They've been using this system at Burning Man to operate a free experimental cell network:
You can use a standard GSM 2G SIM with a 3G WCDMA network and in that case only the network requires the phone to prove its identity. With a USIM, the network also has to prove its identity.
So you're not automatically protected when using 3G WCDMA network. You need to upgrade to a USIM.
Note: The above refers to 3GPP GSM/WCDMA technology. Not sure about IS-95 (Qualcomm's CDMA) and its multiple variants.
Authentication is performed by the network HLR (Home location register) which is independent of the radio technology used. The procedure/algorithms are different for 3G-capable UEs with USIM, but the HLR can accept 2G users as well.
Bottom line is that if your 'home carrier' (the one that produced the SIM) allows it, you can use your SIM in any 3G network that is part of the roaming agreement of that carrier.
If AT&T won't utilize the spectrum through my land for which they have been given stewardship, then perhaps I ought to be allowed to exercise it.
 Except I wouldn't get incoming calls, which is more important to me than outgoing.
Of course, I know close to nothing about radio security, so maybe the world as it exists today is optimal but the phone makers blundered in ignoring the insecure warning?
Most of Rommel's awesomeness in North Africa was due to his superior radio directing finding units. No need to necessarily translate enemy communications if you know where they are and when they're sending.
The premier tier-1/special mission unit in the US military (Intelligence Support Activity (ISA), aka "the Activity", Gray Fox, Torn Victor, Cemetery Wind, Centra Spike, ... they have a lot of code names) was basically the key piece in killing Pablo Escobar (the book "Killing Pablo" is a pretty good account). They're obviously extensively involved in Iraq and Afghanistan.
One of the major reasons the military was more effective in 2005-now in Iraq, vs. 2003-2004, is that cellphones spread out to cover the whole country, and insurgents and their friends used cellphones (although this is more "strategic" vs. tactical/field gathering like this system).
I'm just waiting for the first fully autonomous weapon which combines signals intelligence and killing -- flies around listening for a specific IMSI, then drops down on the target and blows up.
The road to Skynet is paved with these kind of desires.
P. W. Singer's "Wired for War"
Perhaps even Chris Anderson's DIY Drones:
Set up a wireless AP broadcasting an existing SSID. Some existing clients connect to it passing the keyphrase. Verify against the actual AP.
Would this work?
i don't think this is at all realistic with wpa.
you could just set up an open network with an equivalent essid, but that's nothing new is it? :)