Encryption At The Centre Of Mass Arrests: One Year On From Turkey’s Failed Coup

Photo credit: Tony Webster

This piece was written by PI Policy Officer Lucy Purdon.

The repercussions from the failed military coup in Turkey on 15 July 2016 have impacted almost every part of Turkish society as President Erdoğan clamps down on perceived and actual opposition in a never ending cycle of raids, arrests and detentions.

Turkish authorities blame the 2016 coup on Fethullah Gülen, an old rival of Erdoğan currently exiled in the US, and have set about ‘purging’ Turkish society of his supporters ever since. While over 200 people are on trial for organising the coup, thousands more have been arrested on suspicion of being a member of the Gülen movement, which the Turkish government has named FETO (Fetullah Gülen Terrorist Organisation). The Turkish Ministry of Justice recently stated that 168,801 people have been detained and subject to “legal proceedings”, with a further 50,504 people arrested on a specific charge who are likely in pre-trial detention since the coup. Thousands more arrest warrants have been issued, including for judges and prosecutors. Amnesty International estimate an additional 100,000 people have been dismissed from their jobs, including doctors, police officers, teachers, academics and soldiers.

Privacy International is particularly concerned that suspicion of membership of the Gülen movement is based on the use of encryption, specifically a freely available messaging service called Bylock which the government claims is the communication tool of choice for Gülen supporters and was used to organise the coup. There is very little information about Bylock; it is not widely known among security experts or outside of Turkey, it is no longer available from any app store and its origins and developer are something of a mystery.

The fact that people from all walks of life, professions and backgrounds have been arrested for using encryption demonstrates how widespread and essential the use of encryption is in our day to day communications. The list of those arrested stretches to business people, engineers, nurses, civil servants, teachers, doctors, civil servants, employees of the Turkish Telecommunications Authority and the Turkish Financial Regulatory Authority, judges, lawyers and police officers. A popular stereotype of Gülen movement members among Turkish authorities is that they are open to relations with the Western world, and will have typically worked or studied in the West. This makes human rights defenders, journalists, academics, any law enforcement officials who have served with the United Nations Police, and even sport stars vulnerable to arrest. In June 2017, a Turkish judge at the International Criminal Court was sentenced to seven years and six months in prison for membership of the Gulen movement, based on his use of Bylock. Reports in Turkey said Aydin Sefa Akay admitted downloading and installing Bylock from Google Play Store, as it was recommended to him by the Secretary of State of Burkina Faso.

The UN Working Group on Arbitrary Detention has already ruled that one police officer, Kursat Çevik, is being arbitrarily detained. In its submission to the Working Group, the Government of Tukey detailed the charge against him,

“The indictment stated that he had used a communication programme called “Bylock”. As specified in various court decisions, it is common knowledge that this programme is an encrypted communication programme used for communication and organizational contact among the members of the FETÖ/PDY terrorist organisation.”

The government does not at any point offer evidence that the use of encryption itself is illegal in Tukey. The applicant in this case responded to the government allegation,

“The source notes that publicly available knowledge of the use and access to that software is that it has been unavailable for download on the Apple platform since July 2014. Mr. Çevik purchased his phone in the summer of 2015, so it would have been impossible for him to download it. The source notes with concern that his trial has been postponed until 4 July 2017 as the judge is believed to be awaiting further evidence that Mr. Çevik and his co-accused have used the software. In this respect, the source is concerned that such evidence may be fabricated.”

There are reports that support the notion that Bylock was removed from both the Google Play Store and Apple Store months before the coup. It would be helpful if both Google and Apple could confirm when the app was no longer available to download, as this would help challenge the government’s claims that it was used to plan the coup. Nevertheless, Tukey’s intelligence agency (MIT) used information gathered from the app to identify tens of thousands of people to be arrested.

At Kursat Çevik’s trial on 4 July, which included other defendants, two people were acquitted when it turned out they did not own a smartphone (therefore they could not have used Bylock). Those who have a smartphone and denied using Bylock, including Kursat Çevik, have been kept in pre-trial detention until 17 October. The judge has reportedly asked for the content of the communications to be presented to the court, and it is unclear how this will be retrieved, if at all.

Detention for using encryption is not new in Turkey, but the scale of arrests is unprecedented. It does not occur only in Turkey: the use of encryption as proof of membership of a terrorist organisation is a charge levelled at human rights defenders globally, such as the Zone 9 bloggers in Ethiopia, whose charges suggested that the mere training in communication security was evidence of criminal behaviour. The anti-encryption debate in the West does not help — the UK government has repeatedly spoken of the intention to ‘ban’ encryption, while clearly not understanding how encryption actually works. This kind of rhetoric is dangerous; by making encryption an unseen enemy, it lends legitimacy to those governments, like Turkey, that treat the use of encryption as evidence of wrongdoing.

The Office for the UN High Commissioner for Human Rights has condemned the latest arbitrary detention of ten human rights defenders arrested during a digital security training, including a director of Amnesty International and a Swedish and German national. The training would have likely included discussions on the use of encryption, but they have yet to be charged with any crime. A group of UN experts published a statement calling for their immediate release, along with a chair of Amnesty International in Turkey and six lawyers detained a month previously. The experts also expressed concern that the investigation against them is confidential, preventing defence lawyers from accessing case files. The human rights community has rallied around their own — but let’s not forget the thousands of others who have been caught in the net and are in the same situation.

As noted by the UN Special Rapporteur on freedom of expression in a 2015 report, “encryption and anonymity provide individuals and groups with a zone of privacy online to hold opinions and exercise freedom of expression without arbitrary and unlawful interference or attacks.” Clearly, the mere use of encryption cannot be considered a criminal behaviour.

The charges are the equivalent of saying that because one criminal used WhatsApp, all users of WhatsApp are also criminals. All 1.2 billion of them. Being arrested for using encryption like being arrested for locking your front door or owning a safe. Those arrested solely for the use of encryption should be immediately released and have the charges dropped.