> With that info, a terrorist can buy a SIM card for my name
Well that escalated quickly.. Terrorists wouldn't need this database to supply them with names and addresses as most of that info is public in most countries (white-pages is one place). And I can go to any local shop and get a pre-paid SIM card without any personal info involved.
Also, if your country convicts you merely because someone used your name with no other evidence to tie you to the crime, you have bigger problems.
Name and maybe address can be found somehow but identity number absolutely can not be found (should not be from now on). Private companies confirm auth with name, surname, X,Y,Zth number of identity number.
You have to provide them name, surname and identity number in order to get a SIM card, in this example.
You don't need to be convicted for anything anymore if someone wants you to go to jail :) They get you in and start writing bill of indictment(?).
To give a little more context, if you are TR citizen what information you use and should keep private is: 1)Identity Number 2)Your mother's pre-marital surname.
Officials would tell her to use both or she'd have to go to European Court of Human Rights to have that simple right. A woman attorney did go ECHR iirc
How does the private company verify that the identity number is not bogus? Do they have some tamper-proof crypto box that validates a secure hash hidden in the ID or would a case like that only be flagged when the SIM registration is pushed to the government?
In any case, if it is customary to routinely hand the whole number to private companies (I read your description as "full number on registration, some digits on subsequent authentication"), then this leak has made that name/ID tuple only slightly less secret than it was before.
It is actually a grey area since the start. Today they get a zerox copy of your entire ID card which includes Identity Number as well but they should not do that.
The terrorist example I gave came from this grey area in fact. IIRC 2 years ago it was in the news that terrorists open up new SIM cards with regular citizens' information. When I checked it with my info, there was only 1 registered which was mine, when I checked my father however, had 4 SIMs registered and only 2 of them were his.
> And I can go to any local shop and get a pre-paid SIM card without any personal info involved.
You see, the fact that I could go to any shop and buy a pre-paid SIM card in the US was a surprise to me. Don't expect that to hold true anywhere else. Taking Brazil as an example: you need to provide a photo ID.
It is still possible in some countries. For example Ukrainian president was kicked out of office when he tried to make SIM card registration mandatory like in Russia.
That is not true for Spain. Since the attacks on 11-M 2014 in Madrid, it is mandatory to provide in the local shop your National ID card or passport to activate any SIM card. But the verification is done by the shop attendant.
Anyway, I do think it is pointless as there are plenty of ways to get a SIM card anonymously: buy it in other country, steal it, buy it from somebody, clone it...
Well that escalated quickly.. Terrorists wouldn't need this database to supply them with names and addresses as most of that info is public in most countries (white-pages is one place). And I can go to any local shop and get a pre-paid SIM card without any personal info involved.
Also, if your country convicts you merely because someone used your name with no other evidence to tie you to the crime, you have bigger problems.