Three years and six months have passed, and cyberactivist Ola Bini is still detained. The case is an ongoing story that crossed borders and generated support from national and international organisations. It began on April 11, 2019, when Bini was accused of participating in efforts to politically destabilise the Lenin Moreno government in Ecuador because of Bini's close friendship with Julian Assange, the founder of Wikileaks. Wikileaks was a project that released thousands of documents that revealed, above all, the human rights violations by the US in conflict zones such as Afghanistan or Iraq. Adding to this conspiracy theory, the then government accused him of attacking the Ecuadorian state computer systems; the accusations later changed to the alleged crime of unauthorised access to the National Telecommunications Corporation (CNT) systems.
However, in the view of digital rights experts, the Bini case reveals a profound and worrying ignorance on the part of Ecuadorian justice. It is not for nothing that this is already an emblematic case in the region of the persecution of security technology developers, security investigators, and digital experts, says Veridiana Alimonti, Associate Director of Latin American Policy at the Electronic Frontier Foundation (EFF). She adds that:
Se ha lidiado este caso como un pánico hacker, un miedo que hay con los conocimientos de la comunidad de seguridad informática y de ciberseguridad.
This case has been treated like a hacker panic, a fear that exists about the knowledge that the information security and cybersecurity communities hold.
EFF has a long history of experience with cases of the criminal persecution of security experts and it was one of the organisations that visited Ecuador to understand the Ola Bini situation. In fact, they sent a letter to the Human Rights Secretariat of Ecuador asking them to examine the irregularities and violation of procedural guarantees so that there can be a “fair trial.” The secretariat replied that the body to follow up with would be the Ombudsman's Office. EFF sent the document to that institution and, despite following up on two occasions, has received no response to date.
Like other social organisations worried about digital rights and the potential consequences of Ola Bini's case for the digital spectrum, EFF has gathered 18 other organisations to form the Observation Mission that released last May the Report of a Paradigmatic Process for Human Rights in the Digital Age. Their conclusions underline the irregularities of due process, but also point out the fragility of the technological knowledge of those who accuse Bini, such as the Prosecutor's Office or the National Police. For example, the assumption that using tools such as Tor — a secure browser that protects your data and ensures anonymity online — is an activity that is suspicious in itself can lead to the criminalisation of people who carry out legitimate activities protected by international human rights standards. The report adds:
(…) llama la atención la posibilidad de que el caso se desarrolle en el sentido de profundizar aún más un escenario de persecución de la llamada “comunidad infosec” en América Latina. Esta comunidad está formada por activistas de la seguridad de la información que, al encontrar vulnerabilidades en los sistemas informáticos, realizan un trabajo que tiene un impacto positivo para la sociedad en general. El intento de criminalizar a Ola Bini ya muestra un escenario hostil para estos activistas y, en consecuencia, para la garantía de nuestros derechos en el entorno digital.
(…) it is worth noting that the case may develop to intensify a scenario of persecution of the so-called “infosec community” in Latin America. This community is made up of information security activists who, when they find vulnerabilities in information systems, carry out labour that has a positive impact on society in general. The attempt to criminalise Ola Bini already indicates a hostile setting for activists and, as a consequence, for the guarantee of our rights in the digital environment.
Indeed, at the hearings, especially so far in 2022, the prejudices against and the ignorance around cybersecurity have been reflected in the prosecution's narrative, which seeks to frame the use of secure encrypted browsers, as in the case of Tor, “as something suspicious or even indicative of a criminal act,” Alimonti affirms. She points out that, for Ola Bini's defence, there have been attempts to underline the importance of such tools for communication in different situations.
Las tecnologías seguras han permitido que los activistas o defensores de derechos humanos, los abogados y sus clientes, los periodistas y sus fuentes, puedan comunicarse de manera segura. Entonces, las herramientas que se han creado para permitir eso pasan a sufrir persecución y aquellos que los desarrollan se vuelven blancos.
Secure technologies have allowed activists or human rights defenders, lawyers and their clients, journalists and their sources, to communicate securely. So, the tools that have been created for this [secure communication] become persecuted and those who develop them become targets.
A similar situation occurs with a photograph — spread widely in the media — that was found on Bini's mobile. According to the prosecution, this would be the evidence that shows how the computer system of the CNT — one of the parties accusing the Swiss cyberactivist — was compromised.
For Rafael Bonifaz, Derechos Digitales technical coordinator, the photo reveals, on the contrary, that there was no entry into the system: it is not an image that reveals what is inside a server. In fact, what should be news, Bonifaz continues, is why CNT is using an unencrypted system.
Lo que debería ser un escándalo aquí es que en el 2015, CNT haya estado usando Telnet. Yo, cuando aprendí a administrar servidores, en el año 2003 me enseñaron Telnet con fines históricos. Así se hacía antes, por favor, [nos decían] no vayan usarlo ahora […] Nos enseñaron así hace 20 años y lo seguimos haciendo porque así aprendimos.
What should be a scandal here is that, in 2015, CNT has been using Telnet. I, when I learned to administer servers, in 2003, they taught me Telnet for historical purposes. That's how it was done earlier, please [they used to tell us] don't use it now. […] We were taught that way 20 years ago and we continue to do it because that's how we learned.
Bonifaz's experience — as a system administrator — allows him to affirm that a state entity, like CNT, uses insecure technologies to administer its routers. “This puts state communications at risk, so cybersecurity issues must be taken seriously. When you see that CNT does this, you see that this subject is not a priority.”
Bonifaz also adds another element to the Bini case: stigma, which is part of the same reflection on technological ignorance and the fear it generates, as Alimonti explained. Ola Bini is a “gringo” who has very particular characteristics: he wears a black hat and black clothes, dark glasses, and has painted nails, an appearance that has been picked up by diverse media.
It could seem a minor theme, however, it has been part of the arguments of those who accuse Bini. Bonifaz remembers that one day, in one of the hearings they said that the Swiss cyberactivist wears a black hat and, for this reason, attacks computer systems. “And I could give you examples that become absurd. I was in a hearing where the prosecution emphasised that Ola Bini was dangerous because he had information security books and, what's more, they were in English.”
As for the judicial process, the irregularities have been present since the moment of the arrest at Quito International Airport, the day Assange was removed from the Embassy of Ecuador in the UK. Rosa Bolaños, legal advisor to the Inredh Foundation and one of the organisations that is part of the mission mentioned above, indicated, moreover, that the type of crime of which Bini was accused at first has changed: it has gone from penetrating a computer system to the crime for which Bini is now being tried, unauthorized access to a server — in this case CNT — in accordance with Article 234 of the Penal Code.
On the other hand, Bolaños also identifies the stigma that is generated around Bini. “They build an internal enemy who, by way of having more knowledge, is seen as different and, therefore, punishable.” So, what could happen if Ola Bini ends up being convicted? The legal advisor considers that the impact on digital rights would be risky. “There could be types of crimes where they indicate that certain programs or applications are forbidden or [could be] viewed as suspicious.”
Certainly, in the three and a half years that the case has been ongoing, it has not been possible to discover solid evidence that has been collected by the media, beyond the accusations made by the former minister María Paula Romo, repeated and strengthened by former president Lenin Moreno. In the hypothetical case that Ola Bini goes free, Bolaños said that, if the criminal charges have not been proven, it raises the question of comprehensive reparation.
This year, the Ola Bini case gained media notoriety because of his hearings from January to August, although some have also been suspended. The latest suspension happened on August 30, as Inredh reported. This has been a constant in the Bini trial, compounded, in addition, by the pandemic measures that affected judicial activity.
At the moment of publication, it remains unknown when the hearing will resume to determine Ola Bini's destiny: prison or freedom.
Please visit the project page for more pieces from the Unfreedom Monitor.