Evaluatıon Under Turkısh Crımınal Law Of Crımes Commıtted In The Cyber World

ABSTRACT

Due to the increase in technological systems and access to technology, there is an increase in the rate of crime involving information systems. Moreover, because of the international reach of the internet, illegal actions in the field of information systems easily go beyond countries’ borders. Given these developments, the current regulations of our legal system are insufficient for preventing violations committed in the field of informatics or carried out using computer devices. There is therefore a need to introduce national and international regulations. “Crimes in the field of informatics” regulated in the third part of the Turkish Penal Code numbered 5237 titled “Crimes Against Society” has been enacted in order to ensure effective defense against crimes in the field of informatics. In this article, cyber space crimes will be discussed within the scope of Turkish Penal Code No.5237 and other legislation.

I. INTRODUCTION

The types of crimes committed in cyber space are considered computer and internet-specific crimes. It should be noted that the concept of cyber is a superior concept covering not only the internet but also other similar network systems. In accordance with the regulations in Turkish statute law, this concept will be referred to as “crime on informatics”. While it is possible to commit all crimes using information systems, the act of the crime referred to here is any unauthorized and illegal entry into an information system and actions occuring after it1. In other words, crimes committed through or against an information system for the purpose of violating personal rights and freedoms, illegally obtaining benefits and financial gains, and gaining interest in favor of organizations and individuals are defined as crimes on informatics together with other crimes related to data or data processing2. 

While the acceleration of developments in information technologies and the internet has provided great convenience in all areas of life, it has also led to an increase in violations in the cyber world. For this reason, introducing regulations to prevent violations has become inevitable. The cyber world not only makes commiting such crimes easy given the facilities and opportunities it provides, but it also creates an environment where the criminals cannot be followed. It is essential that legislation keeps pace with these developments so that authorities can respond to the innovations that result with developments in information technologies and the internet3.

II. HISTORICAL DEVELOPMENT

Informatics is defined by the Turkish Language Association as “The science of processing information, which is the basis of science, which is used by human beings in technical, economic and social fields, especially through electronic machines, informatic”4. Although there is no common definition of cybercrimes, the most widely accepted definiton comes from the European Economic Community Experts Commission, May 1983, which states cybercrime is “information that is not legal, immoral or in a system that automatically processes information or transfers data, or any unauthorized conduct”5. 

The development of personal computers led to the use of information networks for cybercrimes. The first known cybercrime was committed in the United States of America6. This cime on informatics involved the falsification of bank accounts by a computer expert in Minneapolis City Bank, USA. Following this incident, discussions arose regarding the legal regulations involved and a new branch of American law was formed, “Computer Law”7. The necessity of working on this field of criminal law emerged particularly following the development of the internet, through which the majority of cybercrimes are committed. With the increasingly intensive use of the internet from 1994 for illegal acts, important national and international regulations were introduced.

 As cybercrimes are not restricted to national boundaries, the aim is to create uniform legal arrangements in order to effectively defend against these crimes worldwide8. One result of the works carried out in this context was the EU Convention on Cybercrime, which entered into force on November 23rd, 2001. Following the signing of this convention by Turkey on November 10th, 2010, Law numbered 6533 dated 22.04.2014 on Approval of Convention on Crimes Committing on a Virtual Platform entered into force, after being published in the Official Gazette dated 05.02.2014, number 28988. Thus, the European Convention on Cybercrime was integrated into Turkish domestic law. 

Crimes on informatics were set out in detail in Turkish Penal Code (“TPC”) number 5237, which was accepted and enacted on 26th September, 2004. Recognizing the need to continue such studies and to ensure an effective defense against cybercrime, in 2007, Law No. 5651 on the Regulation of Broadcasts on the Internet and Fight Against Crimes Committed Through These Broadcasts and a series of other regulations were brought into force. 

III. CYBER CRIMES

Owing to the opportunities offered by information technology and the facilities enabling access to these opportunities all over the world, the intensive and effective use of virtual world tools has increased in both the public and private sector. In addition to the facilities it provides, this development has also led to changes in violations of the law as information systems have begun to be used to commit crimes more usually committe in the traditional way. In parallel with these technological developments, new types of crimes in the field of informatics have emerged. 

The word “siber”, equivalent to “cyber” in English, has meanings pertinent to computer networks and the internet. Cybercrime therefore, “refers to all crimes that target the security of an information system and the data contained in this system and subject to the illegal seizure of these data”9. According to the European Commission’s definition, “cybercrimes consist of criminal acts committed online using electronic communication networks and information systems”10. However, since it is possible for every type of crime to be committed through information systems, every crime committed using information systems cannot be defined as a cybercrime and/or crime on informatics.

As there is a worldwide increase in illegal acts within the virtual world, or cyber space, it is necessary to define cybercrimes by legal order and to determine their status with reard to existing criminal law rules11.

A. How Cybercrimes Are Committed

Information systems refer to all kinds of computers and data systems, and, reflecting that, the methods of committing crimes in the cyber world differ. However, the most common methods are as follows: 

Trojan Horse: These programs are named according to their features but they all serve the same purpose. The Trojan horse method threatens information security by allowing remote management of a system by tricking users into loading what seems a useful program onto their computer.12 

Displacement: This is using an authorized or limited access authority password or access code or imitating its unique characteristics13. 

Network Worms: These are programs that can run themselves, without the need for user intervention. They enter the system by bypassing the firewall (for example, where easy passwords are used) and accessing the information network. 

Unwanted Electronic Messages: Spam, technically, is the sending of large numbers of copies of the same compelling message over the internet to people who have not requested the message. 

Other methods include trash, eavesdropping, data spoofing, scanning, super hit, salami technique, secret doors, asynchronous attacks, software bombs, wolves, bug ware computer viruses, piggyback, logic bombs, credit card frauds, rabbits, chameleons, fake messages, etc.

IV. CRIMES ON INFORMATICS UNDER TURKISH CRIMINAL LAW NO 5237

Crimes on informatics within the scope of the TPC (Turkish Penal Code) are regulated in the section titled “Crimes in the Field of Information”. The crimes set out in this section are crimes that can be committed with information systems, for example theft and fraud. However, it should be noted that this distinction is not always clear as new forms of crime emerge as technology develops. 

It is possible to evaluate cybercrimes under the TPC in two separate categories. Crimes on Informatics includes Access to data processing system (TPC Art. 243); Hindrance or destruction of the system, deletion or alteration of data (TPC Art. 244); Improper use of bank or credit cards (TPC Art. 245); and illegal devices or programs (Art.245/A). The second category is Crimes that Can Be Committed through Informatics. These crimes are Defamation (TPC Art.125); Violation of communicational secrecy (TPC Art. 132); Tapping and recording conversations between individuals (TPC Art.133); Violation of privacy (TPC Art.134); Recording of personal data (TPC Art.135); Unlawful delivery or acquisition of data (TPC Art.136); Theft (TPC Art. 142/2-e); and Qualified form of fraud (TPC Art. 158/1-f). The following sections of this article will discuss crimes regulated under “Crimes in the Field of Informatics” in the TPC.

A. Access to data processing systems

Article 243 of the TPC regulates that: (1) Any person who unlawfully enters a part or whole of data processing system or remains there is punished with imprisonment up to one year, or imposed punitive fine. (2) In cases where the offenses defined in the above subsection involve systems that are benefited against charge, the punishment to be imposed is increased up to one half. (3) 

If such act results with deletion or alteration of data within the content of the system, the person responsible for such failure is sentenced to imprisonment from six months up to two years14. 

In the preamble of the TPC Article in question, an information system is defined as a magnetic system that allows data to be automatically processed after collecting and placing it. With this regulation, the legislator has protected the security of information systems and criminalizes illegally entering the whole or part of an information system. Regardless of whether a person entered the system illegally to obtain certain data, a crime naturally occurs if the system is entered unfairly and deliberately15.  

A Court of Appeal decision on this topic states: “Entering the complainant company’s system is recognized as a crime under Article 244/1-3 of the TPC, which states to delete, alter, corrupt or bar access to data, prevent the functioning of a data processing system or render such useless, to introduce data into a system or send existing data to another place can not be executed and the act of entering the complainant company’s system illegally and continuing to remian there should be accepted as a crime regulated in Article 243/1”16. 

The main factor in the crime of entering an informatics system illegally is “unlawfulness”. The victim’s permission to enter the system with his/her consent or sharing security information will change the criminal characteristic of the action.

B. Preventing the Functioning of a System and Deleting, Altering, or Corrupting Data

According to this crime regulated in Article 244 of the TPC: 

Any person who prevents the functioning of a data processing system or renders such useless shall be subject to a penalty of imprisonment for a term of one to five years. (2) Any person who deletes, alters, corrupts, or bars access to data, or introduces data into a system or sends existing data to another place shall be subject to a penalty of imprisonment for a term of six months to three years. (3) Where this offence is committed in relation to a data processing system of a public institution or establishment, bank or institution of credit, then the penalty to be imposed shall be increased by one half. (4) Where a person obtains an unjust benefit for himself or another by committing the acts defined in the aforementioned paragraphs, and such acts do not constitute a separate offence, he shall be subject to a penalty of imprisonment from two years to six years and a judicial fine of up to five thousand days17. 

This regulation turns acts that damage systems into a special crime. The subject of the crime is the physical existence of the vehicle and all other elements that ensure its functioning18. A crime occurs upon one of the optional actions in the legal definition taking place. 

The crime of destroying or altering data in an information system takes place when data that the system user has recorded on the system is destroyed or changed. The crime of preventing the functioning of an information system occurs when a user is prevented from entering the relevant information system. The crime of corrupting an information system occurs when the operation of an information system is disrupted or it is ensured that the expected benefit from the system cannot be obtained. 

In this decision, the Court of Appeal considered that blocking a user’s access to their Facebook account by obtaining the user’s password falls within the scope of this crime19. In another decision, it was ruled that the defendant, who illegally entered the complainant’s e-mail account and blocked the complainant’s access to it by creating a new password and then used the e-mail address, should be punished for the crime of “Preventing the Functioning of a System and Deleting, Alterating, or Corrupting Data”20. 

In another case, a complainant filed a lawsuit alleging that someone had blocked access to his Facebook account by accessing the account and changing his password. However, the complainant stated that he had then changed his password by answering the security question upon Facebook's notification and, as a result of the complainant’s intervention, the other person could not log into the system and the actions of destroying, changing, or rendering the data in the information system inaccessible, inserting data into the system, and sending the existing data elsewhere did not ocur and it was consequently accepted that whether or not the defendant's action constituted the crime of attempting to enter the information system should be discussed at this point21.

C. Misuse of Bank or Credit cards

According to this crime regulated in Article 245 of the TPC: 

Any person who secures a benefit for himself, or another, by acquiring or retaining (by any means), the bank or credit card of another person; or using, or allowing to be used, such a card without the consent of the card holder or the residual owner shall be sentenced to a penalty of imprisonment for a term of three to six years and a judicial fine of up to five thousand days. (2) Any person who produces, sells, transfers, purchases or receives a counterfeit bank or credit card which relates to the bank account of another shall be sentenced to a penalty of imprisonment for a term of three to seven years and judicial fine of up to ten thousand days. (3) Any person who secures a benefit for himself or another by using a counterfeit or falsified bank or credit card shall be sentenced to a penalty of imprisonment for a term of four to eight years and a judicial fine of up to five thousand days, provided such act does not constitute a separate offence. (4) Where an offence described in paragraph one concerns a loss to: a) a spouse of a marriage where such spouse has not been subject to a court decree of separation, b) a direct-antecedent or direct-descendent, direct in-law, adoptive parent or adopted child; or c) a sibling residing in the same dwelling. no penalty shall be imposed on the person who is related in such a way22. 

The crime of Misuse of Bank or Credit cards can be committed in three different ways: misuse of real bank or credit cards belonging to another person (TPC Art .245/1), production, sale, transfer, purchase, or receiving a counterfeit bank or credit card (TPC Art .245/2), securing benefit for him or herself or another by using a counterfeit or falsified bank or credit card (TPC Art. 245/3). 

In the crime of misuse of a real bank or credit card belonging to someone else, the main point is of providing benefit to him or herself or someone else by using or making usable a bank or credit card without the owner’s consent. Since the definition of the criminal is regulated as “the person who seized or possessed the card in any way whatsoever” even if the card is stolen, found, or seized with the permission of the card holder, the crime will be committed provided that the card is used without permission and an unlawful benefit is obtained as a result of the action23. 

In the act of producing, selling, transferring, buying, or accepting a counterfeit debit or credit card, the debit or credit card must be counterfeited and there must be an interest between an existing real account. Within the scope of this act, if there is no account with which the card is linked, it will not constitute the occurrence of a crime. Because the legislator does not seek any conditions to the benefit from the committing of this crime, it is regulated that the formation of the crime would be completed with the realization of one of the optional actions. 

In the crime of benefiting him or herself or someone else by using a fake bank or credit card, the use of only a fake bank or credit card is not sufficient for the occurrence of a crime, and, as a result, the perpetrator must benefit him or herself or someone else. In cases where the targeted benefit cannot be achieved, it can be easily stated that this crime, which is a crime of damage, remains at the stage of attempt. However, in order for the crime regulated within the scope of this paragraph to be punished, the action must not be another crime that requires a heavier penalty.

V. CONCLUSION

In the 21st century, the development rate of technology has increased exponentially resulting in a noticeable change in information systems. As a result of ongoing developments, the concept of cybercrime, which is defined as the types of crimes targeting information systems and data in these systems, has emerged. However, the diversification in using these systems contrary to their allocated purposes has led to the commitment of many types of cybercrime with different characteristics.

As a result, many countries have focused on their own international regulations as well as their own domestic legal regulations. The legislator, too, is not indifferent to the changes the current age has brought and has created various types of crimes with cybercrime characteristics. Additionally, there are some crimes regulated in the Crimes on Informatics section of the Turkish Penal Code as Access to a data processing system, hindrance or destruction of the system, deletion or alteration of data, improper use of bank or credit cards, and some other crimes have been deemed not as Crimes on Informatics but as having cybercrime characteristics as defamation, violation of communicational secrecy, tapping and recording of conversations between individuals, violation of privacy, recording of personal data, unlawful delivery or acquisition of data, theft, and qualified form of fraud in different articles. 

Analysis of Turkish legislation shows regulation of different crimes. However, depending on the development of technology, it should be noted that continuity should be ensured in making additional legislation due to legal systems protecting themselves by preserving their dynamism at every point and are unable to remain independent from the developments of the era. The things to be done regarding cybercrime can be stated as making legislation in line with 21st century developments, ensuring more efficient execution of criminal proceedings, providing the technological infrastructure, and raising awareness of information system users.

BIBLIOGRAPHY

İç İşleri Bakanlığı, Emniyet Genel Müdürlüğü, Siber Suçlarla Mücadele Daire Başkanlığı, “Siber Suç Nedir?”, https://www. egm.gov.tr/siber/sibersucnedir (Access Date: 21.07.2020.)

CAH IT AL IUSTA, RECEP BENZER, “Avrupa Siber Suçlar Sözleşmesi ve Türkiye’nin Dahil Olma Süreci”, Uluslararası Bilgi Güvenliği Mühendisliği Dergisi, Vol:4, No:2, December 2018.

Türk Dil Kurumu, https://sozluk.gov.tr/ (Access Date: 20.07.2020.

C. ÖZEL, (2002). Bilişim-İnternet Suçları. Access Date: 20.09.2011, http://www.hukukcu.com/bilimsel/kitaplar/ bilişim_internet_suclari.htm ‘dan naklen; Ebru Altunok, Ali Fatih Vural, Bilişim Suçları, See also. https://dergipark.org.tr/tr/ download/article-file/208853 Er. Access Date: 20.07.2020.

LEVENT KURT, Bilişim Suçları ve Türk Ceza Kanunundaki Uygulaması, Seçkin Yayınları, İstanbul, September 2005.

MURAT VOLKAN DÜLGER, Bilişim Suçları ve İnternet İletişim Hukuku, Seçkin Yayınları, Ankara, September 2015.

SÜLEYMAN YILMAZ & GÖKÇE F I L IZ ÇAVUŞOĞLU, Kişisel Verileri Koruma Hukuku, Yetkin Basımevi, Ankara, 2020.

OĞUZ TURHAN, “Bilgisayar Ağları ile İlgili Suçlar”, Başbakanlık Devlet PlanlamaTeşkilatı Müsteşarlığı Hukuk Müşavirliği, Planlama Uzmanlığı Tezi, Ankara, April 2006.

LEVENT KURT, Açıklamalı-İçtihatlı Tüm Yönleriyle Bilişim Suçları ve Türk Ceza Kanunundaki Uygulaması, Seçkin Yayınları, İstanbul, 2005

FOOTNOTE

1 İç İşleri Bakanlığı, Emniyet Genel Müdürlüğü, Siber Suçlarla Mücadele Daire Başkanlığı, “Siber Suç Nedir?”, https://www.egm.gov.tr/siber/sibersucnedir (Access Date: 21.07.2020.)

2 İç İşleri Bakanlığı Jandarma Genel Komutanlığı, Suçla Mücadele; “Bilişim Suçu”, https://www.jandarma. gov.tr/bilisim-suclari (Access Date: 21.07.2020.)

3 Cahit Aliusta, Recep Benzer, “Avrupa Siber Suçlar Sözleşmesi ve Türkiye’nin Dahil Olma Süreci”, International Security Information Engineering Journal, December 2018, Vol:4, No:2, p:35-42.

4 Turkish Language Society https://sozluk.gov.tr/ (Acces Date, 20.07.2020.)

5 C. Özel, (2002). Bilişim-İnternet Suçları. Access Date: 20.09.2011, http://www.hukukcu.com/bilimsel/ kitaplar/bilişim_internet_suclari. htm ‘dan aktaran; Ebru Altunok, Ali Fatih Vural, Bilişim Suçları, see also https://dergipark.org.tr/tr/download/ article-file/208853 Access Date: 20.07.2020.

6 Levent Kurt, Bilişim Suçları ve Türk Ceza Kanunundaki Uygulaması, Seçkin Yayınları, İstanbul, September 2005, p.157

7 Murat Volkan Dülger, Bilişim Suçları ve İnternet İletişim Hukuku, Seçkin Yayınları, Ankara, September 2015, p.114.

8 Cahit Aliusta, Recep Benzer, “Avrupa Siber Suçlar Sözleşmesi ve Türkiye’nin Dahil Olma Süreci”, Uluslararası Bilgi Güvenliği Mühendisliği Dergisi, December 2018, Vol:4, No:2, p.35-42.

9 İç İşleri Bakanlığı, Emniyet Genel Müdürlüğü, Siber Suçlarla Mücadele Daire Başkanlığı, “Siber Suç Nedir?”, https://www.egm.gov.tr/siber/sibersucnedir (Access Date: 21.07.2020.)

10 Süleyman Yılmaz / Gökçe Filiz Çavuşoğlu, Kişisel Verileri Koruma Hukuku, Yetkin Basımevi, Ankara, 2020, p.147.

11 Oğuz Turhan, “Bilgisayar Ağları ile İlgili Suçlar”, Başbakanlık Devlet Planlama Teşkilatı Müsteşarlığı Hukuk Müşavirliği, Planlama Uzmanlığı Tezi, Ankara, April 2006, p. 32.

12 Ibid., pg. 56.

13 Levent Kurt, Açıklamalı-İçtihatlı Tüm Yönleriyle Bilişim Suçları ve Türk Ceza Kanunundaki Uygulaması Seçkin Yayınları, İstanbul, 2005, p. 60-77. 

14 TPC art. 243.

15 TPC art. 243, Preamble

16 Penal Department no.8 of the Court of Appeal, T. 24.6.2014, E. 2013/1777, K. 2014/16144.

17 TPC art. 244.

18 TPC art. 244, Preamble.

19 Penal Department no.8 of the Court of Appeal, D. 1.11.2013, E. 2012/33557, K. 2013/25987.

20 Penal Department no.8 of the Court of Appeal, D. 23.6.2014, E. 2013/771, K. 2014/15833.

21 Penal Department no.8 of the Court of Appeal E. 2016/11922 K. 2017/6655 T. 7.6.2017

22 TPC art. 245.

23 Ali Parlar, Türk Ceza Hukukunda Bilişim Suçları, Bilge Yayınevi, Ankara, 2015.