On March 12, Mexico’s Senate passed legislation requiring citizens to give up incredibly sensitive data in order to have access to a mobile phone. In addition to asking for a copy of an ID, telecoms will now be required to collect people’s fingerprints, faceprints, and home addresses. Companies will have two years to collect the data and make it accessible to the government.
In passing this law, Mexico joins the proud ranks of China, Saudi Arabia, Afghanistan, Venezuela, and 18 other countries that require biometric data in order to obtain a SIM card and are not exactly known for being bastions of liberal democracy.
The justification for such a radical move is that mobile phones are key instruments in the extortions, kidnappings, and other crimes that have blighted Mexico over the past years. The government’s theory is that having people’s biometric data will help prevent and solve these crimes. Even though Mexico’s safety situation is dire, in practice, this measure doesn’t stand a chance of helping to fight crime. On the contrary, it is likely to become a massive boon to criminals.
Put yourself in the shoes of a criminal. You need a phone to commit a crime. Are you going to use your own phone? Of course not. In the past, you might have bought a cheap burner. Now, you have an incentive to steal a phone from someone else. In a country where 98% of crimes remain unsolved, stealing a phone is not a big risk. Or, perhaps you could intimidate an underprivileged teenager to buy a phone for you and hand over his biometric details.
That’s only the first step toward enabling a new crime wave. It gets much worse. Drug cartels have grown tech savvy. They have money. They have power. They have access to corrupt officials. They are already using spyware that is meant for government use only. They will get their hands on that data: every Mexican’s most personal data. Creating a nationwide biometric database will be like handing Mexico’s worst criminals a menu that gives them access to any citizen or public official they might be interested in.
Collecting data is much easier than keeping it safe. If neither the NSA was able to keep its data safe nor the United States government was capable of keeping safe its most sensitive employee background checks, what chance do Mexican telecoms or the country’s government have? None.
If there were a data leak (and there will be), the consequences will be disastrous. You can change a password, but you can’t change biometric data like your fingerprints. People could be made vulnerable for the rest of their lives. A similar project had already been implemented in Mexico between 2008 and 2011. It was discarded after it was discovered that there had been a breach, and the database could be found for sale online. We should learn from past mistakes.
The justification for the new law assumes that privacy and security are a zero-sum game: the less privacy citizens have, the more security the state can provide them. If only it were so easy. Most of the time, the opposite is true: privacy and security go hand in hand. There’s a reason why people in Mexico don’t typically give out their phone numbers to strangers. You don’t do that in a dangerous country. The way to protect people is to allow them to safeguard their privacy, because that is their best tool to keep themselves safe.
Even if telecoms managed to keep data safe from criminals, Mexican citizens have reason to worry about their government having easy access to their biometric data and location. Mexico has a corruption problem. According to the Corruption Perceptions Index, the country ranks last among countries belonging to the OECD. It is a country in which astonishing things can happen, like the former defense minister getting accused by U.S. authorities of taking bribes from drug cartels and getting completely exonerated in Mexico. Other examples abound.
Another concern is the close relationship between surveillance and authoritarianism. Building a surveillance structure that could be co-opted by an authoritarian regime to cement its dominance is a terrible idea, even in the most well-functioning of societies. Creating this infrastructure in a country with a weak rule of law is beyond reckless.
Consider the effect this law might have on a free press. Mexico is already the deadliest country for journalists. Having data linking people to their phones will only make the job of journalists harder: it will be more difficult for them to protect both their sources and themselves.
Mexico’s new law needs to be challenged in the courts and on the streets. The safest countries in the world are not the most surveilled but those with low inequality and a strong rule of law. More surveillance is not going to help Mexico’s problems; it’s going to add to them.