--- a/doc/GrcardSIM1-notes	Wed Apr 07 05:49:32 2021 +0000
+++ b/doc/GrcardSIM1-notes	Wed Apr 07 05:57:44 2021 +0000
@@ -39,3 +39,12 @@
   SIM speed enhancement specified in GSM 11.11 and supported by classic GSM/2G
   phones), but GrcardSIM1 cards don't support it - hence GR1 cards run in the
   slowest F=372 D=1 mode.
+
+The only datum on GrcardSIM1 cards which appears to be secure against reading
+is Ki.  grcard1-set-ki command is unauthenticated like the other grcard1-set-*,
+thus anyone can overwrite Ki with their own, but it is a write-only datum on
+this card model: it does not appear in the file system, and there is no command
+for reading Ki.  Contrast with GrcardSIM2, sysmoUSIM-SJS1 and sysmoISIM-SJA2
+cards: all of these cards store their Ki in a special file in their file system,
+but this file requires ADM access (SUPER ADM on GrcardSIM2, ADM1 on Sysmocom
+cards) for both reading and writing.