A shared intelligence platform for Philippine ISPs and Electric Cooperatives to detect, document, and eliminate unauthorized telecommunications operators and pole attachments.
Pioneered by J2 Network & Data Solutions, Inc.
All ISPs are fighting the same battle independently. A shared platform would multiply every ISP's enforcement capability.
A comprehensive platform that transforms how ISPs detect, document, and act against unauthorized operators.
Live map of violations. Field techs pin incidents with GPS + photos via mobile. Five layers: service area polygons, violation pins color-coded by status, density heatmap by barangay, pole asset markers, and fiber route overlays. Bounding box queries load only visible pins. MarkerCluster prevents overlap at scale.
SNMP polling detects rogue MACs and optical anomalies automatically 24/7. Monitors OLTs for unknown ONUs, switches for unauthorized MAC addresses, RADIUS for auth abuse, bandwidth for reseller patterns, and optical power for splice detection. Critical alerts trigger SMS + email instantly.
Every pole QR-tagged with auto-generated codes (POLE-YYMM-#####). Scan to view ownership, authorized attachments, and flag unauthorized cables. Full inspection tracking, patrol route management, and weatherproof label generation for field deployment.
All ISPs contribute anonymized sightings. Operator profiles track aliases, equipment signatures, geographic expansion patterns, and rebranding history. Credibility scoring algorithm escalates threats automatically when multiple ISPs report the same operator.
Complete NTC+SEC complaint package auto-generated in minutes, not weeks. Pre-filled with pole ownership proof, GPS coordinates, timestamped photos, violation history, and operator profile data. One click from confirmed violation to filed complaint.
Public tool for subscribers and LGUs to verify if an ISP is NTC-licensed. Shows active COR status, service area, and any violation reports. Protects consumers from subscribing to illegal operators.
Philippine law is clear — operating a telecommunications entity without NTC authorization is illegal. The penalties exist. The problem is detection and documentation, not legislation.
Requires all public telecommunications entities to secure a Certificate of Public Convenience and Necessity (CPCN) or Certificate of Registration (COR) from the NTC before operating. Operating without one is a criminal offense punishable by fines up to ₱200 per day of violation and/or imprisonment.
Requires all Value-Added Service (VAS) providers — including internet service providers — to register with the NTC and maintain valid COR. Unregistered operators are subject to cease-and-desist orders and equipment confiscation.
While focused on free internet access, it reinforces the NTC's authority over all internet service provision in the Philippines and establishes that ISPs must be properly registered entities.
Any entity operating as a corporation or partnership must register with the Securities and Exchange Commission. Operating a business enterprise without SEC registration is a separate violation with its own penalties, providing a second enforcement vector.
All pole attachments must comply with PEC safety clearances. Unauthorized cables that violate minimum clearance requirements create fire and electrocution hazards, giving cooperatives an additional safety-based enforcement argument beyond revenue recovery.
The National Electrification Administration requires cooperatives to maintain proper records of all pole attachments and collect appropriate rental fees. Cooperatives that allow unauthorized attachments without enforcement may face governance findings during NEA audits.
Filing a single NTC complaint today requires gathering GPS evidence, photographs, operator research, legal citations, and formal documentation. Most ISPs give up before they start. NetWatch PH eliminates every bottleneck.
Field tech spots violation. Reports to office by phone. Office sends someone to photograph and document. Legal team researches operator. Drafts formal complaint letter. Gathers supporting evidence. Files at NTC regional office. Timeline: 2–6 weeks per violation. Most violations are never filed.
Field tech taps location on map. Fills form on mobile. Photos auto-attached with GPS metadata. System matches operator against shared intelligence database. Complaint template pre-populated with all evidence. Admin clicks "Generate Complaint." Timeline: minutes.
Accumulated 15 violations against the same operator across 3 municipalities? Generate one comprehensive complaint package with all evidence bundled, geographic spread documented, and escalation pattern highlighted. One filing covers everything. NTC takes pattern complaints far more seriously than individual reports.
Understanding the playbook is the first step to defeating it. These are the documented patterns our member ISPs have identified across the Philippines.
Crews work between 10PM and 4AM to avoid detection. Fiber spliced onto existing cables under cover of darkness. By morning, a new unauthorized network segment is live. Subscribers are signed up door-to-door the next day. Multiple ISPs report identical patterns.
When heat builds, the operator dissolves the business name and reappears under a new one within weeks. "FastNet" becomes "QuickNet" becomes "FiberHome PH." Same equipment, same areas, same people — different name on the GCash account. NetWatch tracks rebranding history and equipment signatures to maintain continuity.
No bank account. No official receipts. Payment exclusively via GCash or cash. No paper trail for tax authorities or SEC investigators. Subscribers pay ₱599/month to a mobile number that changes quarterly. Impossible to trace through traditional financial investigation.
Never installs their own poles. Lashes fiber onto existing cables — yours, PLDT's, the electric cooperative's. Minimal capital investment. Maximum damage. The physical tap is a simple splice that adds 0.1–0.5 dBm of insertion loss on your fiber route. Only detectable through optical power monitoring.
Targets low-income barangays where subscribers are price-sensitive. Offers service at 30–50% below legitimate ISP rates. No contract. No installation fee. No service level agreement. When the network fails, there's no support number to call. Subscribers learn the hard way.
Shows a photocopy of a "DTI registration" or fabricated "NTC permit" to barangay officials when questioned. The DTI registration is real — but for a food business, not telecommunications. The NTC document is entirely fabricated. No one checks because no verification tool exists. Until now.
Brand (Corning, Furukawa, generic), color coding, strand count. The same operator consistently uses the same cable. Track it across municipalities to link seemingly separate operations.
Huawei HG8245H, TP-Link Archer, generic Chinese ONUs. Bulk purchases of specific models create a fingerprint. When the same ONU model appears across multiple unauthorized networks, it's likely the same operator.
Installation activity time patterns. Night installers leave traces — SNMP detects new ONUs registering at 2AM. RADIUS sees auth attempts from unknown MACs during off-hours. Patterns map to specific operators.
₱599 flat rate. ₱499 promo. Always below market. Always GCash only. Subscriber recruitment methods and pricing structure are behavioral signatures as reliable as equipment fingerprints.
Illegal fiber taps cause measurable changes in your network. NetWatch monitors these signals 24/7 so violations are caught by technology, not luck.
Your Optical Line Terminals are ground zero. Monitor optical Rx power per port — a sudden 3+ dBm drop signals a possible splice/tap. Track every ONU registration event. Any new device not in your subscriber database triggers an immediate alert. Port status changes outside business hours flag suspicious activity.
MAC address table whitelisting detects unauthorized devices. New MAC on a port = alert. MAC on wrong port = possible loop or tap. Port traffic spikes on low-usage subscribers indicate bandwidth reselling. CRC errors and input errors signal physical layer tampering. VLAN changes catch bridge attacks.
50 subscribers on a segment should generate X Mbps at peak. Seeing 2–3x expected traffic? Possible reseller. Asymmetric traffic (equal up/down) at off-hours indicates an aggregation point. New traffic source IPs appearing on your network segments are flagged automatically.
Each fiber route has a known loss budget in dBm. A new splice adds 0.1–0.5 dBm of insertion loss. Track cumulative loss per route over time — unexplained increase = new tap point. Per-ONU power level trending catches splices between your OLT and their ONT.
Every auth attempt compared against subscriber database. Unknown MAC trying to authenticate = alert. One account with 10+ concurrent sessions = reselling. Auth from unexpected NAS IP = rogue access device on your network. Failed auth floods indicate brute-force credential attacks.
Detect rogue access points on 5GHz/2.4GHz using your SSIDs. Identify unlicensed WISP base stations operating in your service areas. Monitor signal interference patterns on your wireless backhaul. A new transmitter nearby shows as sudden quality degradation on affected links.
| Alert Type | Severity | Auto-Action | Response Time |
|---|---|---|---|
| Unknown ONU registered | 🔴 Critical | SMS + Email + Violation draft | Immediate |
| Optical power drop 3+ dBm | 🔴 Critical | SMS + Email | Same day |
| Rogue MAC on switch | 🔴 Critical | SMS + Email | Immediate |
| RADIUS auth from unknown NAS | 🔴 Critical | SMS + Email | Immediate |
| Multiple sessions same account | 🟠 Warning | 24 hours | |
| Off-hours bandwidth spike | 🟠 Warning | 48 hours | |
| Optical power drop 1–3 dBm | 🟡 Info | Dashboard only | Next patrol |
Individual ISP data stays private. Patterns and threats get shared. Like a credit bureau — ISPs share violator data without revealing their own operations. No ISP sees another's subscriber counts, revenue, or network details. Only threat intelligence.
| Condition | Level | Score | Action |
|---|---|---|---|
| 1 report from 1 ISP | ⚪ UNVERIFIED | 1.0 | Needs investigation |
| 2 reports from 1 ISP | 🟡 SUSPECTED | 2.0 | Possible pattern |
| 3 reports from 2+ ISPs | 🟠 CONFIRMED | 3.0 | Multiple sources validated |
| 5 reports from 3+ ISPs | 🔴 CRITICAL | 4.0 | Widespread — escalate to NTC |
| NTC complaint filed | 🔴 CRITICAL | 4.0+ | Enforcement in progress |
| CDO issued by NTC | ⬛ BLACKLISTED | 5.0 | Permanent record |
+0.5 to credibility score. Timestamped photos of cables, equipment, or operator activity attached to the report.
+0.5 to credibility score. SNMP data, RADIUS logs, or optical power readings that corroborate the physical sighting.
+1.0 to credibility score. Unauthorized attachment documented on a registered, QR-tagged pole with ownership proof.
+0.5 to credibility score. Multiple reports using the same or matched operator name confirms identity.
+1.0 to credibility score. Positively identified individual or entity behind the operation.
Auto-tracked when an operator appears in a new municipality. Alerts sent to all ISPs in the predicted expansion direction.
Operator name & aliases, violation type, GPS coordinates, municipality/barangay, date/time, equipment description, photos (anonymized), severity rating, credibility score, NTC/SEC verification status, complaint outcomes, geographic expansion patterns, equipment signatures, behavioral patterns.
Which ISP reported it, internal case reference numbers, subscriber impact data, network segment details, legal strategy, settlement amounts, competitive intelligence. No ISP ever sees which other ISP filed a report.
Across the Philippines, 121 electric cooperatives own an estimated 7–10 million distribution poles — the backbone of both the power grid and the nation's telecom infrastructure. Yet every day, unauthorized ISPs, cable TV operators, and even licensed telcos attach cables, drop wires, and equipment to these poles without permits, without payment, and without regard for safety. The result? Overloaded poles, deadly hazards, and billions in lost revenue that should be lowering electricity rates for member-consumers.
Field crews report the same problems from Bataan to Mindanao. Here's what uncontrolled pole access is doing to your cooperative:
Improperly installed telecom cables contact or approach energized power lines. Insulation fails. Arcing ignites fires. Linemen face lethal unknowns on every pole climb. EC member-consumers live under the danger daily.
Overloaded poles are the first to fall during the 20+ typhoons the Philippines sees each year. A pole designed for power lines plus one cable now carries 5–10 unauthorized cables. Restoration takes days longer because crews must navigate tangled, unmapped wires.
At PHP 25–50 per pole per month, unauthorized attachments cost cooperatives an estimated PHP 2–5 billion per year nationally. Revenue that should lower member-consumer electricity rates goes uncollected.
If an unauthorized attachment causes injury, fire, or property damage, the cooperative may face legal liability — even though it never authorized the attachment. You bear the risk while others profit from your infrastructure.
Excessive, unmanaged cables cause line sag below minimum clearances, obstruct pedestrian and vehicular traffic, and create the visual blight of "spaghetti wires" that degrades communities.
Every unauthorized cable on a pole slows emergency response. Linemen cannot safely or quickly perform repairs when poles are crowded with unmapped, unidentified attachments from unknown operators.
J2 Network & Data Solutions is prepared to design, build, and deploy a complete GIS-based pole asset management system for every cooperative that joins NetWatch PH. This is not just software — it's a transformational shift from paper-based, manual field work to a technology-first enforcement and revenue recovery platform. Minimize civic works. Maximize technology.
Every pole mapped with GPS coordinates, type, height, class rating, condition, circuit assignment, and full attachment inventory. Your entire distribution network, digitized and searchable.
Durable, weather-resistant QR plates on every pole. Field crews scan to instantly pull up pole records, log inspections, photograph attachments, and flag unauthorized cables — all from a smartphone.
UAV-based surveys capture 200–500 poles per day versus 30–50 by ground crews. AI-assisted image analysis detects unauthorized attachments, counts cables, and flags safety clearance violations automatically.
IoT tilt sensors, load monitors, and vibration detectors on high-priority poles feed directly into your SCADA system. When a pole begins leaning from overloading, the system cross-references the attachment database instantly.
GIS attachment data feeds directly into an invoicing system. Every pole, every attachment, every month — billed automatically. Discovery of unauthorized attachments triggers back-rent calculation and demand letters.
ISPs apply for pole attachments online. The system auto-checks pole capacity, validates safety clearances per PEC standards, routes for engineering approval, and issues digital permits linked to the GIS database.
Infrared drone cameras detect hot spots from overloaded conductors and poor connections. LiDAR creates 3D point clouds to precisely measure clearances, sag, and attachment positions for safety compliance.
A mobile app for member-consumers and barangay officials to report suspected unauthorized pole work with photo and GPS. Every pair of eyes in your service area becomes a sensor.
A phased approach that delivers value from day one while building toward full smart-grid capability:
Complete pole inventory with GPS mapping, QR-code tagging, and mobile field app deployment. Every pole gets a digital identity. Immediate visibility into authorized vs. unauthorized attachments.
Online permitting portal, automated billing engine, and complaint generator integration. Revenue recovery begins immediately with back-rent calculations on discovered violations.
Drone fleet deployment with AI-powered image analysis. Quarterly aerial surveys of the entire service area. Thermal imaging for safety hotspot detection. 10x inspection throughput.
Smart sensors on critical poles feeding real-time data to your SCADA system. Tilt, vibration, and load monitoring. Automated alerts when pole loading changes unexpectedly. Predictive maintenance powered by data.
All participating cooperatives share anonymized pole utilization data. NEA and PHILRECA gain aggregate visibility. Data-driven policy-making. The first nationwide joint-pole intelligence platform.
Joining NetWatch PH isn't just about catching violators — it's about transforming how your cooperative manages its most valuable physical assets.
Recover millions in unpaid pole rental fees. Automated billing ensures every attachment is accounted for. New revenue stream that directly benefits member-consumers through lower electricity rates.
Every pole gets a dynamic safety score based on load, clearance compliance, inspection recency, and typhoon risk. Color-coded GIS maps let you prioritize the most dangerous poles first. Protect your linemen and communities.
Auto-generate pole attachment revenue reports for NEA financial submissions. Support NEA's digitalization mandate. Become a model cooperative for technology adoption and governance.
Know exactly which poles are overloaded before storm season. Prioritize reinforcement or load reduction. After a typhoon, GIS data accelerates restoration by giving crews a complete, current map of every pole and every attachment.
Document every unauthorized attachment with timestamped GPS evidence and photographs. Generate NTC/SEC complaint packages in minutes. Shift liability where it belongs — to the violators, not the cooperative.
Member-consumers see their cooperative taking action on the spaghetti wire problem. Clean, safe, well-managed poles reflect a well-managed cooperative. Public verification portal lets residents confirm which ISPs are authorized.