Incentivising Phone Theft
As noted above, the obvious response of criminals to a requirement for real-name registration would be to steal SIM cards, and the phones holding them.
The Consultation Paper is correct in Section 1.3, "PPS services are popular because of such flexibility and convenience, particularly for low-volume users and those who do not wish to be bound by a fixed-term monthly plan or service package." Such users are likely to be poor or in vulnerable groups, the elderly, retirees or those who are less familiar with the use of technology. Their choice of phone is likely to be price-driven: a cheap, out-of-date or second-hand phone because it meets their needs. Currently, this makes them unlikely to be targetted by phone thieves who will naturally seek the new, high-price models. Having a phone that is unlikely to be stolen is an advantage for these users.
Therefore, the expected result of real-name registration would be an increase in phone theft from exactly the people the Consultation Paper claims in Section 2.3 are most vulnerable to telephone deception.
Investigation of Victims
A victim of phone theft incentivised by real-name registration will, automatically, become a suspect in any crimes that involve the stolen SIM. Hopefully, the Police will consider the possibility and be considerate, but they will still be wasting time investigating an entirely innocent victim. In the worst case, a vulnerable person might have their phone stolen multiple times, because it is easier to steal from such a victim, and the repeated pattern will, inevitably, trigger a deeper Police investigation.
Exposure of Personal Data
Additional personal data will be collected by the service providers and stored. There have been many cases, some in Hong Kong, of large companies mishandling the security of personal data. There is also the possibility that dishonest employees could steal selected data.
The service providers will have to train their staff to correctly collect and handle the additional personal data and buying a PPS card will take a lot longer for the staff involved. These costs will, inevitably, be passed on to the user, hitting the poor and vulnerable most. The additional cost will be the same for a low duration PPS card or a high duration one, so the low duration cards may cease to be cost-effective for the service providers. The disappearance of the low duration cards will again hit hardest at those who are most cost-sensitive.
As noted in Section 2.2, "PPS services have benefited local users and visitors looking for affordable, flexible and convenient mobile services usage". A traveller arriving after a long flight does not want to go through a long registration procedure to get connected. When I needed a phone connection on arriving in Mainland China, I bought a PPS card from a stall in the arrivals hall, but it was a difficult decision to hand over my passport for copying to a person who might have been employed by a phone company I had not heard of. It would be easy to trick a tired traveller into responsibility for two PPS cards ("and sign the copy here, sir"), again defeating the purpose of the registration.
Exhibitors at trade shows sometimes need temporary staff to have assured communications. Some companies achieve this by giving the temporary staff PPS cards. The cards are a "throw-away" item that does not need to be collected after the event. Each card would need to be registered, there would need to be one permanent employee responsible for every three temporary employees with PPS cards, and the company would have to recover the cards at the end of event. Making sure a temporary employee doesn't wander off with a PPS card is an unwanted inconvenience at the end of a trade show, when everyone is trying to pack up and go home. These all increase the costs.
Real-name registration would destroy the potential of IoT. Cheap communications will soon be available to thousands of tiny devices through 5G, but requiring real-name registration will make that difficult or impossible. A recent IoT deployment in Hong Kong has put a device on thousands of trees, monitoring their health and safety. Would that be feasible if an employee is required for every three trees, to be responsible for the SIM cards?
Even if the employee count problem can be avoided, what will happen to IoT deployments in Hong Kong if the easiest way for a criminal to get an untraceable SIM card is to steal an IoT device?
Freedom of Speech
Informants and whistleblowers have an important function in a society, they can trigger investigation into wrongdoing by the powerful. Organised criminals could obtain personal information from service providers to trace and target informants.
Fix Caller ID
Some junk or suspicious calls come from unreachable numbers. This makes it impossible for users to call back. While the originating number information might not be available for all international calls, it should be possible for service providers to provide an accurate originating number for all local calls. No legitimate tele-marketing company should have an issue with their potential customers being able to identify and contact them, so enforcing this makes a useful division between legitimate and fraudulent callers and will increase public confidence in telecommunication services in Hong Kong.
Many fraudulent calls are being recognised by ordinary phone users and dropped or blocked. Presumably these represent the equivalent of a car thief walking down a line of parked cars, checking for unlocked doors. Making a formal report for a failed attempt is too much trouble for the user and the authorities. If the service providers were required to support a simple code to indicate, "previous call was suspicious", the reports could be collected and processed automatically, patterns of abuse identified and the numbers involved targetted for follow-up action. Simply disabling the abused SIMs would increase costs for the criminals.