The head of Novaestrat, the data analytics company at the centre of the huge leak revealed on Monday involving personal information about more than 20 million Ecuadorian citizens, has been taken into custody.
Once the leak was made known, the country's federal authorities announced a formal investigation. Within hours, local police swooped on Novaestrat's office to confiscate computer equipment, with Ecuador's interior minister Maria Paula Romo dramatically tweeting pictures of the raid in the early hours of Tuesday morning.
Esta tarde / noche la @PoliciaEcuador realizó el allanamiento del local señalado como domicilio de #Novaestrat que es además el domicilio de uno de sus directivos.— María Paula Romo (@mariapaularomo) September 17, 2019
Allanamiento se hizo con orden de juez en el marco de la investigación que conduce @FiscaliaEcuador pic.twitter.com/toD79a1FDO
Curiously, this office was also said to be the home of its general manager, William Roberto G (Roberto Garces), who was arrested at the scene and taken to the Esmeraldas province. The arrest was confirmed by the state attorney general, referring to the Novaestrat executive as its "legal representative" and outlining its reasons as follows:
The [raid] was carried out to collect elements on an alleged crime of violation of privacy, after [the authorities] learned about the leakage of information from about 20 million Ecuadorians, including about 7 million minors [and people already deceased].
The data allegedly came from a server located in the United States owned by Novaestrat, a consulting firm that provides services such as data analysis and software development.
During the raid, electronic equipment, computers and storage devices were seized, as well as documentation among other elements. Prosecutors will continue to conduct more actions to investigate the alleged crime.
The Novaestrat website and its social media pages are currently offline.
Minister of Telecommunications and Information Society, Andrés Michelena Ayala, during the press conference on the Novaestrat leak
It remains unclear what specific charge is to be made against Garces, if any. Ministry of Telecommunications and Information Society officials had announced on Monday that the ministry was to hold its own investigation into what had happened, but seemed to suggest that Novaestrat held the data legitimately, probably as the result of a contract with the previous government administration. So it's not going to be a hacking charge.
There was also a hint that the existence of a database on an unprotected server wasn't itself proof that Novaestrat had misused the data or that anyone else had accessed it during its leaky phase with malicious intent. So it may not be any type of criminal charge.
Will it be data privacy? Ecuador's laws in this area are out of date and telecoms minister Andrés Michelena Ayala had to admit to journalists that his ministry had been thrashing out a new data privacy law for the last eight months. Bad timing.
The president insisted that this legislation be "expedited" – i.e. rushed through full of mistakes – and set before parliament by Thursday this week. The minister said he would comply.
It also remains unclear why Ecuador's government would entrust personal data for its entire population to a consultant working from a home office. It's the gig economy gone mad. ®