The proliferation of SMS scam and spam in the Philippines is now being used to justify the ridiculous, no-basis, SIM Card Registration bills in both Senate and House of the Philippine Congress.

This is the easy way out (hence the full support of the law enforcement agencies), with NO guarantees that it will actually solve this problem. Telcos, when asked whether they favor the bills, will not say that they are against it, for fear of retaliation from these lawmakers, who often harbor grudges. Anyway, shouldn't it be that when crafting our laws, research should be the basis, not who is the loudest or most powerful bill author/supporter? I cannot shake the feeling that lawmakers are not doing their research when there were bills filed that are unconstitutional to begin with. Anyway, what do I know? I am not a politician.

Going back to the possible source of these numbers - we can only speculate, at least until DICT, NTC, NBI, PNP, NPC and the telcos finally find out who these good for nothing culprits are and get them to reveal their sources. However, based on personal experience and other experiences of friends, both IRL and social media, it seems to point to GCash and Viber.

Others speculate that the possible sources are those contact tracing forms that we have accomplished when entering commercial establishments - but then again, I personally couldn't match any of the SMS spams/scams I received as linked to these, but then again, I did not go out that much then.

Anyway, going back to GCash and Viber are highly likely to be the source of the data, because by design, their mobile applications made it extremely easy to scrape names and mobile numbers when you start a transaction. Before today, when you use GCash to send money to another person, you enter the mobile number and the amount and then you are shown the name of the owner of that number. Bingo! Easy-peasy way to get this data.

GCash fixed this by masking some characters off of the name of the subscriber, but this, IMHO, is too late. I am not sure about Viber as I don't use it with any of my numbers (I have both Smart and Globe postpaid lines), but I suspect that it is the same. Just in case you'll ask, I use iMessage, Signal, and Threema, not Viber, FB Messenger, WhatsApp, and not Telegram!

Here's a thought - I remember the National Privacy Commission (NPC) requiring privacy impact assessments (PIA) from Philippine companies not too long ago. I wonder if Mynt, the company behind GCash, flagged their mobile app procedure as high risk, considering that it reveals the full first name, initials of the surname AND the associated mobile number (PIIs, right?) to practically ANYONE with a GCash account (was it restricted to VERIFIED accounts only?!) and WITHOUT the consent of subscribers.

I wonder if NPC knew about it but did nothing. If this happened in the EU or US, GCash will be giving subscribers money off of fines imposed by the government! The same with Viber, IMHO. The GCash application did some fixes, but the data is already out there!

Those who scraped it will now be able to sell it, if they have not yet done so! Imagine, if you are a high value target (celebrity, politician, journalist, or simply filthy rice), you can be a potential SIM-SWAP target, and that leads to an entirely new ballgame!

Again - this is entirely speculative as the investigation is still on, but GCash and Viber have the potential to be the sources. When will the government agencies figure out who these culprits are? They have multiple numbers reported by victims (even if they're not reported, some personnel from these agencies were victims themselves, can we assume that they filed complaints, too?), and I am sure that they have a way to pinpoint exactly where that number is located. Until then, we can only wait and continue to fight that ridiculous SIM Card Registration bill!