How Did Ukraine’s Government Text Threats to Kiev’s EuroMaidan Protesters?

A protester in Kiev

A protester in Kiev, Ukraine.

Photo by Rob Stothard/Getty Images

Last November, Ukrainian opposition leader Arseniy Yatsenyuk called on his Twitter and Facebook followers to meet in Maidan Nezalezhnosti, Kiev’s central square, to demonstrate against government actions thwarting a long-awaited bilateral trade agreement with the European Union. At the time, President Viktor Yanukovych had surprised Ukrainian citizens and world powers alike by shunning the agreement in favor of a friendly relationship with Russia. Using the hashtag #EuroMaidan, Twitter users appropriated the square—or Maidan—as the central symbol of Ukraine’s pro-EU demonstrations. This month, Yanukovych further enraged activists by enacting legislation that increases fines and jail time for any unauthorized public protests. Despite the new law, troubling violence, subzero temperatures, and frequent intimidation, hundreds of thousands of protesters continue to participate on a regular basis.

This week, many of those surrounding Maidan Nezalezhnosti were stupefied by an ominous text message that appeared on their mobile devices:

“Dear subscriber, you are registered as a participant in a mass disturbance.”

Journalists, activists, and anyone else who happened to be in the vicinity received the message. The three largest Ukrainian telecom providers—Kyivstar, MTS, and life:)—each deny involvement with the message, claiming total compliance with existing privacy and confidentiality laws. (MTS Ukraine is owned by Russian company Mobile Telesystems. Kyivstar is owned by Amsterdam-based VimpelCom, Ltd., which is in turn controlled by Russian private investment giant Alfa Group Consortium. Perhaps the smiley-face on life:) name is related to the fact that it is owned by Turkish and Ukranian telecom companies.

If the telecom providers are not responsible for the foreboding text message, who is? Kyivstar suggests that a “Pirate Base Station”—or a virtual base transceiver station—was used to contact those close to the protests. Commonly known as IMSI-catchers, these devices are easily obtained and most often been used by governments and law enforcement agencies, including the FBI. The technology is fairly simple: Since mobile phones will automatically connect to the strongest base station/cell tower in a given area, a powerful ISMI-catcher can easily lure in mobile devices wishing to connect to a network. Normally, these wireless communications are encrypted, but most devices will revert to unencrypted communication when presented with a stronger signal. An ISMI-catcher forces connected devices to revert to an unencrypted signal. (Mobile providers have the capability to let users know whether their device is operating on an unencrypted network, but most don’t.) While you’re connected to the ISMI-catcher, operators—government, criminal, or both—can listen to your calls, read your text messages, and send messages to you.

While it hasn’t been confirmed that ISMI-catcher technology was used in Maidan Nezalezhnosti, it seems plausible that the Ukrainian government would use such a device to intimidate protesters. Using geo-location technology to track mobile users’ movements is easy enough. Ukrainian authorities would need only to set up ISMI-catcher devices around the protest site and wait for the mobile signals to switch over before tracking numbers, calls, and blasting out harrying text messages.

So does the text message have teeth? As long as wireless providers are respecting privacy and confidentiality agreements, it most likely does not at this time. Most Ukrainians utilize prepaid mobile plans, often using multiple SIM-cards or devices in order to communicate across a tangled web of competing networks. According to Danny O’Brien, international director at the Electronic Frontier Foundation, mobile carriers in Ukraine have limited identifying information regarding their users. This presents a hurdle for the government when telecom carriers refuse to cooperate with requests for personal identifying information.

Good news, right? But that’s about to change. Ukrainian legislators quietly adopted legislation last week requiring mobile customers to present a valid passport and sign a special agreement in order to purchase a SIM-card. The same amendment also expands the government’s ability to block access to unregistered news sites and Internet resources that provide “illegal content.” The new amendments were part a torrent of restrictive new laws passed by a show of hands (rather than a normal electronic vote) on Jan. 16, all of which were quickly signed into law by President Yanukovych. With such an amendment in place, future mobile customers may have few places to hide when using their devices in protest zones. In Ukraine, it seems as though the government is already seeking out data regarding citizen activists participating in the EuroMaidan protests. Whether it actually obtains such data has yet to be seen. That said, the new legislation could allow the government to quell public protests and chill free speech far beyond basic anti-protest laws—quietly compiling lists of activists involved today, and retaliating against them tomorrow.

Future Tense is a partnership of Slate, New America, and Arizona State University.