the government to limit the scope and impact of the order. Procedures can include guidance on how local personnel are to deal with SROs and the use of standardised forms to quickly assess and escalate SROs to senior company representatives.

All decisions should first and foremost be made with the safety and security of the operators’ customers, networks and staff in mind, and with the aim of being able to restore services as quickly as possible.

Resources

Australian government draft guidelines on website blocking 
Global Network Initiative and the Telecommunications Industry Dialogue Joint Statement: Service Restrictions
Telia Company form for assessment and escalation of SROs