UK to require prepay SIM registrations?

UK residents may soon be required to produce a form of ID such as a passport or driving licence in order to buy a prepay SIM card, with the government moving to mandate prepay registrations.

According to UK broadsheets over the weekend, the UK is looking to fall in line with a number of other countries that require new prepay SIMs to be registered as a way of cutting down on criminal/terrorist activity.

Given the contradictory stances on privacy and anonymity in the UK, it seems likely that the plans will meet with confrontation. That said, the system seems to work well in countries like Singapore, Switzerland, Japan, Thailand and Germany. But critics have noted that in some cases the system has had the undesired effect of creating a black market for pre-registered SIMs.

UK commentators have also linked the plans with the UK’s controversial draft of the Communications Data Bill, which proposes the creation of a monster database of all call records, email and internet sessions that can be accessed dynamically by any number of government agencies.

The Bill would extend the powers obtained through 2006’s EU Data Retention Directive (DRD), which already requires all ‘access providers’ to store call records and ‘event logs’ for a period of not less than six months and not longer than two years.

Although event logs do not contain the content of a conversation or a website visit, they are the fingerprints of the internet. If need be, these tracks can be used to identify the name and exact location of a caller or web surfer and are often used in criminal investigations. Given that around 46 million out of the UK’s total of 74 million active SIMs are prepaid, and therefore anonymous, it would make the maintenance of such a database difficult.

However, the original implementation of the DRD suffered from a number of problems – not just the massive financial burden placed upon companies required to comply with the storing of and access to the data in question, but also with the definition of those companies. MNVOs ran into trouble, because they are required to produce equally sufficient data records as traditional MNOs but do not have the same access to the complete network and IT systems that are required.

Ultimately, it’s managing all those files and providing access to them that has proved to be the big issue, as well as the security, given that the system has got to be online and has to be all IP for ease of access. Aggregating all this data in one place would not necessarily make the process easier and establishing the infrastructure to perform such a task would be a mammoth feat in itself.