For over two years EFF has been following the case of Swedish computer security expert Ola Bini, who was arrested in April, 2019, in Ecuador, following Julian Assange’s ejection from that country’s London Embassy. Bini’s pre-trial hearing, which was suspended and rescheduled at least five times during 2020, was concluded on June 29, 2021. Despite the cloud that has hung over the case—political ramifications have seemed to drive the allegations, and Bini has been subjected to numerous due process and human rights violations—we are hopeful that the security expert will be afforded a transparent and fair trial and that due process will prevail.
Ola Bini is known globally as a computer security expert; he is someone who builds secure tools and contributes to free software projects. Ola’s team at ThoughtWorks contributed to Certbot, the EFF-managed tool that has provided strong encryption for millions of websites around the world, and in 2018, Ola co-founded a non-profit organization devoted to creating user-friendly security tools.
ola_cypher.png
From the very outset of Bini’s arrest at the Quito airport there have been significant concerns about the legitimacy of the allegations against him. In our visit to Ecuador in July, 2019, shortly after his arrest, it became clear that the political consequences of Bini’s arrest overshadowed the prosecution’s actual evidence. In brief, based on the interviews that we conducted, our conclusion was that Bini’s prosecution is a political case, not a criminal one. His arrest occurred shortly after Maria Paula Romo, then Ecuador’s Interior Minister, held a press conference to claim (without evidence) that a group of Russians and Wikileaks-connected hackers were in the country, planning a cyber-attack in retaliation for the government’s eviction of Assange; a recent investigation by La Posta revealed that the former Minister knew that Ola Bini was not the “Russian hacker” the government was looking for when Bini was detained in Quito’s airport. (Romo was dismissed as minister in 2020 for ordering the use of tear gas against anti-government protestors).
A so-called piece of evidence against Bini was leaked to the press and taken to court: a photo of a screenshot, supposedly taken by Bini himself and sent to a colleague, showing the telnet login screen of a router. The image is consistent with someone who connects to an open telnet service, receives a warning not to log on without authorization, and does not proceed—respecting the warning. As for the portion of a message exchange attributed to Bini and a colleague, leaked with the photo, it shows their concern with the router being insecurely open to telnet access on the wider Internet, with no firewall.
Bini’s arrest and detention were fraught with due process violations. Bini faced 70 days of imprisonment until a Habeas Corpus decision considered his detention illegal (a decision that confirmed the weakness of the initial detention). He was released from jail, but the investigation continued, seeking evidence to back the alleged accusations against him. After his release the problems continued, and as the delays dragged on, the Office of the Inter-American Commission on Human Rights (IACHR) Special Rapporteur for Freedom of Expression included its concern with the delay in Bini’s trial in its 2020’s annual report. At the time of our visit, Bini’s lawyers told us that they counted 65 violations of due process, and journalists told us that no one was able to provide them with concrete descriptions of what he had done.
In April 2021, Ola Bini’s Habeas Data recourse, filed in October 2020 against the National Police, the Ministry of Government, and the Strategic Intelligence Center (CIES), was partially granted by the Judge. According to Bini’s defense, he had been facing continuous monitoring by members of the National Police and unidentified persons. The decision requested CIES to provide information related to whether the agency has conducted surveillance activities against the security expert. The ruling concluded that CIES unduly denied such information to Ola Bini, failing to offer a timely response to his previous information request.
Though the judge decided in June’s pre-trial hearing to proceed with the criminal prosecution against Bini, observers indicated a lack of a solid motivation in the judge’s decision. The judge was later “separated” from the case in a ruling that admitted the wrongdoing of successive pretrial suspensions and the violation of due process.
It is alarming, but perhaps not surprising, that the case will proceed after all these well-documented irregularities. While Ola Bini’s behavior and contacts in the security world may look strange to authorities, his computer security expertise is not a crime. Since EFF’s founding in 1990, we have become all-too familiar with overly politicized “hacker panic” cases, which encourage unjust prosecutions when the political and social atmosphere demands it. EFF was founded in part due to a notorious, and similar, case pursued in the United States by the Secret Service. Our Coder’s Rights Project has worked for decades to protect the security and encryption researchers that help build a safer future for all of us using digital technologies, and who far too often face serious legal challenges that prevent or inhibit their work. This case is, unfortunately, part of a longstanding history of countering the unfair criminal persecution of security experts, who have unfortunately been the subject of the same types of harassment as those they work to protect, such as human rights defenders and activists.
In June of this year, EFF called upon Ecuadors’ Human Rights Secretariat to give special attention to Ola Bini’s upcoming hearing and prosecution. As we stressed in our letter,
Mr. Bini’s case has profound implications for, and sits at the center of, the application of human rights and due process, a landmark case in the context of arbitrarily applying overbroad criminal laws to security experts. Mr. Bini’s case represents a unique opportunity for the Human Rights Secretariat Cabinet to consider and guard the rights of security experts in the digital age. Security experts protect the computers upon which we all depend and protect the people who have integrated electronic devices into their daily lives, such as human rights defenders, journalists, activists, dissidents, among many others. To conduct security research, we need to protect the security experts, and ensure they have the tools to do their work.
The circumstances around Ola Bini’s detention have sparked international attention and indicate the growing seriousness of security experts’ harassment in Latin America. The flimsy allegations against Ola Bini, the series of irregularities and human rights violations in his case, as well as its international resonance, situate it squarely among other cases we have seen of politicized and misguided allegations against technologists and security researchers.
We hope that justice will prevail during Ola Bini’s trial this week, and that he will finally be given the fair treatment and due process that the proper respect of his fundamental rights requires.
The Electronic Frontier Foundation is the leading nonprofit organization defending civil liberties in the digital world. Founded in 1990, EFF champions user privacy, free expression, and innovation through impact litigation, policy analysis, grassroots activism, and technology development. We work to ensure that rights and freedoms are enhanced and protected as our use of technology grows. Visit https://www.eff.org