THE government’s plan to require all social media users in the Philippines to undergo identity verification raises serious concerns about digital rights, privacy and security that must be addressed before there is a rush to enforce it.
Under the proposal from the Department of Information and Communications Technology (DICT), social media platforms operating in the country must verify the real identities of their users.
Information Technology Secretary Henry Aguda said the measure would make it easier to trace persons involved in cybercrime, harassment, defamation, and other online offenses.
“Trolls should be reduced... that’s one. Second, the AI bots,” Aguda said, referring to anonymous or pseudonymous accounts that post coordinated or offensive content online.
The policy, now under review by the DICT policy and legal teams, could be implemented through a department order as early as this week. “Once I see their recommendation on my table, we will issue it next week,” Aguda said.
We beg to differ because there are real problems with mandatory identity verification.
First, compelling social media users to verify their identities puts vulnerable groups at risk.
Whistleblowers and activists rely on anonymity to avoid retaliation, imprisonment, or violence. Survivors of domestic abuse use pseudonyms to stay connected with support networks while remaining hidden from their abusers. Mandatory ID would enable their abusers to track them down.
Second, mandatory identity verification can have a chilling effect on free speech.
When users know their online comments are tied to their legal identity, they are less likely to discuss sensitive topics, share their true political opinions, or raise religious doubts for fear of future social or professional consequences. In authoritarian regimes, mandatory ID verification is often used to track and silence dissidents, turning social media into a direct extension of state surveillance.
Finally, requiring platforms to store the government IDs of billions of users creates a massive security liability. Social media companies are frequent targets for hackers. If a database containing millions of passports and driver’s licenses is breached, the result is a catastrophic wave of identity theft. Also, giving social media platforms — which already profit from data mining — access to verified legal identities allows them even more invasive profiling and enables them to merge online behavior with offline activity.
At best, social media identity verification is an imperfect tool and is increasingly viewed not as a “silver bullet” to end trolling, but as a high-friction barrier that forces accountability and filters out low-effort bot networks.
On the one hand, it counters the psychological phenomenon where anonymity encourages people to act more aggressively than they would in person. Linking a real-world identity to an account allows for legal or platform-level consequences. Research suggests that when users cannot hide behind a cloak of anonymity, impulsive cyber-aggression decreases.
But of course, verification doesn’t change a person’s character. A “verified” user can still be a troll or cyberbully, albeit one that is easier to track.
Also, while verification can be effective against bulk automation, it struggles against sophisticated, AI-driven “synthetic” identities. Nowadays, malicious actors use AI to generate synthetic faces, voices, and even forged digital documents to bypass standard checks. Will AI-driven verification be able to keep up with AI-generated fraud? The jury is still out.
In 2002, the government imposed mandatory SIM card registration for mobile phone users, in the hopes of curbing online scams. This was an act of legislative folly, doing very little to curb online fraud while inconveniencing the public.
SIM card registration brought several dangers that lawmakers and policymakers chose to ignore in the hopes of a quick fix to a complicated problem.
The most common concern was the creation of a massive database linking every phone number to a real-world identity, enabling repressive governments to track an individual’s movements, social circles and digital habits with pinpoint accuracy.
Data security was also a major concern, as these databases proved irresistible to hackers. Since 2022, the Philippines has faced a significant “cyber-epidemic,” with high-profile attacks targeting both government agencies and large private corporations, with notable breaches at the Philippine Health Insurance Corp., the Philippine National Police, the Philippine Statistics Authority, the Department of Science and Technology, and the Maritime Industry Authority.
Also, in the wake of the SIM Card Registration Act of 2022, scammers turned to over-the-top services such as Viber and Telegram to bypass the little protection provided by registration, and a black market quickly developed for illegal SIMs and stolen identities.
All this shows that criminals are rarely stopped by ill-considered laws and regulations. Sadly, government officials and lawmakers do not seem to realize this.
