“Pakistan’s mobile phone owners told: be fingerprinted or lose your SIM card,” says the Guardian. “Pakistanis face a deadline: Surrender fingerprints or give up cellphone,” goes the Washington Post. “Pakistan orders cellphone users to provide their fingerprints,” says Engadget. Mainstream media certainly likes to paint Pakistan as a totalitarian state that needs more Western style freedoms, but the truth on the ground could hardly be more different.
Many years ago I went to Pakistan as a guest of their telecom regulator for a conference on mobile solutions for the bottom of the pyramid. Micro-finance, micro-insurance and the challenges of connecting the unconnected was the agenda of the day. It was in early 2010, not long after Telenor had bought a run-down bank in order to get their banking licence and provide micro-finance under the Easypaisa brand.
In what was surprisingly counter intuitive move, Telenor Pakistan was using its SIM and top-up network to provide banking services as they already had to get out to rural and dangerous areas already to sell top-ups and take in cash from their top-up network. The telecom logistics network was the heart of the new microfinance network, relying on the army of pickup trucks scouring the country to take in deposits and manage cash in a country that severely lacked infrastructure.
The traditional way for people in big cities sending money to their family upcountry was to give cash to a bus driver who delivers it at a fee, obviously not that trustworthy and the epitome of a low-tech, low-security financial transaction.
The relationship between the telecom regulator and the telcos also seemed much more... symbiotic than the adversarial relationship in many more countries. The government and telcos had to work together, often with the army, in order to get fiber and masts set up in areas filled with landmines and armed militia. Plus the very fact that they allowed Telenor to buy up Tameer Bank in order to serve the unbanked is something that is almost inconceivable in more so-called developed countries with their more conventional, myopic approaches to regulation.
In return what struck me was how the people of Pakistan loved their telcos and Telenor in particular. The blue propeller was everywhere - even, in one not quite public-relations approved case, spray painted onto a cliff face.
I wonder how many of the mainstream media hacks had ever spent time in Pakistan before jumping on the Western narrative portraying the government as oppressive and cracking down on civil libities. After all, some people have to justify number of drone kills in Pakistan, estimated at between 2,000 to 3,000 since the war on terror began.
I talked to Atifa Asghar, media contact at Telenor Pakistan, asking her about the headlines in the Washington Post and the Guardian in particular, to which she explained that Telenor and the other telcos were not even collecting fingerprints to begin with. All Pakistani citizens already have their fingerprints lodged with the NADRA, the National Database and Registration Authority and it was a case of re-verifying existing data against a SIM card rather than collecting data for the government.
Pakistan already had a SIM registration system in place. From my personal experience, it involved an ID card and password that every Pakistani had. For foreigners, it was a convoluted system for that involved going to Telenor Pakistan’s head office and, in my case, still failing.
Obviously just having an ID and static, reusable password is not good enough. Identity theft was all too easy and rogue SIM registrations still slipped by.
Asghar said that the call for biometric re-verification of SIM cards came after the terrorist attack in school in Peshawar killing 132 children.
More than 103 million SIMs were already registered under the old process and the government ordered the telcos to re-verify those SIMs through a biometric process to make sure that every SIM was owned by who was supposed to be using it.
Telenor Pakistan’s systems are connected to NADRA’s servers’ back end. Once the thumb is placed on the scanner, it verifies that the registration data. No new data is actually collected or stored by the telcos.
As of March, over 70 million SIMs had been reverified. 45 million in the first month and a half alone.
Asghar said that in some rural households, women would not leave the home and it was a challenge for Telenor to have mobile teams go into homes. She said that a system that would allow all telcos to cross-verify each others’ subscribers was considered, but rolling out such a system would have taken an extra six months and the government decided to expedite the process. She also said that it was too soon to say if the re-verification would affect market share.
The headlines suggesting that telcos were cracking down on civil liberties and collecting fingerprints for a totalitarian government could not be further from the truth.
What the Pakistan episode should teach us is that having a half-secure database is worse than having none at all in that it costs a lot and gives a false sense of security. It is like being half pregnant or having a ship with only half of it riddled with holes. Either one goes all the way, or one not bother at all with registration if the goal really is national security. There is no halfway house that works.