Interview with Pilar Sáenz from Fundación Karisma.
The introduction of Digital Tribulations, a series of intellectual interviews on the developments of digital sovereignty in Latin America, can be read here.
I met Pilar over an online call from Mexico. An activist and coordinator at Fundación Karisma, she has been deeply involved in free software and digital rights movements for many years — and as she started answering my questions, I quickly realized I was speaking to exactly the right person.
Pilar Sáenz is the Coordinator of the Civic Participation line at Fundación Karisma. She holds a degree in Physics and a Master’s in Science from the Universidad Nacional de Colombia. A passionate advocate for free software, open technologies, and free culture, she has worked as a researcher on the social appropriation of science and technology. She is especially interested in ensuring that digital technologies serve people’s interests and needs while respecting their rights and enabling more democratic practices. She is also the author of a wide range of articles on digital rights, surveillance, electoral technology, and internet governance, available on the Karisma blog.
Fundación Karisma is a Colombian organization founded in 2003 that works at the intersection of technology, human rights, and social justice. Based in Bogotá and active across Colombia and international networks, it monitors and analyzes laws, policies, and technological deployments, develops research-based positions, and advocates for change through public policy engagement, strategic litigation support, communications, and digital security training — especially around state surveillance, tech-facilitated gender-based violence, and algorithmic decision-making and data exploitation.
In this interview, we talk about a variety of topics, including the origins of digital rights advocacy in Colombia, the country’s relationship with digital sovereignty, the outsourcing of critical state infrastructure to foreign private companies, the Internet Shutdown Observatory, the state of public digital infrastructure (from payment systems to digital identity), and whether a Latin American perspective on digital sovereignty is possible.
***
What is your background and what does Fundación Karisma do?
Well, I have coordinated projects at Fundación Karisma since 2012. I joined Karisma when it became apparent that there was a void in Colombian civil society; at that time, no one was covering the intersection of human rights and technology. To give some context to that period in Colombia, a bill was introduced to regulate the internet that was closely aligned with the Free Trade Agreement with the United States. They were trying to push through a copyright reform comparable to the U.S. Digital Millennium Copyright Act (DMCA). 
That project is known here as Ley Lleras (Lleras Law), named after Germán Vargas Lleras, who was then the Minister of the Interior and Justice under the Santos government, which continue from 2010 to 2018 and is best known internationally for negotiating the peace agreement with the FARC guerrilla group, but it also oversaw a wave of regulatory modernization heavily influenced by trade agreements with the United States. The law included many of these control measures over online publishing and content, as well as liability measures for intermediaries. However, it lacked the other side—for example, what is in the DMCA regarding fair use or the possibility of guaranteed access to content in a way that facilitates the development of culture, education, and other areas. It was a bill that, in our view, was unbalanced.
At that time, I was working closely with a collective from the free software communities in Colombia, and we opposed that project. The only lawyer we knew who worked on this issue and had an “open” perspective was Carolina Botero. When we started working with her, we realized we understood each other very well and that advocacy in Colombia on these issues was going to be necessary. 
Carolina was already working at Karisma, which started as a family organization created by her father. She invited me to be part of the organization; at that moment, there were literally three people working on advocacy: Carolina, myself, and Juliana Soto, who was in communications. We began to develop this intersection of what human rights could look like in this new digital medium. Unlike the physical medium, the digital one has specific characteristics, but it is also a space where rights need to be guaranteed. From that logic, Karisma began its advocacy work on public policies regarding technology. Historically, we have reviewed processes around access to culture and knowledge, democratization, internet governance, and inclusion. Later, we looked at digital security and created a digital security and privacy laboratory.
Since 2017, we have consolidated four strategic lines of work. The first is the democratization of access to culture and knowledge. The second is autonomy and dignity, which includes research on algorithmic design and the exploitation of personal data. The third is civic participation, which includes the use of technology in electoral processes, the preservation of civic space, and communication surveillance issues. The fourth line is inclusion, where we cover gender issues and the problems that digitalization triggers for especially vulnerable populations. Added to this is the K-Lab laboratory for technical research and a facilitation area that conducts workshops and training processes with journalists, activists, and human rights defenders on digital security and the use of technologies for the exercise of rights.
That sounds great. I’ve seen that you have the Internet Shutdown Observatory. Can you explain more about that?
The work on internet shutdowns began in relation to the national strike, el paro nacional. Particularly in Cali, there was a very strong alert about a shutdown occurring during the most critical moments of the protests. We could see a 20% to 30% decrease in the information flow signal in Cali. This analysis was determined through measurements from IODA, a global network that measures the health of internet connections. That drop was also reported by NetBlocks, an international observatory. We validated those measurements, generated reports, and started a process with the Ministry of ICT. We believe that information regarding any type of internet cut or shutdown must be public. It should be possible to know that these capabilities exist, and it must be clear when they are deployed and why. The internet should not be blocked because of a protest.
So, we set up a small project in the lab that is now the Internet Shutdown Observatory, where we develop our own methodologies to monitor network cuts and disruptions. We have seen not only the documented problem in Cali but other patterns as well. For example, when Coljuegos (the gambling regulator) ends up blocking networks, or blocks on journalists’ platforms, we generate alerts and full documentation on how these content blocks operate. We are interested in this because the lack of access is a real blow to the freedom of expression for the majority of people in the country.
What are we talking about when we talk about digital sovereignty in the Colombian context? Is it a concept used in the media or by the government?
It’s complex. At the beginning, the discourse on digital sovereignty wasn’t as prominent, though you hear it a bit more now. One of the things we have checked is the use of technology in the electoral process, which is clearly a matter of sovereignty: that the country has full control over election technologies. The same goes for identification processes, the Registrar’s Office (Registraduría), and the digital ID system. What we have noticed, first in elections and then with the digital ID, is that many of the technologies are implemented through specialized contracts with private companies, often foreign ones. In the case of elections, the scrutiny consolidation software—which is the only one owned by the State—was developed by a Spanish company called Indra, and they are contracted for maintenance and updates. In identification, the contract is with IDEMIA, a French company. In surveillance systems, we had a strong dependency on Mollitiam, a Spanish company, as well as contracts with Israeli companies.
There is a lot of outsourcing of key technologies for the State, and the State does not seem to have the capacity to develop them or have full control over them. That is a sovereignty problem. In parallel, the country’s internet infrastructure has been handled by the private sector. Infrastructure development does not belong to the State; even if part of it is paid for with public money, it is actually private. If you look at mobile telephone or fiber optic deployment, these are things franchised to private entities. For me, talking about sovereignty in those circumstances is complex because we are not as sovereign as one would like. Previous governments preferred to solve problems through contracts instead of having a fundamental discussion.
In Brazil, Lula’s government has a strong rhetoric of digital sovereignty. Has the discourse changed with Petro, a former guerrilla member and Colombia’s first left-wing president?
There have been some glimpses, but it is very difficult because the backlog is huge. Part of Petro’s program was to expand the fiber optic network, but for that, a contract was made with Internexa. The previous company that was given the fiber was Azteca Comunicaciones, based in Mexico. We continue in that pattern. As far as I know, that contract has had its problems and they haven’t necessarily completed all the deployments. The same happens with data center systems; we lack infrastructure within the country to have data centers in Colombia where the most sensitive information regarding the citizen-government relationship is stored. Additionally, you have a political problem, because the Ministry of ICT has been managed by one of Colombia’s largest centrist parties, the Party of National Social Unity, also known as “U party”, for a very long time. Although they joined the coalition, they have always been critical of the president, so not everything aligns well.
I think there have been advances, such as the laying of fiber optics and the work of the Ciberpaz team. It is a training and awareness initiative aimed at vulnerable people that involves not only digital literacy but also digital, media, and information literacy. It seeks to expand people’s capacity to develop their own initiatives for using the internet in work and productive models. This is a very clear line of implementation in this latter part of the Petro government.
And what about payment platforms? In Brazil, they developed PIX, which is public.
That’s a great question. Colombia has been a heavily regulated country in its financial system due to money laundering and the relationship with drug trafficking. That made it difficult for fintechs to enter because they need to comply with very strict regulations. For a long time, if payment systems didn’t have full guarantees against laundering, they were stigmatized. Furthermore, the corporations that hold power over the banks didn’t let fintechs in due to underlying political and economic management. The situation changed when these same companies introduced their own systems, like Nequi or Daviplata. But the development was private, and intermediation costs were very high. PSE transactions, card fees, and interoperability in these private systems are expensive. That cost is often passed on to the user or can only be paid by larger companies, but not necessarily by MSMEs (Mipymes), because it eats up their operating costs.
Nequi became popular, but since transactions between institutions remained expensive, Bre-B was created last year. It is a very interesting interoperability system because it completely lowers intermediation rates and is controlled by the Central Bank (Banco de la República). Being state-owned, it sets a specific regulation where private entities must adhere to having interconnection at zero cost for users. It is already fully operational; keys associated with ID or phone numbers are created to make transactions at zero pesos. I think it’s a positive step because it keeps the financial system in check and guarantees interoperability.
And when we talk about public digital infrastructure? Besides payment systems, there is the issue of digital identity you mentioned.
Indeed, there are layers. There have been attempts to implement systems like interoperability plans, the Carpeta Ciudadana (Citizen Folder)—which is a digital space to store the citizen’s relationship with the State—and authentication issues. Entity interoperability was included in the latest digital agendas, from Santos and Duque to the current one. Some progress was made with the digital ID, but for us, it is problematic because it is not sufficiently standardized; there is no updated identification law that accounts for digital ID. Furthermore, the implementation by the Registrar’s Office depends entirely on the foreign company IDEMIA. Even if the Registrar’s Office owns the databases, the technological infrastructure is provided by IDEMIA, with whom we have had contracts for the last 20 years. In sovereign terms, we fail there because there is no full control over that infrastructure layer.
The Carpeta Ciudadana has been deployed but doesn’t work fully. Where there have been significant advances is in the Digital Clinical History, which facilitates communication between health entities to carry patient information and have tracking mechanisms. But one thing is what’s on paper and another is the implementation.
And the relationship with the United States? How much digital colonialism is there in Colombia?
From the logic of the State, there are dependencies on specific companies. You could look at the cloud agreement that operated in the country, where basically Google, Microsoft, Oracle, and Amazon were the public digital cloud operators that entities could contract. There is dependency because there are monopolies in the world. Historically, there are agreements with Microsoft, Google, and Amazon that persist. In this government, there is more talk of free software and open technologies, but implementations have been few. There are historical cases like Orfeo, but it’s like a unicorn. Culturally, we also have dependencies in telecommunications. In mobile operators, we have had a very large market concentration with Claro for a long time. There are three major operators, but a good part of the national geography ends up being covered by small and medium-sized local internet providers. This government has tried to formalize the relationship with them, but it is incipient.
In messaging and social media, we live off Meta. WhatsApp is the most used, and zero-rating offers help that concentration. Once everyone is on WhatsApp, the State ends up generating chatbots there to provide services or official communications. Public policy consultations have been done via Facebook, and communications circulate more through social networks than through institutional websites. All city halls and governor’s offices outside Bogotá have a Facebook page and post local news and communications there.
What remains of the Colombian free software movement?
It’s still there. It activates a lot for FLISOL (the Latin American Free Software Installation Festival) in April. Colombia remains active, and meetings are organized in several cities to talk about free culture. Events are also held around Software Freedom Day. There are active groups in universities, like the Linux Group at the District University. There is the Correlibre foundation, which promotes free software; it’s not big, but they have put a lot of effort into the movement. In Bogotá, there is HackBo, the Bogotá Hackerspace, linked to the free and open movement. There are remnants and people doing things, but it’s not generalized. In the Petro government, there are people working from this perspective, although the State bureaucracy is difficult to manage. I have been a free software user since the early 2000s, and I see a new generation emerging that puts its heart into it.
Can we talk of a Latin American perspective on digital sovereignty?
It would be very good, but it hasn’t happened. The giant is Brazil, and sometimes it feels distant, perhaps because of the language. FLISOL was a Latin American initiative that started in Colombia and spread, but it isn’t massive. There were interesting attempts in Ecuador and Venezuela, but they have been diluted due to political problems or changes in government. There are groups working in Argentina, Uruguay, Bolivia, and other countries, but there isn’t much dialogue between nations in terms of regional sovereignty policies. 
Personally, I am concerned about infrastructure. Regional interconnectivity remains poor, which favors national monopolies instead of interconnected networks across the continent. There are attempts to link exchange points, but since the infrastructure is private and not public, it’s hard for them to take off. We need fiber optics and data centers that correspond to the interests of nations and peoples, not corporate interests. There is a lot of tech lobbying in our countries; they have money and infrastructure and end up defining policies. That complicates things.