South Korea’s government on Friday announced it will require local mobile carriers to verify the identity of new customers with facial recognition scans, in the hope of reducing scams… South Korea to require face scans to buy a SIM • The Register
4 Likes
In Italy you can buy scammed SIM cards for just 10€ outside main cities train stations (Rome, Milan,…) 
Black market will never die!
1 Like
Presumably there’s a bootstrap problem here such that if you are South Korean and buying your first ever phone, you have to turn up in person. (I guess that would be solvable if there were some dubious special case made so that SIM activation occurs in two stages and in the first stage you can access enough of the mobile data network to do a face scan, and after that you have unrestricted access to the mobile data network. Normally though until the SIM is activated you can’t get on the mobile network at all.)
Presumably also this makes it difficult to get a SIM in South Korea using only a Librem 5 - since it will be difficult to run the mobile network provider’s dodgy app in order to do a face scan. So this development in South Korea is a negative for Purism.
The underlying data breach problem has been somewhat solved here by requiring the upload of two numbers from your drivers licence. The first is the actual drivers licence number, which “never” changes and which has been widely breached already, as in South Korea. The second is an independent card number, which changes on each renewal, is long enough not to be guessable in any reasonable timeframe particularly if attempted guessing is detected, and which in any case the mobile network provider is not supposed to store.
Actual criminals will just use global roaming. Sure, that can be an expensive way to make phone calls but the business case can still stack up if the criminal activity is lucrative enough.
1 Like
Will they provide the face scanners or does the President’s brother-in-law own a face scanning company and lease the vendors face scanners for an exorbitant fee?
(Question is rhetorical, not that I know if the SK President has any in-laws.)
2 Likes
The scanning is done on the phone itself. It is assumed that every single phone has a selfie camera.
1 Like
Very well then. Then there must be some sort of verified and authorized thingy/app/widget/doohicky to verify the face scan is not a spoof (like my avatar above). Back to one of the President’s in-laws?
Edit: Of course it has to be from the SIM vendors phone. Because if you haven’t yet bought the SIM yet (new customers only), how can you transmit the face scan?
I raised the exact same question above.
One answer (which will work for many people but not for all people) is … you connect your phone to WiFi.
I can’t speak for South Korea but maybe free WiFi is so ubiquitous that, between free WiFi and home WiFi, you can download the needed app (!) and upload the needed face scan (and other info). (Note that this would include using someone else’s already authorised phone and putting that other phone in HotSpot mode, and getting WiFi that way.)
As you rightly raise … exactly who has access to this information after it is uploaded, where it is stored, how long it is retained for, how securely it is stored, … are questions that I would be asking if I lived in South Korea.
1 Like
Oh and speaking of using my avatar. I use this also in my ubiquitous Outlook 365 at work. No one seems to mind. I’m the only one who does that. Except HR, they wanted a “real” picture. So I sent them the original photo before I morphed it into an avatar.
So… in theory you should be able to install OBS Studio to run a virtual camera and do it that way, right?
Well in theory you have to run the app. So it would depend on the exact behaviour of the app and on whether the camera source, whatever it is, is available to the app.
1 Like
…and “authorized’“. I imagine they wouldn’t let just any schmuck upload a picture via the app.
I imagine either that the picture has to “match” the picture as recorded on your existing photo id or at least that there is a picture then associated with the mobile service so that if the mobile service subsequently is used to commit a crime, the agencies have a picture of the perp to start their investigation with.
But this level of detail isn’t really covered by the article linked in the OP.