On Tuesday, Australia’s new Prime Minister Anthony Albanese announced his government’s first full ministry, with Victorian member Clare O’Neil appointed Minister for Home Affairs and Minister for Cyber Security. It’s the first time cyber security has had its own portfolio in the Australian cabinet. Former Minister for Home Affairs Karen Andrews was in charge of…
We use internet-connected devices to access our bank accounts, keep our transport systems moving, communicate with our colleagues, listen to music, undertake commercially sensitive tasks – and order pizza. Digital security is integral to our lives, every day. And as our IT systems become more complex, the potential for vulnerabilities increases. More and more organisations…
The Quad nations have finished mapping capacity and vulnerabilities in global semiconductor supply chains in the first step of an effort to reduce reliance on China for critical minerals. The leaders from Australia, the US, India and Japan met in Tokyo this week for the second in-person meeting of the Quad, Anthony Albanese’s first act…
Ransomware attacks jumped 13 per cent last year, a larger increase than the previous five years combined, according to analysis of thousands of global cybersecurity incidents which revealed people are by far the weakest link in cyber defences and espionage is a growing motivator. The warning comes as Labor inherits a government after challenging its…
ServiceNSW won’t say if it is actively working to fix flaws in the New South Wales Digital Drivers Licence exposed by security experts this week and which allow false names and photos to be displayed in the popular app. Security experts at Sydney app development company Dvuln on Tuesday demonstrated several flaws in the popular…
Existing cybersecurity standards for smart devices will be made mandatory by the federal government but device security labels will be voluntary under a Coalition election pledge. Home Affairs Minister Karen Andrews on Thursday morning announced new cybersecurity protections for the Internet of Things (IoT) market, including minimum cybersecurity standards for device manufacturers, and voluntary cybersecurity…
In preparation for what may be the final days of the trial of Ola Bini, an open source and free software developer arrested shortly after Julian Assange’s ejection from Ecuador’s London Embassy, civil society organizations observing the case have issued a report citing due process violations, technical weaknesses, political pressures, and risks that this criminal prosecution entails for the protection of digital rights. Bini was initially detained three years ago and previous stages of his prosecution had significant delays that were criticized by the Office of the Inter-American Commission on Human Rights (IACHR) Special Rapporteur for Freedom of Expression. An online press conference is scheduled for May 11th, with EFF and other organizations set to speak on the violations in Bini’s prosecution and the danger this case represents. The trial hearing is set for May 16-20, and will most likely conclude next week. If convicted, Bini’s defense can still appeal the decision.
What’s Happened So Far
The first part of the trial against Ola Bini took place in January. In this first stage of testimony and expert evidence, the court repeatedly called attention to various irregularities and violations to due process by the prosecutor in charge. Human rights groups observing the hearing emphasized the flimsy evidence provided against Bini and serious flaws in how the seizure of his devices took place. Bini’s defense stressed that the raid happened without him present, and that seized encrypted devices were examined without following procedural rules and safeguards.
These are not the only problems with the case. Over two years ago, EFF visited Ecuador on a fact-finding mission after Bini’s initial arrest and detention. What we found was a case deeply intertwined with the political effects of its outcome, fraught with due process violations. EFF’s conclusions from our Ecuador mission were that political actors, including the prosecution, have recklessly tied their reputations to a case with controversial or no real evidence.
Ola Bini is known globally as someone who builds secure tools and contributes to free software projects. Bini’s team at ThoughtWorks contributed to Certbot, the EFF-managed tool that has provided strong encryption for millions of websites around the world, and most recently, Bini co-founded a non-profit organization devoted to creating user-friendly security tools.
What Bini is not known for, however, is conducting the kind of security research that could be mistaken for an “assault on the integrity of computer systems,” the crime for which he was initially investigated, or “unauthorized access to a computer system,” the crime for which he is being accused now (after prosecutors changed the charges). In 2019, Bini’s lawyers counted 65 violations of due process, and journalists told us at the time that no one was able to provide them with concrete descriptions of what he had done. Bini’s initial imprisonment was ended after a decision considered his detention illegal, but the investigation continued. The judge was later “separated” from the case in a ruling that admitted the wrongdoing of successive pre-trial suspensions and the violation of due process.
A so-called piece of evidence against Bini was a photo of a screenshot, supposedly taken by Bini himself and sent to a colleague, showing the telnet login screen of a router. The image is consistent with someone who connects to an open telnet service, receives a warning not to log on without authorization, and does not proceed—respecting the warning. As for the portion of a message exchange attributed to Bini and a colleague, leaked with the photo, it shows their concern with the router being insecurely open to telnet access on the wider Internet, with no firewall.
Between the trial hearing in January and its resumption in May, Ecuador’s Prosecutor’s Office revived an investigation against Fabián Hurtado, the technical expert called by Ola Bini’s defense to refute the image of the telnet session and who is expected to testify at the trial hearing.
On January 10, 2022, the Prosecutor’s Office filed charges for procedural fraud against Hurtado. There was a conspicuous gap between this charge and the last investigative proceeding by prosecutors in the case against Hurtado, when police raided his home almost 20 months before, claiming that he had “incorporated misleading information in his résumé”. This raid was violent and irregular, and considered by Amnesty International as an attempt to intimidate Ola Bini’s defense. One of the pieces of evidence against Hurtado is the document by which Bini’s lawyer, Dr. Carlos Soria, included Hurtado’s technical report in Bini’s case file.
Hurtado’s indictment hearing was held on February 9, 2022. The judge opened a 90-day period of investigation which is about to end. As part of this investigation, the prosecutor’s office and the police raided the offices of Ola Bini’s non-profit organization in a new episode of due process violations, according to media reports.
Civil Society Report and Recommendations
Today’s report, by organizations gathered in the Observation Mission of Bini’s case, is critical for all participating and to others concerned about digital rights around the world. There is still time for the court to recognize and correct the irregularities and technical weaknesses in the case. It points out key points that should be taken into consideration by the judicial authorities in charge of examining the case.
In particular, the report notes, the accusations have failed to demonstrate a consistent case against Ola Bini. Irregularities in court procedures and police action have affected both the speed of the procedure and due process of law in general. In addition, accusations against Bini show little technical knowledge, and could lead to the criminalization of people carrying out legitimate activities protected by international human rights standards. This case may lead to the further persecution of the so-called “infosec community” in Latin America, which is made up primarily of security activists who find vulnerabilities in computer systems, carrying out work that has a positive impact on society in general. The attempt to criminalize Ola Bini already shows a hostile scenario for these activists and, consequently, for the safeguard of our rights in the digital environment.
Moreover, these activists must be guaranteed the right to use the tools necessary for their work—for example, the importance of online anonymity must be respected as a premise for the exercise of several human rights, such as privacy and freedom of expression. This right is protected by international Human Rights standards, which recognize the use of encryption (including tools such as Tor) as fundamental for the exercise of these rights.
These researchers and activists protect the computer systems on which we all depend, and protect the people who have incorporated electronic devices into their daily lives, such as human rights defenders, journalists and activists, among many other key actors for democratic vitality. Ola Bini, and others who work in the field, must be protected—not persecuted.
The recently established US cyber safety board wants other countries employ its new way of reviewing incidents and to partner on global solutions for the fast changing cyber environment. Following an executive order from US President Joe Biden, the Cyber Safety Review Board (CSRB) was established in February. One of its members of the CSRB …
Melbourne-based cybersecurity accelerator CyRise will celebrate its fifth annivesary this month at a demo day featuring startups from Australia, Singapore, India, and the United States. It is the first live event held by the accelerator since 2019 and a crowd of up to 300 people is expected at Stone & Chalk in Melbourne on 18…
Better data and public reporting is needed as a starting point to improve Indigenous recruitment and retention in Defence, particularly around STEM and cyber, a new Australian Strategic Policy Institute report has found. The Australian Strategic Policy Institute (ASPI) report – “Building Genuine Trust” – includes 56 recommendations under 12 areas of focus, looking at…
The Australian subsidiary of US-listed defence company Northrop Grumman has signed a six-year contract with a Brisbane-based electronics engineering company for the supply of secure communication devices. Northrop Grumman Australia will receive hardware design services and contract manufacturing from IntelliDesign. This will help Northrop meet its existing contracts with the Department of Defence and other…
Creating an impenetrable and robust e-voting system, according to two leading researchers in cryptography, is nowhere close to being created. A complicated problem, with global experts rushing to solve, is influenced by the power of information and who holds that power. Despite all measures in place, systems are biased by their creators and have inherent…
Australia’s signals intelligence agency is “very confident” it can fill 1900 new cyber roles after receiving a $10 billion budget boost, despite losing around one in ten of its staff each year and a tight cyber security skills market. On Wednesday, Australian Signals Directorate (ASD) director-general Rachel Noble said the agency would for the first…
The federal government on Wednesday launched a discussion paper calling for views on Australia’s first national data security action plan as it seeks to develop better guidance and clearer expectations for other governments and industry after passing significant data sharing and critical infrastructure cyber security laws. Despite a looming election, Home Affairs minister Karen Andrews…
With 98 per cent of Australian businesses comprising of small businesses contributing a third of our economic output and employing 41 per cent of the workforce, governments are naturally attuned to their needs. However, the policy and political focus on SMEs sometimes blinds them to good policy and necessary reforms that benefits that sector. The…
You can only guess that Josh Frydenberg’s surprise commitment of $9.9 billion to the Australian Signals Directorate for a cyber defensive and offensive capability uplift caught Labor by surprise. Because in his Budget-reply to the Parliament on Thursday night, Opposition leader Anthony Albanese didn’t say the word ‘cyber’ at all. It’s a strange omission. Just…
The federal government has questions to answer about its record $9.9 billion investment in the Australian spy agency’s cyber capabilities, including where the additional highly skilled workforce will come from, according to the Opposition. The federal budget, handed down by Treasurer Josh Frydenberg on Tuesday night, included the “biggest ever investment in Australia’s cyber preparedness”,…
The Western Australian government has committed $25.5 million to expand its cyber security services by hiring more staff, with the funding used to transform the Cyber Security Unit at the Office of Digital Government into the largest dedicated cyber security team in the state. Currently there are 11 positions open for cyber security analysts, specialists,…
To tackle the growing threat of cybercrime, the federal government has committed $89 million to a new Joint Policing Cybercrime Coordination Centre, to be led by the Australian Federal Police. Also known as JPC3, the centre will be based at the Australian Federal Police’ NSW Headquarters and receive its funding through the $1.67 billion Cyber…
Australia can boost its innovation ecosystem ecosystem by further collaborating with Israel and learning from that country’s successes, according to former ambassador to the nation and government MP Dave Sharma. In conversation with Israeli Ambassador to Australia Amir Maimon at an online event hosted by the Australia-Israel Chamber of Commerce, Mr Sharma pointed to Israel’s…
The New South Wales government has engaged the nation’s cybersecurity industry advocacy group – the Australian Information Security Association (AISA) – to build a new Industry Partnership Program through the state’s cyber hub. Initially running until the middle of next year, the program will facilitate collaboration between businesses, academia, and government. The program aims to…
There is a role to play for the federal government in protecting Australians from the dangers of cryptocurrencies and ensuring the associated benefits can be properly realised, according to Telstra CEO and government cybersecurity advisor Andy Penn. Mr Penn, who chairs the Industry Advisory Committee on cybersecurity, delivered an address to the Mobile World Congress…
EngageMedia posted on 28 February 2022 an anthology of films which highlight Myanmar’s long struggle for democracy
This movie playlist is from Cinemata, a platform for social and environmental films about the Asia-Pacific. It is a project of EngageMedia, a nonprofit that promotes digital rights, open and secure technology, and social issue documentary. This is edited and republished as part of a content-sharing agreement with Global Voices.
EngageMedia has curated a playlist of films that shows the extent of rights abuses in the country, as well as courageous forms of resistance against the continuing infringement on people’s rights. Marking the one-year anniversary of the coup, “A Year of Resistance” turns the spotlight on the long-standing struggle of the people of Myanmar for democracy.
This film collection is curated in solidarity with the people of Myanmar. In bringing the stories of unrest and atrocities to light, these films hope to inspire action and advocacy towards justice and freedom.
“Burma Rebel Artist: Moe Thandar Aung”
After the Myanmar military coup in February 2021, Moe Thandar Aung, a graphic designer whose work touched on themes on feminism, began making protest art in support of calls to defend and uphold democracy in the country.
“Black out”
In the aftermath of the 2021 Myanmar coup, the country is faced with state-mandated internet and information blackouts. Hnin, a single mother, and Mon, her daughter and an anti-coup protester, are among those who can no longer access the internet at home. In their pursuit of news on what is happening on the ground, they find only fabricated stories and unreliable information.
During the six months of the junta coup, at least 950 civilians have been violently killed. A total of 90 children under the age of 18 have been murdered, while at least 48 children were arrested.
An independent female humanitarian activist from Shan State describes the trauma she experiences in working in an environment pervaded by despair but also her commitment to helping those forced to flee armed conflict. This film was directed by Sai Naw Kham, Mon Mon Thet Khin, and Soe Yu Maw.
In this video, Myanmar activists talk about the digital rights and digital security challenges they face, arguing that freedom of expression, freedom to organize, and freedom to associate should be kept, protected elements of digital rights.
This song was made by 24 Youth from six different corners from Myanmar that participated in Turning Tables Myanmar’s yearlong social cohesion project “The Voice of the Youth.” Together they produced and recorded the song “Wake Up” which calls for democracy, youth participation, and sustainable development to replace corruption and injustice.
This 2009 film shows powerful footage from the Saffron Revolution, a series of economic and political protests led by students and Buddhist monks that swept Myanmar from August to September 2007. It also highlights the continuing need for international solidarity amongst Southeast Asians in times of political upheavals as in the current situation in Myanmar.
There was an uptick in data breachs in the second half of 2021 but an overall drop compared to the previous year, according to the privacy watchdog’s annual report. The frequency of data breaches reported under the Notifiable Data Breaches (NDB) scheme rose by 6 per cent in the second half of 2021, according to…
A joint report coordinated by the cybersecurity authorities of the US, the UK, and Australia has warned of the increased global threat of ransomware attack and have advised organisations to take immediate precautions. In the financial year 2020-21 the Australian Cyber Security Centre (ACSC) received more than 67,500 reports of cybercrime an increase of 13…
Australia’s international vaccination certificate is the “gold standard” in security and sets a benchmark for digital government services going forward, according to Verizon Asia-Pacific regional vice-president Robert Le Busque. More than 1.3 million people have downloaded a Covid-19 vaccination certificate to their passport in the first month since the service was launched by the federal…
Labor will drive a “step change” in the Commonwealth’s cybersecurity culture to counter the current secrecy and lack of accountability around the issue if it wins the election, shadow cybersecurity minister Tim Watts says. Addressing the Government Data Protection Summit, Mr Watts said recent reforms around cybersecurity will be for nothing if the culture problems…
Despite the Australian Securities and Investments Commission being hit by a cyber-attack just over a year ago, along with several other high profile ransomware attacks in the last few years, many local organisations – both public and private – remain vulnerable to increasingly sophisticated and ever-proliferating cyberattacks. The immense challenge posed by cyberattacks and ransomware…
Their key point is worth noting: The problem for human rights defenders in the Gulf region and neighbouring countries is that states have exploited the opportunity to align their cybercrime laws with European standards to double-down on laws restricting legitimate online expression BUT without any of the judicial safeguards that exist in that region.
Several women take part in a protest, using a hashtag, against Saudi Crown Prince Mohamed bin Salman’s visit to the country in Tunis, Tunisia, in November 2018. EFE / Stringer
Governments in every region of the world are criminalizing human rights activism. They do it by prosecuting protest organizers, journalists, internet activists, and leaders of civil society organizations under laws that make it a crime to insult public figures, disseminate information that damages “public order,” “national security,” and “fake news.”
In the Gulf region and neighbouring countries, oppressive governments have further weaponized their legal arsenal by adopting anti-cybercrime laws that apply these overly broad and ill-defined offline restrictions to online communications.
In an age when online communications are ubiquitous, and in societies where free press is crippled, laws that criminalize the promotion of human rights on social media networks and other online platforms undermine the ability to publicize and discuss human rights violations and threaten the foundation of any human rights movement.
In May of 2018, for example, the Saudi government carried out mass arrests of women advocating online for women’s right to drive. Charged under the country’s cybercrime law including article six which prohibits online communication “impinging on public order, religious values, public morals, and privacy,” these human rights activists were detained, tortured, and received multi-year sentences for the “crime” of promoting women’s rights.
There is certainly a necessity to address the prevalence and impact of cybercrimes but without criminalizing people who speak out for human rights.
European countries and the United Nations (UN) have encouraged states to adopt a standard approach to addressing crimes committed with online technologies ranging from wire fraud to financing terrorist groups. The Council of Europe issued a 2001 regional convention on cybercrime, to which any state may accede, and the UN is promoting a cybercrime treaty.
Common standards can prevent the abuse of online technologies by enabling the sharing of online evidence and promoting accountability since the evidence of online crimes often resides on servers outside the country where the harm occurred or where the wrongdoers reside.
The problem for human rights defenders in the Gulf region and neighbouring countries is that states have exploited the opportunity to align their cybercrime laws with European standards to double-down on laws restricting legitimate online expression.
European countries have robust human rights oversight from the European Court of Human Rights, which ensures that limitations on freedom of expression online meet stringent international standards. There is no comparable human rights oversight for the Gulf region. Without adequate international judicial review, governments can successfully exploit international processes to strengthen their ability to stifle online expression.
The regional model cybercrime law drafted by the United Arab Emirates and adopted by the Arab League in 2004, follows international guidance. However, it incorporates a regional twist and includes provisions that criminalize online dissemination of content that is “contrary to the public order and morals,” facilitates assistance to terrorist groups, along with disclosure of confidential government information related to national security or the economy.
UN experts reviewed the UAE law and gave it a seal of approval, noting it complied with the European convention, ignoring the fact that UN human rights experts have documented repeatedly that governments use such restrictions to crack down on dissent. A UN-sponsored global cybercrime study, published in 2013, similarly soft-pedaled the threat of criminalizing online dissent by noting that governments had leeway to protect local values. Such protection does not extend to speaking up for universal rights like equality and democracy.
Actually, the universal right to freedom of expression protects online content, and limitations must meet international standards of legality, legitimacy, necessity, and proportionality. In our recent report on the use of anti-cybercrime legislation throughout the Gulf region and neighbouring countries, we found that over an 18-month period (May 2018-October 2020), there were 225 credible incidents of online freedom of expression violations against activists and journalist in ten countries: Bahrain, Iran, Iraq, Jordan, Kuwait, Oman, Qatar, Saudi Arabia, Syria, and the UAE. Each country has adopted anti-cybercrime laws except Iraq, where lawmakers’ drafts of proposed legislation have been met with stiff opposition from domestic and international human rights groups.
The international community needs to increase pressure on the Gulf region and neighboring countries to comply with their international obligations to protect freedom of expression off and online. Turning away from the clear evidence that oppressive governments are expanding the reach of criminal law to stifle online human rights activism undermines legitimate international efforts to address cybercrime.
How can we trust the UN to safeguard the voices advocating online for human rights and democracy in a region that so desperately needs both, if it fails to insist human rights safeguards be written into the regional and national cybercrime laws it champions?
In the age of the internet, online human rights activism needs to be supported—and protected—as a vital part of the cybercommunications ecosystem. In the Gulf region, defenders of human rights pay an untenable price for their work, risking arrest, torture, and even death. It is time to reverse the trend while there are still defenders left.
One of the women human rights defenders in Saudi Arabia said before she was imprisoned, “If the repressive authorities here put behind bars every peaceful voice calling for respect for public freedoms and the achievement of social justice in the Gulf region and neighboring countries, only terrorists will remain out.” History has proven the truth of her words, as most of the individuals who led terrorist groups with a global reach have come from this region and have caused, and still cause, chronic problems for the whole world.
The important lesson that we must learn here is that repressive governments foster a destructive dynamic of expansion and intensification of human rights violations. Repressive governments cooperate with and look to one another for strategies and tactics. Further troubling is that what we see in the Gulf region is enabled by the essentially unconditional support provided by some Western governments, especially the US and UK. This toxic template of Western support to governments that oppress their own people constitutes a threat to world peace and prosperity and must be addressed.
For over two years EFF has been following the case of Swedish computer security expert Ola Bini, who was arrested in April, 2019, in Ecuador, following Julian Assange’s ejection from that country’s London Embassy. Bini’s pre-trial hearing, which was suspended and rescheduled at least five times during 2020, was concluded on June 29, 2021. Despite the cloud that has hung over the case—political ramifications have seemed to drive the allegations, and Bini has been subjected to numerous due process and human rights violations—we are hopeful that the security expert will be afforded a transparent and fair trial and that due process will prevail.
Ola Bini is known globally as a computer security expert; he is someone who builds secure tools and contributes to free software projects.
