By Nishat Khan
If you were to look at your phone’s SIM card, chances are, it’s made by Gemalto, the world’s biggest SIM card maker. In 2013, the scandal involving Edward Snowden exposed that the National Security Agency and the UK’s Government Communications Headquarters had stolen Gemalto’s encryption keys that secured user’s SIM cards, and through that, had access to users’ information and calls. With this access, there was no need for them to get permission from governments or telecommunications providers.
Gemalto sells SIM cards to major carriers in the US, including Verizon, AT&T, Sprint, and T-Mobile. Gemalto became aware of this through reports by The Intercept, a website that reports on Snowden’s leaked documents from the earlier scandal.
The most claims are that the NSA and GCHQ gained access to online communications. Several people affected were of high profiles, including German Chancellor, Angela Merkel, whose phone is suspected to have been monitored by American Intelligence.
Gemalto has assured users that “the SIM encryption keys and other customer data in general, are not stored on this network.” They also compared their network architecture to “a cross between an onion and an orange; it has multiple layers and segments which help to cluster and isolate data.” They said that the system that manages the encryption for banking cards, ID cards, and electronic passports were not breached. They also said that though the intelligence may have breached the office networks, it was not enough to get to SIM card encryption keys.
With the revelation of this scandal, the NSA has found itself in some hot water, with accusations of stepping around the rules and other checks and balances. The NSA has not yet commented on the issue.