Policy

Ola Bini wanted to build a secure internet. Now he's on trial.

The Swedish programmer has fought the government of Ecuador for years to prove he's not a cybercriminal

A black screen with different names crossed out, ending with "Ola Bini."

Bini's trial was indefinitely postponed this week, the latest in a series of delays that has drawn what should have been at most a one-year process into one that appears to have no real end.

Illustration: Christopher T. Fong/Protocol

Ola Bini was waiting at an airplane boarding gate in Quito, Ecuador when men in police uniforms came to lead him away. These men didn't identify themselves, and they didn't show him the paper they held in their hands. They took him to a room in the airport, took away his phone and locked him inside, giving no explanation and asking no questions.

For the next 24 hours, the Swedish software programmer known internationally as a friend of Julian Assange, a powerful advocate for open source security and an invaluable contributor to Ruby programming languages, the "off-the-record" communication protocol and the Electronic Frontier Foundation's Certbot, basically disappeared from the face of the earth.

Those twenty-four hours for Bini were the start of a two-year personal hell that should have begun a new phase today, when he was scheduled to stand in court in Ecuador and defend himself against a crime he insists he didn't commit. His trial was indefinitely postponed this week reportedly because a potential witness is out of the country, the latest in a series of delays that has drawn what should have been at most a one-year process into one that appears to have no real end.

Bini has found himself caught up in a criminal case that stretches from WikiLeaks to government corruption in Ecuador, accused of trying to bring down the country's vital government systems in a cyberattack that never happened. International human rights advocates have spent the last two years questioning the Ecuadorian government's decision to arrest, imprison and charge Bini with no real evidence, accusing the government of choosing Bini as a random and easy scapegoat intended as a message to the people who have leaked information that revealed government corruption. They see his case as an example of the consequences of governments preying on the idea of "cyber panic" to punish people who do work they don't necessarily understand, especially the people creating the encryption and security protocols that allow people to be anonymous online.

They took him to a room in the airport, took away his phone and locked him inside, giving no explanation and asking no questions.

And for Bini, he believes that his prosecution is what happens when smaller countries follow the standards set by powerful, wealthier ones like the United States government. "Both in the U.K. and the U.S., the public discussions by lawmakers about security and anonymity are really frightening," Bini told me. "When the U.S. goes after security researchers, they set an example for the rest of the world that it is okay to do that. And of course, in my case, there are other cases in Latin America as well, this trend of going after security researchers in order to hide embarrassing things."

The Swedish consulate in Ecuador did not respond to requests for comment. The government of Ecuador could not be reached for comment.

Photo: Rodrigo Buenida via Getty Images

On that fateful April 11, 2019, Bini was supposed to embark on a long-planned trip to Japan, where he would be attending a martial arts conference. Because he was due to be out of the country, his friends and colleagues in Ecuador were unaware that he had gone missing for the first few hours of Bini's confinement. When they did realize he'd vanished, it fell to a colleague at the Centro de Autonomía Digital — a small non-profit focused on internet safety and freedom where Bini was technical director — to try to locate him. (Bini is a Swedish citizen who moved to Ecuador for his technical work in 2013, so he has been isolated from his family since his arrest.) A long desperate night of searching, frantically calling contacts and emailing lawyers at first led to nowhere for Sara Zambrano, the executive assistant at Bini's company at the time (she's now the executive director). She barely knew Bini at the time.

Meanwhile, after detaining him for hours in a police car in the airport parking lot, Ecuadorian security officials took Bini to his home, where they tried to force him to allow them inside. They refused to tell him why he was detained. He was formally arrested later that night, though it was still not clear for what crime. He still couldn't call a lawyer because they had confiscated his phone.

It wasn't until the next day that Bini's coworkers managed to locate him and get him a lawyer who could represent him, and it was then that it became clear that someone, somewhere in the Ecuadorian government had decided to accuse Bini of a plot to cyber hack the government. He was eventually charged with attacking the integrity of computer systems and thrown into prison, where he remained for 71 days.

Bini had a hearing in front of a judge on April 12, and his lawyer was given only half an hour to review the documents being used against him. "The prosecution argued that I needed to be jailed and the judge agreed to this," he told me.

During our conversation, Bini's account of the last two years was mechanical, fast and dry — until he started to describe life inside the prison.

"They have this concept called preventative imprisonment. They imprisoned me because they argued that I could erase all the evidence," he said. The prosecutor seemed to believe that Bini was dangerous because of the large quantity of programming books, authentication keys and hard drives inside his house.

During our conversation, Bini's account of the last two years was mechanical, fast and dry — until he started to describe life inside the prison. Ecuadorian prisons are not like American ones, he told me. He finally managed to explain that there's no food, no water and no toilet paper unless someone you know brings them for you. Being inside of the prison, unsure of his future, unsure of who to trust and far away from his family in Sweden was a personal nadir.

"The biggest problem for me was just the uncertainty — how long are they going to leave me to rot here? How long are they going to keep me here? Why are they doing this to me? Those two pieces of uncertainty together, was really the hardest part during that time," he said. He has since been diagnosed with post traumatic stress disorder; PTSD research shows that while being imprisoned itself doesn't necessarily always lead to the disorder, being imprisoned for an unknown amount of time, like Bini, can have a very high correlation with PTSD diagnosis. It's the unknowable future that wrecks the mind.

The details of the political machinations that have shaped Bini's trial are so tangled up in Ecuadorian national corruption that they're almost too complex to explain to someone without a background in politics in Ecuador. The Center for Strategic and International Studies has described Ecuador's political climate as deeply unstable; Transparency International scored Ecuador a score of 38 out of 100 on its corruption index. Some brief political context for Bini's indictment and forthcoming trial: On the morning of the same day that Bini was arrested, Julian Assange was thrown out of Ecuador's embassy in London, where the country had given him asylum for the last seven years. Bini is a friend of Assange and has visited him multiple times at the Ecuadorian embassy in London. During a press conference hours after Assange was thrown out, Ecuador's interior minister, Maria Paula Romo, warned the nation that the country was expecting a national cyber attack on government systems. That attack never came.

In the two years since the arrest, Ecuador's government has accused Assange's WikiLeaks of being responsible for the leaking of the "INA papers," which show corruption in the Ecuadorian government. WikiLeaks denies it had any involvement in the leak. According to Ecuadorian investigative journalism agency La Posta, officials inside the government have targeted Bini as a scapegoat for the person who could have helped leak the INA papers, though, according to the La Posta report, it appears the government is well aware that that person, called internally "El Ruso," could not be Bini.

Photo: NurPhoto via Getty Images

For international activists, the ins-and-outs of Ecuadorian politics are less important than the fact that it appears that government leaders took a moment of political instability and used it to accuse a software engineer of a crime without any obvious evidence. They describe Bini's indictment as an example of a broader international problem — political leaders who do not understand technical experts manipulating fear over cyber attacks to accuse tech experts of trying to undermine the government. Bini is not the first person to end up accused of crimes he didn't commit, or to find himself at the receiving end of a government desperate to blame someone for a political scandal. The Electronic Frontier Foundation, which has sent a delegation to visit Bini in Ecuador to observe and document what they call human rights and due process violations, has said that this case is an example of how laws about cybercrime can be so broad that they capture engineers, programmers and hackers who are working in the service of the public.

"Security researchers and other technologists, working with cutting edge technology, end up harassed and persecuted because of their work. [Their] work enables the crucial work of human rights defenders, journalists, and yet they end up being persecuted as those that do this work. Overbroad cybercrime laws are like honeypots for this type of persecution," Veridiana Alimonti, the associate director for Latin American policy at the EFF, told Protocol.

Thus far, the only evidence against Bini that has been shared with the defense and the public is a screenshot from Bini's communications, in which he appears to indicate his surprise that a telecommunications router login screen was not protected by a firewall. Press reports in Ecuador have said that this indicates that Bini attempted to hack Ecuador's national oil company, the service behind the router; Bini and international advocates say that all the screenshot shows is that he noticed and expressed concerns over a security flaw he found in the normal course of his work.

The EFF sees Bini's case as an example of the fact that most government officials do not fully understand how security and tech researchers do their work. "This may seem like an indication of suspicious behavior to many that are not acquainted with this community," Alimonti said. "This was exploited, the fact that he had a lot of security keys, and he had programming books, and stuff like that. The general public and even government officials are usually not acquainted with people like this."

This case is an example of how laws about cybercrime can be so broad that they capture engineers, programmers and hackers who are working in the service of the public.

Bini was released from prison in 2019 after two-and-a-half months because a habeas corpus plea forced a judge to admit that his imprisonment was unlawful. Instead of continuing his jail time, he has spent the last year and a half reporting weekly to the prosecutor's office in Quito — he has visited over 100 times now — and he is prohibited from leaving the country. His bank accounts have been frozen, and he and Zambrano described police and intelligence service vehicles that follow him persistently as he goes about his days.

When he and Zambrano called me from Ecuador, the two of them shared the Zoom screen, Zambrano chiming in to describe the early moments when Bini was in prison. Though the two barely knew each other when Bini was arrested, "she's now my closest friend," Bini told me. Zambrano is the person who managed to find Bini a lawyer and a defense team when he was imprisoned. She now helps run the nonprofit NGO where the two of them work. She nodded along as Bini described how he tried to force himself to return to work when he was released from prison. "It's one of those things where, Sara, who is here, she works on my defense, she sees more of what I'm going through than anyone else. I don't think that even she can see more than half of what is happening on the inside. It's the kind of thing that is just very hard to explain," he said.

Since Bini was released from prison, the twists and turns in the legal proceedings have resulted in a process that's so drawn-out, opaque and impossible to trust that Bini has little hope he will ever be exonerated. The charges against Bini have been reduced from attacking the integrity of computer systems to "non-consented access" to a computer system; the original judge in the case has been removed for ethical violations; his trial was scheduled to last two days but also include more than one hundred witnesses for the prosecution. And this week, having finally reached a trial date, the proceeding was postponed indefinitely.

"My personal expectation is that it is going to go really bad, they are probably going to violate my rights in a hundred different ways. And then, after that, we will appeal, and it's very likely that these judges will vote against me," Bini said. "From a mental perspective, the really hard part is knowing that even getting to a level where I have a chance, if I get to the national level, and they vote against me, I can go international, and the sentence will be executed while I wait for the international courts to judge. We do expect that the international courts will go my way, and that we will win. But while waiting for this win, my life is being destroyed."

Fintech

Judge Zia Faruqui is trying to teach you crypto, one ‘SNL’ reference at a time

His decisions on major cryptocurrency cases have quoted "The Big Lebowski," "SNL," and "Dr. Strangelove." That’s because he wants you — yes, you — to read them.

The ways Zia Faruqui (right) has weighed on cases that have come before him can give lawyers clues as to what legal frameworks will pass muster.

Photo: Carolyn Van Houten/The Washington Post via Getty Images

“Cryptocurrency and related software analytics tools are ‘The wave of the future, Dude. One hundred percent electronic.’”

That’s not a quote from "The Big Lebowski" — at least, not directly. It’s a quote from a Washington, D.C., district court memorandum opinion on the role cryptocurrency analytics tools can play in government investigations. The author is Magistrate Judge Zia Faruqui.

Keep Reading Show less
Veronica Irwin

Veronica Irwin (@vronirwin) is a San Francisco-based reporter at Protocol covering fintech. Previously she was at the San Francisco Examiner, covering tech from a hyper-local angle. Before that, her byline was featured in SF Weekly, The Nation, Techworker, Ms. Magazine and The Frisc.

The financial technology transformation is driving competition, creating consumer choice, and shaping the future of finance. Hear from seven fintech leaders who are reshaping the future of finance, and join the inaugural Financial Technology Association Fintech Summit to learn more.

Keep Reading Show less
FTA
The Financial Technology Association (FTA) represents industry leaders shaping the future of finance. We champion the power of technology-centered financial services and advocate for the modernization of financial regulation to support inclusion and responsible innovation.
Enterprise

AWS CEO: The cloud isn’t just about technology

As AWS preps for its annual re:Invent conference, Adam Selipsky talks product strategy, support for hybrid environments, and the value of the cloud in uncertain economic times.

Photo: Noah Berger/Getty Images for Amazon Web Services

AWS is gearing up for re:Invent, its annual cloud computing conference where announcements this year are expected to focus on its end-to-end data strategy and delivering new industry-specific services.

It will be the second re:Invent with CEO Adam Selipsky as leader of the industry’s largest cloud provider after his return last year to AWS from data visualization company Tableau Software.

Keep Reading Show less
Donna Goodison

Donna Goodison (@dgoodison) is Protocol's senior reporter focusing on enterprise infrastructure technology, from the 'Big 3' cloud computing providers to data centers. She previously covered the public cloud at CRN after 15 years as a business reporter for the Boston Herald. Based in Massachusetts, she also has worked as a Boston Globe freelancer, business reporter at the Boston Business Journal and real estate reporter at Banker & Tradesman after toiling at weekly newspapers.

Image: Protocol

We launched Protocol in February 2020 to cover the evolving power center of tech. It is with deep sadness that just under three years later, we are winding down the publication.

As of today, we will not publish any more stories. All of our newsletters, apart from our flagship, Source Code, will no longer be sent. Source Code will be published and sent for the next few weeks, but it will also close down in December.

Keep Reading Show less
Bennett Richardson

Bennett Richardson ( @bennettrich) is the president of Protocol. Prior to joining Protocol in 2019, Bennett was executive director of global strategic partnerships at POLITICO, where he led strategic growth efforts including POLITICO's European expansion in Brussels and POLITICO's creative agency POLITICO Focus during his six years with the company. Prior to POLITICO, Bennett was co-founder and CMO of Hinge, the mobile dating company recently acquired by Match Group. Bennett began his career in digital and social brand marketing working with major brands across tech, energy, and health care at leading marketing and communications agencies including Edelman and GMMB. Bennett is originally from Portland, Maine, and received his bachelor's degree from Colgate University.

Enterprise

Why large enterprises struggle to find suitable platforms for MLops

As companies expand their use of AI beyond running just a few machine learning models, and as larger enterprises go from deploying hundreds of models to thousands and even millions of models, ML practitioners say that they have yet to find what they need from prepackaged MLops systems.

As companies expand their use of AI beyond running just a few machine learning models, ML practitioners say that they have yet to find what they need from prepackaged MLops systems.

Photo: artpartner-images via Getty Images

On any given day, Lily AI runs hundreds of machine learning models using computer vision and natural language processing that are customized for its retail and ecommerce clients to make website product recommendations, forecast demand, and plan merchandising. But this spring when the company was in the market for a machine learning operations platform to manage its expanding model roster, it wasn’t easy to find a suitable off-the-shelf system that could handle such a large number of models in deployment while also meeting other criteria.

Some MLops platforms are not well-suited for maintaining even more than 10 machine learning models when it comes to keeping track of data, navigating their user interfaces, or reporting capabilities, Matthew Nokleby, machine learning manager for Lily AI’s product intelligence team, told Protocol earlier this year. “The duct tape starts to show,” he said.

Keep Reading Show less
Kate Kaye

Kate Kaye is an award-winning multimedia reporter digging deep and telling print, digital and audio stories. She covers AI and data for Protocol. Her reporting on AI and tech ethics issues has been published in OneZero, Fast Company, MIT Technology Review, CityLab, Ad Age and Digiday and heard on NPR. Kate is the creator of RedTailMedia.org and is the author of "Campaign '08: A Turning Point for Digital Media," a book about how the 2008 presidential campaigns used digital media and data.

Latest Stories
Bulletins