April 20 2023 GM: Difference between revisions
(→Notes) |
|||
(2 intermediate revisions by the same user not shown) | |||
Line 8: | Line 8: | ||
*'''Date:''' Thursday, April 20 | *'''Date:''' Thursday, April 20 | ||
*'''Time:''' 9am EDT / 1pm UTC | *'''Time:''' 9am EDT / 1pm UTC | ||
*'''Who:''' | *'''Who:''' Sara Zambrano and Ola Bini | ||
*'''Moderator:''' Ursula | |||
*'''Where:''' On TCU Mattermost "IF Square" Channel. | *'''Where:''' On TCU Mattermost "IF Square" Channel. | ||
**Don't have an account to the TCU Mattermost? [[TCU Mattermost|you can request one following the directions here.]] | **Don't have an account to the TCU Mattermost? [[TCU Mattermost|you can request one following the directions here.]] | ||
Line 17: | Line 18: | ||
* '''Ola Bini''', technical leader in Centro de Autonomia Digital. | * '''Ola Bini''', technical leader in Centro de Autonomia Digital. | ||
==Notes== | ==Notes== | ||
'' | |||
===== '''Please, could you introduce yourself to the folks who are arriving in the chat room?''' ===== | |||
* My name is Ola Bini. I'm a Swedish software developer, and I've lived in Quito, Ecuador since 2013. I used to work for ThoughtWorks, doing charity work in free software, but in 2017 I founded the first version of CAD (Centro de Autonomia Digital). I am currently the technical director for CAD here in Quito. | |||
* My name is Sara Zambrano, I'm ecuadorian and I'm the executive director of Centro de Autonomía Digital, an Ecuador-based NGO that works for the defense of digital rights. | |||
===== '''How would you describe Centro de Autonomía Digital and your roles in the organization?''' ===== | |||
* '''Ola:''' I'm the technical director, which basically means I oversee the technical work. I lead the discussions about directions, and I also help with the development of our products. I am also in charge of mentoring of our technical team. At the same time, my work also includes doing research to see future directions of surveillance and privacy threats, and building alliances with technical communities to work on these problems. | |||
* '''Sara:''' Centro de Autonomía Digital is an NGO that works for the defense of human rights in the digital world by means of the development of free and open source software that aims to protect the privacy and security of people, specially in the Global South, also by means of education of civil society. My work as the executive director implies that I have to be in charge of directing the organization from an administrative perspective so that the technical team has everything they need for doing their job. I'm also in charge of connecting with people and organizations outside of CAD. | |||
===== '''From your point of view, what are the main challenges related to digital rights in Ecuador?''' ===== | |||
* '''Ola:''' I'm a foreigner in Ecuador, so my view will always be a bit flawed. That said, currently, we are seeing a lot of problems that come from lack of fundamental technological understanding. That leads to a lot of abuses against all kinds of rights. At the same time, in a country where connectivity is still quite low, and basic access to education, food and even water is lacking in some places, digital rights doesn't feel like a priority to many | |||
* '''Sara:''' I think that there are several challenges here, but probably the most important ones are the lack of knowledge about what technology actually does and the implications that come with that. This could lead to the creation of bad public policies that ignore the protections that citizens should have, lack of investment and I continue for much more time. Also, people in general ignore that they have rights in the digital world the same way as there are in "real life" | |||
* When big corporations put abusive terms and conditions for the services, most of the time, people ignore them and just continue using their apps and services in general because they seem to be ok giving up privacy just to get fast, easy and convenient solutions for their needs. | |||
* At the same time, the fact that authorities don't see this problem as something relevant, makes it easy to ignore the protections they should provide to people | |||
* Ecuador recently passed a law on personal data protection, but more than a year has passed since that happened and we still don't have an entity to control how our personal information is being used. | |||
* Many data breaches have happened since then without anyone being sanctioned for it. One of the most sensitive ones is the dtat breach of the information of COVID19 vaccinated people in Ecuador. No one has been held accountable for it. | |||
* '''Ola:''' We are also seeing new law proposals coming in, that doesn't seem to understand the technology - or worse, wanting to put in place very sweeping possibilities of digital surveillance without judicial oversight. | |||
===== '''We have witnessed Ola Bini's case with attention and solidarity. How affected the lack of knowledge in digital rights among the Ecuadorian legal prosecutors (el fiscal del caso) or judges in your case''' ===== | |||
* '''Ola:''' Well, so my case was quite complicated - but the thing I was accused of was very simple - and the evidence boiled down to one single thing - an image, claimed to be a picture of a terminal session | |||
* It was first complicated, because we didn't know if the accusations from the other side came from ignorance, or maliciousness | |||
* And then, trying to help the tribunal of three judges to understand what that image actually showed, and how it could in no way be considered an intrusion of any kind was also very complicated. | |||
* But it didn't start there. We first had to work closely with my lawyers to give them the technical foundation necessary so that they understood the technical side and could make legal arguments from it. | |||
* We also had to spend a lot of effort to educate the public, trying to make it clear that just because you are a software developer with knowledge about information and computer security doesn't mean you are a person that breaks into systems. | |||
* So we had to face it on several different fronts. | |||
===== '''At the end of January, 2023, you were declared innocent in a unanimous verdict which for the first time in the country talked about cyber security, however you are still facing hard measures in the country. Please could Ola Bini mention them and let us know if you have to face new trials or legal stages?''' ===== | |||
* This was the oral resolution from the tribunal, and it was of course a great victory. However, in the Ecuadorian system, we also have to wait for the written resolution before anything can continue. Once the written resolution comes in, there's space for the sides to appeal, and the process continues to higher instances. But that only can happen when the written resolution has come - and we are still waiting for it. The restrictions I'm under have been the same as from the point I was released from prison in June 2019. | |||
* I can't leave the country. My bank accounts are frozen, and every Friday I have to present myself at the prosecutor's office here in Quito. unofficially, I have also been under heavy surveillance constantly since I was released - by various parts of the police and intelligence forces of the country. All of this continues as well. | |||
===== '''How long could the written resolution be? therefore, being free from these measures''' ===== | |||
* In this case, since the resolution was fairly simple - the judges didn't touch on any of the rights issues in the case, nor all the problems with cops lying all the time, and so on, so the written resolution should have come very quickly | |||
* Sadly in Ecuador there are terms that apply to some stages of the legal process, but after the trial, things depend more on the will of the judges of the tribunal in charge of the case | |||
* But there's no limit in the legal system for how long they can delay it. | |||
===== '''Do you see similar problems in other countries? I mean people getting targeted in a similar fashion.''' ===== | |||
* '''Sara:''' Of course, just in our region, we have the cases of people like Javier Smaldone in Argentina, some other folks in Colombia and Mexico (I'm sorry, I don't remember their names right now) that have been prosecuted by the justice systems of their countries for doing things that meant to alert them of insecure platforms, bad practices and security in general. We shouldn't forget the case of Alaa Abd El Fattah in Egypt, and activist, blogger and softweare developer in Egypt who has been condemned to 5 years in prison by the government of his country. | |||
* So, Ola's case is not an isolated one. We see with big worry that targeting digital rights defenders all over the world is becoming a dangerous trend. I would say that working for Ola's freedom became a struggle for all those going through similar situations, because this is happening everytime more. His case became a cause. | |||
===== '''Currently, what are the main projects you are working on by Centro de Autonomía Digital, Ecuador?''' ===== | |||
* We are doing a range of things - from the technical side we are currently helping Thunderbird solving bugs in their encrypted email implementation, and we are planning on contributing a larger solution to help make the process of encrypted email more friendly to people with less technical experience. | |||
* We are also currently working on updating one of our projects, called Wahay, which is a secure, decentralized and anonymous voice conference call application. We are planning on making it work on Windows and Mac this year. We are also improving the packaging for Linux distributions, and are working hard to make it compatible with Tails, so that it can be included in their distribution. | |||
* We have also started the process of an research project to determine what's the situation of digital security of organizations of civil society in Ecuador with th collaboration of one of the biggest public universities of the country. At the moment we are in the first stages of the process, so there's no published material yet. But we plan to have it ready before the end of this year. | |||
===== '''How do you envision the future of the IT practice on cybersecurity? What measures can digital/tech rights defenders can do to protect themselves, beyond the regular digital security protocols (like, legal, political and social)?''' ===== | |||
* '''Ola:''' First, I think that we need to more general understanding. Cybersecurity can't be something that is just in the realm of experts. As more and more of the world gets connected and filled with technology, everything is also more exposed. For example, last week there were a news report about how criminals could attack the network inside cars, using two wires in the front lamps. | |||
* So, just as with medicine, we do have doctors and nurses, hospitals and private institutions, but everyone also has to have a basic understanding of health for themselves. Things like hygiene, not eating old food, exercise, etc. In the same way, I think everyone has to have a basic understanding of cybersecurity. | |||
* The problem - and the good thing - is that cyber security is a collective effort. If your colleague has bad security but you have good security, your coworker can still be an avenue of attack against you. Which means that if you get better security, you are protecting the people around you as well. | |||
* '''Sara:''' we plan to start the work to make Wahay available for Windows and macOS by the last quarter of this year. | |||
===== '''How to contact Sara and Ola''' ===== | |||
'''Ola:''' | |||
* Mastodon at @ola@infosec.exchange | |||
* XMPP at ola@bini.ec - preferably with OTR | |||
* contact@autonomia.digital | |||
'''Sara:''' | |||
* Twitter at @sarazambranov | |||
* sara@autonomia.digital |
Latest revision as of 13:33, 8 May 2023
Glitter Meetups |
Glitter Meetup is the weekly town hall of the Internet Freedom community at the IF Square on the TCU Mattermost, at 9am EDT / 1pm UTC. Do you need an invite? Learn how to get one here.
- Date: Thursday, April 20
- Time: 9am EDT / 1pm UTC
- Who: Sara Zambrano and Ola Bini
- Moderator: Ursula
- Where: On TCU Mattermost "IF Square" Channel.
- Don't have an account to the TCU Mattermost? you can request one following the directions here.
Ecuador - The Digital Rights Challenges in the Country and Ola Bini's Case
We will learn about Ecuador digital rights challenges and Centro de Autonomía Digital (Digital Autonomy Center, in Spanish) work - what the main problems and solutions in the area the country is facing. In addition, we will reflect about Ola Bini's case, the Swedish free software developer and computer security expert who faced four years of a criminal prosecution plagued with irregularities, delays and due process violations in Ecuador since 2019. At the end of January, 2023, he was declared innocent in a unanimous verdict which for the first time in the country talked about cyber security, however he is still facing hard measures in the country.
- Sara Zambrano, executive director of Centro de Autonomía Digital (Digital Autonomy Center, in Spanish)
- Ola Bini, technical leader in Centro de Autonomia Digital.
Notes
Please, could you introduce yourself to the folks who are arriving in the chat room?
- My name is Ola Bini. I'm a Swedish software developer, and I've lived in Quito, Ecuador since 2013. I used to work for ThoughtWorks, doing charity work in free software, but in 2017 I founded the first version of CAD (Centro de Autonomia Digital). I am currently the technical director for CAD here in Quito.
- My name is Sara Zambrano, I'm ecuadorian and I'm the executive director of Centro de Autonomía Digital, an Ecuador-based NGO that works for the defense of digital rights.
How would you describe Centro de Autonomía Digital and your roles in the organization?
- Ola: I'm the technical director, which basically means I oversee the technical work. I lead the discussions about directions, and I also help with the development of our products. I am also in charge of mentoring of our technical team. At the same time, my work also includes doing research to see future directions of surveillance and privacy threats, and building alliances with technical communities to work on these problems.
- Sara: Centro de Autonomía Digital is an NGO that works for the defense of human rights in the digital world by means of the development of free and open source software that aims to protect the privacy and security of people, specially in the Global South, also by means of education of civil society. My work as the executive director implies that I have to be in charge of directing the organization from an administrative perspective so that the technical team has everything they need for doing their job. I'm also in charge of connecting with people and organizations outside of CAD.
- Ola: I'm a foreigner in Ecuador, so my view will always be a bit flawed. That said, currently, we are seeing a lot of problems that come from lack of fundamental technological understanding. That leads to a lot of abuses against all kinds of rights. At the same time, in a country where connectivity is still quite low, and basic access to education, food and even water is lacking in some places, digital rights doesn't feel like a priority to many
- Sara: I think that there are several challenges here, but probably the most important ones are the lack of knowledge about what technology actually does and the implications that come with that. This could lead to the creation of bad public policies that ignore the protections that citizens should have, lack of investment and I continue for much more time. Also, people in general ignore that they have rights in the digital world the same way as there are in "real life"
- When big corporations put abusive terms and conditions for the services, most of the time, people ignore them and just continue using their apps and services in general because they seem to be ok giving up privacy just to get fast, easy and convenient solutions for their needs.
- At the same time, the fact that authorities don't see this problem as something relevant, makes it easy to ignore the protections they should provide to people
- Ecuador recently passed a law on personal data protection, but more than a year has passed since that happened and we still don't have an entity to control how our personal information is being used.
- Many data breaches have happened since then without anyone being sanctioned for it. One of the most sensitive ones is the dtat breach of the information of COVID19 vaccinated people in Ecuador. No one has been held accountable for it.
- Ola: We are also seeing new law proposals coming in, that doesn't seem to understand the technology - or worse, wanting to put in place very sweeping possibilities of digital surveillance without judicial oversight.
We have witnessed Ola Bini's case with attention and solidarity. How affected the lack of knowledge in digital rights among the Ecuadorian legal prosecutors (el fiscal del caso) or judges in your case
- Ola: Well, so my case was quite complicated - but the thing I was accused of was very simple - and the evidence boiled down to one single thing - an image, claimed to be a picture of a terminal session
- It was first complicated, because we didn't know if the accusations from the other side came from ignorance, or maliciousness
- And then, trying to help the tribunal of three judges to understand what that image actually showed, and how it could in no way be considered an intrusion of any kind was also very complicated.
- But it didn't start there. We first had to work closely with my lawyers to give them the technical foundation necessary so that they understood the technical side and could make legal arguments from it.
- We also had to spend a lot of effort to educate the public, trying to make it clear that just because you are a software developer with knowledge about information and computer security doesn't mean you are a person that breaks into systems.
- So we had to face it on several different fronts.
At the end of January, 2023, you were declared innocent in a unanimous verdict which for the first time in the country talked about cyber security, however you are still facing hard measures in the country. Please could Ola Bini mention them and let us know if you have to face new trials or legal stages?
- This was the oral resolution from the tribunal, and it was of course a great victory. However, in the Ecuadorian system, we also have to wait for the written resolution before anything can continue. Once the written resolution comes in, there's space for the sides to appeal, and the process continues to higher instances. But that only can happen when the written resolution has come - and we are still waiting for it. The restrictions I'm under have been the same as from the point I was released from prison in June 2019.
- I can't leave the country. My bank accounts are frozen, and every Friday I have to present myself at the prosecutor's office here in Quito. unofficially, I have also been under heavy surveillance constantly since I was released - by various parts of the police and intelligence forces of the country. All of this continues as well.
How long could the written resolution be? therefore, being free from these measures
- In this case, since the resolution was fairly simple - the judges didn't touch on any of the rights issues in the case, nor all the problems with cops lying all the time, and so on, so the written resolution should have come very quickly
- Sadly in Ecuador there are terms that apply to some stages of the legal process, but after the trial, things depend more on the will of the judges of the tribunal in charge of the case
- But there's no limit in the legal system for how long they can delay it.
Do you see similar problems in other countries? I mean people getting targeted in a similar fashion.
- Sara: Of course, just in our region, we have the cases of people like Javier Smaldone in Argentina, some other folks in Colombia and Mexico (I'm sorry, I don't remember their names right now) that have been prosecuted by the justice systems of their countries for doing things that meant to alert them of insecure platforms, bad practices and security in general. We shouldn't forget the case of Alaa Abd El Fattah in Egypt, and activist, blogger and softweare developer in Egypt who has been condemned to 5 years in prison by the government of his country.
- So, Ola's case is not an isolated one. We see with big worry that targeting digital rights defenders all over the world is becoming a dangerous trend. I would say that working for Ola's freedom became a struggle for all those going through similar situations, because this is happening everytime more. His case became a cause.
Currently, what are the main projects you are working on by Centro de Autonomía Digital, Ecuador?
- We are doing a range of things - from the technical side we are currently helping Thunderbird solving bugs in their encrypted email implementation, and we are planning on contributing a larger solution to help make the process of encrypted email more friendly to people with less technical experience.
- We are also currently working on updating one of our projects, called Wahay, which is a secure, decentralized and anonymous voice conference call application. We are planning on making it work on Windows and Mac this year. We are also improving the packaging for Linux distributions, and are working hard to make it compatible with Tails, so that it can be included in their distribution.
- We have also started the process of an research project to determine what's the situation of digital security of organizations of civil society in Ecuador with th collaboration of one of the biggest public universities of the country. At the moment we are in the first stages of the process, so there's no published material yet. But we plan to have it ready before the end of this year.
How do you envision the future of the IT practice on cybersecurity? What measures can digital/tech rights defenders can do to protect themselves, beyond the regular digital security protocols (like, legal, political and social)?
- Ola: First, I think that we need to more general understanding. Cybersecurity can't be something that is just in the realm of experts. As more and more of the world gets connected and filled with technology, everything is also more exposed. For example, last week there were a news report about how criminals could attack the network inside cars, using two wires in the front lamps.
- So, just as with medicine, we do have doctors and nurses, hospitals and private institutions, but everyone also has to have a basic understanding of health for themselves. Things like hygiene, not eating old food, exercise, etc. In the same way, I think everyone has to have a basic understanding of cybersecurity.
- The problem - and the good thing - is that cyber security is a collective effort. If your colleague has bad security but you have good security, your coworker can still be an avenue of attack against you. Which means that if you get better security, you are protecting the people around you as well.
- Sara: we plan to start the work to make Wahay available for Windows and macOS by the last quarter of this year.
How to contact Sara and Ola
Ola:
- Mastodon at @ola@infosec.exchange
- XMPP at ola@bini.ec - preferably with OTR
- contact@autonomia.digital
Sara:
- Twitter at @sarazambranov
- sara@autonomia.digital