In preparation for what may be the final days of the trial of Ola Bini, an open source and free software developer arrested shortly after Julian Assange's ejection from Ecuador’s London Embassy, civil society organizations observing the case have issued a report citing due process violations, technical weaknesses, political pressures, and risks that this criminal prosecution entails for the protection of digital rights. Bini was initially detained three years ago and previous stages of his prosecution had significant delays that were criticized by the Office of the Inter-American Commission on Human Rights (IACHR) Special Rapporteur for Freedom of Expression. An online press conference is scheduled for May 11th, with EFF and other organizations set to speak on the violations in Bini's prosecution and the danger this case represents. The trial hearing is set for May 16-20, and will most likely conclude next week. If convicted, Bini's defense can still appeal the decision.
What’s Happened So Far
The first part of the trial against Ola Bini took place in January. In this first stage of testimony and expert evidence, the court repeatedly called attention to various irregularities and violations to due process by the prosecutor in charge. Human rights groups observing the hearing emphasized the flimsy evidence provided against Bini and serious flaws in how the seizure of his devices took place. Bini's defense stressed that the raid happened without him present, and that seized encrypted devices were examined without following procedural rules and safeguards.
These are not the only problems with the case. Over two years ago, EFF visited Ecuador on a fact-finding mission after Bini’s initial arrest and detention. What we found was a case deeply intertwined with the political effects of its outcome, fraught with due process violations. EFF’s conclusions from our Ecuador mission were that political actors, including the prosecution, have recklessly tied their reputations to a case with controversial or no real evidence.
Ola Bini is known globally as someone who builds secure tools and contributes to free software projects. Bini’s team at ThoughtWorks contributed to Certbot, the EFF-managed tool that has provided strong encryption for millions of websites around the world, and most recently, Bini co-founded a non-profit organization devoted to creating user-friendly security tools.
What Bini is not known for, however, is conducting the kind of security research that could be mistaken for an “assault on the integrity of computer systems,” the crime for which he was initially investigated, or "unauthorized access to a computer system," the crime for which he is being accused now (after prosecutors changed the charges). In 2019, Bini's lawyers counted 65 violations of due process, and journalists told us at the time that no one was able to provide them with concrete descriptions of what he had done. Bini’s initial imprisonment was ended after a decision considered his detention illegal, but the investigation continued. The judge was later "separated" from the case in a ruling that admitted the wrongdoing of successive pre-trial suspensions and the violation of due process.
Though a judge decided in last year’s pre-trial hearing to proceed with the criminal prosecution against Bini, observers indicated a lack of solid motivation in the judge's decision.
A New Persecution
A so-called piece of evidence against Bini was a photo of a screenshot, supposedly taken by Bini himself and sent to a colleague, showing the telnet login screen of a router. The image is consistent with someone who connects to an open telnet service, receives a warning not to log on without authorization, and does not proceed—respecting the warning. As for the portion of a message exchange attributed to Bini and a colleague, leaked with the photo, it shows their concern with the router being insecurely open to telnet access on the wider Internet, with no firewall.
Between the trial hearing in January and its resumption in May, Ecuador's Prosecutor's Office revived an investigation against Fabián Hurtado, the technical expert called by Ola Bini's defense to refute the image of the telnet session and who is expected to testify at the trial hearing.
On January 10, 2022, the Prosecutor's Office filed charges for procedural fraud against Hurtado. There was a conspicuous gap between this charge and the last investigative proceeding by prosecutors in the case against Hurtado, when police raided his home almost 20 months before, claiming that he had “incorporated misleading information in his résumé". This raid was violent and irregular, and considered by Amnesty International as an attempt to intimidate Ola Bini's defense. One of the pieces of evidence against Hurtado is the document by which Bini’s lawyer, Dr. Carlos Soria, included Hurtado’s technical report in Bini's case file.
Hurtado's indictment hearing was held on February 9, 2022. The judge opened a 90-day period of investigation which is about to end. As part of this investigation, the prosecutor's office and the police raided the offices of Ola Bini's non-profit organization in a new episode of due process violations, according to media reports.
Civil Society Report and Recommendations
Today’s report, by organizations gathered in the Observation Mission of Bini's case, is critical for all participating and to others concerned about digital rights around the world. There is still time for the court to recognize and correct the irregularities and technical weaknesses in the case. It points out key points that should be taken into consideration by the judicial authorities in charge of examining the case.
In particular, the report notes, the accusations have failed to demonstrate a consistent case against Ola Bini. Irregularities in court procedures and police action have affected both the speed of the procedure and due process of law in general. In addition, accusations against Bini show little technical knowledge, and could lead to the criminalization of people carrying out legitimate activities protected by international human rights standards. This case may lead to the further persecution of the so-called "infosec community" in Latin America, which is made up primarily of security activists who find vulnerabilities in computer systems, carrying out work that has a positive impact on society in general. The attempt to criminalize Ola Bini already shows a hostile scenario for these activists and, consequently, for the safeguard of our rights in the digital environment.
Moreover, these activists must be guaranteed the right to use the tools necessary for their work—for example, the importance of online anonymity must be respected as a premise for the exercise of several human rights, such as privacy and freedom of expression. This right is protected by international Human Rights standards, which recognize the use of encryption (including tools such as Tor) as fundamental for the exercise of these rights.
These researchers and activists protect the computer systems on which we all depend, and protect the people who have incorporated electronic devices into their daily lives, such as human rights defenders, journalists and activists, among many other key actors for democratic vitality. Ola Bini, and others who work in the field, must be protected—not persecuted.