"You Were Identified as a Participant in a Mass Disturbance"

"You Were Identified as a Participant in a Mass Disturbance"
Cell phone screenshot

Ukraine is a beautiful and diverse country that straddles the border between Europe and Asia. From 2005 through 2007 I lived in Eastern Ukraine. During that time I became acutely aware of the importance of mobile technology in everyday life. Landline telephones in the places I lived were rare, and when I wanted to connect to the Internet, make calls, meet up with friends or any number of things I would rely on my mobile phone.  Ukraine's mobile pentration is now near 90%, according to recent data, and mobile Internet access is rapidly increasing. 

It is therefore not a great surprise that mobile phones have been an integral part of the organization and coordination of protests in Ukraine since the Orange revolution and now during the current Ukrainian Protests that started in late November 2013. 

However, this week government manipulation of mobile tech has sent shockwaves across the Internet with a highly documented Orwellian form of tracking of protesters. A text that made its way around my friends and family living in Ukraine and that was widely reported on by international media ominously stated: "You were identified as a participant of in a mass disturbance".  It demonstrates a use of technology to tag individuals easily possible but rarely so openly demonstrated.

It makes evident the escalation in the use of technology to curb protests, and marks a dangerous turning point for individuals using mobile phones as a tool for mobilization.  Tracking people by location with their mobile phones is not difficult as outlined in this article on Mashable. In this case, there was either a request by the government ffrom the mobile providers for a tower dump (something the providers in Ukraine deny) for cell phone numbers in a certain location that connected to the towers in that area, or a rogue base station set up in the same vincity that essentially 'catches' the relevant information when a phone nearby tries to connect to that rogue tower (which, to a cell phone, looks like any other tower.)


Even if it's technically easy and done routinely (more than 9,000 tower dump requests were issued in 2012 in the US alone) the psychological implications are severe. Much of the escalation of late is due to a series of new legal measures passed in Ukraine by the Verkhovna rada changing the legality of various activities the protestors had been engaged in for months. 

How are Mobile providers able to identify individuals through their networks? Lindsay Beck on our team recently wrote an excellent piece on PBS' Idea Lab in which she outlines how mobile providers identify their users. Highlights with Ukraine specific notes are included below:

The mobile network operator requires particular pieces of data to maintain the connectivity of your device as well as bill you for your services. These include:

IMEI: a unique identifier number tied with the specific mobile phone hardware connected to the network, almost like a serial number for the specific phone.

IMSI: a unique identifier for a mobile 'subscriber'. The IMSI is stored in the SIM card for those phones using GSM networks, and within the phone or the R-UIM card for phones using CDMA networks. The IMSI is shown on any mobile network.

In addition, when purchasing a SIM card or a mobile phone, you may have to provide additional personal information. In many countries, you may not be able to  buy a SIM card without showing some form of ID.  Mobile SIM registration is not required in Ukraine, currently.

Just turning on your phone identifies your phone to the network with both the IMEI and IMSI (in addition to other data) and is traceable. There are several ways in which your phone can give away your physical location:

Mobile Network: Your mobile phone, when it is on, is constantly communicating to the nearest mobile network operator (MNO) towers. This process ensures that calls can be received, text messages sent, etc. This constant “pinging” to the nearest towers can triangulate your location, by estimating where you are based on the overlap of these towers’ reach. This can be seen by the MNO, and anyone with access to the MNO’s records.  In urban areas you are providing highly accurate location data to within approximately 50 meters. 

GPS: Most smartphones come equipped with GPS functionality, to enhance the efficiency of any applications needing location-based data (maps, social media apps, etc.). When GPS functionality is activated, a mobile phone becomes accurate within 2 Meters or less. 

Internet (and provider): Phones connected to the internet are assigned a temporary IP address, which allows any website you visit to estimate your location based on your IP address. In fact, mobile providers keep a record of what phones were assigned which temporary IP addresses. If a mobile provider cooperates with a website, they can match an IP address with a mobile phone’s location using archived mobile network locations or GPS coordinates. Wifi hotspots can also be used to identify location and further enhance geo tracking of a given mobile device. Likewise because most Internet traffic over mobile phones occurs in the clear (unencrypted) it is susceptible to interception. 

Using a mobile device with a registered SIM is the equivalent of a direct tracking device complete with who you are, likely where you are from and your preferences over time. Using an unregistered SIM can likewise be a tracking device yet reduces the level of identifiable information for the person carrying a device ever so slightly. If a mobile device with an unregistered SIM is bought and activated in one location and then subsequently used during an event in another location that SIM is traceable back to its point of origin. While the individual user might be more difficult to track, it is not impossible if the user is not extremely careful in their operational security. As far as being immune to network messages from mobile providers it does not matter whether a SIM card is registered or not, any device on any mobile network is capable of receiving network provider messages. 

While any mobile device can be tracked the minute it it truend on, there are apps for more secure calling, messaging, and Internet use. These tools include applications such as RedPhone, an application for Android devices for encrypted calls between two devices both with the RedPhone application, and TextSecure for encrypted text messaging; and apps from the Guardian Project such as: Orbot (Proxying with Tor), OrWeb (for more secure web browsing), or ChatSecure (A secure chat application).