SIM Card Wake-up Call: The NSA inside Your Phone

by Vins
Published: Last Updated on

You might be familiar with the concept that the NSA is capable of tracking your every move, but recent information has brought to light just how they’ve gone about doing so. According to documents released by Edward Snowden to independent news website The Intercept, the NSA and its British counterpart, the GCHQ (Government Communications Headquarters), have, for years, been silently hoarding SIM encryption keys from multinational SIM provider Gemalto. Considered a world leader in digital security, the Netherlands­based firm creates and secures hundreds of millions of SIMs a year. In addition to AT&T, Verizon, and Sprint, over 400 other major wireless carriers worldwide use the company’s technology.

So what exactly are these encryption keys for, and why do the NSA and GCHQ want them? The process is rather simple. When Gemalto creates a SIM card, it assigns a unique encryption key, called a Ki, to the card, which it later provides to the wireless carrier that purchases the SIM. Meant to be used exclusively between provider and customer, the encryption key allows the service provider recognize an individual’s phone, and track usage statistics for billing purposes. In order to provide security, the Ki encrypts all data put out by the device, so that only those with the Ki can understand it. Since the company creates so many SIMs and Kis per year, it usually sends them to wireless carriers in bulk, using services such as email and FTP (file transfer protocol). As shown in the documents provided by Snowden, the NSA and GCHQ intentionally sought out and mined these emails and file transfers, in order to obtain the list of Kis so that they could obtain full access to all data sent and received on its citizens’ phones, as well as billions of others throughout the world.

A story with implications such as this should make global headlines. However, after searching major United States news sources, all that was found was a page seven mention in the New York Times and a page 14 piece in the Washington Post. In addition to their lamentable brevity (both stories were under 500 words), neither articles seemed to fully appreciate the matter at hand. With titles such as “Spy Agencies May Have Sought SIM Encryption Codes,” and “ NSA, Britain accused of hacking cell phone keys,” the major news outlets seemed to be treating the story more as a possibility than a reality. Called a “footing shift” by sociologist Erving Goffman, this is a common tactic used by news organizations in order to avoid responsibility for the actual truth value of a piece of news. Despite the fact that the Intercept cited tangible, factual evidence, major news organizations maintain an inherent fear of affirming and prioritizing stories that debase the public’s opinion of its government.

Source: Jeremy Scahill and Josh Begley, “The Great SIM Heist: How Spies Stole the Keys to the Encryption Castle,” The Intercept, February 19, 2015,­sim­heist/ .

Student Researcher: Faraaz Rashidi (Pomona College)

Faculty Researcher: Andy Lee Roth (Pomona College)