Current Event – Mexico Plans to Fingerprint Cell phone Users

By tchan at 6:43 pm on February 12, 2009 | 3 Comments

According to a recent article, Mexico plans to start fingerprinting all cell phone users. A new law will give Mexico cell phone providers a year to create a database with their customer’s information including fingerprints. Providers would also have to store information such as text and voice messages and logs of a customer for one year. Currently, anyone can purchase a prepaid cell phone with a certain amount of minutes without any identification. This would change as new and existing cell phone users would have to be fingerprinted and entered into a database that would allow officials to match cell phones and messages to a customer.

This law was created in response to the large number of kidnappings that take place in Mexico. These kidnappers often use cell phones to demand ransom payments and extort money. The hope is that this new law will aid law officials in identifying these criminals.

One issue is user privacy. People use cell phones for a variety of reasons and conversations can contain anything including financial, medical, or personal information. Besides the personal information of messages being stored, a user’s fingerprint will also be collected. No doubt there are some users who would rather not have this information stored. The information collected by cell phone providers is suppose to only be accessible with a court order, but users are still vulnerable to an invasion of privacy. There is a risk that the database containing the users’ information could be compromised. Any messages discovered could potentially reveal financial or personal information. Besides whatever information is in the users’ messages, an attacker could steal someone’s fingerprint information, which could potentially be used to frame someone of a crime. There is also a question of how effective this measure will be relative to the potential costs. There is a risk of fraud if a criminal is able to register a cell phone in someone else’s name or if someone does not immediately report if his or her cell phone has been stolen. In both cases an innocent person could potentially be linked to a crime.

The top cell phone providers in Mexico have already expressed their disapproval. This law would place a large burden, both financially and logistically, on the providers to implement everything correctly. The public could also share a similar response as the cell providers. Even if implemented correctly, this law would create a large invasion of privacy for all cell phone users and in return only be able to identify the criminal.

Filed under: Current Events,Privacy3 Comments »


  • 1
    Get your own gravatar for comments by visiting

    Comment by Kevin Wallace

    February 12, 2009 @ 9:35 pm

    I doubt this will be effective – if criminals wish to make these calls anonymously, they will probably just purchase a prepaid cell phone from outside the country. The additional roaming charges they’d incur are likely negligible.

  • 2
    Get your own gravatar for comments by visiting

    Comment by Peter Miller

    February 13, 2009 @ 2:16 pm

    Presumably they would require the cellphone providers to not allow roaming calls or something so that people can’t do that (which would annoy tourists, of course; better would be something where you register your cellphone in the airport and thus can use it, but that’s just going to end up a bureaucratic mess).

    I really don’t see this being at all effective though–it just seems to be yet another thing which will cost millions in bureaucracy without actually deterring criminals. If someone is willing to kidnap some person in order to demand ransom, then I hardly think they’d be opposed to ‘kidnapping’ (i.e., stealing) a phone. Heck, so many people have cellphones today, it wouldn’t be at all unlikely that the kidnap victim him/herself has a cellphone–in which case the ransom call can just be called in on that.
    Certainly the idea that you can figure out who makes which call is great, it’s just way too open to fraud and is ineffective. When you restrict something like this, all you end up doing is restricting the common law-abiding citizen, since criminals won’t be bothered by breaking the law anyway.

    And even if they do succeed against all odds of cracking down on cellphones, I’m sure kidnappers can find some other method of communicating ransom demands (perhaps e-mail).

    In the end, it just makes it more and more of a police state while increasing the workload on the already overworked police. This doesn’t seem any more effective than requiring people to have a national ID card (as in, it’s an idea that some politician says “hey, wouldn’t this be a great solution!” and it ends up not really helping at all with respect to crime).

  • 3
    Get your own gravatar for comments by visiting

    Comment by stasis

    February 13, 2009 @ 9:06 pm

    They might get foreign cell phones, but it may not even be that much of an inconvenience. In my mind, this is eerily reminiscent to the fingerprint biometric Mercedes example shown in class. The original reason that they are imposing these laws is the recent rash of kidnappings. Why would they not just steal a phone as well? Perhaps the kid’s phone? Seems like a pretty easy way to get around the protections this law is trying to provide.

    Another thing about this topic is bothering me. If officials want to be able to match cell phones and text messages to people, why do they need fingerprinting? It seems like this is another case of biometric fever, where the fingerprint information is not contributing any security at all. Rather, this law is just trying to set up a national fingerprint database on the side. Matching texts to phones is easy. Matching phones to people is also easy. How about, when someone buys a phone (even a prepay one), you register the phone with the person? There are plenty of non-biometric identifiers available to register a device with. In the US, for instance, name or social security number are obvious candidates. I’m not saying this will solve the problem (obviously, now you have to deal with verifying this data, etc.), but the fingerprinting has little to do with the rest of the law, as far as I can tell.

RSS feed for comments on this post