The reliance on robust encryption to ensure the safety and security of Turkey's residents, businesses, and government services has never been more critical, particularly in the face of security and economic threats. It is imperative that Turkish authorities not only promote but also safeguard the use of strong end-to-end encryption.
On 13th October 2022, the Grand National Assembly of Turkey passed legislation that amended several existing laws, including the Electronic Communication Law, the Internet Law, the Press Law, and the Turkish Penal Code. The responsibility of drafting secondary legislation to implement these amendments now rests with the Information and Communication Technologies Authority (BTK). If the BTK attempts to enforce surveillance and content disclosure requirements for over-the-top services (OTTs) under the Electronic Communications Law, it could unintentionally undermine the use of key cybersecurity tools, including strong end-to-end encryption and the protection it offers.
A coalition of civil society organizations and companies, including members of the Global Encryption Coalition, calls upon the BTK to uphold the right to secure and private communications, including end-to-end encrypted communications.
The recent legal amendments expand the scope of existing laws, imposing new requirements on all OTTs, which encompass a wide range of internet-based services such as email providers, social media companies, and messaging service providers. Among the most concerning of these new requirements is the demand for the disclosure of user content and traffic data. Cybersecurity experts concur that there is no viable method for OTTs to access the contents of their users' end-to-end encrypted communications without seriously compromising the security and privacy of all users. Consequently, platforms offering end-to-end encryption may become inaccessible in Turkey due to sanctions for failing to comply with technically unfeasible requirements.
End-to-end encryption stands as the most robust level of security and trust, ensuring that only the intended recipients possess the decryption key. In this form of encryption, no third party, whether the service provider or the government, can access the encrypted content of users. Requiring providers of end-to-end encrypted services to disclose users' messages in decrypted form would force these providers into an impossible dilemma—either undermine the security of their users by introducing vulnerabilities into their systems or exit the Turkish market.
Drafting secondary legislation that compromises secure and private communications will not only hinder the free flow of information accessed through encrypted platforms but will also compromise the security and privacy of Turkish citizens and businesses, thereby weakening the Turkish industry. In 2018, when Australia enacted similar legislation undermining end-to-end encryption, the Australian tech industry suffered an estimated loss of $AUS 1 billion in current and projected sales, along with reduced foreign investment due to diminished trust in their products. For Turkish businesses, weakened security and privacy will render them more vulnerable to corporate espionage by foreign entities. The significance of cybersecurity and the threats it poses to the country were emphasized by President Erdogan during a speech at The National Cyber Incidents Response Center. This is particularly concerning for Turkey's growing defense industry, whose confidential corporate information has not only economic but national defense implications.
Strong end-to-end encryption is fundamental to Turkey's economic and security success. Any secondary legislation must be developed in consultation with all stakeholders, including civil society, to ensure that secure and private communications, including end-to-end encryption, remain intact.
Huang Bo
Pr0phetMoggy
Davin
Kikyo
Catherine
Coinlive 
TheBlock
Cointelegraph
Bitcoinist