Alternative Informatics Association’s Censorship and Digital Surveillance in Tuekey Country Report September-2014

There is Censorship on the Internet and Freedom of Expression is Restricted in Turkey.
With the central filter implemented and public access points being arbitrarily censored/filtered, the blocking of Internet access in Turkey has turned into an escalating mechanism for the censorship/control of Internet users in Turkey. According to EngelliWeb about 51.000 domain names are blocked as of August 2014 and cannot be accessed from Turkey. But the real number—unannounced to the public—is estimated to be much more than this. It was 28.000 in April 2013. It is also uncertain how many websites and contents have been incorporated into the state owned central filter implementation known as “Safe Internet”. This operation of filtering is carried out in complete secrecy and is closed to any kind of accountability and citizen control. Even the Internet Service Providers don’t know the complete list of the websites that they block, because the lists are conveyed to them in “hash”.
One of the most important obstacles before the freedom of expression on the Internet is the Law 5651 that took effect in 2007. This law, some clauses of which have been certified to be against basic human rights and freedoms, is still in operation.
Furthermore, a regulation in February 2014 made the conditions of this law even more repressive than before. The new regulation demands to establish “Erişim Sağlayıcıları Birliği (ESB)” [Access Providers Union] to which all Internet Service Providers (ISP) shall become members by obligation. The blocks of access by TİB that were conveyed to each ISP separately beforehand, will be—according to the new regulation—conveyed only to ESB, who will then immediately convey these to its members. In this way, a block of access will take effect at most after the four hours following its decision. ISPs are strongly opposed to this regulation, because—although not stated in the law—they are asked to obtain DPI (Deep Packet Inspection) devices for the the blocking and surveillance brought by the new regulation. The ISPs are supposed to compensate for the purchases and maintenance costs of these devices in a way to reflect them on their Internet subscribers. To protect TİB personnel from potential illegalities, the new regulation also proposes to exempt these personnel of the crimes they are going to commit in carrying out these duties.
The most important rationale for this aggravation of the Law 5651 is presented to be the demands for quickly removing Internet content that “violates honour and dignity of persons”. This rationale—which no one could imagine in the almost thirty-year-long Internet adventure of Turkey—for some reason acquired a certain currency after the great scandal of bribery and corruption, which emerged in 17 and 25 December 2013. These great operations against bribery and corruption in which the complicity of government members and high bureaucrats, notably the prime minister, were claimed, were fed by voice and video recordings published on various social media accounts, and a judicial investigation was initiated. That this sequence of scandals could only be published on the Internet in Turkey—where means of mass communication are mostly under direct or indirect government control—resulted in the government’s view of Internet as a threat.
Although websites like Twitter and Youtube—where voice and video recordings involving the corruption and bribery of some members of the government can be found—are still accessible, they are frequently being blocked. The last of these blockings took place in March 2014—based on the new regulation of the Law 5651—to prevent the publication of corruption and bribery recordings on these media before the elections of 30 March 2014. However, these decisions to block content was found obstructive to freedom of expression and against the constitution by the Constitutional Court on 4 April 2014.
While the websites and social media accounts of oppositional powers are being closed down either by TİB requests or by the government’s economical pressure towards social media companies (e.g. Ötekilerin Postası [Others’ Post], İMC TV Facebook accounts); websites close to ISIS—who commits dark age violence against people in Iraq and Syria—freely pursue its broadcasts in Turkey, in a way to express the government’s sectual orientations. We can mention takvahaber.net and mustaqim.net among these—as of 20 August 2014. Therefore in Turkey, freedom of expression and the freedom of access to information are restricted for those who do not belong to AKP’s policies to “homogenize” citizens, for those who do not belong to AKP’s criteria to stuff its discourse of “national will”. Especially with the investments in the DPI infrastructure, and with the new National Intelligence Agency law, a “national web” is being constructed on the Internet.
Let us indicate as a final note that Turkey’s Internet backbone is run by TTNET. TTNET, also being the largest ISP in the country—with a market share over 80%—is a subcontractor of Türk Telekom [Turkish Telecom] that was privatized in 2005. As a result, Internet and other conventional means of communication are situated as “private monopolies”. These companies are in economical-political relations with the government to some degree. Especially the DPI balance sheet of TTNET is in the negative, because of their deployment of Gezinti service and their offering of citizen user data to the Phorm company.
2 Censorship and Surveillance on the Internet exist in Turkey: There are DPI applications in Turkey
Internet was designed in 1960s to provide communication among computers in a situation of a nuclear war. Communication over the Internet is provided by means of small data pieces called “packets”. For instance, an image accessed over the Internet is displayed on our screen as a consequence of our computer’s being accessed by thousands of packets and the merging of these packets on our computer. During its journey, each packet may use a route different from the others. Packets consist of seven layers. These layers can basically be separated in two parts: the address and the content. The address contains the IP (Internet Protocol) number of the computer the packet is destined to, whereas the content contains—for instance—a piece of the conveyed image. In the Internet’s “normal” medium, the devices that convey these packets disregard the content; and they try to convey the packets to their destinations by only reading their address sections. This is called net neutrality. By a simple metaphor, this resembles a post office where only addresses on the letters are read, and the inside of the envelopes are not looked into.
However, nowadays with the Internet gaining increasing importance, net neutrality is being violated with increasing rates by states and large corporations. Systems called Deep Packet Inspection (DPI) are used for this task. During data communication, DPI systems not only read the address section, but they also read the content section. And this resembles a post office where not only the address section on the envelope is read, but also the letter is opened and its content is read. In addition to surveillance, one can also implement censorship by means of these systems. For instance, the conveyance of a message that contains “harmful” words can be blocked by means of DPI. Although some types of DPI are used for purposes like “load balancing” or virus control on the Internet, the predominant area of use is the purpose of censorship and surveillance.
DPI applications in Turkey
Due to the sensibilities concerning surveillance and censorship, DPI systems are generally used in great secrecy. Even if it is announced that a software/hardware system that contains DPI is being used, the word DPI is carefully avoided. And the details of usage generally emerge either by means of leaks from the “inside” or by means of analyses from the outside. The following section tells about the DPI systems which are known to be used in Turkey for censorship and surveillance purposes, or known to be an active project.
Phorm
The first—known—DPI tool to be used in Turkey for surveillance purposes is Phorm. Phorm company operates in cooperation with TTNET, the largest Internet Service Provider in Turkey. The system called “Gezinti” (“Adobur” afterwards) formed by these two companies implements “targeted advertisement” applications by recording user behaviour on the Internet, and during this operation, it profiles Internet users by revealing all of their fields of interests. As a result, political, religious and sexual tendencies of Internet users, and all of their movements concerning these tendencies are being captured by completely unrelated institutions and are becoming a commodity to be bought and sold. Phorm company, founded in the US, was banished from the US due to heavy violations of personal privacy, and it began operations in the UK immediately afterwards. After this operation was brought to the court by the European Union, the company attempted inconclusive initiatives to be able to operate in Brazil, South Korea and Romania. The company is currently only able to operate in Turkey and China.
Some software products of the company are assessed as “malware” by anti-virus programs. The cooperation of Phorm and TTNET, despite receiving punishment from Information and Communication Technologies Authority (Bilgi Teknolojileri Kurumu – BTK) on the grounds that they took Internet users into their system with cheating and misguidance, is pursuing its efforts to increase the number of users with various methods of deception. Detailed information about Phorm can be obtained from the website enphormasyon.org.
NetClean
On 30 May 2014, a news story was published on the pro-government Sabah newspaper with the content that “Turkey is purchasing software for immediate deletion of illegal photos, videos and information shared on Twitter.” According to this news, “by the Twitter-compatible software called NetClean, the purpose is to delete shared content that contains child pornography, illegal photos and terror, automatically in five seconds.” NetClean, a software company of Swedish origin, produces software products against child abuse. But these software products can easily be used for the purpose of blocking different contents. It is hardly convincing that the government is pursuing the prevention of child abuse by such an extraordinary amount of cost. Child abuse is just placed here as an excuse to cover up the real purpose. As a matter of fact, the same situation was in question when the Internet censorship Law 5651 emerged in 2007, when newspapers were filled with stories on child abuse on the Internet. These stories stopped immediately and completely, after the law was passed from the parliament.
The news story states that “malware” refers to “shared content that contains child pornography, illegal photos and terror.” And the next paragraph reveals the real cause of the software purchase in question: “Twitter, where unreal videos and photos were shared during the Gezi events, which can sometimes become a place of black propaganda, the place where privacy of personal life and personal rights were violated after 17 December.”
Gezi Park events constitute a people’s movement that began on 31 May 2013, against the Government’s project to annihilate Gezi Park—one of the last remnants of green areas in the center of İstanbul—and to build in its place luxury residence and a shopping mall. The movement propagated to the whole of Turkey in a short time and millions of people filled the streets to defend the park and the trees in it. The real cause of the emergence of such a harsh reaction in such an unexpected time was—along with intense poverty—the ever escalating interventions by the Islamic-neoliberal AKP power into people’s lifestyles. During the events in which disproportionate police violence was used, eight people were killed and over eight thousand people were injured by the law enforcers. Gezi Park events dealt an important blow to the “democrat” image of AKP government in the country and abroad.
The 17 December event, which is stated as one of the targets of the NetClean software in the Sabah newspaper, is the bribery and corruption-related judicial investigation about the (former prime minister) president Erdoğan, his son and some members of the government. Against the hidden and open censorship practices of the means of mass communication, the large part of which is under government control, social media became the main channel to meet the people’s need to get informed about Gezi and 17 December events. In this regard, social media is a “menace” according to AKP government. Thus, NetClean software has nothing to do with the prevention of child abuse. The real purpose is to censor the free flowing news over the Internet. Child abuse is here obviously made an instrument of censorship. A website containing related views of informatics and child rights advocating NGOs and a petition campaign can be found at aletetme.org.
Procera
Taraf newspaper of 3 July 2014 published a news story that TTNET initiated a tender for the purchase of a comprehensive DPI system. Despite being a private company TTNET has very close ties with the government. It also manages the Internet backbone in Turkey. According to the story, “owing to the hardware [called Procera] purchased [from another company also of Swedish-origin] many operations, including HTTPS traffic [the protocol that provides encrypted communication over the Internet] Whatsapp messages, Skype conversations, visited web sites and VPN services will be analyzed, slowed down and censored if necessary by Türk Telekom [the main company of TTNET].” Also the story states that this purchase by TTNET is related to a secret e-mail by TİB that was previously published also on Taraf newspaper. According to this e-mail, TİB wanted Internet Service Providers to prepare the hardware to be used for surveillance purposes. This situation is especially worrying. Because Procera is a censorship and surveillance tool much more sophisticated than NetClean. The story by Taraf newspaper also contains a section of the tender specification by TTNET in order to purchase the DPI system. The specifications require the purchased system to include the following features: (•) Controlling and classification of messaging applications like WhatsApp, Lime, Telegram, CoverMe, Google+, Tango, ICQ, Instant Messaging, Jabber, Open MMS, Skype, Messenger (MSN, Yahoo etc); (•) Controlling and classification of service types like WAP, HTTP, MMS, E-Mail, DHCP, FTP, HTTP Browsing, HTTP Streaming, MMS, NNTP, POP3, RTSP, Streaming, SIP, Vonage, MGCP, Messenger (MSN,Yahoo), SMTP, H323, Ultrasurf, Hotspot, TOR, Opera Mini; (•) Controlling and classification of VPN tunnel models; (•) Application of segregated policies by making distinctions between HTTPS and HTTP protocols of the same website; (•) Blocking of URL-based HTTPS traffic if needed for censorship purposes; (•) Redirection of certain DNSes towards predetermined IPs by applying “DNS Overwrite”.
This last method is also called “DNS hijacking” and is frequently used by robbers on the Internet (phishing). This method cheats to redirect an Internet user to a website other than the website s/he really wants to visit, and s/he is unaware of this cheating. This is obviously an informatics crime. It is known that Procera software satisfies almost all of the requirements stated in the specifications. This means that a full-fledged system of censorship and surveillance is being set up in Turkey.

As Alternative Informatics Association, we underline the necessity of the Internet as a free, equal and basic human right. We think new media literacy makes possible a citizen participation that can use the possibilities of new media enviroments while avoiding their risks. Citizen who can produce, share and debate one’s own word constitutes the true subject of democracy. New media enviroments constitute a basic public space to this end as the means of massive self-communication.
Please contact us sending an e-mail (bilgi@alternatifbilisim.org) or tweet (@altbilisim) for any subject.
http://www.alternatifbilisim.org