Published on: November 6, 2024
SafetyDetectives recently spoke with Sara Zambrano, Executive Director of Centro de Autonomía Digital (CAD), a leading organization advocating for digital privacy and security. Sara shared her unique journey from film production to becoming a champion of digital rights, spurred by her commitment to social justice and her collaboration with Ola Bini, CAD’s Technical Director. CAD operates on three pillars: developing open-source tools, educating at-risk communities, and providing digital security services, all in pursuit of a safer digital landscape. Despite facing political challenges, CAD remains focused on building secure digital spaces and empowering individuals to take control of their digital sovereignty.
Hi Sara, can you share a bit about your journey and what led you to become the Executive Director of CAD?
Hey, Shauli! Well, I come from a background completely different to the one of computer sciences, privacy and security. I studied film making and graduated as a Producer of films, TV and video; nevertheless, I’ve always had strong political views about the world and I’ve had connections with different social movements in Ecuador. So, when Ola Bini, a close friend and our Technical Director, offered me to join CAD, I decided to give it a try, since I definitely shared values with the organization. Initially, I was the assistant of the Executive Director of CAD, but once the legal and political persecution against Ola started, the director at the moment quit and I assumed the position.
It’s been a journey full of challenges of different kinds, for sure.
What is the core mission of Centro de Autonomía Digital, and how do you envision it evolving in the coming years?
CAD works for the defense of human rights in the digital world. For achieving that, we have 3 main lines of work: software development of tools to enhance privacy and security; education of civil society to raise awareness around the protection of rights, especially for communities at risk and and also we offer of comprehensive digital security services to contribute to the autonomous funding of the organization.
It hasn’t been an easy road for us since the harassments from the Ecuadorian government hasn’t ceased, but we can say that the situation is not as hard as it was before and we are finally fulfilling the mission why CAD was created. In the coming years we expect to reach more communities at risk and build long-term alliances that allow us to provide relevant support to civil society to build safer digital territories for the defenders of human rights. We also expect to be able to run the first school of digital security for civil society in Ecuador.
What are some of the most significant challenges CAD faces in promoting privacy technologies and secure communication tools globally?
As it’s been said before, as an organization we’ve had to go through complicated situations that have made our work harder than it should under normal circumstances and of course that has had an important impact in our outreach and for a bit more than 4 years we had to limit our activities significantly to not become a direct target of the Ecuadorian government.
When it comes to the day-to-day challenges, it’s always hard to reach people with little technical knowledge and in some cases , zero knowledge in a country like Ecuador and in a region like Latin America, where the gap in access to technology is extremely large. Also, talking about safer and more private technologies is not always easy when Zero-rating has contributed to the use of apps that are more convenient to people from an economic perspective. At the same time, governments around the world are discussing laws to weaken encryption and other safeguards in the name of national security and the fight against organized crime putting the work of digital rights defenders at risk.
CAD develops open-source projects like CoyIM and Wahay. Why do you believe open-source software is essential for privacy and security?
Well, it’s not only open source, but also free software. We firmly believe that free software gives you possibilities that proprietary software doesn’t. Having a community that can constantly observe your software in search of bugs or security issues is a big advantage, but of course the fact that a tool is free software doesn’t automatically makes it safer if it’s not properly implemented. Another of the reasons why we think free software is essential for privacy and security is because we believe that privacy and security should be for everyone, not only for the ones that can pay for it (Yes, we know that not all free software is for free).
In your opinion, what are the most pressing threats to digital sovereignty today, and how can CAD’s work help counter them?
Nowadays we rely even more on technology and that makes us dependent on centralized alternatives that seem to have an answer for each of our problems, but we aren’t necessarily aware of the dangers of having every time less control and ownership of our personal information and the information of the ones around us. Services that sell themselves as free use us as merchandise and we seem to be fine with that as long as we get what we need. At CAD we teach people how to regain control over their digital assets, not only from a security perspective, but also from a perspective of human rights. We want people to learn and not depend on a service provider, we want people to be able to host their own information and do responsible use of tools, we want them to know about the risks and how to be protected. We want people to be autonomous.
For individuals who are just starting their journey toward digital privacy, what basic tools or steps would you recommend?
I would recommend people to be curious and try to learn as much as they can about technology, not only how it works, but also the things happening around it: who built it, with what purpose, who is funding the project, what are they doing with the data, are there laws that regulate the access and use of it. But that’s not all, we always invite people to analyze the control they have over their own information. We also invite them to use decentralized alternatives that are more responsible with personal data and that are built over a strong privacy-centered base. Good examples of this are: Tor for secure and private browsing, KeyPassXC for secure password management, Signal for mobile private messaging, Free OTP for 2FA, browser extensions like NoScript and PrivacyBadger to avoid trackers and prevent JavaScript based attacks like XSS.