by Dr. Yasir Gökce
A twitter post by human rights activist Dr. Gökhan Günes has revealed the way in which Turkish police employs a software called “Analizcinin Takım Çantası” (ATAC), means “Analyst’s Toolbox”, as well as the interfaces of the software with its information sources. In his post, Dr. Günes stressed the easiness with which one can be included in criminal investigations through a coincidental use of ‘suspected’ phone numbers.
According to the 2019 activities report of the Turkish Police Forces, ATAC is a software developed by the counterterrorism units to be utilized in terrorism investigations and eventually in prosecutions. The software is in use since the beginning of 2018. The software helps the counterterrorism units to compare, contrast and analyze phone numbers, calls, numbers making the call, numbers having been called, call time, cell tower receiving signals associated with the call etc. In addition to cellular data, ATAC reportedly receives data from several public authorities, such as the civil registry, social security institution, and national judiciary informatics system (UYAP).
More concretely, the ATAC software is being used in terrorism investigations/prosecutions against individuals who were allegedly linked to the Gülen Movement. As is probably known, the Turkish government asserts that the members of the Gülen Movement, which was declared by the former as a terrorist organization, used an encrypted communication app, the ByLock, and/or were contacted by other members through public payphones. Based on this presumption, owners/possessors of the phone numbers which had internet traffic with Bylock servers or which were called by a public payphone are potential terrorists in the eye of the Turkish government and, extensionally, of the Turkish judiciary. Furthermore, even owners/possessors of the phone numbers which were connected to the same cell tower at a given time as the ones belonging to a well-known Gülenist run the risk of years-long detention for terrorism charges, as is reported by a government-mouthpiece news media. According to the official figures, ATAC is employed in a year in judicial proceedings of approximately 20 thousand individuals allegedly linked to the Gülen Movement.
What compounds this already problematic legal conundrum is, a phone number who is registered on the name of an individual may not actually be used by this individual. To overcome this hardship, the government had come up with a devious solution, which was surfaced in the twitter thread by Dr. Günes. According to some judicial documents published by Dr. Günes, online shopping platforms such as Yemeksepeti, hepsiburada, Mc Donalds, Burger King, English Home or sahibinden.com have become complicit in overcoming this hardship. As might be known, these platforms where online transactions can be made collect personal data, including phone numbers. As per the judicial documents published, some leading online platforms have apparently been providing ATAC with sensitive data on their subscribers and customers. Among the data provided are names, phone numbers, and other transaction details of a personal-data character.
It is here safe to advance that the legal consequences of this method are likely to be catastrophic. Assume that someone makes an order on one of these online platforms and coincidently registers, or uses in transaction, a phone number which had internet traffic with the ByLock servers, or which was contacted from a public pay phone. Being profiled in ATAC as a Gülenist, this individual who coincidentally decided to use that phone number in its order is highly likely to face dismissal from his/her public position and years-long detention/imprisonment on terrorism charges. To top it all, he/she will probably be demonized and ostracized by a segment of society disillusioned by the Erdogan government and left to civil death by state machinery. In sum, an accidental inclusion of a name in ATAC’s database would dramatically usurp the whole life of the person concerned, an routine persecution endured by thousands of individuals allegedly linked to the Gülen Movement.

Illustration by Kronos: https://kronos35.news/tr/emniyet-milyonlarca-kisiyi-alisveris-siteleri-uzerinden-fislemis/
The firms enumerated by Dr. Günes are
- Hepsiburada
- Sahibinden.com
- Çiçeksepeti
- Domino’s TR
- Mc Donald’s TR
- Burgerking TR
- English Home
- Madame Coco
- Morhippo
- Karaca Home
- Etstur
- sefamerve
- igdaskurumsal
- Yemeksepeti
Whether they have been willingly providing data or forced to do so is unknown. They have not so far made any statement to these substantiated allegations. But, it is safe to advance that these firms are in violation of the law on the protection of personal data, as they transfer personal/personally identifiable data without the respective consents of data subjects. One might attempt to justify this data transfer with reference to the fulfillment of the purpose of ‘national security’, ‘preventing disorder’ or ‘combatting against crime’, the pretexts usually employed by the Erdogan government for such interventionist practices. Still, there must exist an order of a court of law, striking a balance between the privacy rights and the grounds such as ‘national security’, ‘preventing disorder’ and/or ‘combatting against crime’. In the ostensible absence of such a court order, the listed firms as well as the public authorities operating ATAC are in clear violation of the fundamental rights of individuals concerned.
Bulk and indiscriminate collection of personal data has long become a frequently-resorted practice of the Erdogan government to suppress the democratic demands of the citizens or to surveil and intimidate them. For instance, as we’ve examined in previous article, the Erdogan government has continuously been retrieving personal and communications data from internet service providers and using this to identify and profile the personalities of Turkish voters and influence their political behavior by exposing them targeted contents on social media, since the considerable majority of them have switched to social media as an alternative news source in the face of the dominance of Erdogan over the traditional one.
All in all, it appears that the vigilance of Turkish citizens in protecting their rights and the resoluteness of the firms in resisting the outrageous demands of authorities will determine the success of Erdogan’s sovereignty on data.
Dr. Yasir Gökce is a legal expert and information security consultant with over ten years of experience. He is a Harvard University alumni and former legal counsel to the Turkish Ministry of Foreign Affairs. He has specialized on cyber security, information security risks, privacy and data protection law (GDPR), IT law.
Read more from Dr. Yasir Gökce:
Categories: Turkey Human Rights Blog