Opinion on the Legality of the Actions of the Turkish State in the aftermath of the failed coup attempt in 2016 and the Reliance on Use of the Bylock App as evidence of membership of a terrorist organisation
A summary of an opinion on the legality of the actions of the Turkish State in the aftermath of the failed coup attempt in 2016 and the reliance on use of the Bylock messaging application as evidence of membership of a terrorist organisation by William Clegg QC who was assisted by Simon Baker. The opinion also contains a digital forensic report by Thomas K Moore, whose main findings have also been summarised below.
Summary of Opinion by William Clegg QC and Simon Baker
This opinion addresses whether the actions of the Turkish State breached the conventions rights of those arrested and detained since the failed coup and contravened International Criminal Law with a particular consideration of the alleged use of the Bylock messenger application (hereafter ‘Bylock App’) as evidence and whether use of that App could provide a safe basis for conviction.
Mr Clegg QC and Mr Baker were aided in their legal opinion by the report provided by Thomas K. Moore, (please see below for a summary of that report).
Bylock was a publicly available smartphone application that allowed users to communicate between each other privately and using encryption. It was available to download via the Google Play store onto handsets running the Android operating system and via the Apple iTunes Store onto handsets running the Apple iOS operating system.
It is confirmed by the Bylock Application Technical Report produced by representatives of Turkey’s national intelligence agency or MIT (hereafter referred to as the ‘MIT report’) that the Bylock App was taken down in mid-March 2016. After that time, no-one could use the App. The Turkish government added the Gulen movement to a list of terrorist organisations in Turkey in May 2016 (this is not the same as proscription which must be decided by a Court of Law); as a result, only ongoing membership or support, after May 2016, was capable of being construed as support for a movement that had been registered as a terrorist organisation. Since the Bylock App could no longer be used after this date anyway, its alleged use at any point in time cannot be used as evidence to convict anyone of being a member of a terrorist organisation. Put differently, the use of the Bylock App was lawful in Turkey for as long as it was capable of being used.
Bylock’s exclusivity of use
I find the evidence that the Bylock App was used exclusively by those who were members or supporters of the Gulen movement utterly unconvincing and unsupported by any evidence. Indeed, in my opinion, there is no evidence at all from which any reasonable person could conclude that the App was exclusively used by members of FETO/PDY and a great deal of evidence, much unchallenged, which demonstrates that the App was widely available and used in many different countries.
In reaching this decision I rely upon the following facts, the App was available to everyone, it had features that could be attractive to many and was used in many countries. The App had been downloaded throughout the world and was in the top 500 Apps in 41 separate countries. It is ridiculous to suggest that all those users were members of the Gulen movement (further reasons rebutting the exclusivity of the Bylock App are provided in Mr Moore’s report).
It follows that if the Bylock App cannot sensibly be claimed to be the exclusive province of those members and supporters of the Gulen movement then there can be no justification for the arrest and/or detention in Turkey of those who had used the App without other compelling evidence.
Other supporting evidence
In the case of X (anonymised for security reasons), it is clear that the court relied on the accused’s alleged use of Bylock to convict him of membership of a terrorist organisation. Other evidence relied on against the accused was having a bank account in BankAsya and staying in student accommodation allegedly linked to the Gulen movement.
This other evidence, when analysed, is incapable of proving membership or support for the Gulen movement. To suggest that having an account at a major bank in Turkey is evidence of membership of a terrorist organisation is nonsensical. Likewise, to rely upon the fact that the defendant stayed in student accommodation as proof that he shared the same beliefs as those who operated the accommodation is frankly ridiculous. When analysed there is no evidence that could conceivably justify a conclusion that X was a member of a terrorist organisation. Once the proposition that the use of the Bylock App was for the exclusive use of the terrorist organisation is shown to be wrong then any justification for the conviction collapses.
What is so worrying is that, on the basis of what has been reported in the media, contained in numerous international NGO’s, reported on by human rights organisations, by the Foreign and Commonwealth Office and by the US State Department, evidence of this type has been used not just in this case but in many similar cases. This raises fundamental questions about the legality of the detention and imprisonment of many thousands of people following the failed coup.
Breach of Convention rights
Article 5: There are no accurate figures for the number of people detained since the failed coup but the figure of 75,000 has been accepted by many as a reasonable estimate. In my opinion, the detention of such a huge number of people cannot conceivably be justified if the basis of their detention is the fact that they have used the Bylock App and had engaged in some other activity that was lawful at the time they engaged in it such as banking at BankAsya or staying in student accommodation at an educational establishment believed to have Gulenist connections. There is no doubt in my view that the detention of persons on the basis that they had downloaded the Bylock App is arbitrary and in breach of Article 5 of the convention, which provides for the right to liberty and security.
Article 6: It is a fundamental principle of a fair trial that a suspect has the right “to examine or have examined witnesses against him” this is enshrined in Article 6(3)(d). The use of the MIT report (or other variations) on Bylock at trial as evidence is a clear breach of this convention right. The authors of the report were not identified, they did not give evidence, no-one knows who they are, their qualifications and experience are unknown and the mechanism by which they arrived at the crucial conclusion upon which any verdict will turn is not revealed. No questions can be asked of the authors of the report; how what evidence they relied upon to come to the belief that only supporters of the Gulen movement downloaded the Bylock App. A more fundamental question arises in relation to whether the trial process as a whole is fair. In my opinion, there are clear breaches of Article 6 in the trial of X however the courts approach the issue of fair trial in this case.
Article 7: This article protects the citizen from retrospective legislation. It protects against being guilty of a criminal offence on account of any act or omission which did not constitute a criminal offence under national or international law at the time it was committed. This right is not subject to derogation under the Convention. The Turkish government added the Gulen movement to a list of terrorist organisations in May 2016. In the case of X, there was no evidence of any membership or support of the Gulen movement after this date. Use of the Bylock App (which was no longer operational from March 2016 onwards), banking at BankAsya and staying at student accommodation allegedly linked to the Gulen movement all pre-dated the addition of the movement to the list of prohibited organisations. In these circumstances to convict of membership of a terrorist organisation on the basis of this evidence is clearly retrospective criminality and a clear breach of Article 7.
On the material before me there is strong evidence that some of those detained following the failed coup have been tortured. That is the view of Amnesty International and numerous other human rights organisations. Unfortunately, the evidence does not disclose who was responsible for the torture, who authorised it and who approved it. Without such evidence, it is not possible to bring any individual to justice. However, if the identity of those could be established, then that would be an international criminal offence over which the courts of this country would have jurisdiction pursuant to Sections 135 & 136 of the Criminal Justice Act 1988. Those identified as being responsible for this torture by the evidence could be placed on trial in this country, subject to the Attorney General giving consent.
About the authors
William Clegg QC was appointed to the rank of Queen’s Counsel in 1991. He has sat as a part-time judge (known as a recorder) in the Central Criminal Court in London for some 23 years. He is an expert on English Criminal law, European Human Rights Law and International Criminal Law. Simon Baker is an experienced barrister with expertise in IT issues, who is a member of the Bar Council of England and Wales IT Panel.
Summary of Digital Forensic Analysis of Thomas K. Moore
William Clegg QC and Simon Baker were assisted in their legal opinion by the digital forensic analysis of Thomas K. Moore. Mr Moore was instructed by Mr Clegg QC to examine an English translation of the report entitled Bylock Application Technical Report produced by representatives of Turkey’s national intelligence agency or MIT (hereafter referred to as the ‘MIT report’) and to answer a number of specific questions, including: what is Bylock? How does it work? Is it possible to identify how widely it was used? Is it possible to establish through any technical means whether use of Bylock is limited to supporters of any particular political or social movement? Are there any aspects of the MIT report on Bylock which appear to be flawed either technically or in terms of methodology? Even if the App was widely used by supporters of the Gulen movement, is there any proper evidential basis for inferring that use of Bylock necessarily connotes support for the Gulen movement or its political views?
Exclusivity of use
The Bylock application was available for download from the Google Play store and the Apple iTunes Store. There is no suggestion in the MIT report that downloads were restricted to a territory or jurisdiction. Since both application marketplaces are managed by their respective corporations, the developer of Bylock, having made the application available for download, would have no direct control over who could obtain it. Historical ranking data available from iTunes Store shows that the Bylock messaging application was ranked in the category of ‘Social Networking’ applications in 63 countries overall and achieved a ranking in the top one thousand such applications in 60 of these countries. It is, in my opinion, therefore nonsensical to suggest that it’s availability was restricted to a particular group of people. It may, of course, be true that it was used by members of certain organisations or groups, but this is the case with many social networking and messaging applications.
I would, at this stage, draw the parallel with the Telegram Messenger application, which allows users to send messages between each other in an encrypted form and with the option to configure such messages to self-destruct after a specified period. This application is publicly available in a similar manner to Bylock, albeit on a larger scale, and is financed privately. There is compelling evidence to show that Telegram has been used by ISIS as a secure communication tool and yet there is no move by law enforcement authorities to detain every user of the service. It is generally recognised and accepted that, with such services, there is a clear distinction between the functionality provided by an application and those who seek to use it for a variety of purposes.
An appraisal of the MIT report used as a basis for conviction
The MIT report contains glaring inconsistencies, speculation masquerading as technical evidence, and assertions that are either factually unsustainable or put forward without any evidential source or justification. Furthermore, the report draws a number of conclusions without eliminating more plausible and straightforward explanations. Reasons and examples are given for each of these appraisals in the body of the report. As such it is impossible to say whether the assertions are correct or not. In consequence of this, no Court receiving the MIT report would be in a position properly to assess the credibility or accuracy of the assertions, and so it would be quite unfair and improper for any Court to rely upon those assertions to found a conviction.
There are a number of assertions contained in the MIT Report which are fundamentally contradictory. For example, the MIT report contends that the Bylock operators used IP blocking to force its users to access the Bylock App via a VPN (virtual proxy network) while simultaneously claiming that IP addresses were used to identify Bylock users. These two assertions are mutually incompatible, since the IP addresses of VPN-users cannot be identified.
The MIT Report asserts that access to Bylock was being limited and tightly controlled to ensure that access was limited to members of the Gulen movement, yet the report acknowledges that the Bylock App was available for download from the Google Play Store and the Apple Store. Not only did this mean that there was no means of controlling access to the App, but it was downloaded over 600,000 times between April 2014 and April 2016 by users all over the world. The fact that the App was openly available to anyone in the world to download is simply incompatible with the assertion that access to the App was limited, tightly controlled and available only to a limited group of users.
The observations in relation to SSL certification of the MIT Report are factually unsustainable and reflect either a lack of understanding on the part of the author of the MIT report or an intention to mislead a non-technical reader.
About the author
Thomas Moore is an experienced forensic IT specialist. He has been a computer forensic specialist for approximately 15 years and has acted as an expert witness under instruction from law firms in the United Kingdom and Europe. He has developed guidelines and delivered training in the handling of digital evidence. He is a professional member of both the British Computer Society and Expert Witness Institute.
Click here for the full opinion on the legality of the actions of the Turkish state in the aftermath of the failed coup attempt in 2016.