Court of Cassation 16th Penal Chamber Basis No: 2017/1800 Decision No: 2017/4837 Date: 19.07.2017 (Turkish Penal Code Art. 220, 314)
Upon the appeal of the judgment rendered by the Regional Court of Justice; the file was examined according to the appellant’s status, the duration of the application, the nature of the decision, and the grounds for appeal:
As the conditions were not met regarding the duration of the imposed sentences, the request of the defense counsel for a hearing was REJECTED pursuant to Article 299 of the Criminal Procedure Code (CPC).
In the examination conducted based on the minutes reflecting the trial process, the documents, and the content of the reasoning;
At the end of the trial; IT WAS DECIDED that the defendant Caner İ. be punished for the crime of membership in the FETÖ/PDY armed terrorist organization within the scope of the BYLOCK program being installed on the telephone line numbered 546 896 .. .., the minutes kept as a result of the searches conducted at the defendant’s residence, bank records, and witness statements.
As detailed in the decision of the 16th Penal Chamber of the COURT OF CASSATION, acting as a court of first instance, with Basis No. 2015/3 and Decision No. 2017/3; “…The ByLock application is A SYSTEM based on providing communication over an internet connection with a strong crypto system, where each sent message is transmitted by being encrypted with a different cryptographic key. This communication program is A PROGRAM produced as a special software that only organization members can use via a special server, ensuring communication among members using a special encryption method without being deciphered. In summary, ByLock is A SYSTEM that enables communication over the internet with a crypto system.
IT HAS BEEN DETERMINED that the data transmitted between two users in the ByLock communication system is encrypted using a cryptographic algorithm, that the cryptographic algorithm is a type of public-key/asymmetric encryption algorithm and performs encryption using two keys, one being private and the other public, and that this encryption is a security system aimed at preventing third parties from hacking or accessing the information while transferring information between users.
Since downloading ByLock is not sufficient, a special installation is required to use this program; it has been UNDERSTOOD THAT INSTALLATIONS WERE CARRIED OUT through methods such as downloading from the internet, portable memory cards, bluetooth applications, etc. While it was exceptionally open for everyone to download for a period in early 2014, later, as mentioned in statements, messages, and emails, members of the organization carried out installations using USB flash drives, memory cards, and bluetooth. It is understood that downloading the program is not sufficient for messaging; to enable messaging, the ID (identification number), which is assigned automatically by the system to registered users and is unique to the user, must be known and approved by the other party; otherwise, the person cannot be added to the contact list and messaging content cannot occur; it is understood that the program ONLY REQUESTS the user to generate a username and a password during registration.
The process of adding friends is CARRIED OUT BY entering the person-specific code named ‘username’ (code/alias) given by the user while registering for the said application. It is NOT POSSIBLE to add users by searching with phone numbers or ‘name-surname’ information on the application. On the other hand, ByLock DOES NOT POSSESS THE FEATURE of automatically adding people in the phone directory to the application, which is found in equivalent or common messaging applications. For users to communicate with each other on the ByLock application, the parties MUST KNOW each other’s ‘username/code’ information and BOTH PARTIES MUST ADD the other as a friend. In short, since the ID of the person to be spoken to must first be added to use the program, it is understood that not every person HAS THE OPPORTUNITY to use this system at any time.
Voice calls, email transmission, written messaging, and FILE TRANSFER CAN BE PERFORMED on the application. In this way, users fulfill their organizational communication needs without the need for another communication tool; the communication performed is automatically deleted on the device at certain periods without the need for manual processing; even if users forget to delete the data they need to delete for communication security, the system is programmed to take necessary measures; thus, it is DETERMINED that the ByLock application is designed to prevent access to other users in the contact list and past communication data even if the device is seized as a result of a possible judicial action, and furthermore, the storage of server and communication data of the application as encrypted in the application database is in the nature of a security measure taken for preventing the identification of the user and for communication security.
It has been OBSERVED that the ByLock application OFFERED SERVICES on a server with the IP address 46.166.160.137. It was determined that the server administrator rented and offered 8 additional IP addresses (46.166.164.176, 46.166.164.177, 46.166.164.178, 46.166.164.179, 46.166.164.180, 46.166.164.181, 46.166.164.182, 46.166.164.183) to make the identification of users difficult.
In the ByLock communication system, it is POSSIBLE TO DETERMINE the connection date, the IP address making the connection, how many times the connection was made between which dates, with whom the communications were made, and the content of the communication. Determining the connection date, the IP address making the connection, and how many times the connection was made between which dates is SUFFICIENT TO PROVE that the person is part of a private communication system. Determining with whom the communication was made and its content are INFORMATION THAT WILL SERVE to determine the person’s position within the structure (terrorist organization). In other words, they are INFORMATION THAT WILL SERVE to determine the person’s position within the organizational hierarchy (organization manager/organization member).
Since the fact that the ByLock communication system is a network created for the use of FETÖ/PDY armed terrorist organization members and is exclusively used by the members of this criminal organization is based on concrete evidence, it is not necessary for the defendants included in this network to have communication content with another person/persons within the network.
As proved by the concrete evidence explained above, since the ByLock communication system is a network created for the use of FETÖ/PDY armed terrorist organization members and used exclusively by some members of this criminal organization; in case it is determined with technical data that leads to a certain conviction beyond any doubt that this network was joined by organizational instruction and used for communication purposes to ensure confidentiality, it WILL CONSTITUTE EVIDENCE showing the person’s connection with the organization…”
1- Within this scope; while it is necessary to determine that the defendant used the ByLock application with technical data and evaluate the legal status of the defendant according to the response to the writ issued to the Information Technologies and Communication Authority (BTK) to determine how many times the line numbered 0546.. with IMEI 35961004294296 (registered to the defendant C. and declared to be used by him) connected to the IP addresses of the ByLock application (46.166.160.137, 46.166.164.176, 46.166.164.177, 46.166.164.178, 46.166.164.179, 46.166.164.180, 46.166.164.181, 46.166.164.182, 46.166.164.183) from the first usage date of 13.10.2015 to the last usage date; rendering a decision with incomplete research as written,
2- Even according to the acceptance; the failure of the LOCAL COURT to wait for the response to the writ dated 07.02.2014 and numbered 2006/317 sent to the Ankara Provincial Security Directorate to determine that the ByLock application, which is one of the decisive evidence for the conviction, was used by the defendant, and the failure to consider that a decision cannot be rendered with the reasoning that it would be sufficient for access to the program to be provided by organization members installing the setup file to each other;
Since the appeal objections of the defense counsel and the Antalya Regional Court of Justice Public Prosecutor were found justified in this respect as they are contrary to the Law, it was UNANIMOUSLY DECIDED on 19.07.2017 to REVERSE the judgment pursuant to Article 302/2 of the CPC, to reject the requests of the defense for release taking into account the duration the defendant spent in detention and the nature of the crime, and to continue the detention of the defendant.