In Mexico, a new law requires people to do something simple: register their cell phone numbers with the government. By linking every phone number to a real person’s official ID, authorities hope to cut down on crimes like extortion, kidnappings, and scams that often start with an anonymous call or message.
But as the June deadline approaches, just over 2% of cell phone owners in Mexico have registered. This fact reflects Mexican’s lack of trust in their government, or its ability to keep their data safe.
Recent history in Mexico provides compelling reasons for skepticism. Mexico has been rocked by a series of massive digital leaks and hacks that have exposed the government’s fragile grip on data security.
Sensitive information, from military documents and spyware contracts to the private details of patients in public hospitals and even the president’s own medical records, has spilled onto the internet. These are not minor breaches. They are failures that show how vulnerable state systems are.
When national social security and defense servers can be broken into, it is fair to wonder how a registry containing the names, IDs, and phone numbers of over 100 million citizens could be kept safe.
The fear is specific and two-fold. First, there is the terror that this vast list could be stolen by criminal organizations themselves. A leaked registry would be a goldmine for cartels and extortion gangs, providing a verified directory of targets. It would hand them precisely what the law aims to prevent: a direct, confirmed line to millions of families. Second, there is a long-standing distrust of the government’s own use of such power and a proven lack of accountability demonstrated by a long history of data breaches.
Compounding these facts are two similar previous attempts to create similar registries, which the country’s Supreme Court struck down.
The government’s campaign has focused on the benefits of registration, but it has done little to publicly address these very real and widespread concerns. There has been no transparent, convincing explanation of the fortress-like digital security that will guard this information. Without that, the official messages sound hollow.
The result is a nationwide standoff. On one side, a government pushing a policy it believes will protect. On the other hand, the vast majority of Mexicans are refusing to participate, or at least hold on until the very last minute in hopes of a reprieve.
Previous Attempts And Why They Failed
The first significant attempt came over a decade ago, when the idea was packaged under a similar crime-fighting banner. The law demanded that every cell phone user, even those with prepaid phones bought at corner stores, register their personal details with their carrier. The process was rolled out with advertisements and warnings of lines being cut. For a while, it seemed like the registry would become a permanent fact of life. But almost immediately, problems surfaced. People reported bureaucratic nightmares, confusing processes, and a pervasive anxiety about where their data would end up. More importantly, legal challenges began to mount.
Similar legislation resurfaced in 2021 as a broader telecommunications reform. Once more, the requirement for complete registration appeared. And again, the public pushback and legal challenges followed the same path. The Supreme Court consistently reaffirmed its earlier stance, emphasizing that any invasion of privacy must be strictly necessary and narrowly tailored.
Why This Time Will Likely Be Different
Though the compulsory registration remains unpopular, political realities have changed. To begin, the Supreme Court, which is ultimately the only authority capable of reversing course at this point, has shown itself to be much more compliant with the executive’s wishes than in the past.
Second, Mexico’s ruling party, MORENA, has a firmer grip on the telecommunications industry than any other previous government and is unlikely to back down easily. On the other hand, black-market SIM cards are already available. Ironically, most of these have already been registered using information on government officials obtained through data breaches.