More security is less security
The enforcing authority also has the responsibility of making compliance easy
The Delhi Police busted a fake SIM verification racket which was used by the Pakistani Intelligence Officer arrested recently. They recovered 205 pre-verified SIM cards and a 1000 application forms from the people involved. In the wake of this event the Delhi Police have written to TRAI to hold the telecom operators liable for this and increase the penalty from 50,000 to 1 crore for this offense. This is a serious matter that needs to be looked at carefully. If the telecom operators have indeed been lax either unknowingly or deliberately with their verification process, then they indeed need to be held responsible. But will increasing the fine really solve the problem?
The Department of Telecommunication (DoT) in its circular[pdf] dated 7–10–2009 listed all the documents that need to collected in order to provide a mobile subscription. There are in all 20 documents which can be produced by a subscriber. Does the person sitting in the mobile telecom operator’s office have the training and the resources to verify any of them? Would she know a fake Freedom Fighter Card from a real one even when it is presented to her? The article mentions that the main accused used his graphic design skills to create fake ids. With technology making it so easy to do such things I would not be surprising to find more such rackets getting uncovered.
The knee-jerk reaction to this has been to blame the telecom operator and demand a 200-fold increase in the fines. But this belongs to the category of problems where better design should precede strict enforcement. There is a concept in security where if the system is over designed to ensure maximum security then it achieves the exact opposite outcome. Anyone who has written down a password somewhere because it had too many constraints knows what this means. Even if she has the best intentions it is difficult for a person to visually verify 20 documents and still be correct all the time. Something like the Adhaar eKYC will go a long way in ensuring that the pain caused to the average honest customer is minimized while not compromising on security.
There is a new technology which is emerging in the GSM world right now which is the eSIM. It will be possible to change the carrier Over the Air after connection is established. This will open new channels for the users like dynamic switching of telecom operators and will provide interesting options to the operators like dynamic pricing. But whether this new technology reduces the pain of the subscribers or increases it, really depends on how the regulator understand the new innovation and how carefully the new on-boarding process is defined.