TECH4GOOD
Monchito Ibrahim
Smishing has been hugging the news lately brought about by an alarming number of cases of personalized scam messages received by a lot of people. Personalized because it has either your name on them or the name of somebody you know. And this situation is bringing to the fore the weaknesses of our digital ecosystem.
More alarming is the significant number of people biting into these scams. I can only surmise that it is driven by reasons like negligence, misinformation, greed, need, or plain stupidity. It could also be related to our propensity to always be tinkering with our smartphones.
Today, we are all facing technological revolutions, game-changers, and paradigm shifts. Trust is emerging to be the key to reaping the benefits of a digital world. According to The Digital Trust Index, building trust in the digital economy could unleash trillions of dollars of opportunities. In order to be trustworthy, technology must be secure as well as responsibly used and privacy must be maintained.
We are beginning to see players trying to point fingers at each other as the possible cause of the riddle. They include data aggregators, mobile financial apps, negligent LGUs who have accumulated filled-up contact tracing forms, and telcos. Several government offices including enforcement agencies mandated to protect consumers are cramming to find the root of the problem, and the people behind it as well as possible solutions to address the situation. Legislative bodies have also started to conduct hearings to understand what is happening.
I have had my share of smishing messages. In the last three months, I have received at least five unsolicited messages that have my first name and the first letter of my family name on them. The way my name was presented was eerily the same as the way a popular e-wallet app would usually present my name in receipt confirmation before they recently changed it.
In another SMS message, the guy who sent it probably was trying to collect money from a person whose name and phone number are in my phone directory. Its message started with UTANGERA ALERT! followed by the complete name and phone number of the person they were after. How did this happen? How did the sender know that the person is an acquaintance? Scary indeed!
Unsolicited messages are evolving, and scammers are getting bolder and much more sophisticated. As late as last year, the kind of smishing messages were usually generalized ones that supposedly offer job opportunities and financial offers but did not include your name or names and actual phone numbers of people in your directory.
The situation raises a lot of questions related to the capacity of the government agencies tasked to ensure that our digital ecosystem is safe and conducive to building digital trust to really handle the situation. Considering the pace at which technologies are emerging and changing the ways we carry on with our lives, these government institutions must always act with agility and keep pace with the paradigm shifts. Are they organized in a way that they can be agile? Do they have the right skills and tools? Are they provided with adequate budgets for them to really operate effectively?
One of the new agencies specifically created to address a very critical aspect of the digital economy is the National Privacy Commission which is tasked to ensure the protection of personal data and the free flow of information. It is mandated to implement the provisions of the Data Privacy Act of 2012. I am fortunate to have been involved in the crafting of this law having been tasked to lead the working groups supporting the authors, the late Senator Ed Angara in the Senate and Congressman Roman Romulo in the HoR.
Composed of very competent officers and staff led by Commissioner John Henry Naga, the Privacy Commission has been very proactive in terms of enforcing the provisions of the law, its awareness programs for both individuals and organizations, and have been coming up with policies that are making it easy for everyone to comply. Considering, however,how they are currently organized and funded today, the breadth of its mandate, and the rapid digital transformation that is happening, the commission is limited from performing its full legislative mandate. The commission needs to acquire the tools for them to effectively do their jobs, recruit more competent people and set up regional offices to cover the whole country.
The prevalence of targeted spam messages is taking a toll on how people are able to trust the digital ecosystem today. It is sowing fear and distrust in many of our data collection activities. When the public perceives that their data is not secured, they will hesitate to disclose truthful, accurate, and genuine information for legitimate objectives like contact tracing, the development of data-driven policies, and technologies that utilize data. We all need to work together effectively to address this economic cancer.
(The author is the lead convenor of the Alliance for Technology Innovators for the Nation (ATIN), vice president of the Analytics Association of the Philippines, and vice president, UP System Information Technology Foundation.)