Purchasing and activating my SIM card in Malawi was a highly structured, computerised process. My conversation with the registering agent reminded me of the importance of understanding registration, and not just authentication, when studying digital identity policies.
Two things struck me about the process of registering a SIM card in Zomba, Malawi. As one of the 155 countries that, as of January 2020, had mandatory SIM registration laws, in Malawi the provision of personal information and a vaild identity document is required for purchasing and activating a SIM card for mobile services. In the awareness of this, and of the problematic consequences of mandatory SIM registration on user data treatment and risk of exclusion from services, two elements of the process experienced here struck me as notable.
First, even for a foreigner whose data are not checked for correspondance to a national ID database, the process is extremely structured. Ahmed, who registered my SIM card in his streetside kiosk in Zomba, shows me every step of it: he first needs my personal details, including a document identification number (the number of my Italian driving licence is recognised as “invalid number”, whereas that of my Italian passport allows us to move to the next step). Only at that point comes the request of a picture of the document, a frequently asked one when it comes to SIM registration. But the fields requested to fulfil the process are rigorous and unallowing for manual entry, where a driving licence number, valid or not, would possibly have fit. A form of control of the document’s conformity to a valid passport is designed in the standards themselves, very different from the paper forms that previous SIM registrations have made me used to.
Airtime, data and SIM registration kiosks, Zomba, Malawi, January 2023
Second, the importance of SIM registration is remarkable. Kiosks of Airtel and Mpamba are all over the streets, and Ahmed tells me about the frustration encountered when, following every step of the procedure for activating a client’s SIM, it ultimately does not work (at the first attempt, even my phone shows an “unknown error” only apparently causing inability to activate the SIM, which a second attempt corrects). Unknown errors, says Ahmed, are unpredictable and can pop up during registration, effectively making SIM activation undoable. The uncertainty connected to activation – reminiscent of that described, among others, by Chaudhuri (2021) on biometric delivery of food rations in India’s Jharkhand – joins a discourse interrogating the consequences of insecurity in practices that, like the ability to access mobile services here, are crucial to basic operations of daily life.
I have just arrived here. A whole new discovery to begin.
But my encounter with Ahmed, and with my new SIM used as hotspot as I write this post, made me think of something that I sometime forget when studying digital ID. A lot of our research – definitely, the focal point of my research since 2014 – is on authentication practices, defined as the process of asserting an identity previously established during identification. Authentication at the point of access – of government services, social protection, humanitarian provisions – is crucial as it determines authorisation or not to receive a given service, which can be as crucial as food rations, social cash or emergency assistance to needful groups. In previous work I have argued that the authentication-authorisation nexus is the crucial bit where legal injustice occurs, and the point whose breakage deprives individuals of essential rights.
And here comes the self critical point. Such an argument risks to exclude registration. Or at least, to neglect the effects generated not by failed authentication with a system, but with the bare inability to register for it. Directly connected to that argument are the consequences of making registration, and not authentication, conditional to identification with a national ID database. Consequences that have shown the risks connected to the SIM-ID link, and the consequent fear among affected users.
With SIM registration protests recently erupted in the Philippines, and increased concerns raised on the use of biometrics for SIM card registry, the primary step of digital identity – the very registration of the individual’s details in a database subjected to different protection policies – reminds me of the importance that all our research, especially that focused on accessing services or having them denied based on the step of authentication, is fundamentally predicated on registration processes that we cannot neglect. And to which I make a note to self, to dedicate more explicit attention in the next projects.