Ola Bini was waiting at an airplane boarding gate in Quito, Ecuador when men in police uniforms came to lead him away. These men didn't identify themselves, and they didn't show him the paper they held in their hands. They took him to a room in the airport, took away his phone and locked him inside, giving no explanation and asking no questions.
For the next 24 hours, the Swedish software programmer known internationally as a friend of Julian Assange, a powerful advocate for open source security and an invaluable contributor to Ruby programming languages, the "off-the-record" communication protocol and the Electronic Frontier Foundation's Certbot, basically disappeared from the face of the earth.
Those twenty-four hours for Bini were the start of a two-year personal hell that should have begun a new phase today, when he was scheduled to stand in court in Ecuador and defend himself against a crime he insists he didn't commit. His trial was indefinitely postponed this week reportedly because a potential witness is out of the country, the latest in a series of delays that has drawn what should have been at most a one-year process into one that appears to have no real end.
Bini has found himself caught up in a criminal case that stretches from WikiLeaks to government corruption in Ecuador, accused of trying to bring down the country's vital government systems in a cyberattack that never happened. International human rights advocates have spent the last two years questioning the Ecuadorian government's decision to arrest, imprison and charge Bini with no real evidence, accusing the government of choosing Bini as a random and easy scapegoat intended as a message to the people who have leaked information that revealed government corruption. They see his case as an example of the consequences of governments preying on the idea of "cyber panic" to punish people who do work they don't necessarily understand, especially the people creating the encryption and security protocols that allow people to be anonymous online.
They took him to a room in the airport, took away his phone and locked him inside, giving no explanation and asking no questions.
And for Bini, he believes that his prosecution is what happens when smaller countries follow the standards set by powerful, wealthier ones like the United States government. "Both in the U.K. and the U.S., the public discussions by lawmakers about security and anonymity are really frightening," Bini told me. "When the U.S. goes after security researchers, they set an example for the rest of the world that it is okay to do that. And of course, in my case, there are other cases in Latin America as well, this trend of going after security researchers in order to hide embarrassing things."
The Swedish consulate in Ecuador did not respond to requests for comment. The government of Ecuador could not be reached for comment.
Photo: Rodrigo Buenida via Getty Images
On that fateful April 11, 2019, Bini was supposed to embark on a long-planned trip to Japan, where he would be attending a martial arts conference. Because he was due to be out of the country, his friends and colleagues in Ecuador were unaware that he had gone missing for the first few hours of Bini's confinement. When they did realize he'd vanished, it fell to a colleague at the Centro de Autonomía Digital — a small non-profit focused on internet safety and freedom where Bini was technical director — to try to locate him. (Bini is a Swedish citizen who moved to Ecuador for his technical work in 2013, so he has been isolated from his family since his arrest.) A long desperate night of searching, frantically calling contacts and emailing lawyers at first led to nowhere for Sara Zambrano, the executive assistant at Bini's company at the time (she's now the executive director). She barely knew Bini at the time.
Meanwhile, after detaining him for hours in a police car in the airport parking lot, Ecuadorian security officials took Bini to his home, where they tried to force him to allow them inside. They refused to tell him why he was detained. He was formally arrested later that night, though it was still not clear for what crime. He still couldn't call a lawyer because they had confiscated his phone.
It wasn't until the next day that Bini's coworkers managed to locate him and get him a lawyer who could represent him, and it was then that it became clear that someone, somewhere in the Ecuadorian government had decided to accuse Bini of a plot to cyber hack the government. He was eventually charged with attacking the integrity of computer systems and thrown into prison, where he remained for 71 days.
Bini had a hearing in front of a judge on April 12, and his lawyer was given only half an hour to review the documents being used against him. "The prosecution argued that I needed to be jailed and the judge agreed to this," he told me.
During our conversation, Bini's account of the last two years was mechanical, fast and dry — until he started to describe life inside the prison.
"They have this concept called preventative imprisonment. They imprisoned me because they argued that I could erase all the evidence," he said. The prosecutor seemed to believe that Bini was dangerous because of the large quantity of programming books, authentication keys and hard drives inside his house.
During our conversation, Bini's account of the last two years was mechanical, fast and dry — until he started to describe life inside the prison. Ecuadorian prisons are not like American ones, he told me. He finally managed to explain that there's no food, no water and no toilet paper unless someone you know brings them for you. Being inside of the prison, unsure of his future, unsure of who to trust and far away from his family in Sweden was a personal nadir.
"The biggest problem for me was just the uncertainty — how long are they going to leave me to rot here? How long are they going to keep me here? Why are they doing this to me? Those two pieces of uncertainty together, was really the hardest part during that time," he said. He has since been diagnosed with post traumatic stress disorder; PTSD research shows that while being imprisoned itself doesn't necessarily always lead to the disorder, being imprisoned for an unknown amount of time, like Bini, can have a very high correlation with PTSD diagnosis. It's the unknowable future that wrecks the mind.
The details of the political machinations that have shaped Bini's trial are so tangled up in Ecuadorian national corruption that they're almost too complex to explain to someone without a background in politics in Ecuador. The Center for Strategic and International Studies has described Ecuador's political climate as deeply unstable; Transparency International scored Ecuador a score of 38 out of 100 on its corruption index. Some brief political context for Bini's indictment and forthcoming trial: On the morning of the same day that Bini was arrested, Julian Assange was thrown out of Ecuador's embassy in London, where the country had given him asylum for the last seven years. Bini is a friend of Assange and has visited him multiple times at the Ecuadorian embassy in London. During a press conference hours after Assange was thrown out, Ecuador's interior minister, Maria Paula Romo, warned the nation that the country was expecting a national cyber attack on government systems. That attack never came.
In the two years since the arrest, Ecuador's government has accused Assange's WikiLeaks of being responsible for the leaking of the "INA papers," which show corruption in the Ecuadorian government. WikiLeaks denies it had any involvement in the leak. According to Ecuadorian investigative journalism agency La Posta, officials inside the government have targeted Bini as a scapegoat for the person who could have helped leak the INA papers, though, according to the La Posta report, it appears the government is well aware that that person, called internally "El Ruso," could not be Bini.
Photo: NurPhoto via Getty Images
For international activists, the ins-and-outs of Ecuadorian politics are less important than the fact that it appears that government leaders took a moment of political instability and used it to accuse a software engineer of a crime without any obvious evidence. They describe Bini's indictment as an example of a broader international problem — political leaders who do not understand technical experts manipulating fear over cyber attacks to accuse tech experts of trying to undermine the government. Bini is not the first person to end up accused of crimes he didn't commit, or to find himself at the receiving end of a government desperate to blame someone for a political scandal. The Electronic Frontier Foundation, which has sent a delegation to visit Bini in Ecuador to observe and document what they call human rights and due process violations, has said that this case is an example of how laws about cybercrime can be so broad that they capture engineers, programmers and hackers who are working in the service of the public.
"Security researchers and other technologists, working with cutting edge technology, end up harassed and persecuted because of their work. [Their] work enables the crucial work of human rights defenders, journalists, and yet they end up being persecuted as those that do this work. Overbroad cybercrime laws are like honeypots for this type of persecution," Veridiana Alimonti, the associate director for Latin American policy at the EFF, told Protocol.
Thus far, the only evidence against Bini that has been shared with the defense and the public is a screenshot from Bini's communications, in which he appears to indicate his surprise that a telecommunications router login screen was not protected by a firewall. Press reports in Ecuador have said that this indicates that Bini attempted to hack Ecuador's national oil company, the service behind the router; Bini and international advocates say that all the screenshot shows is that he noticed and expressed concerns over a security flaw he found in the normal course of his work.
The EFF sees Bini's case as an example of the fact that most government officials do not fully understand how security and tech researchers do their work. "This may seem like an indication of suspicious behavior to many that are not acquainted with this community," Alimonti said. "This was exploited, the fact that he had a lot of security keys, and he had programming books, and stuff like that. The general public and even government officials are usually not acquainted with people like this."
This case is an example of how laws about cybercrime can be so broad that they capture engineers, programmers and hackers who are working in the service of the public.
Bini was released from prison in 2019 after two-and-a-half months because a habeas corpus plea forced a judge to admit that his imprisonment was unlawful. Instead of continuing his jail time, he has spent the last year and a half reporting weekly to the prosecutor's office in Quito — he has visited over 100 times now — and he is prohibited from leaving the country. His bank accounts have been frozen, and he and Zambrano described police and intelligence service vehicles that follow him persistently as he goes about his days.
When he and Zambrano called me from Ecuador, the two of them shared the Zoom screen, Zambrano chiming in to describe the early moments when Bini was in prison. Though the two barely knew each other when Bini was arrested, "she's now my closest friend," Bini told me. Zambrano is the person who managed to find Bini a lawyer and a defense team when he was imprisoned. She now helps run the nonprofit NGO where the two of them work. She nodded along as Bini described how he tried to force himself to return to work when he was released from prison. "It's one of those things where, Sara, who is here, she works on my defense, she sees more of what I'm going through than anyone else. I don't think that even she can see more than half of what is happening on the inside. It's the kind of thing that is just very hard to explain," he said.
Since Bini was released from prison, the twists and turns in the legal proceedings have resulted in a process that's so drawn-out, opaque and impossible to trust that Bini has little hope he will ever be exonerated. The charges against Bini have been reduced from attacking the integrity of computer systems to "non-consented access" to a computer system; the original judge in the case has been removed for ethical violations; his trial was scheduled to last two days but also include more than one hundred witnesses for the prosecution. And this week, having finally reached a trial date, the proceeding was postponed indefinitely.
"My personal expectation is that it is going to go really bad, they are probably going to violate my rights in a hundred different ways. And then, after that, we will appeal, and it's very likely that these judges will vote against me," Bini said. "From a mental perspective, the really hard part is knowing that even getting to a level where I have a chance, if I get to the national level, and they vote against me, I can go international, and the sentence will be executed while I wait for the international courts to judge. We do expect that the international courts will go my way, and that we will win. But while waiting for this win, my life is being destroyed."
