Introduction
Since 2016, more than 90,000 individuals have been arrested in Turkey for allegedly using ByLock, an encrypted messaging app akin to Signal and Telegram. Turkish authorities assert that merely using ByLock is sufficient grounds for a conviction of membership in an armed terrorist organization. Consequently, over 90,000 individuals have been convicted on this basis.
In these prosecutions, the Turkish authorities heavily rely on digital evidence obtained by the Turkish Intelligence Agency (MİT), which is gathered through intelligence methods without judicial oversight. This evidence forms the basis of the ‘ByLock Technical Report’, produced by MİT, which is centered around the digital material related to ByLock.
The foundational ByLock findings, crucial to the Turkish government’s mass arrests, have been exposed as riddled with substantial data manipulation and corruption.
Yalçınkaya judgment of ECHR
The recent landmark Yalcinkaya judgment by the Grand Chamber of ECHR vividly illustrates that, on its own, the ByLock evidence falls short of establishing any illegality, let alone proving terrorism membership. ECHR also held that the applicant’s complaints and questions with regard to quality and reliability of the electronic ByLock evidence is neither abstract nor baseless, and should accordingly be addressed by the Turkish courts (§§ 317, 323, 333, 334).
Inconsistencies and Manipulations in the ByLock Material
As extensively outlined in this report, numerous illegalities, irregularities, and interference throughout the collection, analysis, and utilization of ByLock data severely compromise the reliability, accuracy, and legitimacy of these findings. Beyond the report’s conclusions, a newly uncovered manipulation within the ByLock database underscores the audacity and arbitrariness of Turkish authorities during the investigations. This revelation introduces skepticism regarding the reported user count, indicating potential interference in the ByLock database and heightening concerns about data accuracy and integrity.
Missing ByLock IDs
The term “ByLockID” designates the unique member registration number in the ByLock server. Upon inspecting the technical specifications of the “id” column in the User table, as depicted in the images within the MİT Report detailing the database (refer to MİT Report Page 48), it is evident that “id” is designated as the “Primary KEY” with a data type of “int” (integer).
A Primary Key, literally defined as such, plays a pivotal role when crafting tables in Relational Database Management Systems (RDBMS). It serves as the unique “identification number of each entry in the table,” analogous to a Tax Identification Number or a National Identification Number. The data type of the Primary Key column is typically configured as AutoIncrement, signifying a “Number that automatically increases with each new entry.”
Illustratively, in the news article “Secret Correspondence on the Road to Coup” dated 13/09/2016 by Murat YETKİN from Hürriyet Newspaper, a database image is shared beneath which is the statement “Here are the first 25 names who used the ByLock software, obtained through ‘cracking’ by MİT’s cyber agents…”. Within the image below, it is discernible that the “id” of the user who initiates registration in the ByLock database is designated as “1,” and each successive member is assigned the next integer number as “id” with an incremental increase of “1” (AutoIncrement). For example, if the ByLock ID of the last user registered is “215092,” the subsequent registrant will be allocated the ID “215093.”
Page 49 (the first image below) of the MİT report confirms that the “user” table in the database comprises a total of 215,092 entries. The table in page 52 (the second image below) of the MİT report repeats the written claim that the total number of users registered in the application is 215,092. However, given the database details outlined in the MİT report and the technical insights we’ve shared, it logically follows that the ByLock ID of the last registered user should be 215092. However, this is not the case. To delve deeper, let’s direct our attention to section 3.6.2.13 and explore the “roster” table. This table serves as the repository for directory information within the application. It contains data on which user has added another user to the application directory, distinct from the telephone directory. However, upon examining the table below (the third image below, which is taken from pages 46 and 47 of MİT report), it becomes apparent that it contains the following IDs: 513677, 493923, 472645, 411050, 402862, 404376, and 378741.
Finally, upon reviewing the “log table” (image below) in section 3.6.2.11 on page 42 of the MİT report, a set of IDs is disclosed, including 486035, 414878, 452815, 344793, 324769, 372087, 460015, 405993, 486908, 456814, 452231, 440803, 437265, and 468051. These IDs are explicitly provided by MİT.
Conclusion
From a technical standpoint, as elucidated earlier, if the database encompasses 215,092 entries, the concluding ByLock ID should logically be 215,092. Consequently, any ID surpassing this threshold indicates potential interference by MİT in the ByLock database.
This raises suspicions of data manipulation, including the deletion of a substantial number of users—possibly exceeding 300 thousand—and alterations to the data according to MİT’s discretion. Such deviations cast doubt on the accuracy and integrity of the reported information.
In conclusion, the scrutiny of ByLock findings, which have been instrumental in the Turkish government’s widespread arrests, reveals a disconcerting landscape of significant data manipulation and corruption. The Yalcinkaya judgment serves as a pivotal milestone, highlighting that ByLock evidence alone lacks the capacity to substantiate allegations of illegality or establish ties to terrorism membership. This realization, coupled with the comprehensive examination presented here, underscores a series of illegalities, irregularities, and interference at various stages of data handling, eroding the credibility, precision, and legitimacy of the ByLock findings. Moreover, the recent revelation of a manipulation within the ByLock database serves as a stark reminder of the audacity and arbitrary actions of Turkish authorities during the course of ByLock investigations. The identified discrepancies cast doubt on the reported user count, hinting at potential interference in the ByLock database and amplifying concerns surrounding the accuracy and integrity of the data.
Given that ByLock material has been used to prosecute over 90,000 people, these legitimate concerns about its quality as evidence, coupled with the ECHR’s findings in the Yalcinkaya case, require Turkish courts to re-evaluate its admissibility as evidence. And this evaluation should be carried out in full compliance with the principle of equality of arms and with the use of independent expert panels.
Dr. Yasir Gökce is a legal expert and information security consultant with over ten years of experience. He is a Harvard University alumni and former legal counsel to the Turkish Ministry of Foreign Affairs and currently the director of The Institute for Diplomacy and Economy. He has specialized on cyber security, information security risks, privacy and data protection law (GDPR), IT law.
Categories: Turkey Human Rights Blog