This December, citizens of Namibia are faced with a catch-22.
In 10 days, more than half of the population of Namibia may lose phone service.
As a price for keeping it, the other half has handed over sensitive biometric data to the country's premier telco.
In an effort to combat mobile fraud and identity theft, and generally align with international norms, the Namibian government began a yearlong push for all citizens to register their SIM cards.
Most of those citizens have to do so through Mobile Telecommunications Limited, Namibia's first and largest mobile telecommunications provider.
MTC controls more than a 90% share of the market, servicing over 2 million customers in the country of just 2.5 million, according to company documentation.
In registering their SIMs the company has also collected customers' facial scans and fingerprints.
Namibia Failing Push to Register SIMs Namibia's SIM registration campaign hasn't gone according to plan.
The Communication Regulatory Authority of Namibia has reported that, as of this month, just 43% of the country - 1,043,144 of 2,463,367 total mobile phone users - have completed registration.
Rowney adds that this week, to speed up compliance, the government rescinded one step in the process: obtaining a declaration from the police prior to registration.
A representative of the Ministry of Information and Communication Technology told The Windhoek Observer that, despite poor adherence, the government will not push the registration deadline.
Those numbers will be lost to their original owners.
Rowney, for his part, does not believe the telcos will comply with such a firm stance.
It should be noted that the majority of MTC is owned by the government, as well as the entirety of its sole competitor, Telecom Namibia.
MTC's Biometric Data Collection Besides the threat of service interruptions, or the theoretical specter of mobile fraud should the plan fail, there's one other risk to this late drama: that MTC will gain further leverage to collect sensitive biometric data.
According to Part 6 of Chapter V in Namibia's Communications Act of 2009, in registering a SIM card, companies must obtain certain standard personal information such as an individual's name, date of birth, address, and a form of government ID. Biometric data is not required by law.
As part of the registration process, MTC employees have been capturing photos and fingerprints of customers.
It's unclear whether the company intends to use this data for a particular purpose.
The confusion is compounded by the fact that Namibia does not yet have any data protection laws.
Its first Data Protection Bill was drafted two years ago and is as yet moving through Parliament.
This Cyber News was published on www.darkreading.com. Publication date: Thu, 21 Dec 2023 14:35:22 +0000