In a pivotal judgment delivered by the Grand Chamber, the European Court of Human Rights held that the conviction of Yüksel Yalcinkaya, a former teacher, under Article 314-2 of the Turkish Penal Code (TPC) violated Articles 6,7, and 11 of the Convention. The applicant Yalcinkaya was dismissed from his teaching position via emergency decree. Said decree was enacted during the state of emergency between 2016 and 2018. Later, Yalcinkaya was prosecuted and convicted for his use of a specific app – Bylock – and for his membership in a teachers’ union and an association. Both organizations were also closed down via emergency decree. In Erdogan’s ever more repressive Turkey (or, in contemporary parlance, Türkiye as his government seeks to avoid confusing the country with a North American bird), usage of said app or membership in organizations and unions may lead to arrest. Especially anything that appears remotely related to the oppositional Gulen movement carries the risk of persecution.
The judgment is crucial as it may trigger retrials (and acquittals) of 100,000 individuals who have been convicted for membership in armed terrorist organizations over their links to the Gulen Movement – called FETO/PDY by the Turkish Government – that has been designated a terrorist group. Further, Strasburg’s reading of Article 7 of the Convention, the principle of no punishment without law, is especially noteworthy as the Court identified a violation of Article 7 in only 60 out of its 25,000+ decisions since 1959.
Bylock was an encrypted communication app that was available via Google Play Store and Apple Store. According to a report prepared by a Netherlands-based prominent forensic company FOX-IT, Bylock was in service between March 2014 and February 2016, and it was downloaded more than a hundred thousand times only from the Google Play Store. Since 2016, the Bylock App has been at the center of controversy and human rights violations in Turkey.
The Turkish judiciary’s position concerning Bylock, on the other hand, is as follows:
“Since the Bylock messaging app is a communication network, exclusively designed and developed to fulfil the communication needs of the FETÖ terrorist organization, the detection, through technical means, of the involvement of any individual within this network beyond any doubt proves the link of the individual to the terrorist organization.” (Court of Cassation, E. 2017/16-956, K. 2017/370, Turkish Constitutional Court; Ferhat Kara, B. No: 2018/15231).
Based on this interpretation, Turkish authorities prosecuted over 100,000 individuals on terrorism charges, asserting that merely using or downloading this app warrants conviction under Article 314-2 of the Turkish Penal Code.
Although the Turkish judiciary’s position about the Bylock app has been very firm and categorical, the criteria used to identify Bylock users have been inconsistent at best. Official figures and criteria outlining what constituted a Bylock account have constantly changed. For instance, authorities claimed that there were 215,000 users in August 2016, and by June 2017 this number dwindled to 102,000 users. In December 2017, the judicial authorities admitted that more than 11,000 individuals had been wrongfully identified as Bylock users with more than 1000 of them having already been detained, bringing the total number of users to roughly 90,000. Despite mounting scepticism based on credible expert reports (see, i.e. 1, 2) about the reliability of ByLock‘s data, over 100,000 people were prosecuted as its users based on electronic/digital data obtained by the Turkish Intelligence Service through undisclosed methods.
In Turkey, using Bylock alone may yield a conviction for membership in an armed organization, as per Article 314-2 TPC which criminalises the membership of an armed organization and carries a penalty of up to 15 years imprisonment. The article appears strategically ambiguous. It does not define the ‘membership of an armed terrorist organisation’ and is prone to arbitrary application of judicial authorities. Indeed, its invocation since 15 July 2016 has reached an industrial scale. According to a communication by Turkey to the Committee of Ministers of the Council of Europe in January 2023, 340,000 criminal cases have been filed under Article 314 of TPC between 2017-2021, leading to more than 126,000 decisions of imprisonment and more than 170,000 decisions imposing other punishments and security measures.
The ECHR’s Yüksel Yalcinkaya judgment is therefore decisive as it addressed the complex issues surrounding some 100,000 Bylock-related terrorism prosecutions and found that the Turkish judiciary’s interpretation and reasoning in these cases were utterly wrong.
Violation of Article 7 ECHR
The court unequivocally stated that imprisoning someone solely for the use or download of Bylock is in direct violation of the principle of ‘no punishment without law’. The court pointedly remarked on the approach of Turkish prosecutions, stating at § 268: “Turkey’s prosecutions against Bylock users rely on an automatic presumption of guilt based on Bylock use alone, making it nearly impossible for the applicant to exonerate himself from the accusations.” This approach, according to the court, violated Article 7 of the Convention, which fundamentally ensures that individuals are protected against arbitrary prosecution, conviction, or punishment.
Violation of Article 6 ECHR
The ECHR also held that the Turkish courts’ modus operandi in Bylock cases undermined the defendants’ rights to challenge the credibility of Bylock data as evidence. According to the ECHR, this violates the right to a fair trial.
The Court observed at §312 that electronic evidence has become ubiquitous in criminal trials in view of the increased digitalisation of all aspects of life. However, the Court also highlighted the vulnerabilities of electronic evidence raises towards destruction, damage, alteration or manipulation (§312). The ECHR underscored that while it does not have the mandate to decide on the admissibility of intelligence data in criminal proceedings, Strasburg asserts that such data’s reliability can often be questioned, especially when lacking oversight or review.
The Bylock data’s reliability has been a central concern for defendants and their lawyers since 2016, as there were several discrepancies and gaps in the narrative of the Turkish government. Several reports by international and Turkish experts refuted the government’s exclusive use claims and also proved the alteration of data by the Turkish intelligence services. The Court found that Turkish courts left the arguments of the applicant about the reliability of Bylock unanswered. The Court also noted that “The domestic courts did not address the separate matter how the integrity of the data obtained from the server had been ensured in all respects, particularly in the months-long period prior to their transmission to the judicial authorities in December 2016.” The ECHR also pointed out the applicant’s complaints about the disregard of domestic law safeguards while Bylock data was being obtained and processed by the Turkish Intelligence Agency. The applicant’s requests to have a look at the digital data himself remained unanswered by Turkish courts.
The Court accentuated the defence’s inability to directly access, test and challenge the Bylock evidence prevented the applicant from having a genuine opportunity to challenge the evidence against him and conduct his defence in an effective manner and on an equal footing with the prosecution.
Faced with these shortcomings, the Court highlighted that ensuring fairness in the proceedings was paramount. The ECHR noted: “The domestic courts were required to take adequate measures to ensure the overall fairness of the proceedings against the applicant. … they failed to do [so].”
In conclusion, the ECHR determined that the criminal proceedings against the applicant violated the principle of a fair trial, culminating in a breach of Article 6 of the Convention. Further, the Court observed that domestic courts’ characterization of the use of Bylock resulted in violations under Articles 7 and 6 of the Convention and this flawed approach, anyone who is identified as a Bylock user could, in principle, be convicted in Turkey of membership of an armed terrorist organization.
Having established these violations, the Court held that the problems around this case are systemic and widespread, and this problem concerns more than 8,000 cases pending before the ECHR alone and possibly 100,000 more applications in the Turkish justice system.
The Court then mandated Turkey under Article 46 of the Convention to address the defects identified in the judgment as soon as possible to avoid similar violations in the hundred(s) of thousands cases in the future.
While the Court’s acknowledgement of violations of Articles 6 and 7 is commendable, its approach to the case appears tentative. For example, the ECHR acknowledged that the Turkish court’s interpretation of Article 314-2 Turkish Penal Code (No. 5237) in Bylock cases violated Article 7 of the Convention. Yet, the ECHR also held that Article 314 § 2 is, in principle, foreseeable when juxtaposed with the Prevention of Terrorism Act and the case law of the Court of Cassation. According to the Court, Article 314 § 2 is articulated with enough precision to allow an individual, with suitable legal advice if necessary, to discern which actions or omissions might subject them to criminal liability. However, this determination by the Court could be seen as inconsistent with its findings in Selahattin Demirtas v. Turkey II (Demirtas II). In Demirtas II, the Grand Chamber observed that ‘national courts seem to have overlooked principles (namely continuity, diversity, and intensity) established in the case law of the Court of Cassation’ (§278). Furthermore, the Grand Chamber opined that Article 314-2’s foreseeability is questionable in the context of Article 5 of the Convention.
Regarding Article 6, the Court’s approach again appeared constrained. It refrained from ruling on the applicant’s grievances about the alleged illicit collection of his Bylock usage data by the intelligence service. The applicant contended that even if the data collection was lawful, the Law on Intelligence Services forbids its use in the proceedings in question. Additionally, he argued that the intelligence service processed the data without the necessary legal of oversight, violating Articles 134-135 of the Code of Criminal Procedures. Instead of delving into these complaints, the Court’s basis for finding an Article 6 violation largely rested on the domestic court’s lack of sufficient reasoning or lack of reasoning at all.
After accepting at §328 that the Bylock material potentially contained elements which could have enabled the applicant to exonerate himself, or to challenge the admissibility, reliability, completeness or evidential value of that material, the ECHR stated at §329 that the applicant’s right to disclosure must not be confused with a right of access to all that material. Accordingly, to the ECHR accepts that there may have been legitimate reasons for Turkish courts and prosecuters not to share the raw data with the applicant. Further, the ECHR contended that if such data is withheld from the defence on public interest grounds, the individual legality of such non-disclosures is not for Strasburg to decide. At §331 the ECHR seemed that it would accept even denying the defendants receiving their personal raw/digital data if enough reasoning is given by domestic courts.
While it was not realistic to expect the Grand Chamber to rule on the admissibility of the evidence, which, according to the ECHR’s case law remains with the domestic courts, the Grand Chamber should refrain from giving a carte blanche to Turkish courts on denying the defendants reaching their digital Bylock data.
Thus, the Court has left several open doors that Turkish authorities could use to slip around the judgment and convict the Bylock users again. Yet, although the judgment is not conclusive enough, it is OK!