The danger of handing over your biometric data over a cell line

Security experts talk about the risks involved in the Mobile Phone User Register. Photo: (Unocero)

.

Mérida, Yucatán (April 19, 2021).- Now that the Senate of the Republic approved the creation of the National Register of Mobile Telephone Users with the intention that all operators in the country collect by obligation the personal and biometric data of any user with a telephone line in México, there is concern about part of users, politicians, and experts on the subject on the dangers of storing such sensitive information in a database.

But the concerns are not unfounded, since in 2008 a similar measure called Renaut was created that collected personal data from millions of people in the country with a mobile phone line. However, in 2010 the data was put up for sale on the Internet for 500 pesos.

A measure that does not solve a problem

The argument behind the need for this Register of Mobile Telephone Users is to reduce the crimes of extortion and kidnapping that are orchestrated through telephone lines. Above all, for those that are made from the different prisons of the country, according to data from the Secretariat of Security of the State of Mexico, 80% of the extortion calls made in 2020 both in that state and in Mexico City come from the prisons located in the capital of the country.

Rodrigo Sámano, CEO and founder of ISLA (Intelligence Services Latin America) mentioned in an interview with Unocero that this registry does not guarantee that the rate of crimes related to extortion will be reduced, but that it can even create more problems than it seeks to solve since exposes the user to misuse of their information.

In addition, he stressed that to solve the problem of extortion calls from prisons, it is not necessary to collect biometric information from users, it is only necessary to place signal inhibitors so that the calls do not enter or leave the prison.

Andrés Velázquez, president and founder of Mattica (a strategic cybersecurity company) also agrees that this is not the solution, since it seeks to control the environment when the problem is behavior. He even assured that criminals will always look for alternative methods to continue committing crimes.

“People who commit crimes are going to find out how not to give this data, and that instead of preventing it from continuing, there will be greater value in stolen phones, which could be used for crimes such as extortion. And on the other hand, we know that criminals are using technology that is not even inside cell phones, such as lines via the Internet, ” Velázquez stressed.

568 551

A potential risk

Both experts assure that there is a possibility that the users’ data registry has the same fate as the Renaut database suffered, especially since there are 3 participants in this information chain.

The first point is the operators, who will have to collect the user’s biometric information; subsequently the data will be delivered to the IFT, and this body must deliver them to the authorities when requested.

568 374

For both researchers in cybersecurity, the greatest risk is that the data is leaked, since it is not the same to steal a credit card number than a person’s fingerprint.

“When this leaks, which we have already had a history of, it will be extremely easy to continue extorting and robbing people by having their biometric information, even this could trigger new crimes,” said Rodrigo Sámano.

For his part, Andrés Velázquez points out that the fingerprint of a compromised person is impossible to change as a password, so not taking the necessary measures could become a situation that affects the user for life.

A violation of the Constitution and user contracts

One of the first politicians to speak out against the registry was Miguel Ángel Mancera, PRD coordinator who made it clear that this measure is a “cocktail of violations of the Constitution”, while the lawyer and senator from the PRI, Claudia Ruiz Massieu He said that the presumption of innocence is violated and violates the Constitution, human rights and freedom of expression.

“Let’s avoid violating the rights of users of # TelefoníaMóvil with the integration of a biometric data registry whose access should not be automatic, but through a request for sensitive information: #mm”,

Regarding the presumption of innocence, Armando Zúñiga, president of COPARMEX CDMX said in a statement that a serious problem is that “it will be assumed that the registered person of a telephone line will be automatically responsible for any crime associated with the telephone number.”

The businessman pointed out that the National Register of Mobile Telephone Users also violates the retroactivity of the Law, sanctioning users to abide by rules that were not in force on the date of hiring their service under penalty of canceling their telephone line.

Can I defend myself in any way?

Miguel Ángel Mancera predicts that, as happened with Renaut, again many companies and users will take refuge, a thought that is supported by other politicians against the registry.

Rodrigo Sámano recommends that users be very attentive and protect their biometric data, especially those who seek to protect themselves so as not to allow their most sensitive data to be collected.

568 550

However, that is not the only problem, as the CEO of Mattica assures that fraud campaigns to steal biometric data could increase: “I see an area of ​​opportunity for attackers with which we must be very careful, as it could reach to occur that people get to take advantage of requesting biometric data from users through fraud campaigns “, stressed the expert.

Source: Unocero



Comments

comments