Case on Identity Verification of Potential Subscribers to Telecommunications Services

[2017Hun-Ma1209, September 26, 2019]* First Draft

In this case, the Court held that Article 32-4 Sections 2 and 3 of the Telecommunications Business Act and Article 37-6 Section 1, Section 2 Item 1, and Sections 3 and 4 of the Enforcement Decree of the Telecommunications Business Act―the provisions requiring a person who desires to be a subscriber to telecommunications services to present a personal identification certificate or other proof of identity and requiring a telecommunications business operator to use illegal subscription prevention system to verify such proof of identity when they enter into a contract for mobile phone services―do not infringe the right to informational self-determination and the freedom of communications, and thus are not in violation of the Constitution.

Background of the Case

The Complainants, Kim ­­­­­___ and Chu ­___, each sought to enter into a contract for mobile phone services with a telecommunications business operator without identity verification, but were refused by their respective telecommunications business operator. Thereafter, on November 1, 2017, the Complainants filed a constitutional complaint, asserting that Article 32-4 Sections 2, 3, and 4 and Article 32-5 of the Telecommunications Business Act―the provisions requiring a person who desires to be a subscriber to telecommunications services to go through identity verification when entering into a contract with a telecommunications business operator―had infringed their freedom of anonymous communications, secrecy and freedom of private life, and right to informational self-determination.

Subject Matter of Review

The subject matter of review in this case is whether Article 32-4 Sections 2 and 3 of the Telecommunications Business Act (amended by Act No.12761 on October 15, 2014) and Article 37-6 Section 1, Section 2 Item 1, and Sections 3 and 4 of the Enforcement Decree of the Telecommunications Business Act (amended by Act No.26191 on April 14, 2015) (collectively, the “Provisions at

Issue”) infringe the fundamental rights of the Complainants.

Provisions at Issue

Telecommunications Business Act (amended by Act No. 12761 on October 15, 2014)

Article 32-4 (Prohibition, etc. against Unjust Use of Mobile Communications Terminals)

(2) In entering into a contract for the provision of telecommunications services (including contracts concluded through agents and consignees that enter into contracts for the provision of telecommunications services on behalf of, or outsourced by, telecommunications business operators), a telecommunications business operator prescribed by Presidential Decree, taking into account the type of telecommunications services, scale of business, protection of users, etc. shall, with the consent of the counterparty to the contract, verify whether the counterparty is the principal by utilizing illegal subscription prevention system, etc. referred to in Article 32-5 (1), and may reject a contract if the relevant person is not the principal or refuses to verify whether he/she is the principal. Where the user who is the principal is changed due to the transfer of telecommunication ns services provided, the succession to the user's position, or other reasons, the same shall also apply to a person who intends to receive telecommunications services following such change.

(3) In verifying the principal prescribed in paragraph (2), a telecommunications business operator may request the counterparty to the contract to present a certificate or document, such as a resident registration certificate or driver's license, through which the relevant person can be verified as the principal.

Enforcement Decree of the Telecommunications Business Act (amended by Act No. 26191 on

April 14, 2015)

Article 37-6 (Verification of Principal When Entering into Contracts)

(1) "Telecommunications business operator prescribed by Presidential Decree" in Article 32-4 (2) of the Act means a telecommunications business operator who provides mobile communications services defined in subparagraph 1 of Article 2 of the Mobile Device Distribution Improvement Act

(2) A mobile communications business operator under paragraph (1) shall verify

that the counterparty to a contract is the principal, through any of the following certificates and documents submitted by the counterparty (including legal representatives; hereafter the same shall apply in this Article) under Article 32-4 (3) and (4). In such cases, where any contract is entered into through an information communications network, such verification may be used in lieu of the verification made through a certified digital signature defined in subparagraph 3 of Article 2 of the Digital Signiture Act:

1. An individual person: Resident registration certificate, driver's license, registration certificate of the disabled, certificate of a person of distinguished service to the State, certificate of a person of distinguished service to independence, certificate of a person of distinguished service to the May 18 democratization movement, or passport of the Republic of Korea;

(3) A telecommunications business operator under paragraph (1) shall verify the authenticity of the certificates and documents referred to in subparagraphs of paragraph (2) through an illegal contracting prevention system referred to in subparagraphs of Article 32-5 (1) of the Act (hereinafter referred to as "illegal subscription prevention system").

(4) Notwithstanding paragraphs (2) and (3), where the counterparty to a contract is unable to submit any certificate or document prescribed in subparagraphs of paragraph (2) or it is impracticable to verify the authenticity of a certificate or document prescribed in subparagraphs of paragraph (2) through an illegal subscription prevention system, a telecommunications business operator under paragraph (1) shall verify that the counterparty to the contract is the principal by means of a certificate, etc. prescribed by the relevant telecommunications business operator in the terms and conditions of the use as a certificate or document corresponding to that prescribed in subparagraphs of paragraph (2).

Summary of the Decision

1. Issues in this Case

The Provisions at Issue impose a “principal identity verification obligation” on a telecommunications business operator, namely an obligation to verify the subscriber’s real name and other personal information when entering into a contract for telecommunications services with him/her (the “Potential Subscriber”). As a result, the Provisions at Issue restrict the freedom of communications of

those persons who desire to subscribe to mobile phone services anonymously to accomplish mobile communication while not disclosing himself/herself.

In principle, the Provisions at Issue stipulate that a telecommunications business operator must identify the Potential Subscriber by requesting him or her to present a personal identification certificate on which his or her resident registration number is indicated. Further, under the Provisions at Issue, the telecommunications business operator may reject to enter into the contract for telecommunications services if the Potential Subscriber does not agree to submit such personal identification certificates or other proof of identity. The Court notes that, in this regard, the Provisions at Issue abridge the right to decide, on one’s own, whether to provide one’s personal information to another person or entity, and whether to allow another person or entity to use one’s personal information. Thus, the Provisions at Issue limit the right to informational self-determination.

The personal information of the Potential Subscriber amounts to “information irrelevant to contents” which is not associated with any content of, or circumstances surrounding his or her communications. The Potential Subscriber does not communicate with others by mobile phone during the process of identity verification. Additionally, even if a telecommunications business operator discloses the personal information of such counterparty, this does not, by itself, enable the third party to learn the existence and content of the Potential Subscriber’s private communication. Therefore, the Provisions at Issue do not diminish the secrecy of communications.

For these reasons, the Court finds that the issues in this case are: (1) whether the Provisions at Issue infringe the freedom of communications in respect that mobile service contract can only be entered into only when the Potential Subscriber provides his/her personal information; and (2) whether they infringe the right to informational self-determination in regards of the scope and process of the personal identification procedure.

2. Whether the right to informational self-determination and the freedom of communications are infringed

The Provisions at Issue serve the legitimate legislative purposes of (1) deterring criminals from using mobile phones registered under others’ names or false names to commit a crime such as voice phishing; and (2) preventing harm

caused by identity theft, such as subscribing to mobile phone services or making small mobile payments under the stolen identity. Requiring the identity verification process is an appropriate means to accomplish these legislative purposes.

Although the Potential Subscriber who enters into a subscription contract with a telecommunications business operator must submit his or her 13-digit resident registration number, the last six digits of such number are deleted after the identification. In this way, the 13-digit resident registration number will not be continuously used by the telecommunications business operator. In fact, the Potential Subscriber may not directly provide the resident registration number by choosing to enter into the subscription contract with the telecommunications business operator online, in which his or her identity is verified by a certified digital signature instead of the resident registration number.

Furthermore, the Personal Information Protection Act and the Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc. aim to prevent harm, including data leakage, caused by the collection of the personal information, including any person’s name, address, date of birth, and resident registration number. To this end, these Acts prescribe technological and managerial standards that a personal information controller must meet in protecting personal information, and grant to executive authorities a prerogative to supervise the personal information controller to ensure that it complies with those standards. In this way, limitations on the right to informational self-determination are reduced to the minimum.

The identity verification process under the Provisions at Issue takes place in a process of the contract, thus the Potential Subscriber has not made any communications through the telecommunications services yet. As a result, this identity verification process does not enable a third party to immediately obtain specific information, such as with whom, when, and for how long the user has communicated. Therefore, the Provisions at Issue do not place the Potential Subscriber in a situation where he or she cannot readily subscribe to mobile phone services out of fear that he or she may be punished because of the content of, and circumstances surrounding communications made through the mobile phone services.

The Provisions at Issue serve substantial public interests in preventing harm caused by identity theft and deterring criminals from using mobile phones registered under false names to commit a crime such as voice phishing, as well

as in maintaining order existing in a communications network. These public interests outweigh the disadvantages to the Complainants’ right to informational self-determination and the freedom of communications.

For the forgoing reasons, the Court finds that the Provisions at Issue do not infringe the Complainants’ right to informational self-determination and the freedom of communications.

3. Conclusion

The Provisions at Issue do not violate the Constitution.

Summary of the Dissenting Opinion of Two Justices

We are of the opinion that the Provisions at Issue violate the Constitution, because they infringe the freedom of anonymous communications and the right to informational self-determination.

Freedom of communications includes the freedom to choose whether to communicate under a real name or anonymously. The Provisions at Issue require a telecommunications business operator to verify the identity of the Potential Subscriber when entering into a contract for telecommunications services with him or her. They limit thereby the right to informational self-determination, as well as the freedom of anonymous communication to use mobile telecommunications services without revealing personal identity to anyone.

Not all persons using anonymous mobile phones have an intention to commit a crime. Since anonymous communication itself is morally neutral, prohibition of anonymous mobile phones does not serve a legitimate legislative purpose.

The general rule for contracts for subscription to telecommunications services is that the Potential Subscriber provides the minimum personal information necessary to use those services. Despite this rule, the Provisions at Issue force, with an exception to the Potential Subscriber signing such contracts online, every Potential Subscriber to present a personal identification certificate containing a resident registration number, which warrants the highest degree of protection, and other personal information. The Provisions at Issue in this regard seriously infringe the right of the Potential Subscriber to informational self-determination.

The prospect of a telecommunications business operator’s acquisition of

information transmitted and received through its telecommunications services and the prospect of a third party’s utilization of that information to learn about the user of the telecommunications services suffice to cause a chilling effect on the subscription to telecommunications services. Anonymous communication has important implications as one of the few means to protect the secrecy and freedom of communications. Nevertheless, the Provisions at Issue completely preclude the anonymous use of telecommunications services, imposing significant limitations on the freedom of anonymous communications.

Despite the availability of alternative means, such as personal identification without presentation of personal identification certificate, identify theft protection services that can prevent subscription to telecommunications services under someone else’s identity, and other preventive means suitable for each crime, the Provisions at Issue treat all citizens as potential criminals by compelling the Potential Subscribers to use traceable communications. For these reasons, the Provisions at Issue fail to satisfy the least restrictive means test.

Although the Provisions at Issue bring to some citizens the benefits of preventing harm caused by identity theft and of deterring crimes involving the use of someone else’s identity to subscribe to telecommunication services, those benefits do not outweigh the broad restrictions on the constitutional rights of a large number of innocent citizens. Thus, the Provisions at Issue fail to meet the balance of interests test as well.

The Provisions at Issue infringe the right to informational self-determination and the freedom of anonymous communications, thereby violating the rule against excessive restriction. Accordingly, the Provisions at Issue violate the Constitution.

* This translation is provisional and subject to revision.