As they point out, SIM churn is not an uncommon thing especially in the poorer countries these agencies were targeting. Even in the worst case scenarios where every SIM had to be replaced, they'd probably just allow natural rollover to occur over a multi-year period.
But it seems like that isn't really needed because the stolen keys were mostly replaced already anyway. Anyone who suspects they might be a person of interest can always just request a new one from their carrier.
> Anyone who suspects they might be a person of interest can always just request a new one from their carrier.
I doubt SIMs are manufactured just-in-time for each individual customer; more likely, carriers order batches of hundreds/thousands/millions SIMs. Without a recall program, it will take years before you can be confident that your freshly-acquired SIM is not compromised.
I'd say it's safe to assume that from now on, any cellphone communication can be trivially intercepted by NSA/GCHQ. The most paranoid already assumed that, but now we have confirmation.
