Javier Smaldone is a well-known figure in the Argentinian infosec community. As a security researcher, hes worked to highlight the flaws in electronic voting in Argentina, despite the countrys local and

federal attempts to move ahead with insecure software and electoral procedures.

The Argentinian authorities have a reputation of responding poorly to such criticism: In 2016, when Joaqun Sorianello warned an e-voting company about vulnerabilities in their e-voting software, his home was raided by the Buenos Aires police. Another technologist, Ivan Barrera Oro, was raided in 2017 shortly after demonstrating voting vulnerabilities in current software. The cases against Sorianello and Oro were both subsequently dismissed.

Now, it seems, its Smaldones turn to fend off a questionable criminal investigation. In early October, his home in Buenos Aires was raided by federal police, his phone and computers seized, and he was detained for questioning. The warrant for the search was in connection with a highly-publicized leak of data, exfiltrated in late July from the federal police themselves. The 700GB data was hosted anonymously, and caused political embarrassment both to law enforcement and the Argentinian politicians mentioned in the leaks.

Smaldones surprising raid was one of a series across the country against technologists by law enforcement investigating the leak. However, the material submitted by the police to the courts to obtain a warrant mostly points to perfectly lawful acts of free expression that would be entirely expected from an outspoken security researchernot to any suspicious acts by Smaldone.

Police cited as incriminating Smaldones public discussion on Twitter of the high-profile politicians whose data was in the leaks, and his own subsequent analyses (on his blog and in the media) about how the attacks were carried out. Its not surprising much less incriminating that Smaldone, who has testified before the Argentinian Senate on cyber-security, might have political opinions, or might express his expert opinion on the attacks. The police also claim in the request that Smaldones Twitter accounts constantly expresses aversion to the police, and that this aversion sometimes goes beyond mockery. But, again, this is not evidence of a crime.

Additional technical evidence for Smaldones involvement is weak, based on vague correlations between the geotracked location of Smaldones phone and activity related to the attack. The police even submitted as evidence that the leakers Tor onion service used the same version of the Nginx web server software as Smaldones blog despite the fact that their shared version was the latest, stable update of what is currently the most popular web server application in the world, and was therefore also installed on millions of other Nginx servers at the time. At least based on the evidence that has been publicly disclosed, the raid on Smaldone appears unjustified.

Smaldones case is the latest, not just in a pattern of persecution against e-voting critics in Argentina, but in an accelerating trend of misunderstanding and scapegoating technologists in the wider region one which we described in detail in our 2018 whitepaper, Protecting Security Researchers Rights in the Americas. Latin American technologists are increasingly caught up in unrelated, politicized, cyber-security investigations, with little evidence, conducted under too broad laws, by poorly-advised justices.

EFF has been fighting against such prosecutions since its founding in 1990. Argentinas Javier Smaldone joins Ecuadors Ola Bini as independent computer experts who are still being treated as dangerous suspects, for no more than practicing their lawful work, and using their inalienable right of free expression. We have joined with Access Now, and digital rights groups across the Americas in a letter to the judge and justice minister involved in the case, calling for Smaldones rights to be respected.