Support independent journalism in Central & Eastern Europe.
Donate to TOL!

× Learn more
No, thanks Photo: Abbas Atilay
 
back  |  printBookmark and Share

Prepaid Surveillance

The Polish authorities are sacrificing citizens’ fundamental rights in a misguided strategy to increase security.

by Anna Obem 17 February 2017

“Register your prepaid card and get free calls/free data transfer/win a car” – those were the types of messages you could last month from Polish telecom operators, as an encouragement and reminder and that all prepaid SIM cards had to be registered by 1 February. One could have almost thought that this was just a nicely coordinated campaign of the leading telecoms, aimed at collecting a bit more data about their clients in exchange for a bonus. Nothing new under the sun in the data-driven world, right? Well, not exactly. The real point in this data collection effort is to increase control over all users of telecommunication networks in Poland, with a particular focus on foreigners. This time, the demand for more data came not from the market but directly from the policing arm of the state.

 

Obligatory registration of prepaid SIM cards was introduced in Poland by the controversial anti-terrorism law in June 2016. The law introduced a number of highly disputable counter-terrorism measures, many of them based on the (unacceptable, from a human rights perspective) assumption that every foreigner may pose a threat to national security. The controversies about the law were related to its effects on limiting freedom of assembly, and providing unlimited access to public databases for the Internal Security Agency (ISA); the secret services gaining additional powers to monitor foreigners that may pose a threat for national security (according to them, as no court order is required). The ISA may now also demand blocking access to any Internet content (in “urgent” cases, before a court authorizes a ban; otherwise the court will have five days to verify if the demand was justified). And – last but not least – the law limited freedom of communication by forcing people to register all SIM cards.

 

In many ways, the law underscores the government’s overall strategy of oppressing fundamental rights and freedoms under the pretext of increasing security. While not new at all (former governments applied it as well), such an approach has visibly accelerated since the Law and Justice party took power in 2015.

 

Yet this obligatory registration of prepaid SIM cards is not the most effective surveillance method (as it can be easily circumvented) and – from foreigners’ perspective – is certainly not the most serious limitation of their rights imposed by the Polish anti-terrorism law. However, it is an implication of the anti-terrorism law that will affect business operations and the daily life of people living in or traveling to Poland, with all its inconvenience and practical burdens. And the one that – with any doubt – has already taken effect (though not necessarily with the impact that the lawmakers intended): all the unregistered cards stopped working after 1 February.

 

So here it is: our list of questions about the obligatory registration of prepaid cards that other governments should consider when thinking about something similar.

 

1. Why do I have to register my prepaid card at all?


This was the number one question on FAQ lists featured on every telecom operator’s website. Their answer was: because the anti-terrorism law says so. But that doesn’t explain why this obligation was introduced in the first place. Our answer is: because Polish intelligence agencies want to have even more control. And they believe that registered SIM cards are going to make their job easier – at least with regard to those individuals that kindly registered their numbers in their own name.

 

2. How will registering prepaid cards make the work of intelligence agencies easier?

 

The reasoning of the lawmakers was that registered cards would make it much easier to identify the owners of the numbers linked to criminal activity, especially in the context of false bomb alarms. However, the measure will not be 100 percent effective, as the registered owner can sell the card or pass it on to someone else, without an obligation to update personal data in the operator’s register. Engaging a number of intermediaries and leaving false traces will not be much of a challenge for a determined criminal. In such case, the identification of the actual owner may take some time.

 

3. Do I have to register a card in my own name?

 

No. You can use a card registered in someone else’s name (parent, grandchild, sibling, spouse, employer, friend, etc.), and vice-versa, pass your card to another person. You can buy a registered card on Allegro (Poland’s most popular auction site, similar to eBay). Allegro rules say you cannot, but well, you still can. You can buy one in Germany or the Czech Republic, or register it to anyone that will be open for such a favor (and there are always people willing to do little favors for money). It is also relatively easy to register a number to someone without this person even knowing it – just take his or her registered phone and register your card through SMS (or make a copy of that person’s ID, as some operators allow for the registration through snail mail). While we do not encourage such practices, we hereby show that this new surveillance mechanism can be circumvented in many ways.

 

4. Will the registration help fight terrorism?

 

In theory, the registration of all SIM cards should limit anonymous communication and the ability of people engaged in criminal activity to camouflage themselves. But you will probably think – just like we do – that no criminal would register the card in his or her own name (unless they want to be caught). Even European Trade Commissioner Cecilia Malmstrom said in the European Parliament that there is no evidence that this is a successful measure to fight crime. The British government thought so, too, and – based on detailed analysis carried out by intelligence agencies and security experts – decided not to introduce such regulation into British law.

 

Perhaps Polish lawmakers have information that we don’t, proving the opposite. However, they were not willing to share it with the public, neither in the form of a written justification for the new law, nor in response to our direct questions.

 

5. What consequence can I face for selling registered SIM cards?

 

No legal consequences whatsoever. Interior Minister Mariusz Blaszczak has threatened in the media that “those who are selling cards face legal consequences in situations where these cards were used for a criminal activity”. However, there are no legal sanctions for selling SIM cards. Certainly, interrogation by the police or an intelligence agency is not a pleasure for most people. However, such an incident may now happen to anyone whose personal data was used to register a card related to anything that happened to attract the attention of the law – not just a criminal activity or an act of terror.

 

6. Cards used in elevators and vending machines also have to be registered. Why?

 

Yes, we also could not believe it. However, the Office for Electronic Communications, together with the Ministry of the Digital Agenda (responsible for internet developments in Poland), have recently reminded us that not only phones but also machines – such as vending machines and elevators – are using prepaid cards (for automatic communication with their operators). Really, we have no clue how registering a prepaid card in the vending machine is going to help catch terrorists.

 

7. What about the right to anonymous communication?

 

Forget about it. Polish lawmakers believe that the convenience of intelligence agencies is much more important than fundamental rights, e.g. the right to anonymous communication and protection of professional secrecy by lawyers, journalists, and doctors.

 

8. Is my personal data safe?

 

Registering cards at petrol stations, in banks, by mailmen, by snail mail, or email (with a scan of your ID attached!) sounds like a joke written for the 20th anniversary of the Polish data protection law (which we are celebrating this year). Or perhaps it is a vigilance test before the new EU-wide European Data Protection Regulation comes into force in May 2018, giving citizens better measures to stand up for their data rights? And well, the essential feature of all databases is that they tend to leak.

 

We should also be asking about safeguards preventing misuse of our data by the intelligence agencies. It is worth mentioning that all countries requiring the registration of SIM have strict control mechanisms governing how law enforcement agencies access and use telecommunication data, including the personal data of card owners. In Poland this area of state operations is beyond any form of independent control.

 

9. Who is going to pay for it?

 

The lawmakers cunningly counted that the new obligation will not incur any costs for the public budget. Why? Because mobile operators and their clients will bear this burden. And it is obvious that the bill will be rather high. Aggressive marketing campaigns (offering big bonuses, a BMW awarded in a lottery, etc.), the risk of losing a large number of customers who didn’t register on time, and building the whole network of registration points for SIM cards cost money. Our money – passed along in the form of higher costs.

 

Though the telecom operators managed the practical burden of the registration, and life is going on pretty much as before, we will continue to question the logic behind the new regulation, and to show its (unintended) consequences.

Anna Obem is the managing director at the Panoptykon Foundation. Wojciech Klicki, Katarzyna Szymielewicz, and Malgorzata Szumanska also contributed to this article. The Panoptykon Foundation is a Polish watchdog organization established in 2009 to protect fundamental rights and freedoms in the context of fast-changing technologies and growing surveillance.  

 

Homepage image via Pixabay.

back  |  printBookmark and Share

MULTIMEDIA PROJECTS

Moldovan diaries

The Moldovan Diaries is a multimedia, interactive examination of the country's ethnic, religious, social and political identities by Paolo Paterlini and Cesare De Giglio.

This innovative approach to story telling gives voice to ordinary people and takes the reader on the virtual trip across Moldovan rural and urban landscapes. 

It is a unique and intimate map of the nation.

RELATED ARTICLES

© Transitions Online 2017. All rights reserved. ISSN 1214-1615
Published by Transitions o.s., Baranova 33, 130 00 Prague 3, Czech Republic.