I. SUBJECT-MATTER OF THE APPLICATION

1. The application concerns the alleged violation of the right to a fair trial on the ground that the data obtained from the ByLock application had been collected illegally and was relied on as a sole or decisive evidence for the applicant’s conviction and that the relevant digital data were not brought before the court.

II. APPLICATION PROCESS

2. The application was lodged on 20 April 2018.

3. The application was submitted to the Commission after the preliminary examination of the application form and annexes thereto under administrative procedure.

4. The Commission declared the application inadmissible in so far as it was related to the allegations other than the alleged violation of the right to a fair trial. The Commission also held that the examination as to the admissibility of the relevant part of the application be carried out by the Section and that the applicant’s request for legal aid be accepted.

5. The Presiding Judge of the Section decided that the examination on the admissibility and merits of the application be made concurrently.

6. A copy of the application was sent to the Ministry of Justice (“the Ministry”) in order to receive its observations on the application. The Ministry submitted its observations.

7. The applicant submitted his counter-statements in time.

8. The First Section decided to relinquish jurisdiction in favour of the Plenary pursuant to Article 28 § 3 of the Internal Regulations of the Court (“Internal Regulations”).

III. THE FACTS

9. As stated in the application form and annexes thereto and in accordance with the information and documents available on the National Judiciary Informatics System (“the UYAP”), the facts of the case may be summarized as follows:

A. Overview

1. Activities and Characteristics of the Fetullahist Terrorist Organisation/Parallel State Structure

10. In Turkey, there is a structure established by Fetullah Gülen, which has been operating since 1960s. It has been defined as a religious group until recent years and called by the names such as “the Community”, “the Gülen’s Community”, “the Fetullah Gülen’s Community”, “the Hizmet Movement”, “the Volunteers’ Movement” and “the Fellowship” (see Aydın Yavuz and Others [Plenary], no. 2016/22169, 20 June 2017, § 22).

11. The impugned structure was organised especially in public institutions and organisations. In addition, it carried out legitimate activities in different social, cultural and economic fields, especially in terms of education and religion. As part of these activities, it operated private teaching institutions, schools, universities, associations, foundations, trade unions, professional chambers, economic foundations, financial institutions, newspapers, journals, TV channels, radio channels, web-sites and hospitals, thereby became considerably effective in the civilian sphere. Besides, this is an illegal structure either hidden behind these legal institutions or organised and operated separately and independently from the legal structure, especially carrying out activities in public sphere (see Aydın Yavuz and Others, § 26; and Mustafa Baldır, no. 2016/29354, 4 April 2018, § 75).

12. On the other hand, many investigations and prosecutions have been carried out especially after 2013 regarding the organisation and activities of this structure, since its actions and activities have been, for a long time, a matter of debate in society. In this scope, it has been found that the members of this structure, in accordance with the purpose of the structure, committed acts such as destroying evidence, wiretapping the phones of public institutions and high-level State officials, disclosing State’s intelligence activities, obtaining questions in advance of the exams held for employment or promotion in public institutions and distributing these questions to its members. In the relevant investigation and prosecution documents, this structure has been referred to as “the Fetullahist Terrorist Organisation” (“the FETÖ”) and/or “the Parallel State Structure” (“the PDY”) (see Aydın Yavuz and Others, §§ 22, 27).

13. In the investigations and prosecutions within the scope of which hundreds of persons were detained on remand, it has been indicated that the FETÖ/PDY is a terrorist organisation, and it has been claimed that the persons against whom legal action has been taken would be sentenced for the offences of, inter alia, “establishing, managing or being a member of an armed terrorist organisation” and “attempting to overthrow the Government of the Republic of Turkey or to prevent it from performing its duties”, as well as some other offences (see Aydın Yavuz and Others, § 28).

14. In this context, it has been asserted that many cases leading to intense public debates such as “Şemdinli”, “Ergenekon”, “Balyoz (Sledgehammer)”, “Askeri Casusluk (Military Spying)”, “Devrimci Karargah (Revolutionist Military Headquarters)”, “Oda TV” and “Şike (Match-fixing)” cases were directed at discharging certain public officers who were taking office in several public institutions and organisations, notably the TAF. They also aimed at officers who were not members of this structure and at repressing persons considered to act against the interests of the organisation in different civil platforms (see Aydın Yavuz and Others, § 29). Alleged improper actions in these cases have also been dealt with in the Constitutional Court’s judgments finding a violation (see, among others, Sencer Başat and Others [Plenary], no. 2013/7800, 18 June 2014; Yavuz Pehlivan and Others [Plenary], no. 2013/2312, 4 June 2015; and Yankı Bağcıoğlu and Others [Plenary], no. 2014/253, 9 January 2015).

15. In the same vein, an investigation was launched by the public prosecutors, judges and law enforcement officers stated to have relations with the FETÖ/PDY against certain politicians, their relatives and certain businessmen known to the public, on the ground that they had allegedly been involved in corruption, and certain protective measures were taken with regard to these persons during the operations carried out at the end of 2013. These operations that are known to the public as the 17-25 December investigations were considered by the public authorities as well as investigation authorities and judicial authorities as an organisational activity of the FETÖ/PDY to overthrow the Government. Afterwards, administrative/judicial measures and sanctions were imposed on the members of the judiciary and law enforcement officers involved in these operations (see Aydın Yavuz and Others, § 30; and Hüseyin Korkmaz, no. 2014/16835, 18 July 2018, § 76). The Constitutional Court has also rendered many decisions confirming the lawfulness of the detention of certain law enforcement officials involved in these investigation processes as well as members of the judiciary ordering their release (see, among others, Hikmet Kopar and Others [Plenary], no. 2014/14061, 8 April 2015, §§ 74-87; Mehmet Fatih Yiğit and Others, no. 2014/16838, 9 September 2015, §§ 62-75; Abdulkerim Anaçoğlu and Others, no. 2014/15469, 17 July 2018, 46-66; and Mustafa Başer and Metin Özçelik, no. 2015/7908, 20 January 2016, §§ 134-161).

16. In addition, the trucks loaded with the supplies belonging to the National Intelligence Organisation (“the MİT”) were stopped and searched, respectively in Kırıkhan District of Hatay Province on 1 January 2014 and at the Sirkeli Tool Booths Ceyhan District of Adana Province on 19 January 2014, by the law enforcement officers who were stated to be member of the FETÖ/PDY, in accordance with the instructions given by the public prosecutors who were stated to have relations with this structure, (for further information concerning the relevant events, see Süleyman Bağrıyanık and Others, no. 2015/9756, 16 November 2016, §§ 12-50). The public authorities as well as investigation authorities and judicial authorities considered the events pertaining to stopping and searching the MİT trucks as an organisational activity intended to create a public opinion to the effect that the State of the Republic of Turkey aided terrorist organisations, thereby leading to the trial of the Government members. Subsequently, the members of the judiciary and law enforcement officers involved in these operations were subject to judicial/administrative measures and sanctions. The Constitutional Court also ruled that the detention of certain members of the judiciary and law enforcement officers involved in these investigation processes had been lawful (see, among others, Süleyman Bağrıyanık and Others, §§ 198-244; and Gökhan Bakışkan and Others, no. 2015/7782, 9 January 2019, §§ 43-60).

17. With the indictment issued by the Ankara Chief Public Prosecutor’s Office on 6 June 2016 concerning the senior executives of the organisation, a criminal action was filed against 73 executives of the organisation including Fetullah Gülen, on the ground that they had established an armed organisation and attempted to overthrow the Government of the Republic of Turkey and to prevent it from performing its duties. In this indictment, comprehensive determinations and assessments were made regarding the threat posed by the organisation on the national security, and in this context, it was specified that the fight against the FETÖ/PDY had been a matter of existence and non-existence for the State (see Aydın Yavuz and Others, § 31).

18. In addition, the threat posed by the FETÖ/PDY at national level was also discussed in the decisions, statements and practices of the security units of the State. In this sense, the State officials explained that the structure in question had been posing a threat to the security of the country. Such assessments were also included in the resolutions of the National Security Council (“the MGK”). Since the beginning of 2014, the MGK has been defined this structure as “the structure threatening public peace and national security”, “the illegal structure within the State”, “the parallel structure disturbing public peace and conducting illegal activities at home and abroad through its structure appearing to be legal”, “the parallel state structure”, “the parallel state structure acting in collaboration with terrorist organisations” and as “a terrorist organisation”. The MGK’s resolutions in question were announced to the public through press releases. Besides, in 2014, the FETÖ/PDY was mentioned in the National Security Policy Document as “the Parallel State Structure” under the heading of “Illegal Structures Appearing to Be Legal”. On 8 January 2016, the Gendarmerie General Command included the FETÖ/PDY in the current list of terrorist organisations (see Aydın Yavuz and Others, § 33).

19. Moreover, disciplinary proceedings were conducted against a great number of public officials due to their relations with the FETÖ/PDY, notably the members of the judiciary and police officers, and various disciplinary sanctions including the dismissal from public service or administrative sanctions were imposed in respect of many public officials. Furthermore, certain administrative measures were also applied in respect of certain business organisations, financial institutions and media outlets considered to have connections with the FETÖ/PDY (for further information, see Aydın Yavuz and Others, §§ 34, 35).

20. On 15 July 2016 Turkey faced a military coup attempt, therefore a state of emergency was declared across the country, which ended on 19 July 2018. Relying on the factual grounds, both public authorities and judicial authorities considered that the FETÖ/PDY was behind the coup attempt (for further information on the coup attempt and its plotter, see Aydın Yavuz and Others, §§ 12-25). During and after the coup attempt, investigations were carried out by the chief public prosecutors’ offices into the organisation of the FETÖ/PDY in public institutions, as well as its organisation in different fields such as education, health, trade, civil society and media, even if they were not directly related to the coup attempt, and many people were taken into custody and subsequently detained (see Aydın Yavuz and Others, § 51; and Mehmet Hasan Altan (2) [Plenary], no. 2016/23672, 11 January 2018, § 12).

21. It was accepted in many judicial decisions that the FETÖ/PDY had been organised in parallel to the current administrative system with a view to taking over the constitutional institutions of the State for re-shaping the State, society and citizens in accordance with its ideology and for managing the economy and social and political life through an oligarchic group. The judicial authorities also set forth that the FETÖ/PDY had many characteristics such as confidentiality, cell-type structuring, infiltrating public institutions and organisations, attributing holiness to itself, and acting on the basis of obedience and devotion, and that this organisation was far more difficult and complex structure than the others (for general characteristics of the FETÖ/PDY, see Aydın Yavuz and Others, § 26; for the type of structuring in judicial bodies, see Selçuk Özdemir [Plenary], no. 2016/49158, 26 July 2017, § 22; and Alparslan Altan [Plenary], no. 2016/15586, 11 January 2018, § 11).

22. The methods suggested by the FETÖ/PDY, as an organisation based on confidentiality, to its members were the security measures that may be described as resisting the intelligence. In this regard, Fetullah Gülen, the founder and leader of the FETÖ/PDY delivered instructions to the members of the organisation, which was “If service is a prayer, measure is the ablution for it. Service without measures is like a prayer without ablution”. Among the methods used by the organisation to ensure confidentiality, as in many other terrorist organisations, there was the use of code names. According to the findings of the investigation and prosecution authorities, the main method used by the FETÖ/PDY in terms of communication in order not to be uncovered was the face-to-face communication, and in cases where this was not possible, it was the communication through encrypted programs. According to the instruction of the leader of the organisation, "Those who make phone calls betray the service". Therefore, it was forbidden to make ordinary phone calls for the organisational communication (for further information in this regard, see the decision of the 9^th Criminal Chamber of the Court of Cassation, no. E.2018/12, K.2019/45, 28 March 2019). For this reason, strong encrypted programs were developed in order to be used in the organisational communication.

2. Conceptual Information regarding the ByLock Application

23. It was determined during the investigations and prosecutions related to the organisation, especially after the coup attempt, that the ByLock application had been created by the FETÖ/PDY for organisational communication and that it was one of the communication methods used by the members of the organisation. Since the data concerning the ByLock application has been used as evidence in the convictions of many people who have been tried for crimes related to the FETÖ/PDY, it is necessary to know what the concepts such as IMEI number, general and individual IP number and user-ID mean in order to be able to understand how the relevant data is obtained from the application, as well as the structure and general features of the application (The relevant information is based on the decision of the 9^th Criminal Chamber of the Court of Cassation (first instance) dated 14 February 2019 and numbered E.2017/45, K.2019/11 and the “Analysis Report on the ByLock Intra-Organisational Communication Application” [Analysis Report on ByLock] submitted by the General Directorate of Security to the Ankara Chief Public Prosecutor’s Office).

i. IMEI (international mobile equipment identity) number: Internet-enabled devices, such as mobile phones, tablets and computers, have a unique/individual IMEI code which is like a fingerprint of the device. The IMEI code consists of a 14 digit number and can be increased to 16 digits with an SV code on new generation devices. The expansion of the IMEI code is IMEI: AA-BBBBBB-CCCCCC-D (or DD). According to this;

- The letters (A) and (B) represent the type allocation code (TAC). This code is a non-unique/non-individual number, as it identifies only the brand and model of each mobile phone or device with 3G connectivity (for example, the TAC code of iPhone 5 is 01-332700 and the TAC code of Samsung Galaxy S2 is 35-853704).

- The letter (C) represents a unique/individual serial number determined by the manufacturer for the device. This 6-digit number is the real identity of the device. The letter (D) (or DD) is the SV code, which is usually the 15^th and 16^th digits of the IMEI number in new generation devices and has no identifying value for the device. In this context, in order to understand certain allegations concerning the determination of IMEI numbers, it should not be ignored that the IMEI numbers of old model phones are copied especially to the smuggled smart phones to use them in the country without any problem. In the operator records of such a device, its own IMEI number does not appear, instead, the IMEI number copied from the other device appears. Therefore, the authenticity of the allegations that the phone in question has not been developed with a technology that enables the installment and use of the ByLock application is investigated, bearing in mind the possibility of copying the IMEI number.

ii. IP Number (IP): It is the initials of the concept of internet protocol. This address is the unique/individual ID number of the device, which determines the service provider or network of a device assigned to each computer that is directly connected to the internet in the IP range of the country it is in and the place where the device connects to the internet. Internet service provider defines a unique IP address for each device connected to the internet. IP address also allows a digital device to communicate with another digital device through the internet.

iii. Target IP: It is the IP address of the server enabling access to the internet. Target port is the accessed port number of the server from which the internet is accessed. According to the findings of the investigation authorities, the target port of the ByLock server is 443.

- IP addresses are divided into two as static and dynamic: Static IP address is a permanent IP address that never changes as is the ones given to ADSL subscribers. Static IP addresses are assigned to the computer manually by an admin. Dynamic IP address, on the other hand, is a temporary IP address that is re-identified to the device whenever it connects to the internet. Dynamic IP addresses are automatically assigned by the computer interface or server software.

- IP addresses can also be identified by the service provider as static. However, even if it is dynamic, an IP address is assigned to only one subscriber at the same time. In other words, an IP address given to someone connecting to the internet is not given -technically- to another subscriber at the same time. When the user exits the internet, the same IP address returns to the common pool, and then it is assigned to another person connecting to the internet until he exits.

iv. General IP address: IP address that is used in WAN (wide area network) and can be assigned to more than one device through NAT (network address translation) method. The matter of how many different devices will be assigned the same general IP address at the same time may differ among operators.

v. Individual IP address: There is the IP address that is used in LAN (local area network), which is unique for each device as of the time it is allocated and that has no access to the internet. This IP address is assigned individually to each device by the GSM operator for use in the operator network and serves to distinguish -through the system- the users connected to that GSM operator.

vi. HTS Records: They are the access records that contain the information about the subscriber’s incoming/outgoing calls as well as sent/received SMS (CDR), which are kept at the time of making/receiving calls as well as sending/receiving SMS and stop when such activities end. Records of incoming/outgoing calls and sent/received messages are created based on the information related to the base station that is used when the call starts (for the former) and during the messaging process (for the latter). In the control and confirmation of the subscriptions, the location information of the voice network is taken as the basis, which accurately shows the location of the people during the connection.

vii. VPN (Virtual Private Network): The general name of the protocols that enable computers, which cannot establish a local network, to connect to each other over the internet via the local network and that ensure the security of connection through the encryption method. It is not possible, with the current technological opportunities, to determine the subscribers that use VPN.

viii. NAT (Network Address Translation): The name of the method to convert the IP address of the computer to another desired address. NAT protocol has been developed for cases where existing IP addresses are insufficient.

ix. CGNAT (Carrier Grade NAT): The information on when, how many times and from which address the IP addresses of the ByLock server (target) are connected to. By matching the general IP and private IP addresses that are assigned to the user by the GSM operator and that are included in the CGNAT records, the date as well as the time period when the user had access to the target IP (logged-in) can be determined.

24. In addition to this information, it is necessary that there are at least three signals related to a given IP address (in the CGNAT records) in order to accept that a website requiring subscription information (ID and password) or an IP address of an online program has been accessed successfully. In order for a successful connection, there should be a third signal. This process is as the following: The first signal indicates that the username and password entered by the user have been sent to the server. The second signal indicates that a positive or negative response has been transmitted to the user after checking in the database the subscription information (ID and password matching) sent by the user to the server. As for the third signal, it occurs when the subscription information (ID and password matching) entered by the user has been checked and the user has been allowed to enter the system. Then, the user logs in (for further information, see the decision of the 9^th Criminal Chamber of the Court of Cassation (first instance) dated 7 February 2019 and numbered E.2017/13, K.2019/7).

3. Identification of the ByLock Program, Its Notification to the Judicial Authorities and the Judicial Process

25. Within the scope of the works carried out by the MİT in accordance with Articles 4 and 6 of the Law no. 2937 on the State Intelligence Services and the National Intelligence Organisation, dated 1 January 1983, a mobile application called ByLock (ByLock: Chat and Talk) with its main server abroad and the servers with which this application had communicated were subject to detailed technical studies. As a result of these studies, which were carried out by using technical intelligence procedures, tools as well as methods peculiar to the MİT, some data related to this program that was considered to have been used by the FETÖ/PDY was obtained.

26. The MİT submitted to the Ankara Chief Public Prosecutor's Office the hard disk containing the obtained digital data about the ByLock program and the flash disk containing the list of the ByLock subscribers who had connected to the application as well as the ByLock Application Technical Report it had issued.

27. Subsequently, the Ankara Chief Public Prosecutor's Office requested the Ankara 4^th Magistrate Judge to order the examination, copying and analysis of the relevant (digital) materials in accordance with Article 134 of the Code of Criminal Procedure no. 5271 dated 4 December 2004. In its letter, the Chief Public Prosecutor's Office requested that in accordance with the said article, a Sony branded HD-B1 model hard disk with serial number bBW3DEK69121056 and the code 1173d7a09195cf0274ce24f0d69ede96 written on its front side and a Kingston branded data traveller on which the code DTIG4/8GB 04570-700.A00LF5V 0S7455704 was written be examined, two copies of them be made available and the records on the copies be transcribed into text.

28. The Ankara 4^th Magistrate Judge accepted the aforesaid request in accordance with Article 134 of Code no. 5271 and ordered that “a copy of the digital materials be sent to the Ankara Chief Public Prosecutor’s Office in order for them to be analysed, copied, subject to expert examination and transcribed into text”. Subsequent to the decision of the magistrate judge, two experts copied the images in the hard disk and flash disk. This process was recorded by a camera in the presence of a judge.

29. The Ankara Chief Public Prosecutor’s Office sent a letter to the General Directorate of Security, Department of Anti-Smuggling and Organised Crime (“the EGM-KOM”), instructing them to conduct the necessary research and investigation procedures and issue a report including the findings reached, relying on the decision of the Ankara 4^th Magistrate Judge.

30. The EGM-KOM created a working group consisting of the staff assigned by the EGM-KOM, the Anti-Terrorism Department (“the TEM”), the Intelligence Department and the Anti-Cyber Crimes Department for the analysis of the received data (the hard disk containing the ByLock data and the flash disk containing the subscriber list) and for a report to be issued in this regard. In this scope, an interface program was used to export the ByLock data, and thus, the examination of the relevant data was started.

31. Meanwhile, within the scope of a trial conducted by the 16^th Criminal Chamber of the Court of Cassation, information on the technical features of the ByLock application was requested from the EGM-KOM. Having issued a report, the EGM-KOM sent the report to the relevant Chamber. The report, after giving detailed information about the nature and other features of the ByLock communication system, provided information on the number of users of the said application, friend groups and message and e-mail contents.

32. Subsequently, the Ankara Chief Public Prosecutor’s Office requested from the Information and Communication Technologies Authority (“the BTK”) the reports pertaining to how many times the subscribers included in the list of those determined to have had connected to the ByLock IP addresses had connected to these addresses (CGNAT data).

33. In the meantime, a new version of the subscriber list, which was updated by the MİT through a detailed examination, was sent to the Ankara Chief Public Prosecutor’s Office again. Upon the request of the Chief Public Prosecutor's Office, the Ankara 5^th Magistrate Judge ordered that an analysis be made on the digital material, which was G4 branded data traveller with serial number DTİG4/8GB 04570-760B00LF 5V 0S 7575458 and TAIWAN written on it, in accordance with Article 134 of Code no. 5271, that the images stored in it would be copied and that they would be transcribed into text. In line with this decision, the copying process of the said material was carried out in the presence of the public prosecutor and two forensic IT specialists also during a video recording.

34. Afterwards, the Ankara Chief Public Prosecutor’s Office, having sent the subscriber list to the BTK, requested information in order to identify the personal information of the subscribers of the updated numbers connecting to the ByLock server.

35. The subscription information related to the connecting GSM numbers and ADSL numbers were also received from the BTK on different dates and sent to the Ankara Chief Public Prosecutor's Office. Subsequently, the EGM-KOM, using the subscription information received from the Ankara Chief Public Prosecutor's Office, created a new table of "userid_list" (user list).

36. Upon the instruction given by the Ankara Chief Public Prosecutor’s Office to the EGM-KOM, the CGNAT data of 123,111 GSM numbers sent by the BTK (information on when and how many times the IP addresses on the ByLock server were connected to) was started to be distributed to the provincial units of the EGM-KOM in order for them to be sent to the provincial chief public prosecutors’ offices. Since the connections through the VPN program does not have Turkey IP, the CGNAT records of the connections made by the real ByLock users to the IPs on the ByLock server by using VPN program could not be accessed. The accessed CGNAT records belonged the connections that had been made from Turkey IPs to the target IPs on the ByLock server without using a VPN or that could be identified as a result of getting a Turkey IP again as a result of the VPN’s being disabled during the connection from Turkey through a VPN.

37. Meanwhile, an investigation was launched by the Ankara Chief Public Prosecutor's Office into the allegations and news that the users of the address named “Morbeyin” and related applications had directly connected to the ByLock IP through the codes in the background and that some people who had not had a ByLock record (not actually a ByLock user) had been punished unjustly. In this regard, an examination group was created, which consisted of the officials from the Anti-Cyber Crimes Department, the Scientific and Technological Research Council of Turkey (“the TUBITAK”) and the BTK. During the investigation, it was found that the FETÖ/PDY, bearing in mind the possibility that the ByLock application might be used as evidence against it in the future and, in that vein, in order to prevent the disclosure of the real users of the ByLock application and to direct irrelevant persons to this program, thereby reducing the authenticity of such evidence, had created a software in 2014 named Morbeyin. According to the further findings of the prosecutor, when a user entered the applications such as qibla compass, prayer time, prayer listening, reading the Quran and various dictionaries, the Morbeyin software enabled the device, where the said applications had been opened, to connect to the IPs on the ByLock server for a few seconds without the knowledge and will of the user. As a result of the detailed examination in this respect, it was determined that the users of 11.480 GSM numbers, which had similar features in terms of connection and data parameters, had been directed to the IPs on the ByLock server outside their will. For this reason, they were ultimately removed from the lists.

38. Upon the instruction given by the Ankara Chief Public Prosecutor’s Office to the EGM-KOM, the CGNAT data pertaining to 123,111 GSM numbers sent by the BTK was started to be distributed to the provincial units of the EGM-KOM in order for them to be sent to the provincial chief public prosecutors’ offices.

4. Installment and Use of the ByLock Application

39. Investigation units/authorities issued –addressing to the judicial authorities– technical and chronological reports containing comprehensive information about the technical features of the ByLock application ensuring its confidentiality, the manner it was used, the way it was encoded, the method of its installment on a device, its areas of usage as well as its purpose. In this context, a report issued by the General Directorate of Security in order to clarify some issues related to the ByLock application was also submitted to the Ankara Chief Public Prosecutor's Office. Besides, the MİT also issued a technical report related to the data obtained.

40. In addition, the decisions of the Court of Cassation contained certain findings and assessments regarding the ByLock communication program on the basis of the facts and evidence reached during the investigation/prosecution processes and especially the reports issued by the investigation unit, also regard being had to the organisational form and other characteristics of the FETÖ/PDY. The findings and assessments regarding the installment and use of the ByLock program, which are specified in the decisions of the Court of Cassation as well as the reports issued during the investigations into the ByLock application, can be summarised as follows:

i. ByLock is an application that allows communication over the internet. Internet (online) connection is required to access the application. Users cannot send messages, e-mails or data, if internet connection is not available.

ii. Pursuant to the ByLock Analysis Report, the ByLock application took place in general application stores in early 2014 and was used in various versions until early months of 2016. In the forensic and technical reports, relying on the information obtained from open source investigations, it is stated that the ByLock software was released so that it could be downloaded from the Google Play for phones with Android operating system and Apple Store for phones with IOS operating system. The program was launched on Google Play in early 2014 and made available in various versions until early months of 2016.

iii. According to judicial and technical reports, the ByLock application has two basic versions that can be called Series 1 and Series 2 running on Android operating system. There is no difference in downloading the series of the ByLock application from Google Play and Apple Store. ByLock Analysis Report gives detailed information about ByLock's version and dates of update. According to the aforementioned report, the main difference between the versions of ByLock is that the login password has been made more complex. There is no substantial difference between the versions regarding the steps to be followed to communicate with someone after downloading the program.

iv. It is necessary to install the program in order to sign up for the Bylock application. However, its installment on a device is not sufficient for its use. When the ByLock application is run for the first time, a screen with the options of sign up or log in appears, and the user is asked to create a user name and password.

v. It has been established as a result of the source code analyses that the application also has the feature of creating a login password by drawing a pattern. Therefore, after creating a username and password, the user must also create a cryptographic key by drawing random patterns on the screen with his finger and this information must be transmitted to the application server in an encyrpted manner. Thus, the user, who signs up the ByLock communication system, is automatically assigned a special registration number (user-ID number) by the system. The created number is unique and the numbers consecutive to this number are assigned to a new user. Thus, the maximum protection of user information as well as communication security is ensured.

vi. No personal information (phone number, identity number, e-mail address, etc.) is requested while creating a user account on the ByLock application. Furthermore, as opposed to global and commercial applications of similar nature, there is no process for verification of the user account (SMS password authentication, e-mail authentication, etc.). According to the judicial authorities, these are the measures taken for hampering the identification of the real users.

vii. The ByLock application also has no password recovery extension which enables the users who have forgotten their password to sign up again and get a new user-ID number. In other words, the user is given a new user-ID each time he signs up. Therefore, it is possible for one person to have more than one user-ID. For example, a person whose first user-ID was 54334 has been found to have the second user-ID which is 183441. Besides, it is also possible for a person to have more than one user-ID for such reasons that he has got another user-ID with different user information to login the application on another device or that he has been assigned to another position within the organisation.

viii. Registration is not enough to communicate with the other users registered in the system. It is not possible to add users by searching by phone number or first and last name on the ByLock communication system. The application is not synchronized with the contact list on the phone. In other words, the ByLock communication system, unlike common applications, does not have a feature that enables the persons in the contact list of the phone to be automatically added to the application.

ix. In order for the users to communicate with each other, both parties must first learn face-to-face or through a means (such as a courier, another messaging program, a ByLock user, and etc.) each other’s user names/codes and they must add each other as a friend. Unlike common commercial applications, it is not possible to add a person, whose username/code is unknown, to another person’s contact list and to contact him without his confirmation.

x. As stated in the ByLock Analysis Report, the content of the message between the ByLock users with 68555 User-ID and 462950 User-ID on 27 December 2015 at 9.12 p.m. was “Brother click on this message and download it, then install it from the ByLock downloads in the files, create your own passwords and add me 176299; when adding, write “a secret you both share 1234”. As it is understood from the statement "a secret you both share 1234" in the message, in order to be able to be added to the ByLock friends list, it is necessary to know the user name of the other party, as well as a password assigned by the system or asked to be assigned by the user.

41. As regards the findings and assessments above concerning the installation and use of the ByLock application, the relevant parts of the statements obtained during the judicial investigation and prosecution processes are as follows:

i. The relevant part of the statement of suspect A.A., taken on 28 December 2016, in the presence of his lawyer, within the scope of an investigation conducted by the Adıyaman Chief Public Prosecutor's Office is as the following:

"In March or April 2014, those on duty were asked to use the communication program called ByLock. This situation was conveyed to us by the Regional EC [Education Consultant,] and he installed this program on my phone via the internet or Bluetooth at the regional ED meeting … Provincial supervisors installed this program, and then everyone installed this program for those in charge under them, thereby expanding the communication network. The ByLock program was not installed for everyone, but rather for senior officials. The lower level officials, who heard of the program over time, also started using it. As far as I know, this program was used by special units and was later expanded to the regional units. This program was used by people who added each other, whereby an automatic ID number was assigned.”

ii. The relevant part of the statement of suspect E.G., taken on 21 October 2016, in the presence of his lawyer, within the scope of the investigation no. 2016/8111 conducted by the Adıyaman Chief Public Prosecutor's Office is as the following:

"In the past three years, as a crisis was about to outbreak, the community began to take more strict measures. I heard about the ByLock, one of the highest levels of these measures, 7-8 months before. As the Gaziantep Regional Meetings have not been attended intensively for precautionary purposes since 2015, the Provincial ECs attending these meetings were instructed by the region about the use of the ByLock. As a result of these instructions, the Provincial EC… had given the flash memory card in which the program had been installed to another EC [Mrs. D.B.K.İ.]. She told me that according to the region’s instruction, I had to install the ByLock program, therefore, she installed it on my phone, and I started to use it. Along with the Bylock program, a reset program as well as an encrypted note-taking program were installed on my phone. She said that with this program installed on the phone upon the instruction of the community in order to prevent the written documents from being seized by the police in a possible operation, the information to be written on such documents would be able to be written on the mobile phone, so that no documents could be found in a police operation… I wondered this feature and applied it. Thereupon, I saw that my phone reset itself in seconds, the program was deleted, and the phone was returned to the factory default settings… When the program is installed, it assigns an ID to the phone where it is installed. In order to add someone, the Add tab is opened and the ID of the person to be added, consisting of 6-digit numbers, is written. The name of the person you want to add is written in the section “Name of the person to be added” in the line below; since the community uses code names, generally the code name of the relevant person is written in this section. In the next line, it is requested to write a mutual number in the section “Keyword between you and the person you will add”. We were told that the longer this number was, the more difficult it would be to decipher the system. After entering this number, when you press the “invite” button at the bottom, a message is sent to the phone of the person to be added. When the message is opened, the button “enter verification” appears and it is requested to enter the keyword. Since the keyword is determined mutually, the program will be installed to the phone by entering the keyword.

As far as I learned, the ByLock program was previously used only by private service units, namely military personnel, police officers, judges and prosecutors and court personnel. It has been used by civilians for about a year. While this program was installed on our phones, we were told “It is a program developed by our brothers (“abi”), it is safe”. Gaziantep district meetings could not be held for a period due to the measures taken by the community for the crisis. Since this program has the feature of creating a group as in WhatsApp, the regional and provincial ECs once organised a meeting in this way at a predetermined time. I witnessed this. The person who has the ByLock program on his phone must be in a certain position in the community, that is, he must be in a high position.

...

No sim card was required to install the ByLock application on a phone. The community was warning about this. They made us buy a modem wi-fi with an internet line on behalf of someone else. For a while, we connected in this way. They even went further in terms of measure and told us not to use modem wi-fi but to connect from internet cafes or workplaces having an open wi-fi. As the ByLock is a messaging program, I think it can be installed also on desktop or tablet computers besides mobile phones.

I have just remembered that there was another program in the flash in which ByLock had been downloaded; it was a VPN program. After this program is installed on the phone, if it is opened before ByLock, a key image appears on the top of the screen, which shows that the program is running. Then a country name is entered. Whatever the entered country is, it is shown as if the user connected the internet from that country. This was among the programs they had given us. "

iii. The relevant part of the statement of suspect E.K., taken in the presence of his lawyer, within the scope of the investigation no. 2016/6898 conducted by the Adıyaman Chief Public Prosecutor's Office is as the following:

"The ByLock application was started to be used in April 2014. The use of the ByLock application was introduced as an agenda item. At the material time I was the Grand Regional Head Responsible for Students within the organisation (“the BBTM”). If I remember correctly, our education consultant [A.A.] had told. I probably conveyed the agenda to my Inferiors who were Responsible for Students within the organisation (“the BTMs”) ... ByLock was initially downloaded and installed from the Play Store. Afterwards, it was installed by transferring from one phone to another through the application sharing method. I had downloaded it from the Play Store and installed it on my phone. An automatic ID number appeared when the program was first opened. The program was run by first creating a password and entering it on the phone. Also, a VPN program had to be installed and run in order to run the ByLock application. ByLock did not work if the VPN was not running despite being installed. No information such as GSM number, ID number, name, etc. was required to install the program. You only had to give your ID number to the person you wanted to communicate with. The latter would also tell you his own ID number. When the other party entered your ID number, you received no warning or notification on your phone. If you entered the ID number of the other party as well, then you both could communicate with each other. Along with the ID number of the other party, a desired name was entered in the program's contact list. It was possible to send mass messages to the people in your contact list. The program only allowed text messaging. Besides mobile phones, some people installed it also on their tablet computers and used the program there. It allowed messaging via the internet of the GSM line inserted into the mobile phone or by connecting to another internet service provider such as ADSL. … This program was used until late 2015. The messages received through the program were automatically deleted after 3 days ... Entering the ByLock system and messaging through the system was allowed on another phone or tablet computer in which ByLock had already been installed, on condition of using own ID number and password. … We were not able to enter the ByLock application in late 2015. We were told that ByLock had been removed. However, we were not provided with any information as to who had removed it and why it had been removed.

iv. The relevant part of the statement of suspect A.M., taken on 8 December 2016, in the presence of his lawyer, within the scope of the investigation no. 2015/154 conducted by the Siirt Chief Public Prosecutor's Office is as the following:

"As far as I remember, in September 2014, this person installed the program called ByLock on my phone via Bluetooth ... As far as I remember, in March - April 2015, E. told us that the ByLock program had been uncovered and was no longer safe. Therefore, he told us to delete the program from our phones … ByLock had been installed on everyone’s phone in the community.”

v. The relevant part of the statement of suspect H.K., taken on 27 November 2016, in the presence of his lawyer, within the scope of the investigation no. 2016/3196 conducted by the Siirt Chief Public Prosecutor's Office is as the following:

"A. with the code name A. … told me in 2015 that “we will now use this program for communication, and we will no longer use phone”, and he installed a program on my mobile phone … It does not matter whether the people I will add on this program are within my phone’s contact list. When I press the (+) sign to add someone in the program, the name or code of the person to be added, which is registered in the system, is requested. At the later stage, the password of the relevant person is also requested. After entering the requested information, “1” is written as the last confirmation code. Subsequently, a confirmation message is sent to the relevant person. When that person also writes “1” as the confirmation code, both parties add each other in their ByLock lists.”

vi. The relevant part of the statement of suspect E.E., taken on 13 January 2017, in the presence of his lawyer, within the scope of the investigation no. 2017/184 conducted by the Kırşehir Chief Public Prosecutor's Office is as the following:

"As far as I remember, in 2015, upon the instruction of S.B., our chairman of the board of trustees, S. told us to download a program called “Super VPN” from Google Play Store on our phones for security purposes. Then we downloaded the ByLock program from Google Play Store. First the “Super VPN” program was activated, and then a password was created when ByLock was first opened. A nickname was created, then a random image was drawn on the screen, and the program was opened. As for creating a group on the program, either a barcode was scanned, or a nickname was entered. Persons were added. While sending a message, it could be sent to only one person or a group. We were told that this program was an encrypted program where we could send messages to each other and that no one could decipher this program.”

vii. The relevant part of the statement of suspect M.K., taken on 23 October 2016, in the presence of his lawyer, within the scope of the investigation no. 2016/5772 conducted by the Giresun Chief Public Prosecutor's Office is as the following:

"In 2015, R.Y. told me “There is program for situations where we cannot speak comfortably. I will install it on your phone”. I said okay. He sent me, via Bluetooth, the set-up of the ByLock program the name of which I learned after installing it. He installed it on my phone … First, he added himself on the program for enabling me to have a conversation with him on this program ... We were communicating through this program only when they called me somewhere. Apart from this, there was no routine conversation or chat environment. It was a communication program installed in order not to be followed as R.Y. expressed. ... To use this program, it was first necessary to add the ID of the person you wanted to communicate with. In order start communication, there was a code known by the parties mutually. After entering this code once, the relevant person could be contacted continuously. Conversations were deleted every 24 hours.”

viii. The relevant part of the statement of suspect A.M., taken on 17 October 2016, in the presence of his lawyer, within the scope of an investigation conducted by the Bingöl Chief Public Prosecutor's Office is as the following:

"Upon organisational meetings being fewer after 17-25 December, a program called ByLock was introduced in order to motivate the members and prevent them from quitting. This was told me for the first time when I went to a meeting in H. Dormitory. In 2014, Y.C. invited the provincial supervisors to H. Dormitory. We gathered there as the community heads responsible for 14 different institutions ... Here someone I did not know told us about the ByLock system. He asked our phone numbers and sent us a link via Bluetooth. He installed the program on my mobile phone. After various processes, he gave me a login password. He told us how to add others and how to include them in the system ... After the meeting, we were told to install the program for the others we trusted ... When there was a correspondence, the nickname appeared, and the conversation was automatically deleted within 24 hours”

ix. The relevant part of the statement of suspect E.D., taken on 27 August 2016, in the presence of his lawyer, within the scope of the investigation no. 2016/8112 conducted by the Erzincan Chief Public Prosecutor's Office is as the following:

"In 2013 … Provincial Security Imam Mr. S. gave me instructions to install the online program called ByLock for the members of the community and to communicate with them through this program. At that time, I downloaded this program from Google Play and installed it. This program first requests you to create a username and a password. After performing these, the program is installed and becomes active after you move your finger on the screen as if you draw a pattern for a while.

After the program is opened, the username of the person you want to communicate with and the password to be entered mutually are determined. After this password is given to the other party, the parties can add each other and start a conversation. This program is used for correspondence rather than a video chat.”

x. The relevant part of the statement of suspect A.I., taken on 26 October 2016, in the presence of his lawyer, within the scope of an investigation conducted by the Erzurum Chief Public Prosecutor's Office is as the following:

"In early 2014, my husband/wife … installed an encrypted messaging program called ByLock. My husband/wife also installed this program on his/her own phone. He/she downloaded this program from Google Play. The logo of the program looked like a blue prism. It required a username and a password. I created a username as well as a password myself. It was a password that should be at least 8 digits consisting of letters and numbers. I could change this password and username myself. We used this program in order to ensure communication within the Hizmet (service), to share Fetullah GÜLEN's notes as well as the notes from the program called ‘Bam Teli’ and to ensure communication between us. In short, we shared the subjects related to the organisation via this program … N. a superior within the organisation told me that we would, from then on, communicate with each other through a program called ByLock as the ordinary phone calls would cause trouble.”

xi. The relevant part of the statement of suspect İ.Y., taken on 9 January 2017, in the presence of his lawyer, within the scope of the investigation no. 2016/1530 conducted by the Bayburt Chief Public Prosecutor's Office is as the following:

"In Bayburt, from 2009 until 2015, I attended the “sohbet” activities (periodic gatherings organised by the group) of those Fetullahist. During these gatherings, I heard that deputy police chiefs İ.A. and M.Ç. working at the police school were using ByLock … A person named H., who was responsible for the group I was in within the Gülen community and who was a teacher working in a private school, installed a special communication program on my mobile phone via Buletooth from his own mobile phone … Its symbol was the same as the symbol of WhatsApp … However, this program was different from the normal WhatsApp program. It was not accessible by anyone, and only the private persons allowed to install it could use it.”

xii. The relevant part of the statement of suspect E.E., taken on 27 December 2016, in the presence of his lawyer, within the scope of the investigation no. 2016/8111 conducted by the Gümüşhane Chief Public Prosecutor's Office is as the following:

"In May 2014, Y. who was responsible for reading rooms ... collected the phones of the persons who were responsible for reading houses and the name of whom I stated above, during a meeting and told that we were going to communicate with each other through this program and installed the ByLock program for the friends there and gave everyone a password to open the program separately. In this program, everyone has an ID number; in order to add someone, an ID number is entered, and a request is sent to the person to be added. In order for the target person to be able to open this request, he has to know also the password created by the sender for the adding process. After entering this password, he can see the sender of the request and accept it. In this way, the list is created.”

xiii. The relevant part of the statement of suspect M.A., taken on 22 November 2016, in the presence of his lawyer, within the scope of the investigation no. 2016/8111 conducted by the Trabzon Chief Public Prosecutor's Office is as the following:

"The individuals within the community first used Line, Coco and WhatsApp. Recently, some people in the community used the BYLOCK program ... In May 2015, when I bought a smartphone, District Imam A. … took my phone and downloaded the ByLock program from Play Store. In addition, he downloaded another program, the name of which I cannot remember, to open the ByLock program … He told me how to use the program and added his own address. He also told me to create a password to enter the ByLock program, and I entered the program by creating a password. I do not know how he downloaded the ByLock program on my phone and whether there were any other technical issues he was engaged in.”

xiv. The relevant part of the statement of suspect U.S., taken on 4 September 2016, in the presence of his lawyer, within the scope of the investigation no. 2016/90080 conducted by the İzmir Chief Public Prosecutor's Office is as the following:

"M.Ö. told us at a meeting to download this program … he told us that we had to use the program called ByLock in order not to be uncovered. I met M.Ö. somewhere which I do not remember now. He sent me via Bluetooth the APK file of this program.

When I opened the APK file on my phone, the installation screen appeared immediately. After the installation process, the screen was opened, and I created a user-name and a password as required …

1- First of all, you have to be near the person who will install the program for you.

2- After coming side by side, the APK file of the program is sent via Bluetooth.

3- After the person near you has installed the APK file, you will tell him your ID number

4- After he has entered the ID number, he creates a password and tells it to the person with whom he wishes to contact. The person wished to be contacted with sends a simple number (usually, the number “1” is used; there is no speciality in determining this number). When you open the confirmation screen for the request sent by this person, you can start communicating with him by entering the password and username created by him.

5- As a result, anyone who does not know the ID number and password as well as who does not have an APK file cannot use this program.

6- You need to write a username for the person you will add to the system. A new name can also be written, provided that the username is the same as the one entered by the person suggesting the third person in question.”

xv. The relevant part of the statement of suspect Y.U., taken on 12 August 2016, in the presence of his lawyer, within the scope of an investigation conducted by the Konya Chief Public Prosecutor's Office is as the following:

"The ByLock program was started to be widely used within the Fetullah GÜLEN community after the 17-25 December events. I had never heard of this program before the events of December 17-25. I also had never heard of such a program being used, neither in the community nor outside. After the events of December 17-25, S.B., who was the responsible manager of O. Eğitim A.Ş. and the unofficial manager responsible for Ö. Student Dormitories, told me that the subsequent meetings of the community would be held via the ByLock program and asked me to turn on the Bluetooth on my phone. I turned on the Bluetooth on my phone, and he sent a data file from his phone via Bluetooth to my phone ... When the program was opened, username and password was requested. I created a new username and a password and entered the system. It automatically gave me an ID number consisting of 5-6 digits as far as I remember … I learned how to add people on this program. He told me, by showing, that this program was used only for correspondence on the internet, that no voice or video call could be made, that it could not be downloaded from the internet in any way, and that it could only be installed by sending a data file via Bluetooth. The ByLock program looked like Gmail on the phone’s screen; however, when it was tapped on, the ByLock program was opened. He told me that the program had been created by the Fetullah GÜLEN community and that it was known and used only by the members of the community. Hence, I learnt how the program was installed and used.”

xvi. The relevant part of the statement of suspect A.K., taken on 20 August 2016, in the presence of his lawyer, within the scope of an investigation conducted by the Konya Chief Public Prosecutor's Office is as the following:

“Those who were in superior positions within the community such as state imams, grand regional imams and people working in the guidance service used the ByLock program. They used to talk to the regional imams at the lower level, like me, on the phone. However, one day H.Y. told all regional imams to install the ByLock program on their phones. Regional imams installed this program on their phones. H.Y. helped me install the program on my phone via his Bluetooth.”

xvii. The relevant part of the statement of suspect İ.S., taken on 23 October 2016, in the presence of his lawyer, within the scope of an investigation conducted by the Samsun Chief Public Prosecutor's Office is as the following:

"I did not know about the ByLock program that was being used for secret communication within the organisation until I went to the province of S. After all, the ByLock program was first used within the organisation in March 2014. İ.T. had installed this program on my mobile phone for the first time via Bluetooth from his own phone. He told me that we would no longer communicate by phone but through this program. Afterwards, when I was appointed as the group imam, I was told to install this program for also my group members. Thereupon, I told my group members that we would no longer communicate by phone but through the ByLock program that had been developed for this purpose. Hence, I suggested installing this program on their phones."

xviii. The relevant part of the statement of suspect A.A., taken on 15 February 2017, in the presence of his lawyer, within the scope of the investigation no. 2016/14839 conducted by the Malatya Chief Public Prosecutor's Office is as the following:

"As far as I remember, in the summer of 2015 ... I installed the ByLock program on my phone upon being assigned with the task of being responsible for military high school students. During the meeting, S.A. sent me a setup file via Bluetooth … My phone was on F. He installed the program through the received file and gave me the phone. When I tapped on the program, it requested a username and a password. After entering this information, the program opened. My code name was first A. Having started dealing with military students, my new code name was Z.İ. To communicate with someone else, a reference code was required. It was necessary to inform the person -wished to be added to the contact list- this reference code in advance. In this way, the other party would accept the request for communication by entering the reference code previously notified and then start communicating through ByLock. Along with the ByLock, a program called VPN was also installed on my phone. Before opening the ByLock program, we would open the VPN and enter the ByLock program via the VPN. F.U. had told me that this was a safer way.”

xix. The relevant part of the statement of suspect M.T., taken on 18 January 2017, in the presence of his lawyer, within the scope of the investigation no. 2017/14839 conducted by the Malatya Chief Public Prosecutor's Office is as the following:

"We used ByLock at the end of January 2016 … As far as I could learn, the ByLock program worked as follows: Each user had a code, and this code was identified to the contact list of the program. A., C., H. and the police officer E. were included in my contact list. I had to create a code in order to message someone from this contact list. I would give this code to the other person and when he entered the code we would start messaging.”

xx. The relevant part of the statement of suspect S.D., taken on 24 October 2016, in the presence of his lawyer, within the scope of an investigation conducted by the Karaman Chief Public Prosecutor's Office is as the following:

"I installed this program having downloaded it from Play Store. I first run the VPN and then entered the ByLock Program … The secret conversations related to the issues such as the places where the gathering activities would be held or related to the names of students were made on this program by messaging. We were told that we could make any correspondence here. We used this program until 2015. The program was updated in 2015. However, this update could not be downloaded from Play Store. The organisation's top-level officials gave it to the lower level officials in the form of APK file. A.A. downloaded it on my phone from his own phone via Bluetooth in the same way. He told me to download it for also others in the same way. Therefore, I also downloaded it for the abovementioned persons who were under my responsibility. About 1 month after this procedure, E. (K) A. Y. told me that a WhatsApp-looking ByLock Program had been released. He installed it on my phone. I downloaded it also for my friends in the same way. It was forbidden to install this program for the persons I was responsible for ... This program could be installed by BTMs, İLCİLER and higher-level individuals. In December 2015, this program could not be accessed via VPN. E. (K) A. Y. told me that the program had been deciphered and therefore we would no longer use it.”

xxi. The relevant part of the statement of suspect A.B., taken on 13 February 2017, in the presence of his lawyer, within the scope of the investigation no. 2017/4259 conducted by the Denizli Chief Public Prosecutor's Office is as the following:

"As far as I remember, Ç. had installed it on my phone via Bluetooth. He carried out the installment process himself including creating password. I do not know how the program was activated. When I went near İ.K. and Ç., they gave me a paper on which a username and password was written … They were the persons who installed the ByLock program, in the district, for those close to the organisation. This program was first used by people in superior positions such as provincial and district brothers (“abi”). Then we received a notification that we called the agenda. It was told that the people in the province of D. were indiscreet and spoke everything on the phone; therefore, this program was needed to be installed. It was therefore installed on my phone … The icon of the program which was installed on my phone was blue coloured and I do not remember whether there was any letter on it; however, “ByLock” was written below. When I tapped on this icon, a screen appeared where a username and a password was requested. I run the program by entering the password given to me. First, an empty screen appeared. Then, when I moved my fingers on the screen, the program was opened. The users appeared …

Even if the ByLock program was installed on both parties’ phones, and even if a question was asked through the program, the other party could not answer. First, the person who asked the question would call the other party through the program called KAKAO, and the latter would suspend the call and write his answer through Bylock … In the city centre, two separate ByLock programs had been installed on especially superior persons’ phones. In one of them, the persons whom they knew as well as who might have relations with the organisation were added. In the second one, there were people related to their duties. When the police caught them, they would show the former. A woman named … advised us to install two separate ByLock program.”

xxii. The relevant part of the statement of M.O. taken during the prosecution process, as stated in the decision of the 8^th Chamber of the Antalya Assize Court dated 1 November 2017 and numbered E.2017/275, K.2017/83, is as the following:

"I used the ByLock program. I downloaded it from Google Play Store in summer 2014. When I wrote ByLock and entered my Gmail account, I could download it on my mobile phone. After I installed the program, it gave me an ID number. In order to be able to communicate with someone else, I had to know the relevant person’s ID number and enter it to the system … When I downloaded this program, I heard from my friends in the community that such a program was being used within the community. I heard about the ByLock program in this way. As I have stated, I downloaded it from the internet, as well as installed and used it … If ByLock was used in 2 different devices with different ID numbers, then 2 different names would be given.”

xxiii. The relevant part of the statement of F.M. taken within the scope of the investigation process as well as confirmed by him also during the prosecution process, as stated in the decision of the 2^nd Chamber of the Samsun Assize Court dated 23 March 2018 and numbered E.2017/52, K.2018/103, is as the following:

"In December 2010, I was assigned by A.K. as the group imam of the 94s term among the superiors from the Academy within the Security Directorate, which was qualified as a special unit, in the province of A. … Having started to use the ByLock program … I also installed the program on F.’s phone and we started to communicate with each other through this program … When the ByLock program was first released, it was not available on Google Play. A. downloaded the program on my phone via Bluetooth. I downloaded it on the F.’s phone in the same way. However, after using this program for a while, A. told me that it could also be downloaded from Google Play. As the program was already available on my phone, I did not download it. As for the operation of the program, it automatically gives an ID number after the installation process. When these ID numbers are entered mutually with the other party, the conversation starts. A conversation can never be made without entering the ID numbers mutually."

5. General Features of the ByLock Program

42. The features of the ByLock application with reference to the reports issued by the investigation units as well as the decisions of the Court of Cassation regarding the application can be summarized as follows:

a. Messaging

43. Instant messaging is possible via ByLock. This feature allows people who add each other as friends to message each other in the same time period. In order to add someone to the ByLock friends list, the username/user code of the other party must be known. Accordingly, after the users add another member of the organisation to their contact list through the abovementioned method, the confirmation of the other party is requested, and if it is confirmed, then the parties can establish a communication and send messages to each other.

44. There is another section called nickname on the ‘add friends’ screen. This section allows for giving another nickname to the person added as friend. As stated in the judicial decisions, the data included in the technical reports as well as stated to have been kept in the table named roster were the nicknames entered by the users in this section.

45. While other common messaging applications continue running in the background as long as an internet connection is available and notify the user when a message is received, the ByLock application requires that the program is open (running) in order to receive a message, even if an internet connection is available. As stated in technical and judicial reports as well as court decisions, this feature of the program, which imposes a burden on the user and results in difficulties in its use and which is indeed not functional, indicates that the program was not developed with commercial concerns. In addition, it is evaluated that the said feature is a reflection of the efforts of the FETÖ/PDY, an organisation based on confidentiality, to hide itself and its members.

46. In the friends lists created on the program, there are people associated with the organisation. For example, as stated in the Bylock Analysis Report, it was discovered that an important part of the 240 people in the friends list of T.A. (user-ID: 5176) was the senior executives of the organisation and that he had no relatives in his friends list except for his wife who was also a ByLock user.

47. When the contents of the messages which were analysed by the investigation units were examined, it was found that there were messages in which the organisation members were asked to give importance to the measures as well as the confidentiality. In this context, it has been determined that almost all of the analysed messages were not related to daily issues, but the organisational contacts and activities of the FETÖ/PDY. In addition, it has been observed in the contents of the messages as well as in the friends lists that the individuals were usually referred to by their code names within the organisation. Some of the message contents were related to the following issues:

i. Sharing the instructions and opinions of the organisation leader Fethullah Gülen.

ii. Sharing information about the FETÖ/PDY members against whom operations were carried out and who were uncovered, as well as notifying beforehand the operations to be carried out. Followings are some of the messages included in the ByLock Analysis Report:

- The messaging between 180428 user-ID and 78138 user-ID on 26 August 2015 at 05:42 p.m. was "We have heard that certain teams have been created against institutions. Is this operation that operation?";

- The message sent by 97204 user-ID on 6 January 2016 at 12:51 a.m. was "They will carry out an operation on 1 November.";

- The messaging between 359010 user-ID and 482423 user-ID on 16 December 2015 at. 12:07 p.m. was "Brother, there is a person in this unit who will get information. It is said that if it is heard, they will mess up. It is very serious.”;

- The messaging between 359931 user-ID and 235342 user-ID on 6 December 2015 at 10:27 p.m. was "There will be an operation tomorrow. Media will be needed.”;

- The messaging between 154559 user-ID and 177112 user-ID on 15 January 2016 at 08:07 a.m. was "Dear brothers, when they asked about the reason for the 1 dollars found on different people during custody processes in Turkey, they figured out that it was related to our Leader. Therefore, it would be better if especially the friends who go to and come from Turkey act responsibly in this regard and do not carry dollars and HE [Hodja Efendi] signed clocks in their wallets. I hope they will not have problems due to such reasonable doubts”.

iii. Not being present in places where there was a possibility of operation and prior cleaning of important digital data in these places by the persons responsible for searching and scanning such data (ATM). For example, the messaging between 324030 user-ID and 144401 user-ID on 30 December 2015 at 09:29 p.m. was “Hey friends! There will be an extensive car and body search in İzmir. It will continue for a week. Please be very careful! Make sure that the mails on your phones will not be open on the road and that there will be no document with you related to the service. Besides, there will be no cd or diamond [Fetullah Gülen's books] with you”.

iv. Organisations made for finding places for the organisation members to hide within the country and for ensuring them to flee abroad.

v. Release of the suspects/accused within the scope of the investigations and prosecutions conducted into the FETÖ/PDY by judges and public prosecutors (for a decision in this respect, see Mustafa Başer and Metin Özçelik; and Hüseyin Korkmaz). For example, as stated in the ByLock Analysis Report, former judge F.K. (76026 user-ID) communicated with civilian S.G. (203391 user-ID) and gave information to him about the investigation files. This conversation was as the following:

- The messages sent on 16 December 2015 between 09:35 p.m. and 10:58 p.m. were "Brother, the file will be sent tomorrow", "The prosecutor dealing with it is İ.Ş.", "Tomorrow I will deal with the challenge of Judge H.", "The expert report within the file is insufficient", "The revenge of 1 December is also awaited in the nearby provinces", "I hope there will be no problem” … “If they are 3-5 detainees, I can release them taking into consideration the time they have spent imprisoned. If the other judges’ opinions will be the same as the ones set forth today, there will be no problem", "The objection will definitely come before me” / “Brother, are there any other operations in the province of A.?” / “If it is referred tomorrow or Friday, then I am already on duty" / "We will see if they have arranged it” / “Brother, this the one said to be the most serious”, “M. left all of them. M.A. will issue an arrest warrant against someone" / "Who was the prosecutor?", " Is it possible for us to reach a document related to this issue?" / "What kind of document "...".

- The message sent on 18 December 2015 at 09:54 p.m. was "Brother, can you write about the developments?”

- The messages sent on 20 December 2015 between 04:14 p.m. and 07:34 p.m. were “Brother …”, “1- Are 5 detained persons from the terrorist organisation … or have they been detained for the offences of forgery and fraud? 2- Has the public prosecutor’s office objected to you, requesting the detention of those released?”;

- The messages sent on 21 December 2015 between 12:40 a.m. and 09:38 p.m. were “Brother, those detained are from the organisation”, “The objection of the public prosecutor’s office regarding the persons who were released is before me. Their detention is requested again. Today, I must make a decision. I will examine the files and dismiss them”, “Brother, I dismissed the request for arrest. I released two persons. I was towards evening, I have not got the reactions yet”, “We will see tomorrow how the reactions will be. I think this file will never be taken outside my office”.

vi. Blacklisting of those expressing opinions against the FETÖ/PDY or fighting against the structure. For example, the message sent by suspect A.K., a ByLock user, on 14 February 2016 at 10.27 p.m. was “It should be determined which chief public prosecutors, which deputy chief public prosecutors, prosecutors and judges in which province are enthusiastic about this issue and who are their sources of motivation … All these should be identified and even uncovered, if needed”.

vii. Notification of the fact that in case of disclosure of the ByLock communication system, it will no longer be used, and alternative applications such as Eagle, Dingdong and Tango will be used.

viii. Holding benevolence (“himmet”/money collected by the FETÖ/PDY from its members regularly) meetings; providing money for the organisation members who have been suspended or dismissed from their offices; and changing the adresses where the members of the organisation will meet.

ix. Sharing certain web-site addresses carrying out activities for creating an impression that Turkey is supporting terrorism (for an attempt related to this purpose of the organisation, see Süleyman Bağrıyanık and Others) and supporting the questionnaires available on these websites.

x. Preparation of legal texts for the members of the FETÖ/PDY in order for them to use in their defences as well as appointment of lawyers for them. For example, the messaging between 14444 user-ID and 18491 user-ID on 1 January 2016 at 02:33 p.m. was "The 16^th Criminal Chamber of the Court of Cassation, having ordered the continuation of the detention on remand, set the date for hearing on 21 January 2016 … With a view to extending the process; 1- rendering the panel of judges unable to give a decision, with such requests as recusal, release or challenge against decisions. If there is someone, within the panel of judges, who had previously worked with B. or Ö., there is either sincerity or hostility between us. It can be said that “I refuse this”. It can also be said to the judges respectively on different dates that “You have not worked in the field of organised crimes. If you had worked, you would have known that. Anyone may know that” within the scope of the immunity of defence. Hence, after the panel files a criminal complaint for defamation, it can be said that there has occurred hostility between us and therefore we request for recusal. 2- Getting the public prosecutor (or a TRT speaker if needed) to read the indictment as a whole. Even this will take a lot of time. 3- It was not possible to ask questions to the witnesses who were heard upon instruction. It should be requested that they be heard directly or via the Sound and Video Information System (SEGBIS) before the panel of judges where we are also present. 4- For the recusal of the judge, it is necessary to request that the applicants’ lawyers be heard as witnesses. 5- Time should be requested to examine all files in the country and add their certified copies to this file as well as to make a defence against the information and documents included in the file. 6- The statements of the Chief Supervisor from the Supreme Council of Judges and Prosecutors who conducted the process for detention as well as all judges and prosecutors taking part in this process should be requested as witnesses (It should be precisely said “We request that this person should be heard for a given specific issue). 7- The legal expert to be appointed by the panel of judges for the failure of the execution of court decisions should be identified, the file in its entirety should be submitted, and it should be requested that the legal aspects as regards the detention of judges for judicial decisions be determined. 8- It may be told, if requested, that “We request that a legal professor … expert be heard at the next hearing”. At least 10 different experts (lawyer, faculty member including assistant doctor) at 10 hearings may be heard in this regard. 9- Time may be requested to appoint an expert lawyer to evaluate all statements and evidence. 10- All articles and opinions on the visual and printed media related to the incident that is the subject-matter of the case should be printed out and included in the file (in order to expand the file). 11- I am of the opinion that it is necessary to work actively in order to ensure that foreign press as well as foreign law associations also follow up these cases, and that the defence arguments of those convicted of Sledgehammer (Balyoz) and Ergenekon operations and of those serving on behalf of Adnan Hodja should be applied in order to show that there is not an easy touch, without causing a new trouble”.

xi. Planning of how the Government will be overthrown illegally, what the role of the members of the judiciary and security units having connection with the organisation will be, how the senior public officials will be forced to resign and how the media outlets and civil society will be taken under control. In this context, it was found that some of the senior members of the organisation had messaged among each other as the following, as stated in the decision of the 16^th Criminal Chamber of the Court of Cassation –in its capacity as the first instance court– dated 24 April 2017 and numbered E.2015/3, K.2017/3: ““Things will not go back to normal without taking 2000 persons, elections will not be useful” said HE [Hodja Efendi] / “Things will not go right without walking to the palace and stoning and toppling that man” / “Actually, they all may be done in one morning” / “3 prosecutors will issue the indictment, the police will take into custody on grounds of reasonable suspicion” / “The judges will be arranged on the second day and it will finish” / “If you also take the members of the Council (Supreme Council of Judges and Prosecutors) and the media, you will make everything done in 1 day” / “Everything will change in a week” / “Then you will take over the country” / “Why did we conduct the 17/25 [17-25 December investigations] then?” / “There is preparation now” / “They make a list of the people who will be taken” / “I do not exactly know the manner, maybe the soldiers will enter directly” / “Oh snap! Who will fight?” / “Not as much as it was in Egypt” / “I mentioned that one morning … ” / “The issue of taking all of them” / “the Emn (group of persons infiltrated the security directorate) turned it into a project to present it to Hodja Efendi” / “I think we have to make a move full steam ahead”/ “It has been many years that we have been working for this” / “If it is not today …” / “Now this issue should be resolved” / “You mean we should keep waiting” / Emn says that if we are allowed, we can even do that before the soldiers enter” / “It is better to blockade them for security reasons” / “Then resignation and going abroad” / “Same as the members of the Council” / “All the media will be appointed trustees on the first day” / “The headlines will be “We have returned from the abyss, the chaos is over, and etc.”” / “It is 100 times more legal than now” / “If things are not in your favour, then you will say “State is my brother”” / “Things may be in order within one year” / “Now soldier means us” / “There is no external voice there” / “But it will happen anyway, if Hodja Efendi wants”, “If you gather 1000 people, it will be enough in the morning”, “Those who will not be taken into custody are ministers and etc.” / “You will blockade them as a measure for safety of life” / “The coup will not occur” / “The prosecutor will order custody”, “He will directly write to the garrisons” / “1 prosecutor is enough” / “The remaining falls to the law enforcement officers” / “I sent this scenario having written it in detail”, “It is three files” / “ISIS, treason and 17-25 December” / “Even President may legally order custody” / “Then they will be asked to resign under blockade” / “Those who will refuse will be sent to Imralı or abroad” / “All media will be appointed trustees at the same time” / “Who would be the perpetrator of 17-25” “If it could have been made completely” / “We will say that our service (Hizmet)is not a party to this process, and that this is completely a legal issue” / “A haber (a TV channel) will make news in the evening such as “Turkey have returned from the abbys, It has recovered, and etc.”, the man’s palace and money will be uncovered …” / “Hodja Efendi said there is nothing to do with those men within the country” / “In fact, there are 3 possibilities”, “1st is to apply the project, 2nd is to wait for the divine protection by keeping silent, and 3rd is to continue like in 80s as a small criminalized group”.

b. Feature of Communication by E-mail

48. Communication by e-mail via ByLock is a feature that allows for sharing longer texts compared to instant (short) messaging. This function of the application can be described as closed circuit. This feature allows for sending or forwarding e-mails individually or collectively only among the program users. The investigation bodies could not obtain data indicating that e-mails have been sent from an account with ByLock extension to the accounts with Yahoo, Hotmail, Gmail, Outlook and etc. extensions or vice versa.

49. It is considered that this feature of the program was mostly used to share the instructions, opinions as well as the alleged dreams of the FETÖ/PDY leader Fetullah Gülen and to motivate the members of the organisation. Some of the organisational abbreviations specified by the members of the organisation in their statements had also been used in their messages and e-mails (DCE - Study home brother/sister, BTM - Regional head responsible for students, BBTM - Grand regional head responsible for students, EC - Education consultant, T - Code of judges and prosecutors, which is T1, T2 .... T5 according to their professional years, and A – Code for those who was promoted from being a lawyer to be a judge or prosecutor, which was also classified as A1, A2 ...). Some e-mail contents as part of the organisational communication were found to have been related to the following issues:

i. With a view to putting the Republic of Turkey in a difficult position at the international level, creating an impression that it supports terrorism.

ii. Sharing certain web-site addresses carrying out activities for this purpose and supporting of the questionnaires available on these websites by the members of the organisation by using VPN, that is to say, by showing that e-mails are sent from abroad.

iii. Forwarding the information, motivating words and instructions received from the leader of the terrorist organisation among the users. In this context, –as stated in the decision of the 8^th Criminal Chamber of the Samsun Regional Court of Appeal, dated 15 May 2019 and numbered E.2019/302, K.2019/583– as regards the organisational communication by e-mail, some of the e-mails belonging to H.B., who was found to have been provincial imam within the organisation and who has been convicted of establishing and managing a terrorist organisation, which had been forwarded many times and included in the Bylock Identification and Assessment Report (“the ByLock Report”) are as follows:

- “Dream of a worker working in Kırıkkale. We were in a hall with workers in Kırıkkale. Hodja Efendi was making a speech. In the cinevision, there were the names, in a green list, of those who supported Bank Asya and the services in hard times. He said that this was the list of those who would go to heaven … There was also a red list, which was the list of those who had left … His speech was about these issues … At the end of his speech, he asked “Is there anyone who have questions?” … One of our brothers asked that when the process would end ... He smiled and told “I was waiting for this question” ... He said that the answer to this question would be given by the owner of the process namely our Prophet (peace be upon him) who was sitting in the next room … Our Prophet (peace be upon him) spoke from the next room: “It will continue until those who are outside reach the same level as the ones inside … (In terms of spiritual life)”.

- “Brothers, appointment of trustees to the institutions is seriously on the agenda and they started to come quickly. In this process: 1- We must follow the following issues carefully, cold-bloodedly and without creating a panic atmosphere. 2- General cleaning should be done urgently in all companies and institutions. 3- There should be no unofficial work and transaction in institutions. 4- No interviews or meetings should be held, except for the works and transactions of the institution. 5- Anyone who is not actually or officially in charge in the institution should not use the institution as a work office. 6- There should be no informal and undocumented money entry into and exit from the institution, which may leave the institution and service in a difficult situation before the trustee. 7- Board members, founder representatives and shareholders of the company should be informed by the company’s lawyers and financial advisors”.

- “When writing names in ByLock, never write real names. Everyone should write in a manner they can understand. Make sure that nobody can be reached in the event of a disclosure. It is very important. Let's correct it right now”.

- “We are in the final of a 100-year-old movie. Look at the role that God gave you in the final. Maintain a stance worthy of the final! This process is OVER (at the end of summer) !!! Now we are in the phase of EXAM, until all characters come to light and the reals are completely distinguished from the fakes. The complete elimination of this trouble is possible if the prayer deserved as a result of the sufferings experienced during this process prevails the prayer of the other party. Now the most fortunate ones among seven billion people in the world are those who are bound and determined for the service in this process and have not changed sides!!! If you knew what it would bestow you beyond the veil, you will be thrilled to pieces!!! Especially, if you knew the blessing for those who are arrested, you would have yourself arrested!!! But facilitating the work of the tyrant is rudeness towards Allah.”

- “Hodja Efendi got general information about “Selam Tevhid” and “Tahşiye” cases at the private meeting. He said, ‘I always pray for those in the Yusufiye Madrasah.’ ‘This process will end soon.’, ‘This is not my personal conviction, also the USA, Russia and internal dynamics agreed on their leaving.’

- “Friends, so far detentions have mostly been due to the seized documents, lists of sacrificial, scholarships, donations, benevolence, trustees and course group, misstatements, panic, starting to testify before the lawyer arrives, technical information materials (CD, computer, laptop etc.), arrests and complaints. If you pay a careful attention, you can see that most of them are information, documents and technical materials ... In other words, they are the evidence obtained through a good search and examination. What is the reason for this? Which thoughts are revealing us?... The thought that ‘nothing will happen to us’. The consideration that ‘I have made the necessary cleaning’, ‘What comes out of this ...’ , ‘It will take a very long time until it will touch on us …’, ‘I die but I cannot leave them’, (for example, a photograph taken together with Hodja Efendi) ‘These are special memories for me ... These are very precious; you cannot know how valuable they are ... These will be needed for service next year ... I will keep the lists somewhere and thus I will not forget them ... They searched several times but found nothing … I consent to everything. If I am sent to prison, then I will serve the sentence … We have not found this work by chance … We have made great efforts for this service … Look at yourself! I am already clean ... I also consent if I am executed … Even the jinn cannot find me in the place where I hide ... Soon this process will be over ... I know someone in some places. I will tell him to help us ...’ Friends, fire doesn't just burn the place it fell, it burns all of us. "

- “They obtained such information that the important lists are stored in flash memory inside the cevşens. They definitely look at the cevşens during house searches, including those which are on the necks. It is useful to make a general warning.”

- “They are investigating the loans received from other banks for Bank Asya, and they also seized 6 laptops the owners of which are indefinite. There may be a trouble in this sense. Is there anything to do?”

- “Brother, which institutions have been searched for?... What have been seized as evidence? … Was there anything likely to cause a trouble? Did the press come? Was any image taken? Will it appear on the news? Can we get detailed information?”

- “1) The budgets of the units are independent and autonomous in provinces. 2) The budgets of the units are determined by provincial servant and the person responsible for the unit; however, if any dispute arises between them in this respect, the regional servant and the person responsible for the unit will determine it. As for changing the personnel, the approval of the servant as well as of the person responsible for the personnel is required. The goals are set by the co-decision of the provincial servant and the person responsible for the unit. Outside the provinces, the units will not collect revenues from the provinces. In the provinces, the surplus of the unit budgets we have agreed since the summer will be granted to the provincial servants. The only ones who will be responsible in terms of the payments to be made by countries will be the provincial servants. Thus, the countries will not have to contact many addressees. Everyone will comply with these rules. If there is a different procedure, it will be corrected by speaking.”

- “We urgently removed and broke the hard disks in the computers of those responsible for students (‘talebeciler’). We must buy new flash disks and insert new hard disks into computers. The prices of hard disk and flash disk each is 150 Turkish liras. In total, we must set 300 TL budget for each person. We have taken the promise that they will not tell and grant this new system to anyone. We should not give it to anywhere other than the students system.”

c. Feature of Creating Groups

50. Names of the groups (such as Women in the Region (“Bölge Bayan”), Those responsible for Surveyors (“Etütçüler”), Abi responsible for houses (“Ev abileri”), Imams (“İmamlarım”), Those responsible for Schools (“Okulcular”), 8 abi (“8 abiler”), Those responsible for 8 units (“8 birimciler”), 8 big regions (“8 büyük bölge”), Those responsible for regions (“Bölgeciler”), Those responsible for graduates (“Mezuncular”), Those responsible for students (“Talebeciler”), Those responsible for universities (“Üniversiteciler”), Voluntary Subscribers of Zaman Newspaper (“Zaman Gönüllüler”), Responsible (“Mesul”), Those responsible (“Mesuller”) and Marriage (“İzdivaç”)) in the application, through which a group communication is possible, are consistent with the specific literature of the organisation, which is frequently used by itself, and its cell-type hierarchical structure. In addition, it has been understood that the names of the groups created by members of the organisation in the ByLock application and the classifications in the evidence other than the ByLock were similar. As explained in the "Report on the Confidential Structuring of the FETÖ Armed Terrorist Organisation in the Security Directorate” issued by the EGM-KOM Department, the expressions/coding such as general manager – manager – teacher – guide - zb (group leader) which were determined by the organisation were also among the names of the groups created in the ByLock program.”

d. Feature of Voice Call

51. Among the data obtained regarding the ByLock program, there are records of the logs pertaining to the voice calls. Among the source codes of the application, a Turkish expression, namely sesli arama, is also available. The technical units within the investigation authorities have concluded, relying on this data, that the ByLock application allowed its users to have voice calls with each other. With reference to the digital data obtained, information on the date and time of the calls made by many users via the application and whether the said calls were successful has been reached.

e. Feature of Sending Images/Documents

52. The technical units, having examined the data related to the application, have concluded that the program also allowed for sending images and/or documents. Thanks to this feature, members of the organisation were able to send organisational images and documents without the need for any other means of communication.

53. It has been determined that the members of the organisation shared files with .apk extension, which enabled the ByLock application to appear not with its own icon but with the icons of commonly used programs (especially, WhatsApp, Google, etc.). According to the assessments of judicial authorities, the purpose of such an act was to ensure that the ByLock application was not seen by those other than the members of the organisation while sending data and document as well as to prevent the disclosure of the fact that the ByLock application was being used for a secret purpose.

6. The Features of the ByLock Application that Distinguish It from the Others

54. The Court of Cassation compared the ByLock program with the other common messaging programs in its decisions where it considered all elements concerning the program together. The judicial authorities, having evaluated the structure and general features of the ByLock application, together with the statements taken as well as the other evidence collected, have concluded that this program was made available exclusively for the members of the FETÖ/PDY under the cover of a global application.

a. Institutional and Commercial Character of the Application

i. The ByLock program was not designed for commercial purposes. In this context, it could not be established whether there was an attempt to promote the program, nor is there any data indicating that there were efforts to increase the number of its users. While many of the internet-based instant messaging applications aim to increase their brand values and earnings by reaching as many users as possible, the ByLock application, instead, targeted a certain number of users based on anonymity. It has been determined in the content analysis of the messages that the program was desired to be hidden from third parties and that it was also desired to prevent the identification of the connections made to ByLock servers.

ii. Payments concerning the transactions (such as renting a server and an IP) carried out for the operation of this application by way of renting a server in another country were made anonymously. Moreover, there is no reference about the previous works of the person who has developed and released the ByLock application. Nor is there accessible contact information about him.

b. Protection of User Information and Communication Security

i. ByLock, which requires its users to know some personal information in order to communicate with others as well as requires the parties to add each other as friends by using such information, is a program where each message is encrypted with a different crypto key. This encryption method aims at preventing third parties from accessing such information without permission (hacking) in case of transfer of information between the users.

ii. ByLock communication system operated through a server with the IP address 46.166.160.137. It has been determined that nine IP addresses allocated to a company engaged in renting servers in another country were also used in various versions of the ByLock application. According to the judicial authorities, renting more than one IP address serves the purpose of making it difficult to identify the users.

iii. It is required to know the username/code of the other party in order to be able to communicate through ByLock. Accordingly, unlike common commercial applications, it is not possible to add to the contact list a user whose username/code is unknown and to contact him without his confirmation.

iv. The ByLock system is designed in a way to ensure that the messages are received after opening the application so that the irrelevant persons will not hear about the application and will not read the received messages accidentally. In the ByLock application, there is a closed circuit system for e-mails as well, which can be used only by ByLock users. The large part of the contents of the messages and e-mails are related to the organisational correspondence.

v. Unlike common messaging applications, ByLock does not offer fast communication to its users. In order for communication, it is not enough to install the program. It is also required to complete the installation and confirmation processes carried out in a certain and confidential manner. While registering the application, it is paid attention not to write real names as usernames. Failure to use verification criteria for a new user will make it difficult to identify the user. In other words, the fact that no personal information is requested during registration indicates that anonymity is sought to be ensured, thereby making it difficult to identify the user.

vi. Messages sent/received through the “ByLock” are automatically deleted from the device after a certain period of time. Even if the users forget to delete any data, the ByLock system has been designed to take the necessary precautions. Thus, even in case of seizure of the device within the scope of an investigation, access to the persons in the user list of the application as well as to the previous messages in the application is blocked.

vii. Data related to the server and communication is saved in an encyrpted manner in the application database, which is another measure taken for preventing the identification of users as well as for ensuring the safety of communication.

viii. The users accessing the application from Turkey are forced to access via VPN in order to conceal their identities and communication.

c. Whether ByLock is a Global Application

i. It has been determined that most of the users of the ByLock application were from Turkey.

ii. The server manager of the ByLock application announced that he had blocked the access of some IP addresses from the Middle East to the application. In spite of this, it has been found that almost all of the blockings concerning the ByLock application concerned the IP addresses originating in Turkey. Accordingly, the connections from the Middle East were in fact the connections from Turkey. This is an indication of the fact that the application did not appeal to global audience.

iii. Source codes of the application include certain Turkish phrases. In this scope, among the source codes of the system, there are Turkish phrases such as “yetkiniz yok (you are not authorized)”, “dosya (file)”, “posta (mail)” and “sesli arama (voice call)”. In addition, a large part of the user names, group names and the passwords broken are in Turkish. Moreover, almost all of the deciphered contents of the communication made via ByLock are in Turkish.

iv. There was a substantial increase in the queries made through search engines as from the date when access to the ByLock application through Turkish IP addresses was blocked.

v. Web-based posts concerning the ByLock application were mainly shared through fake accounts, and these posts were in favour of the FETÖ/PDY. The application, which was used by a large group of users, had not been known by the Turkish society or abroad before the coup attempt of 15 July.

vi. Even if the program was placed in general application markets under the cover of a global application, it required a special installation process and there was no user manual in this regard. The FETÖ/PDY, having allowed the ByLock application to be downloaded from general application stores in early 2014, made it obligatory to install this application on phones or electronic/mobile devices through means such as external memory, memory cards or Bluetooth, instead of downloading it from general application stores, fearing that its users might be identified by judicial authorities. In this regard, the message sent by 135707 user-ID on 9 December 2015 at 09:17 p.m. was “Salaam, our big sisters are downloading the ByLock application from Google Play to install it on their phones. It is absolutely wrong, and those who have done this need to format their phones. Bylock or Turquoise should be sent via Bluetooth. That’s because the applications downloaded from Google Play are taken to the surveillance list”.

vii. Unlike common commercial messaging applications, sections such as user manual, frequently asked questions and feedback area are not available in the ByLock application. According to the judicial authorities' assessment, this is an indication of the fact that the ByLock application was not accessible to everyone but to those who would use it within the organisation.

7. Organisational Features of the ByLock Application

55. As a result of the studies carried out regarding the ByLock application, the reports issued by the investigation units and the decisions of the Court of Cassation included some findings as regards its relationship with the FETÖ/PDY as well as its organisational aspects. These can be summarized as follows:

i. Some suspects, whose statements were taken after the coup attempt of 15 July, and those accused, who were still on trial, stated that the ByLock application was used exclusively by the members of the FETÖ/PDY as an organisational communication program since the beginning of 2014. In this regard, the content of e-mail correspondence between 43284 user-ID and 43273 user-ID on 28 January 2016 at 06:32 p.m. was “1) We will use the word ‘WhatsApp’ instead of ‘ByLock’ mail. 2) Ravis should be deleted before being forwarded if there is no special purpose. 3) It is inconvenient to send photos, as they remain in the memory of the device. 4) We, especially those using wide screens, should use it outside the sight of the cameras in public places. 5) It is recommended to create a new account in cases of duty change. 6) We should not travel while the whatsaby is running (a technology where hgs and hts match is available) and keep it running in our destination and at nights. 7) Prayers, articles, columns, recommendations and notes should be shared vertically and here, as a clean source, should not be contaminated with horizontal sharing. 8) Technology should be used like ordinary people (an ordinary person does not carry family line, precautionary phone, data line/device and power bank all together). We may carry a tablet and a phone or just a phone (precautionary phone). We should not draw attention by carrying three or five devices like a transformer, both technically and physically. 9) There should be no devices in which the last version cc has not been installed, especially in devices where we use whatsaby. 10. No program other than whatsaby should be used in messaging. Those found to be messaging through another program or a normal line will be accused of imprudence that is a very severe charge. 11) Apks of the files such as whatsaby, cc, vpn and kakao should not be transferred via bluetooth. A sd card or whatsaby may be used for transfer. 12) A google play account or a map program like yandex should not be installed on the device in which we use whatsaby. WhatsApp and whatsaby should never be on the same phone. 13) Never use any application that is not said to be used vertically ...”.

ii. The messages and e-mails, which were obtained from the ByLock, contained certain abbreviations about which the organisation members gave information in their statements and the literature peculiar to the organisation. The necessity, for enabling two users to get in contact, to add each other is regarded as an indication that the ByLock application was developed in pursuance of the clandestine cell-type structure of the organisation. In this framework, a former member of the Council of Judges and Prosecutors (“the CJP”) who has been convicted of membership of the FETÖ/PDY indicated in his statement that the ByLock application had been installed on his phone by another member of the organisation in November 2014, that while the elections of the CJP were taking place in 2014, the organisation used the ByLock program, and the provinces were communicated with through this program (see the decision of the General Assembly of Criminal Chambers of the Court of Cassation, dated 2 July 2019 and numbered E.2019/9.MD-312, K.2019/514).

iii. There are also other findings that the application had been created and developed by the members of the organisation at the very beginning and used for organisational purposes. As stated in the ByLock Analysis Report, as a result of the analysis of the data as regards the first hundred (100) user-ID numbers in the database of ByLock servers;

- The users of five out of the first thirty user-IDs could be identified;

- It has been determined that the User-ID:3 was a computer engineer working in the TUBITAK. In addition to using ByLock, this person is also charged with the membership of the FETÖ/PDY according to some other evidence collected;

- It has been found that the usernames and passwords of User-ID:2, user-ID:3, user-ID:5 were similar to each other, that the relevant user was Turkish due to the user name "dede" (Turkish version of the word “grandfather”) and that therefore the users of these three user-IDs might be the same person;

- It has been found that the passwords of the User-ID:4 and User-ID:6 were “samanyolu” which has a symbolic meaning in the terminology of the organisation and that this word also indicates that the user was Turkish and the application was being used by someone of Turkish origin.

- The users of 53 out of the first hundred (100) user-IDs in the ByLock database could be identified. It has been determined that 15 of these user-IDs were working at different ranks in the intelligence unit of the law enforcement agency and stood trial in cases of illegal wiretapping. 3 user-IDs were subject to investigation/prosecution on the basis of the allegation that they were confidentially responsible for the law enforcement agency on behalf of the FETÖ/PDY.

- In the examinations regarding the contents of the messages/e-mails of the remaining users among the said first hundred (100) user-IDs, other than those mentioned above, it has been found that the User-ID:49 (M.Y.) was Fetullah Gülen’s private secretary who organised those who want to interview with the leader of the organisation, conveyed the relevant information and notes to the leader and also conveyed the instructions he received to the members of the organisation; that the user ID: 63 (M.K.) and the user ID: 100 (M.P.) were the senior officials confidentially responsible for the law enforcement agency on behalf of the FETÖ/PDY; and that they were prosecuted.

- It is evaluated in judicial and technical reports that considering the findings reached regarding the first hundred (100) user-IDs, this application was only used by the members of the FETÖ from the very beginning. Judicial authorities, considering the data related to the relevant user-IDs, have concluded that they were the founder, developer or administrator of the ByLock application.

iv. In addition, as a result of the examination on the contents of the ByLock application as well as the user information, it has been determined that 175 persons who were found, at the end of the investigations and prosecutions conducted against them, to have been the senior executives of the FETÖ; 52 judges and 23 public prosecutors who had attended a number of investigations and prosecutions that are known to the public as Ergenekon, Balyoz (Sledgehammer) and Askerî Casusluk (Military Spying); and 5,922 out of 8,723 persons, who were suspects or accused in the investigations and prosecutions conducted against the confidential structure within the law enforcement agency, were ByLock users.

v. Contents of a number of messages confirmed the findings of the judicial authorities that ByLock was developed and used as an organisational communication tool. Here are some examples of this: The message sent by D.K. with 336365 user-ID on 30 January 2016 at 12:29 p.m. was “They are aware that the Community is using ByLock”, and the message sent by K.A. with 112875 user-ID on 11 January 2016 at 07:29 p.m. was “ByLock is a system that we have ordered for ourselves… In urgent cases, it is turned off and everything is deleted”.

vi. When the messages and e-mails in the ByLock application are examined, it is seen that they contain organisational purposes and contacts instead of daily activities. Some groups referring to the terrorist organisation’s hierarchical structure which is one of its elements were created in the program. The ByLock users, in their posts related to the FETÖ/PDY, also included a lot of information about the organisation, especially the names of the institutions associated with the organisation. In the relevant posts, the words that raised/triggered the levels of revenge and spiritual belief of the members of the organisation, that encouraged them as well as motived them to obey and that praised the leader of the organisation were chosen.

vii. ByLock users have also taken certain measures to conceal their identities. To that end, the users used code names instead of their real names in their messages and contact lists, and they also created long passwords (In this regard, for the findings and statements in the Constitutional Court’s judgments pertaining to the fact that the persons having relations with this structure used code names, see Alparslan Altan, §§ 11, 25, 134, 137; Erdal Tercan [Plenary], no. 2016/15637, 12 April 2018, §§ 16, 34, 151, 152, 153; Recep Uygun, no. 2016/76351, 12 June 2018, § 15; and Mustafa Mendeş, no. 2018/1349, 30 October 2018, § 17).

56. The relevant parts of the statements obtained during judicial investigations or prosecutions regarding the above determinations and assessments concerning the organisational features of ByLock are as follows:

i. The relevant part of the statement of suspect A.A., taken on 28 December 2016, in the presence of his lawyer, within the scope of an investigation conducted by the Adıyaman Chief Public Prosecutor's Office is as the following:

"Those responsible for the units were sharing the events that occurred in their units as well as the news and information they received. For example, if there were any problem about a member of the community, the responsible police officer would convey this situation via ByLock. He could give information as to whether the relevant person was being followed or whether his phone was being wiretapped. I do not know how he got this information.”

ii. The relevant part of the statement of suspect E.G., taken on 21 October 2016, in the presence of his lawyer, within the scope of the investigation no. 2016/8111 conducted by the Adıyaman Chief Public Prosecutor's Office is as the following:

“We used to receive motivational messages through these programs ... The reason why these messages were sent was that we would explain the subject matters of these messages to our inferiors.”

iii. The relevant part of the statement of suspect H.K., taken on 30 September 2016, in the presence of his lawyer, within the scope of the investigation no. 2016/1530 conducted by the Bayburt Chief Public Prosecutor's Office is as the following:

“The topics of the sohbet activities and the details of gatherings were announced through this program. There were also others, but I don't know what their real names were because they used code names. The topics of the sohbet activities were the books of F. GÜLEN, the video recordings of F. GÜLEN, religious stories and religious issues.”

iv. The relevant part of the statement of suspect F.G., taken on 25 August 2016, in the presence of his lawyer, within the scope of the investigation no. 2016/8111 conducted by the Trabzon Chief Public Prosecutor's Office is as the following:

“We started the sohbet activities together with Y.D. who was working in the G. police department. The date and time of gatherings were notified by A. to the police commissioners H. or Y. through the program the name of which was ByLock and he then gave us this information. He was also sending us quotations from Fethullah GÜLEN's books and epistles from time to time”.

v. The relevant part of the statement of suspect U.S., taken on 4 September 2016, in the presence of his lawyer, within the scope of the investigation no. 2016/90080 conducted by the İzmir Chief Public Prosecutor's Office is as the following:

“As for the contents of messages, we shared information about those who were taken into custody or detained. We also exchanged ideas about how to act in cases of police custody.”

vi. The relevant part of the statement of suspect M.K., taken on 5 September 2016, in the presence of his lawyer, within the scope of an investigation conducted by the Konya Chief Public Prosecutor's Office is as the following:

“In this process ... we were asked to install another program called ByLock on our phones … with the thought that it would be more confidential, since the activities carried out within the community were afraid of being disclosed. ... After installing this program called ByLock, we started to make our all calls and communications regarding the activities of our community through this program, as we had been told to do so.”

vii. The relevant part of the statement of suspect M.T., taken on 13 October 2016, in the presence of his lawyer, within the scope of an investigation conducted by the Samsun Chief Public Prosecutor's Office is as the following:

“One day when I met the relevant person with the code name H. in the student house, he told me that he was using the program called ByLock, that he was messaging with his friends who were staying in students houses through this program, that the program was only used by the members of the community, and that he would install the program on my phone if I wanted … He downloaded the program on my phone via Bluetooth and then installed.”

viii. The relevant part of the statement of suspect A.A., taken on 15 February 2017, in the presence of his lawyer, within the scope of the investigation no. 2016/14839 conducted by the Malatya Chief Public Prosecutor's Office is as the following:

“The time and place of weekly meetings, the situation of university students and houses in the province as well as the military students were talked about through ByLock. In addition, the messages and notes said to have come from Fetullah GÜLEN were shared. Besides, the exaggerated dreams of people named as the mollas of Fetullah GÜLEN in America, which aimed at increasing the motivation of the members of the organisation and preventing them from leaving the organisation, such as ‘Good days are coming. I saw our Prophet in my dream; he has good news for you.’ were told.”

ix. The relevant part of the statement of suspect M.T., taken on 18 January 2017, in the presence of his lawyer, within the scope of the investigation no. 2017/14839 conducted by the Malatya Chief Public Prosecutor's Office is as the following:

“In general, the messages that the organisation wanted to convey to its members, the texts to be read during sohbet activities and the instructions for the members of the organisation were sent to us through ByLock by our superiors … We would convey the messages to our inferiors through ByLock or tell them those, who were not using the ByLock application, during the sohbet activities. Among the received messages, there were also political ones.”

x. The relevant part of the statement of suspect A.S.K., taken on 5 December 2016, in the presence of his lawyer, within the scope of an investigation conducted by the Karaman Chief Public Prosecutor's Office is as the following:

“We were communicating with several people and provincial officers who were in my position, namely those delivered speeches during sohbet activities. We were also communicating with one or two people from the sohbet activities through this program. We were communicating with the person responsible for the group (“grup abisi”) through this program.”

xi. The relevant part of the statement of İ.S.K. taken during the prosecution process, as stated in the decision of the 1^st Chamber of the Kırıkkale Assize Court dated 15 September 2017 and numbered E.2017/255, K.2017/244, is as the following:

“I was told to install this program after being told the followings. We were told that there were some in-state powers which were hostile to the service movement and wanted to destroy it, that there was a risk of making us guilty by any manipulation in the digital media, internet and phone we used, and that we should be protected against all these by using this program. Therefore, I was told to install the ByLock program … In addition, motivating messages related to this conflict process would be received. In other words, the messages such as ‘it is almost over, it will be over, hopefully we will be more comfortable’ would be received.”

57. In addition, considering the importance of the ByLock program for the organisation, various defence strategies have been developed by the members of the organisation against possible judicial proceedings for the use of this program. In this context, as stated in the ByLock Analysis Report, as a result of the investigation into the other digital documents which were not related to the ByLock application but seized within the scope of the investigation no. 2017/68532 that was conducted by the Ankara Chief Public Prosecutor's Office, it was found that there had been an instruction text indicating various scenarios as to how the members of the organisation, who were found to have been using the ByLock application, would give statement before the judicial authorities. The said text which is included in the ByLock Analysis Report is as follows:

"WE SHOULD STRICTLY DENY THE EXPRESSIONS SUCH AS ‘YOU HAVE BEEN FOUND TO BE USING BYLOCK’ AS WELL AS THE QUESTIONS TO THIS END. YOU WILL SAY THAT ‘I DO NOT REMEMBER USING A PROGRAM LIKE THAT … OUR GENERAL PRINCIPLE SHOULD BE TO DENY EVERYTHING ... LAWYER BROTHERS SAY: ‘WE WILL DENY, EVEN IF THEY FIND A FLASH DRIVE IN OUR POCKETS’. IF WE ACCEPT EVERYTHING, WE WILL BE IN TROUBLE ... YOU WILL SAY, WITH NO PANIC, THAT ‘I DO NOT REMEMBER’.”

...

Our program may still be available like ByLock, so it is necessary to do a cleaning urgently. Then, what are you going to do? > There are 3 lines on the left on play store where there is the option of ‘my applications’. There are two tabs, which are ‘DOWNLOADED’ and ‘ALL’. In the latter, there are all the programs you have installed. If there are programs there such as Cover me, ByLock, etc., they should be deleted ... Of course, if you restore factory settings and use a new e-mail address everything will have been cleaned.

...

... We can say easily that the content of any of the mentioned programs (eagle, bylock, tango) and the similar programs with such interface or the messages sent/received have still not been deciphered by a technical surveillance or any other method. The necessary measures have been taken technically in this regard. The messages in the press are those shown by a few betrayers to the viles and the correspondence of the persons whose phones were seized unfortunately while the program was open.

... Those whose ByLock IPs have been determined may most probably be subject to judicial proceedings. Things to be done at this stage are listed below:

1. First, our IP addresses and mobile phone numbers connected to these IP addresses are determined. It does not matter which mobile phone we use. Although it is highly probable that the IMEI numbers of our mobile phones on the date when a given server is connected will be added to the file within the scope of such judicial investigation, the persons who are still using those mobile phones should immediately destroy them without selling or giving them to someone else. This issue will later be taken as an argument for our defense (Those who say my phone is very valuable may keep it in a place where it cannot be found. But if it is found, the responsibility is on them). The main purpose here is that the device you used at that time will not be seized by the police. In this image study, rather than reaching the ByLock application, it is aimed to develop arguments such as that this IP study is a conspiracy. That being the case, if the device on which you used the ByLock application in 2014 were seized by the other party, it would provide additional evidence for them.

2. If we have not logged in without VPN as at that time in our mobile phones we are currently using, then there is no problem. The friends who have such phones should protect their phones with a password as usual, and in case of a probable detention ... they should restore factory settings and then give the phone to those concerned.

STEPS TO BE TAKEN DURING THE STATEMENT-TAKING PROCESS: NOTE: The accusation against us will be the membership/leadership of organisation as well as the confidential use of the communication systems of the organisation.

3. First, you will examine the official letter issued by the Telecommunications Communication Presidency (TIB) as well as the document indicating which IP address belongs to whom and on which date. Afterwards, they will say “It has been determined that you have been using the program called ByLock that is the confidential messaging program of the FETÖ7PDY, on your mobile phone no. 0532….. and with the IP no. … For what purpose have you used this program, what instructions did you receive or send through this program? ...

...

REPLY: - SCENARIO 1: First, I reject the claim of organisational messaging attributed to me. I never used such a program. The document before you has been issued by the institution named TIB about which our President said 'It belongs to the FETÖ, is no longer reliable and will be closed’. It is tragicomic that I have been taken into custody for membership of the FETÖ based on the document issued by the said institution. I strictly reject these accusations. I think that this institution deliberately aggrieves the persons who are not member of the FETÖ. Besides, don’t you have to prove in the first place with concrete evidence that the software of the program you have told me about belongs to the FETÖ/PDY and then accuse me, relying on the report issued by a reliable independent/impartial institution indicating that I have really connected to the said program? For years many FETÖ members have been arrested. I am sure that all used the programs called WhatsApp and Kakao. According to you, are the company that released the WhatsApp application as well as many Koreans using the Kakao application members of the FETÖ? You have failed to put forward concrete legal evidence. Besides, you have seized my mobile phone (here we try to misdirect). You will find the program in this mobile phone, if it is really available. … In addition, I have never used a messaging program other than WhatsApp in my life. I am not good at technology…

-SCENARIO 2: (NOTE: This scenario would be more convincing, if preferred by the friends engaging in computers, social media and software and hardware works and hobbies related to these. In this scenario, deleting/installing a program should be explained in a very uncaring manner that it is a very common process.) I remember the program you have told me. I am very interested in technology. I follow the new programs on the related websites. I have been using smart phone since the day it was released and I follow the technology closely to use the phone efficiently. I download many programs from recipe to shopping and social media programs. If I don't like them, I delete the programs. I do not remember the program you have told me. If you tell me who made the software, I may make a comment about it. However, since I am a nationalist person, I usually download the programs released by Turks so that they can make more money. Probably the program you have told is such a program. Besides, you have failed to show me the message I allegedly sent through this program and was also allegedly organisational…

-SCENARIO 3: NOTE: It is worth trying this scenario. I do not remember having installed such a program. But I don’t think the name of the program has been heard so much. As everyone else, I may have wondered it in the Chat program category, downloaded, installed and then deleted it. I think the claim of organisational is funny and unrealistic...

-SCENARIO 4: I have never used such a program. I would have remembered if I had used it. You show me a document where my mobile phone has been identified through IP determination process. I wonder how reliable this document is. Besides, even if it is true, anyone who took my mobile phone may have downloaded this program and then deleted it. You have my phone, look and examine it. You cannot show me a single message that I sent through this program. You only present as evidence a document issued by an institution whose reliability is questionable. I absolutely deny the allegations against me.

SCENARIO 5: IF THE DOCUMENT THAT IS PUT FORWARD WAS NOT A TEXT ISSUED BY THE TIB UPON AN OFFICIAL REQUEST AS WELL AS UPON THE RELEVANT COURT DECISION, BUT A DOCUMENT INCLUDING THE ANALYSIS REPORT ISSUED BY THE MİT/INTELLIGENCE AUTHORITY, THEN WE WILL GIVE A SINGLE ANSWER: THE DOCUMENT YOU HAVE SHOWED ME IS NOT LEGAL, THIS IS JUST AN INTELLIGENCE REPORT. BESIDES, I HAVE NEVER USED SUCH A PROGRAM. I DENY THESE ILLEGAL CLAIMS WHICH ARE NOT BASED ON AN INTELLIGENCE REPORT. NOTE: AT THIS STAGE, ANOTHER SUGGESTED SCENARIO WHICH IS “I DOWNLOADED THE PROGRAM IN ORDER TO MESSAGE A FRIEND LIVING ABROAD, UPON HIS SUGGESTION” MAY SPOIL EVERYTHING. THEY WILL DEFINITELY CONSIDER THAT THE RELEVANT COUNTRY IS THE USA AND THAT YOU HAVE INSTALLED THE PROGRAM IN ORDER TO MESSAGE A SPECIAL PERSON LIVING THERE. THEY WILL THEMSELVES ESTABLISH THE ORGANISATIONAL RELATION WITH THAT PERSON … NEVER FORGET, WE WILL ALWAYS SAY THAT WE DO NOT REMEMBER HAVING INSTALLED SUCH A PROGRAM, AND WE WOULD HAVE REMEMBERED, IF WE HAD INSTALLED AND USED IT.”

8. Nature, Interpretation and Matching of ByLock Data

58. ByLock data, except for digital data like setup file of the ByLock application which was found in the devices of the accused persons seized during the judicial investigations and prosecutions conducted against them, are essentially based on two sources. The primary source is the raw log information including information on ByLock users, user-IDs, messages, e-mails, voice calls and log records pertaining to this information, which were obtained by the MİT. These raw data obtained from ByLock server constitute not the whole but a certain part of the data available on the server. The other source is the CGNAT data pertaining to the internet traffic reports demonstrating accesses from Turkey to ByLock IPs.

59. Raw ByLock data submitted to the Ankara Chief Public Prosecutor’s Office were subject to disk imaging process, and a copy of these data was delivered to the EGM-KOM for examination. Another copy was secured by the evidence unit in a locked safe box. HASH value of the image of the raw data, as indicated in the report issued by the Security Directorate, is 32e17a8f36e426f4af83cce32a0f5087. Such images are secured in locked containers. According to the judicial units, the CGNAT data cannot be altered or impaired as they can be compared with, and thereby checked through other available sources.

60. As indicated in the reports issued by the investigation units, upon being delivered to the EGM-KOM, the ByLOCK data were shared with the provincial units of the security directorate, and thereby the real users of the matched subscribers were identified. The provincial units started to carry out analyses and inquiries so as to identify the real users of ADSL/GSM subscribers having access to ByLock application. These inquiries were performed in consideration of the rosters (a list of names assigned by other users), group information and contents of messages on the basis of the profile information within the ByLock data (username, password, name, general text). It was indicated that all ByLock data obtained with respect to the suspects/accused persons in this way were recorded in a report and appended to the files; and that all recovered data were included in this report.

61. As also indicated in the same reports, the raw data submitted by MİT to the Ankara Chief Public Prosecutor’s Office were not readable, and therefore, they could not be separated on the basis of user-ID without the assistance of an interface program. Raw data from the ByLock database were indexed as separate charts by the database systematic design, and the data available in the charts were interrelated with charts by use of codes included therein. An interface developed upon the instruction of the Ankara Chief Public Prosecutor’s Office operates in a way whereby all data available in the charts based on user-ID are categorised systematically and then recorded in the ByLock Report. These reports are appended to the investigation and prosecution files of the relevant persons who have been revealed to have a user-ID. The data which could not be resolved yet are still under examination. If any finding is obtained during the process, it is then submitted to the incumbent chief public prosecutor’s office.

62. In this sense, it is indicated in these reports that Turkey is in the same time zone with Lithuania, the country where the ByLock server is; that therefore, date/hour information of the ByLock database and that of the users connecting to the ByLock server from Turkey are synchronized. In the same report, technical analyses of the ByLock data on the digital platform, which are also referred to in the judicial decisions, are explained as follows:

“ByLock data are saved in the MySQL database, which is an open-source relational database management system. In order to open these data, MySQL database and one of the database management tools (phpMyAdmin, MySQL Workbench, Heidi Sql and etc.) need to be downloaded. After downloading one of the MySQL database management tools, charts belonging to the ByLock database will become visible. The charts are categorised as 'ACTION', 'ATTACHMENT', 'CALL_HISTORY', 'CHAT', 'CLIENT', 'EXCEPTION', 'SETTING', 'FILE', 'FILE_TRANSFER', 'GROUP_MEMBER', 'LOG', 'MAIL', 'ROSTER', 'USER', 'USER_GROUP' and include data of millions of lines. Data recorded in the charts are based on IDs (number assigned by the program). Information within the ByLock database, which serves the purpose of identifying the ID user, is segmented, and those to whom the IDs belong are identified as a result of the inquiries conducted.

As a result, the PHP-based interface, developed by virtue of the instruction given by the Ankara Chief Public Prosecutor’s Office, sends commands to the charts of the ByLock database in the background and thereby all data pertaining to ID are collected. Then the collected data are analysed and associated. Thus, such information is recorded in a report as a print-out. The interrelation among IDs is established, and by conducting an inquiry by the content, the users of these IDs are identified. Besides, depending on the interrelation between ID and the relevant person, all data in connection with that person are reported.”

63. In assessing the relevant ByLock data, the initial detection date specified in the ByLock subscription list points to the date when the subscribers first connected to the ByLock application server from Turkey without VPN.

64. In addition, it is also indicated in the report of the Security Directorate that data pertaining to ByLock application consist of messages and e-mail contents, profile information and incoming/outgoing calls. According to the report, the date written under the section titled First Log Date Determined in the ByLock Report -including the data available on the database- is the first log date which could be recovered with respect to the connections to ByLock server from Turkey. It is further indicated in the report that as the data on the ByLock database are only those which could be recovered (the whole data could not be recovered), 1) such data may show difference, to a certain extent, with the CGNAT records, 2) there may be certain differences between the first and last log date ranges of the log dates written on documents such as the ByLock inquiry result, CGNAT records, ByLock identification and assessment reports, 3) any record as to the access to the system may not be seen in the log chart for any time frame when a message or e-mail was indeed sent/received. It is therefore indicated that no discrepancy could be said to exist among the available data.

65. In that case, it is possible that connections, of a person whose log records with respect to certain actions performed on certain date or dates cannot be reported for not being recovered, to the server for these actions on these dates could be detected through CGNAT data. Besides, it is possible that although there is no CGNAT record for the person who got access to the application with VPN, this process could be logged on the ByLock database. It is further noted that this difference resulting from the inability to obtain all data available on both sources cannot be construed to the effect that there are contradictions among the available data.

66. It is further stated in the technical reports that the Bylock program manager performed certain actions so as to delete log records prior to 15 November 2014. According to the findings of the investigation units, it is possible for any datum on an information system not to disappear unless it is deliberately deleted or overwritten. The recovery process conducted, by the Department for Fight Against Cyber Crimes of the Security Directorate with respect to ByLock database, during the judicial investigation was successfully completed, and log information prior to 15 November 2014 was also obtained. Besides, although it was found out that the person considered to be manager of the ByLock server blocked access of certain Middle East ID addresses to ByLock server on 15 November 2014, connections subsequent to that date were also found through both the log records in the recovered database and the CGNAT data concerning accesses to the server from Turkey.

67. According to the Court of Cassation’s judgments as well as the assessments in the judicial and technical reports, an organisation member may successfully use the ByLock application only when he is informed, by another member of the organisation, of the existence of ByLock application, its use, confidentiality and organisational significance. As also noted in the Security Directorate’s report, there are no sections in the ByLock application such as operating manual, frequently asked questions and feedback. Although a person comes across with different versions of the ByLock program at application stores or on certain websites, he cannot use this program on his own and add other persons as a friend and get in contact with them through the program. It is indicated in the ByLock Analysis Report that this application has been used by the organisation as from the first user-ID number assigned; and that no investigation has been conducted until today by the Ankara Chief Public Prosecutor’s Office against any person merely for downloading ByLock.

B. Process as regards the Applicant

68. The applicant, born in Bolvadin in 1977, was serving as a guardian at the Foça Open Penitentiary Institution at the time when the impugned incidents took place.

69. Upon the denunciation that the court clerks and guardians, who were in relation with the organisation, would engage in provocative actions such as slowdown and arson with a view to interrupting the processes -with respect to the individuals who were taken into custody for their alleged membership of the FETÖ/PDY- before the court houses and penitentiary institutions, the İzmir Chief Public Prosecutor’s Office launched an investigation against 144 prison and probation officers including the applicant.

70. On the other hand, the applicant was dismissed from public office, by virtue of the Decree Law no. 675 on the Measures Taken under the State of Emergency, dated 3 October 2016, as he was in liaison with terrorist organisations or structures, formations or groups which acted, as decided by the National Security Council, against the national security of the State.

71. As no evidence to the effect that the applicant had involved in the said acts which were under investigation could be found, the investigation against him was continued for his alleged membership of an armed terrorist organisation. According to the evidence obtained during the investigation, the applicant was a subscriber to the ByLock application.

72. In the indictment of 22 May 2017, which was issued at the end of the investigation completed by the İzmir Chief Public Prosecutor’s Office, it was indicated that the applicant was revealed, as a result of the inquiry of 28 February 2017 made by the EGM-KOM, to use the ByLock communication program via the GSM number, the applicant had admitted to use, through 4 separate mobile phones. His first access to the ByLock application was on 13 August 2014. The incumbent chief public prosecutor’s office filed a criminal case against the applicant before the 15^th Chamber of the İzmir Assize Court (“the court”), reaching the conclusion that he was a member of an armed terrorist organisation, namely the FETÖ/PDY.

73. In the report titled Result of New ByLock Inquiry, which is dated 30 June 2017 and was submitted to the court by the EGM-KOM, it is stated that as indicated in the indictment, the applicant used the ByLock communication program, through his registered GSM number, with 4 different mobile phones IMEI numbers of which were determined; and that he used the program for the first time on 13 August 2014.

74. According to the ByLock Report of 5 June 2017, which was drawn up, by the EGM-KOM, with respect to the applicant and appended to the file, the relevant data created as a result of the applicant’s access to the ByLock server through the GSM number registered in his name and used by him are as follows:

i. user-ID number "114205", username "serhat1299", password "Pl121212@", name "Serhat", message "Do not grieve, indeed Allah is with us (“Allah var gam yok”)!!!", last online date/time "14.01.2016, 20.43.40".

ii. According to the findings categorised as “data” and “log” under the heading “Statistics based on ID no. 114205”, the ByLock account was actively used for correspondence and e-mail. Number of e-mails sent is 68; total number of e-mails is 1.052; number of calls received is 30; number of entries logged is 159; number of received e-mail is 74 (data) and 190 (log); number of outgoing calls is 14; number of friends added is 4; number of received messages is 4 (data) and 172 (log); number of e-mails read is 108; total number of e-mails is 1.052; number of received files is 2; number of messages sent is 7 (data) and 258 (log); and number of e-mails deleted is 3.

iii. It appears that there are 24 data under the heading “Rosters Assigned by Those Adding ID no. 114205”; that some of the ID-users whose real users were identified and who added this ID to their lists were also a guardian like the applicant; and that this user-ID was named as “serhat” and “murat sıngrr” by some of the users.

iv. It appears that there are 25 data under the heading “Rosters Assigned by ID no. 114205 to those Added by this ID” where user-IDs, names and surnames, TR identity numbers and professions of the persons with whom user-ID numbers were matched, as well as user-ID numbers real users of which could not be identified yet, are listed; and that the applicant added some of these persons to his friend list by assigning them with rosters on his own.

v. It appears that there are 5 groups in total under the heading “Groups in which ID no. 114205 Joined and List of Persons in the Group” where user-ID numbers joining to these five groups and the identifying information of the users of these ID-numbers, who could be identified, are indicated. Under the heading “List of Persons Connected to ID no. 114205”, 27 user-ID numbers and identifying information of the users of these ID-numbers, who could be identified, are indicated. Under the heading “List of E-Mails Connected to ID no. 114205”, 24 user-ID numbers and identifying information of the users of these ID-numbers, who could be identified, are indicated.

vi. Under the heading “Correspondences with respect to ID no. 114205”, contents of the messages with the user-ID no. 244869 on 9 September 2015 and between the hours of 05.38.09 p.m. and 06.10.24 p.m. as well as with the user-ID no. 329688, whose real user was identified to be S.A., between 6 June 2015 (as from 11.55.07 p.m.) and 29 October 2015 (until 08.23.08 p.m.) are provided.

vii. Under the heading “E-Mails with respect to ID no. 114205”, there are e-mails which were sent to this ID-number from other users, of which contents have been determined or could not be determined yet as the password could not decrypted. It appears that in the e-mails of which contents could be determined, it is requested that goods and service would be procured from the private enterprises having relation/connection with the organisation, thereby providing support for these enterprises. In these e-mails, the organisation members are provided with information as to the judicial examination conducted into these enterprises, and plans are made concerning the places to be assigned as organisation houses. Besides, the users are warned in these e-mails that common messaging applications have been monitored by the State and all processes conducted through these applications have been recorded. Therefore, the users are advised not to use the common messaging applications. In the e-mails, information as to the investigations and prosecutions conducted against the organisation members is provided, and organisational acts and conducts of these persons are praised; information is provided on the methods applied by the judicial units conducting investigations into the organisation; and advices on defence tactics against these methods are given. It is also requested that internet sites whereby the instructions given, and speeches delivered, by the organisation leader, Fetullah Gülen, are published be followed.

viii. Under the heading “Call Records with respect to ID no. 114205”, findings as to 44 calls made via ByLock application with its other users; under the heading “Log Chart with respect to ID no. 114205”, 159 “login” processes through ByLock communication system performed with an Android device between 8 November 2014 and 14 January 2016; under the heading “All Log Chart with respect to ID no. 114205”, a total of 926 “login” processes through ByLock communication system between 8 November 2014 and 14 January 2016 are listed.

75. The court conducted inquiries into the questions whether the GSM number used by the applicant had connected to the target IP numbers of the ByLock server, as well as if connected, into the information about the relevant base station (CGNAT records) and the devices (IMEI numbers) through which the GSM number in question was used as from the date when he was revealed to use the ByLock application. The outcome of this inquiry was explained as follows by the court:

"In reply to the letter addressed to the Information and Communication Technologies Authority (“the BTK”), it was determined that the first connection to the ByLock app. was 13 August 2014 at 01:34:43 p.m.; that the mobile phone in question received signals from the base station located at İsmet İnönü Mah. … Menemen/İzmir and got in contact many times with several IP addresses through which the ByLock application provided service”.

76. As recorded in the National Judiciary Informatics System (“UYAP”), the BTK’s findings are as follows:

i. IP addresses of the ByLock program, information on contacts made through each IP number assigned by the operator of the GSM number which was registered in the applicant’s name and which the applicant admitted to have used himself (information on general IP, special IP, target port, IMEI number of the relevant device, date, time and base station separately for each contact).

ii. Information to the effect that through the internet of the GSM number owned by the applicant, a total of 12.166 connections to IPS addresses of the ByLock server were made between 13 August 2014 01:34:43 p.m. and 14 January 2016 10:15:46 p.m.; that at the relevant time, the GSM number was within the coverage of base stations located at İsmet İnönü Mah. …. Menemen/İzmir, Foça/İzmir or at other districts of İzmir or at different cities (Before the court, the applicant declared his residential address as İsmet İnönü Mah. ... Menemen/İzmir).

iii. Information to the effect that at the relevant times when IP addresses of the ByLock server were connected, the applicant’s GSM number was used with the devices IMEI numbers of which are indicated in the reports on the ByLock Inquiry results issued by the Security Directorate.

77. The applicant’s trial was completed within two hearings. During the first hearing, the applicant denied the accusations against him, noting that he was provided with any assistance by the members of this organisation neither entering into the public office nor performing his public duties. He further indicated that the GSM number which had a ByLock record was used by himself; that however, he had not used ByLock communication program; that he had not got acquainted with any persons, who were added by the applicant, or who added him, as a friend according to the ByLock Report; that he had nothing to say against the CGNAT records indicating his connections with the ByLock server; and that prior to his mobile phone which was on his body at the time of his arrest, he had used three different mobile phones brands of which were Samsung 3, General Mobile and LG.

78. The applicant’s defence counsel maintained that the findings as to the ByLock program were indeed digital evidence which could be tampered with at any time; that these data were obtained unlawfully; that the ByLock program was not intended for the organisational use and could be downloaded from any open source; and that end-to-end encrypting method was available in almost all of the messaging programs.

79. As a result of the inquiry conducted -via www.turkiye.gov.tr, a web-site operating under the scope of the e-state project- into the applicant’s GSM number and four separate IMEI numbers through which access to the ByLock server was ensured, it was found established that these IMEI numbers belonged to three mobile phones of different brands, which the applicant had mentioned in his defence submissions.

80. By the decision of 8 December 2017, the applicant was sentenced to 7 years and 6 months’ imprisonment for his membership of an armed terrorist organisation. In the reasoning part of the decision, the notion of terrorism is defined at the outset. It then provides explanations as to the establishment, aims pursued by, and the structure of the FETÖ/PDY as well as the ByLock communication program, lawful nature of the data concerning this program, and the fact that it was a program put into the use for the purposes of the said organisation. As the justification underlying the applicant’s conviction, the court relied on the consistency between the ByLock Report and the CGNAT data with respect to the applicant’s GSM subscription as well as on the finding that the applicant used ByLock communication program, which was designed for the use of the FETÖ/PDY members, with the username “serhat1299”.

81. On 31 January 2018, the applicant’s challenge against the first instance decision was dismissed on the merits by the 2^nd Chamber of the İzmir Regional Court of Appeal.

82. Examining the appeal request, the Court of Cassation upheld the decision of 28 February 2019 whereby the applicant’s challenge against his conviction was dismissed on the merits.

IV. RELEVANT LAW

A. Domestic Law

1. Legal Provisions

83. The then Article 4 of Law no. 2937 on State Intelligence Services and the National Intelligence Organisation, insofar as relevant, reads as follows:

“Duties of the National Intelligence Organisation are as follows:

a) To create state-wide national security intelligence in respect of the existing and probable activities, performed at home and abroad, against the country, nation and territorial integrity of the Republic of Turkey, its independence, safety, constitutional order and national power; and to report such intelligence to the President, the Prime Minister, the Chief of General Staff, the Secretary General of the National Security Council as well as to the relevant institutions.

…

i) To gather, record and analyse information, document, news and data concerning foreign intelligence, national defence, counter-terrorism, international offences and cyber security by use of any kind of procedures, means and systems of technical and human intelligence, and to report the intelligence created to the relevant institutions.”

84. Article 6 of Law no. 2937, insofar as relevant, reads as follows:

"In performing its duties hereunder, the National Intelligence Organisation shall be empowered:

a) To establish direct relations with all domestic and foreign institutions and agencies, all organisations and formations as well as persons; to apply appropriate coordination methods.

b) To receive information, documents, data and records from public institutions and organisation, public professional organisations, the institutions and organisations under the Banking Law no. 5411 and dated 19 October 2005, as well as from the other legal persons and institutions with no legal entity. To avail from, and to get in contact with, archives, electronic data processing centres and communication infrastructure of these institutions and organisations. The institutions and organisations, which receive such requests, cannot abstain from fulfilling the request by relying on its own legislation.

...

d) In performing its duties, to adopt clandestine working procedures, principles and methods of covertly working;

...

g) To collect relevant data on foreign intelligence, national defence, terrorism, international offences and cyber safety, which are available on telecommunication channels.”

85. The then Article 134, titled “Search of computers, computer programs and transcripts, back-up and provisional seizure”, of the Turkish Criminal Procedure Code no. 5271 reads as follows:

"(1) Upon the motion of the public prosecutor during an investigation with respect to a crime , the judge shall issue a decision ordering the search of computers and computer programs and records used by the suspect, as well as back-up and transcription of these records, if there is strong indication of guilt based on concrete evidence and it is not possible to obtain the evidence by other means.

(2) If computers, computer programs and computer files/records are inaccessible, as the passwords are not known, or if the hidden information is unreachable, then the computer and equipment that are deemed necessary may be provisionally seized in order to retrieve and to make a back-up of the necessary files. Seized devices shall be returned without delay in cases where the password has been decrypted and the necessary copies are produced.

(3) During the seizure of computers or computer files/records, a back-up of all data included in the system shall be made.

(4) In cases where the suspect or his representative makes a request, a copy of this copied data shall be produced and given to him or to his representative, and such an exchange shall be recorded and signed.

(5) It is also permissible to make a back-up of the entire data or some of the data included in the system, without seizing the computer or the computer files/records. The backed-up data shall be printed on paper and this situation shall be recorded and signed by the related persons.”

86. Article 206 § 2, titled “Presentation of evidence and its rejection”, of Code no. 5271 reads as follows:

"(2) The request of presentation of any evidence shall be denied in the below mentioned cases:

a) If the evidence is unlawfully obtained;

…”

87. Article 217, titled “Power of discretion in relation to evidence”, of Code no. 5271 reads as follows:

"(1) The judge shall only rely upon evidence that is presented at the main hearing and has been discussed in his presence while delivering his judgment. This evidence is subject to free discretion of the conscious opinion of the judge.

(2) The imputed offence may be proven by using all kinds of legally obtained evidence.”

88. Article 314, titled “Armed organisation”, of the Turkish Criminal Code no. 5237 and dated 26 September 2004, insofar as relevant, reads as follows:

"(1) Any person who establishes or commands an armed organisation with the purpose of committing the offences listed in parts four and five of this chapter, shall be sentenced to a penalty of imprisonment for a term of ten to fifteen years.”

(2) Any person who becomes a member of the organisation defined in paragraph one shall be sentenced to a penalty of imprisonment for a term of five to ten years.”

89. Article 1, titled “Definition of terrorism”, of the Anti-Terror Law no. 3713, dated 12 April 1991, reads as follows:

"Terrorism is any kind of act committed by one or more persons belonging to an organisation with the aim of changing the characteristics of the Republic specified in the Constitution, its political, legal, social, secular and economic system, damaging the indivisible unity of the State with its territory and nation, endangering the existence of the Turkish State and Republic, weakening or destroying or seizing the authority of the State, eliminating fundamental rights and freedoms, or damaging the internal and external security of the State, public order or general health by means of using force and violence and by one of the methods of pressure, intimidation, discouragement or threat.”

90. Article 2, titled “Terrorist offender”, of the Anti-Terror Law no. 3713 reads as follows:

"Any member of an organisation founded to attain the aims defined in Article 1, who commits a crime in line with these aims, individually or in concert with others, or any member of such an organisation, even if he has not committed such a crime, is a terrorist offender. Persons, who are not members of a terrorist organisation, but commit a crime on behalf of the organisation, are also deemed to be terrorist offenders.”

2. Judgments rendered by the Court of Cassation

91. The judgment of the General Assembly of the Criminal Chambers of the Court of Cassation, which is numbered E.2017/16.MD-956, K.2017/370 and dated 26 September 2017, contains the following explanations on the FETÖ/PDY:

"The FETÖ/PDY is a typical and sui generis armed terrorist organisation which uses the religion as a front and a means to attain its non-religious earthly purposes; which acts in line with the instructions of the organisation leader having the intent of establishing a new political, economic and social order; which, to that end, primarily aims at having power and acts with great clandestineness -instead of transparency and openness- with a view to being strong and establishing a new order; which uses, as an intelligence organisation, codenames, special communication channels, and money source of which is not known; which tries to convince everyone that such a structuring does never exist and has grown and gained strength to the extent it has succeeded to give such an impression; which on the other hand brands those who are not one of its members as an enemy and thereby motivates its own members; which penetrates into the State from bottom to top, through its members named 'Golden Generation' in pursuit of the principle of seizing the system instead of clashing with it; which gains a certain strength within the State with the advantages offered by the Golden Generation and thereafter deactivates its opponents by means of illegal methods that indeed appear legal; which thereby aims at ensuring social transformation by taking whole sub-elements of the State under control and seizing the system as well as by using the public power it has gained; and which also performs espionage activities.

The FETÖ/PYD armed terrorist organisation, designated to take over all constitutional institutions of the Republic of Turkey by using its human and finance resources -based on a hierarchical structure composed of imams appointed to the advisory board, country, regional, provincial, district, neighbourhood and house units- in line with the organisational interest and ideology, is founded on the principles of 'living covertly, always fearing, not telling the truth, denying the truth'.

Fetullah Gülen, leader of the organisation, -which becomes mobilised collectively through instructions; which acts with the intent of taking control of the public sector notably critical bureaucratic positions exercising the public power; which has illegally placed its own staff, according to the hierarchical order specific to it, within the civil service, judiciary, security directorate, education sector, intelligence units and the army; which has ensured the State organisation to serve for it thanks to the members it has placed in all institutions of the State; and which has so to say formed a parallel structure within the State,- gave the following instructions to the organisation members during his speeches of different dates, which indicates the utmost importance attached to the confidentiality within the organisation:

'Be flexible. Move through their vital points without coming into prominence!; Progress towards the vital points of the system until reaching to all power centres without enabling one to distinguish you!'

'Existence of our fellows in the courthouses, the civil service or other critical institutions and organisations must not be regarded as individual existence. They are our guarantees in these units for the future. To some extent, they are guarantors of our existence.'

'It is not an appropriate time. You must wait until the moment we hump the world and obtain the strength necessary for carrying the world and the moment we would be complete and ready, and the conditions would be appropriate! Especially, we must be much ahead of the opposing party in gaining information.'

'I mean, you do not dominate there; there are other powers. It is advisable to walk along the road in a balanced, attentive, cautious manner by taking into account these powers so that we would not take steps backward…'

' Each step is considered to be early until the moment we would take along the power and strength in all constitutional institutions of Turkey. (...) I have explained my senses and thoughts implicitly within such a crowd. (...) Your secret is your captive; if you disclose it, you would be taken captive by this secret. '

'We must always be cautious. Always take decisions in consultation. Implement the decisions taken by the Council of the Most Exalted (“Başyüceler Şurası”), the main consultation body, (as a matter of fact, the head of Council of the Most Exalted is Fetullah Gülen). We have to get access to their power centres…'

'Tell me one day we have thousand houses in Ankara. Then I would seize the state by the collar, and when the state becomes aware of the risk, there would be nothing to do’.

The organisation even decides the person with whom its members, placed in public institutions and organisations, would marry by interfering with their family lives.

The organisational structure in the public institutions is formed by cells consisting of maximum five persons who are subordinated to the abi (“brother”) within the organisation. The cells are not aware of each other. It is thereby ensured that even if any cell is disclosed, the other cells would continue their activities without being disclosed. The organisation members pursue a strict military discipline within the organisation.

The sole authority and leader within the whole organisation is Fetullah Gülen. He is considered as a universe imam within the organisation. Other executives act with the authority he confers upon them and on his behalf.

Obedience and submission are strict rules that are to be obeyed within the internal hierarchy of the FETÖ/PDY armed terrorist organisation where the understanding of universe imam prevails and which operates as seven-layer pyramidal structure. Submission is the commitment to both the organisation and the leader’s instruction, as well as the duty entrusted.

Hierarchical structure of the organisation is based on horizontal structuring. Intra-layer replacements are possible; however, the replacements above the fourth layer are determined by the leader. Those layers are composed of:

a) First Layer (The Commons): Consisted of those who are dedicated themselves to the organisation with faith and ties of affection and who provide actual and material support. Many of these persons are ensured to consciously or unconsciously serve for the organisation without being involved in the hierarchical structure of the organisation.

b) Second Layer (Faithful Section): The faithful group composed of the officers working at schools, private teaching institutions (dershane), student dormitories, banks, newspaper headquarters, foundations and institutions. These individuals attend the organisational meetings, regularly pay dues and are familiar with the ideology adopted by the organisation.

c) Third Layer (Ideologically Organising Section): Those undertaking duties in unofficial activities, adopts the organisational ideology and disseminates the propaganda of the organisation.

d) Fourth Layer (Inspection and Control Section): Those who are in this layer supervise all organisational service (legal and illegal). Those who are able to attain the required rank in terms of commitment and obedience may be promoted to this layer. Those attaining this layer are among the ones who joined the organisation at a young age. Those who subsequently joined the organisation cannot usually take office herein and the layers above.

e) Fifth Layer (Organising and Executing Section): High level confidentiality is sought. Those within this layer barely know each other. They are appointed by the organisation leader and organise and execute the structure within the State.

f) Sixth Layer (Private Section): Those who are personally appointed by Fetullah Gülen and ensure communication between the leader and subordinate layers and who are entitled to make reassignments within the organisation as well as responsible for dismissals.

g) Seventh Layer (Eminent Section): Those who are directly chosen by the organisation leader. This layer is consisted of 17 individuals. It is the most eminent section of the organisation.

The organisation has paid attention to cell-type horizontal structuring in order not to be disclosed and to prevent the State from revealing the organisational structure. The cells are generally composed of maximum five persons who are subordinated to an “abla” or “abi”. Number of the individuals within the cell is sometimes 3 in some institutions, whereas 1 in certain institutions such as the Turkish Armed Forces (“TAF”). An imam is appointed for each cell.

...

Although the FETÖ/PYD militants penetrating into the Turkish Armed Forces, the Security Directorate and the MİT are a public officer in appearance, their sense of belonging to the organisation dominates their all other belongings and commitments. It has been revealed that the FETÖ/PDY uses the public force, which should have been at the State’s disposal, for its own organisational interests. The organisation members, who have entered into public profession, as a private of the FETÖ/PDY, at the TAF, Security Directorates and National Intelligence Organisation after successfully completing the necessary steps, undergo an ideological training at the end of which they are ready to use their weapons and to use force in line with the instructions given by their hierarchical superior within the FETÖ/PDY. “Persons Dedicated to Service” is defined by the organisation leader as follows: 'the persons affiliating to the organisation must be determined, strong-minded and obedient to the organisational service; must take every responsibility and must not disturb their ambition in case of getting a blow; must prioritize not their own ranks but the rank of the service; must be ready to admit that the duties they would undertake in the course of service may be difficult; and must be ready for sacrificing their own existence, life, beloved ones for the service.'

FETÖ/PDY recruiting its members at the effective units of the Security Directorate as well as within the TAF uses the oppression and intimidation emanating from the authority to apply force and violence, which is inherent in the duties of the Security Directorate and the TAF units. The organisation members’ capacity to use weapons is necessary and sufficient to consider that the offence of an armed terrorist organisation has been committed. As a matter of fact, during the coup attempt of 15 July 2016, the organisation members, who were apparently TAF officials but acted in line with the orders and instructions of the organisation leader, used weapons, and many civilians and public officers were therefore martyred.

The said terrorist organisation has firstly ensured deactivation of the bureaucrats and officials who were considered to pose an obstacle to the organisation and thereafter placed its members in these positions, for the purpose of seizing the military, civil service, security directorates, judiciary and the other public institutions of strategic importance in order to attain its ultimate aims.

...

A criminal organisation may be an illegal structure which is established at the outset to commit an offence. Besides, a non-governmental organisation which functions on a legal basis may subsequently turn into a criminal organisation and even into a terrorist organisation. In this sense, legal existence of an organisation -which has already existed but is not known to public as no judicial decision is taken in its respect- is contingent upon a decision to be issued by the courts. However, the founder, executives or members of the organisation would be held responsible in criminal law as from its foundation date or the date when it became a criminal organisation despite being founded for legitimate aims.”

92. This decision also contains the following explanations as to the features of the ByLock communication system:

"ByLock communication system, which may be used not only by downloading but also upon a special installation process, is designated to ensure communication via internet through a strong encryption method whereby each message is transmitted with a different crypto key. This encryption method has been revealed to be a security system which aims to prevent hacking, by third persons, of the information transmitted among the users. In early 2014, ByLock was available and accessible for everyone at the application stores of the operating systems. However, after it had become no longer available at these stores, the organisation members downloaded it through external hard drive, memory cards and Bluetooth, which was revealed from the statements, messages and e-mails included in the relevant investigation and prosecution files.

ByLock communication system renders service over the server with IP address no. 46.166.160.137. The server manager also rented IP addresses no. 46.166.164.176, 46.166.164.177, 46.166.164.178, 46.166.164.179, 46.166.164.180, 46.166.164.181, 46.166.164.182, 46.166.164.183, with a view to hindering the identification of those who have been using the application.

ByLock communication system was put into service by being rented from ….. company, operating in the field of renting servers in Lithuania, and payments with respect to the server and IP renting processes were made through the method of Paysera by anonymous users. There is no available contact information of the persons who have developed and put into use this application. Nor is there any reference with respect to the works they have previously performed. It has been observed that there has been no initiative to promote the application, thereby number of its users has not increased, and it has not gained commercial value.

Global and commercial instant messaging applications use “certificate-authority signed SSL certificate” whereby the responsibility for the safety of information on users and of the communication is transferred to this authority in return for a payment. However, the ByLock communication system has no certificate-authority signed SSL certificate. It is thereby prevented that certain information on its users as well as the communication traffic be conveyed to any external place other than the ByLock server.

Among the source codes pertaining to the ByLock communication system, there are expressions formulated in Turkish such as 'no authority', 'file', 'mail' and 'voice call'. Likewise, a great part of the usernames, group names and decoded passwords as well as almost all of the deciphered contents within the application are consisting of Turkish expressions.

After its download to smart phones, ByLock communication system may be used only when a username/code and password are created and a dedicated strong cryptographic key, which is created by random hand movements on the phone, is determined. This information is then conveyed to the application server in an encrypted manner. It is thereby aimed to ensure the safety of user information and communication to a maximum extent.

Unlike global and commercial applications, no information specific to the user -such as phone number, identity number, e-mail address- is requested and there is no verification process with a code sent through a SMS or e-mail while signing up for ByLock communication system in order to make the disclosure of the users’ real identities more complicated.

ByLock communication system does not allow for adding a user by making a search with phone number or name-surname. Besides, in the ByLock communication system, there is no feature whereby persons in the phonebook are automatically added to the system which is available in similar applications.

In this application, the users may get in contact with each other by adding the usernames and codes which they have already obtained. Only thereupon, the parties start messaging. In this sense, it appears that even the users themselves do not have the opportunity to use the system whenever they want. Thanks to this setting, the application allows for communication only in conformity with the cell-type structuring.

The ByLock communication system enables encrypted instant messaging, e-mail sending, forming contact list by adding friends, intra-group messaging, encrypted voice calls, transmission of video or document. The users are thereby enabled to communicate with each other for organisational purposes without the need for any other communication means. As the users involve in communication only through the ByLock server, the server manager is thereby enabled to check and control the groups and the contents of the communication within the program.

Even if the users forget to delete any data despite being necessary, the persons in the contact list and the previous messages in the application cannot be accessed in case of any possible judicial process whereby the device is seized, thanks to the ‘automatically delete message’ feature specific to the ByLock communication system, which allows deletion of the messages automatically upon a particular time without the need for any manual operation on the device.

Another security measure taken to prevent the disclosure of the users’ identities and ensuring confidentiality in communication is the encrypted storage of the server and communication data of the ByLock application in the database.

Along with the measures taken by the ByLock system itself, the users have also taken certain measures to conceal their identities. In this sense, they have not used the real names of the persons in the contact list and in their messages and instead used their “codenames” within the organisation. They have also preferred long passwords.

The users getting access to ByLock from Turkey are forced to use VPN with a view to concealing their identities and ensuring confidential communication.

It appears that almost all searches with respect to ByLock through search engines were made from Turkey.

Posts with respect to ByLock via social media and websites were mainly shared through fake accounts.

The ByLock communication system with a great number of users had not been known to the Turkish and foreign public prior to the coup attempt of 15 July 2016.

Almost all the transcribed contents of the communication via ByLock are concerning organisational contacts and activities. In this regard, it has been revealed that the following organisational messages were sent through the ByLock application: any change in the meeting places, giving notice of the operations to be held; provision of secret hiding places within the country for the organisation members; plans made for fleeing abroad; holding benevolence meetings and provision of money for the organisation members suspended or dismissed from office; conveyance of instructions and thoughts of Fethullah Gülen; sharing of web addresses which operates for the purpose of introducing Turkey as a country supporting terrorism and requesting support for the questionnaires available on these web-sites; ensuring the release of suspects or accused persons, by certain judges and prosecutors, within the scope of the investigations and prosecutions conducted into the FETÖ/PDY; ensuring appointment of lawyers for the organisation members; providing information on the organisation members against whom an operation was conducted and whose identities were disclosed; providing information on the places where operations might be conducted and sending warnings that important digital data in such places be disposed of before the relevant officers in charge of searching such materials; blacklisting of those who have expressed unfavourable opinions, or who have struggled, against the FETÖ/PDY in the public institutions; informing the members that if it is disclosed, the use of ByLock communication system would be discontinued, and alternative programs such Eagle, Dingdong and Tango would be used instead; and preparation of legal texts which would be used in the defence of the organisation members.

The names of the groups in the ByLock application, namely Women in the Region (“Bölge Bayan”), Those responsible for Surveyors (“Etütçüler”), Abi responsible for houses (“Ev abileri”), Imams (“İmamlarım”), Those responsible for Schools (“Okulcular”), 8 abi (“8 abiler”), Those responsible for 8 units (“8 birimciler”), 8 big regions (“8 büyük bölge”), Those responsible for regions (“Bölgeciler”), Those responsible for graduates (“Mezuncular”), Those responsible for students (“Talebeciler”), Those responsible for universities (“Üniversiteciler”), Voluntary Subscribers of Zaman Newspaper (“Zaman Gönüllüler”), Responsible (“Mesul”), Those responsible (“Mesuller”) and Marriage (“İzdivaç”), are in concordance with the jargon and cell-type hierarchical structuring of the organisation.

In the aftermath of the coup attempt of 15 July 2016, the suspects under judicial investigation stated that the ByLock communication system had been used by the members of the FETÖ/PDY armed terrorist organisation as an organisational communication means since the beginning of 2014.”

93. In the said judgment, the explanations as to the preventive measure under which the data obtained from ByLock communication system are to be examined are as follows:

"The preventive measure of search, back-up and seizure of computers, computer programs and records is set forth in Article 134 of Code no. 5271. This measure is a special aspect of the preventive measures of ‘search’ and ‘seizure’, which are set forth in Articles 116-134 of Code no. 5271.

...

Computer files cannot be considered to be limited only to hard disk. Such files also cover the databases where the internet service providers store IP numbers of its users and any other access-related information. …

As a matter of fact, the third paragraph, which regulates the back-up procedure, of Article 17 of the Regulation on Judicial and Preventive Searches, titled “search, back-up and seizure of computers, computer programs and files” sets forth that the back-up process shall apply also to the computer networks, other remote computer files/records as well as to removable hardware”, which allows for access to both computers at the incident scene and remote computer files/records.

...

As the records on communication via internet are recorded in the computer file, these communication records may be subject to preventive measures of search, back-up and seizure pursuant to Article 134 § 1 of Code no. 5271. …”

94. The judgment includes the following final assessments as to the ByLock program:

"... The detection of data created through the ByLock communication system does not fall within the scope of Article 135 § 1 of Code no. 5271 or Article 6 § 2 of Law no. 2937, but rather of Article 134 § 1 of Code no. 5271, titled ‘search, back-up and seizure of computers, computer programs and records’.

...

It is possible to determine the date of access, IP address through which access was ensured, the number and dates of contacts, the persons who were communicated with and the contents of communication in the ByLock communication system. In this sense, in cases where the date of access, the relevant IP address and the number of contacts between particular dates have been revealed, the relevant person will be considered to be a part of this private communication system in the particular circumstances of the present case, and the existence of any correspondence between the persons involved in this network with any other person(s) will not be sought for reaching such a conclusion. The identification of the persons who were communicated and the disclosure of the contents of their correspondence will lead to the determination of the hierarchical position of the relevant person within the terrorist organisation (whether a head or a member of the organisation).

As the ByLock communication system is a network which is designed for the members of the FETÖ/PDY armed terrorist organisation and which is used exclusively by certain members of this terrorist organisation, the determination, on the basis of technical data which would lead to a definite conclusion without any suspicion, that the relevant person has become a part of this network in line with the organisational instruction and used it for ensuring confidential communication will constitute an evidence demonstrating the person’s relation with the organisation. …”

95. Relevant part of the judgment no. E.2018/16-417, K.2019/44 and dated 24 January 2019, which was issued by the General Assembly of the Criminal Chambers of the Court of Cassation reads as follows:

"As a result of the examinations over the ByLock database, it has been revealed that the users of IP addresses which are logged in the server may be identified, and User-ID numbers, username and passwords of the users signed up in the ByLock server, the dates of their access to the server (log records), information on the other users adding User-ID (roster records), groups created and joined by the ByLock user, contents of the messages may be partly or wholly detected and transcribed. Therefore, the information included in the ByLock Report -which was issued by the Department of Anti-Smuggling and Organised Crime at the end of the examination on the data partially or wholly detected and which indicates the real identities of the User-ID numbers assigned by the system and how this identification process has been performed- may contain significant information on the real identity of the ByLock user revealed to get involved in the system as well as on his/her hierarchical position within the terrorist organisation.

However, in consideration of the abovementioned technical analyses and chronological report on the ByLock system, it has been observed that as the person getting access to ByLock system (network) connected to the system over the IP numbers not belonging to Turkey, the CGNAT records showing the connections with ByLock IPs may not be obtained, or as the relevant units of the Department of Anti-Smuggling and Organised Crime has been still conducting examinations on the data obtained from ByLock server or despite these examinations, the data concerning the given person cannot be recovered or transcribed, it may be also unable to determine the User-ID number, username, password, log records, roster information or contents of the messages. Nevertheless, even in such cases, as a result of the examination of the data recovered and transcribed with the respect to other users such as roster records and messages and etc., those who have been using the ByLock program but in respect of whom any data has not been found or transcribed yet may also be identified. Thus, the real identity of a User-ID number which cannot be determined at the outset may be revealed. ByLock reports may be issued with respect to User-ID numbers real users of which have been identified in this way.

Besides, it is also possible to match a User-ID number, which has been revealed to get access to, and signed up for, the ByLock system through ADSL or GSM subscription registered in the name of the perpetrator on a date prior to the issuance of the ByLock report, with the perpetrator (subscriber). It may be comprehended from such a report that the relevant subscriber has involved in the system by taking a ByLock User-ID number.”

96. Relevant part of the judgment no. E.2018/16-418, K.2019/513 and dated 27 June 2019, which was issued by the General Assembly of the Criminal Chambers of the Court of Cassation reads as follows:

"CGNAT (HIS) records which contain the internet traffic records of the subscribers having connected to 9 IP addresses of the ByLock server from the IP addresses in Turkey and which are saved by the operators, are a kind of metadata. As such data reveal that the subscriber’s IP address has connected to IP addresses of the ByLock server, they constitute a significant indication of the relevant person’s involvement in the ByLock system. However, they do not provide any information -other than connections, if any, with the IP addresses- as to whether the relevant subscriber has been assigned with a User-ID and if assigned, what this IP number is.

Therefore, also in cases where a given person cannot be matched with a User-ID number as the police inquiry into the data obtained from the ByLock server has not been completed yet or the data related to him cannot be recovered/transcribed, it is possible to detect, through CGNAT records, his connections with IP addresses of the ByLock server. It may be accordingly understood that the person in question has connected to the ByLock system but has not taken yet a User-ID number by creating a username and password and therefore has not involved in the system yet, or that although he has indeed taken a User-ID number, he cannot be matched with this User-ID number as the examinations on the relevant data are still going on or the data cannot be recovered/transcribed. It may be also concluded that the relevant person might be routed to the ByLock servers through traps (such as morbeyin). In this sense, it should be also taken into consideration that the finding to the effect that out of the GSM subscribers who were revealed, by virtue of the CGNAT records, to have connected to IP addresses of the ByLock server, 11.480 subscribers established a connection to the ByLock IP addresses through morbeyin application has been appended to the investigation and prosecution files of the suspects and accused persons.

At this point, in order to ascertain whether the suspect/accused person has been involved in the ByLock system (network), he is to be provided with, and informed of the findings included in, the ByLock report where he has been matched with a User-ID number registered in the ByLock server, or if such a report is not available, with the report showing the ByLock User-ID number revealed to belong to the accused person. Thereafter, he or his defence counsel should be asked to provide explanation if any.

In this regard, the determination to the effect that the suspect/accused person has taken a User-ID number in the ByLock server knowingly and willingly will be necessary and sufficient to accept that he has involved in the ByLock system and thereby got the opportunity of confidential communication which could be granted merely to the members of the said organisation; and that therefore, he is at least a member of the armed terrorist organisation, namely the FETÖ/PDY. Besides, existence of the contents of the communications between the person involved in this network and the other person(s) will not be sought to exist. In respect of the perpetrators involved in the ByLock system, the determination as to the persons with whom they got in contact and the contents of the correspondence will be guiding if the perpetrator is under prosecution for his alleged leadership of an organisation and the available evidence is insufficient to prove that he is a leader of the organisation.

On the other hand, despite the findings included in both of the reports on the User-ID information, in cases where it is maintained that the GSM / ADSL subscriptions -registered in the name of the accused person whose IP addresses have been found to connect to the IP addresses of the ByLock servers- or the devices connecting to internet through these subscriptions have been used, temporarily or permanently, by any other person within or beyond the knowledge and consent of the accused person; that the necessary information -such as password- for internet connection ensured through these subscriptions have been shared with other persons or have been extorted, or in case of any suspicion that the User-ID number belongs to any person other than the identified one, it is required that the reports including User-ID information be taken into consideration in conjunction with the information that will be clearly provided by the accused person with respect to the person allegedly using the accused person’s subscriptions or internet connection passwords, or in conjunction with the data to be obtained as a result of the inquiries; and that, if deemed necessary by the defence submissions of the accused person and the scope of the case-file, CGNAT inquiry records concerning the ADSL or GSM number which belongs to the IP address revealed to have connected to the ByLock IP addresses and which is found to be used by the accused person, the HTS records with respect to the GSM number -if any- as well as the report on the ByLock inquiry results issued by the Department of Anti-Smuggling and Organised Crime be assessed as a whole.”

97. Relevant part of the judgment, no. E.2017/4314, K.2018/3545 and dated 18 October 2018, which was issued by the 16^th Criminal Chamber of the Court of Cassation, the appellate authority with respect to the terrorist offences, reads as follows:

" As the ByLock communication system is a network which is designed for the members of the FETÖ/PDY armed terrorist organisation and which is used exclusively by certain members of this terrorist organisation, the determination, on the basis of technical data which would lead to a definite conclusion without any suspicion, that the relevant person has become a part of this network in line with the organisational instruction and used it for confidential communication will constitute an evidence demonstrating the person’s relation with the organisation. In this respect,”

...

... It must be certainly demonstrated, through the ByLock report and the CGNAT records indicating User-ID, password and similar elements, that the relevant person has connected to, and used, the ByLock system with a view to maintaining organisational confidentiality and ensuring communication.

In the present case, the Chamber decided to quash the first instance decision -whereby the accused person was convicted, due to his being user of the ByLock application, on the basis of the report issued by the relevant Department of the Security Directorate at the end of the investigation conducted against military officers who were revealed to have used ‘ByLock and Chat’ application, which was used by the FETÖ/PDY,- as the particular circumstances of his case was to be reconsidered and reassessed given the fact that it was noted by the letter of the Turkish Naval Forces Command, dated 7 November 2016, that the accused person was revealed to be included in the list ‘morbeyin’ as a result of the findings and assessments of the Ankara Chief Public Prosecutor’s Office following the judicial process of the regional court of appeal.”

98. Relevant part of the judgment, no. E.2018/5762, K.2019/749 and dated 11 February 2019, which was issued by the 16^th Criminal Chamber of the Court of Cassation, reads as follows:

"The Chamber decided to quash the first instance decision due to the inadequate inquiry as the relevant inferior court should have rendered the decision in respect of the accused person, who maintained that he had downloaded the ByLock application on his mobile phone but deleted it without having used, after making the detailed ByLock Report available at the hearing for the accused person and his defence counsel, pursuant to Article 217 of Code no. 5271, if it was found established, through technical data, beyond any suspicion that he had used the ByLock application and if the evidence demonstrating his subscription to the ByLock was decisive for the qualification of the imputed offence.”

99. Relevant part of the judgment, no. E.2018/5481, K.2019/891 and dated 14 February 2019, which was issued by the 16^th Criminal Chamber of the Court of Cassation, reads as follows:

"The Chamber decided to quash the first instance decision due to the inadequate inquiry as the relevant inferior court should have rendered the decision in respect of the accused person, who refused to be a user of the ByLock, after making the detailed ByLock report, as well as the examinations results pertaining to digital data obtained from the accused person, available at the hearing for the accused person and his defence counsel and asking them whether they had any comment in this respect if it was found established, through technical data, beyond any suspicion that he had used the ByLock application and if the evidence demonstrating his subscription to the ByLock was decisive for proving the imputed offence, as well as after making the HIS (CGNAT) and HTS records available in the file and the survey and assessment report subject to the examination of a court expert.”

b) As the accused person refused to use ByLock and declared that he used his internet jointly with his home mate named [M.B.], whose name was also included in the investigation file of the Bingöl Chief Public Prosecutor’s Office, the case-file -if a criminal case was filed against M.B.-, otherwise the said investigation should have been included in the accused person’s file, being open to Court of Cassation’s review, and if possible, M.B. should have been duly heard as a witness.”

100. Relevant part of the judgment, no. E.2018/4851, K.2019/2058 and dated 12 March 2019, which was issued by the 16^th Criminal Chamber of the Court of Cassation, reads as follows:

"The Chamber decided to quash the first instance decision whereby the accused person [H.] was convicted as the first instance court should have acquitted her regard being had to the statements given by her husband [Y.İ.] during the prosecution stage ‘the GSM number ……. is registered in my name. I gave it to my wife. However, the mobile phone was always available at home and I sometimes used this number. …. Besides, my wife has not used this phone. I have used it…’; to the fact that the persons whose names are included in the Bylock identification and assessment report on ID number no. '205264', which was issued with respect to the GSM number registered in the name of the accused person’s husband [Y.], were also an officer of the security directorate; to the other evidence available in the file; as well as to the non-existence of the acts of continuous and variable nature, which would -if existed- prove the accused person’s membership of the said organisation…”

101. Relevant part of the judgment, no. E.2019/98, K.2019/3057 and dated 29 April 2019, which was issued by the 16^th Criminal Chamber of the Court of Cassation, reads as follows:

"1- A User-ID number will provide information as to whether a user has directly connected to ByLock server through his GSM number without any routing, and the detailed ByLock identification and assessment report will provide information on the real identity of the user as well as on his position within the organisation and his organisational activities.

2- In cases where a report was issued by the Security Directorate to the effect that the relevant person is a user of the ByLock whose ID number cannot be determined but there are CGNAT records, which are a significant indication of his having used ByLock application, it must be nevertheless borne in mind that CGNAT records may exist also in case of access to the application by way of routing (through morbey or any other means).

...

In the present case, the accused person whose User-ID number could not be determined through the report issued by the relevant Department of the Security Directorate but who was found by virtue of the CGNAT records to get access to ByLock system for 458 times was dismissed from office by a decision taken by the relevant administration while working as a research assistant at the B. University. He was subsequently reinstated by virtue of a Decree-law. However, he was ultimately convicted for being a member of the said organisation for studying at a private teaching institution operated by the FETÖ/PDY during the university admission process was considered as an organisational activity. The Chamber decided to quash the first instance decision due to his conviction which was solely based on insufficient ByLock inquiry reports indicating that he used ByLock as the relevant inferior court should have indeed decided on the legal status of the accused person by awaiting for the conclusion of the ID number inquiries on ByLock data by the relevant departments of the Security Directorate, given the fact that the activities other than the use of ByLock, even if occurred separately or concurrently, are not sufficient to prove that the relevant person has involved in the organisational hierarchy.”

102. Relevant part of the judgment, no. E.2018/4983, K.2019/4707 and dated 3 July 2019, which was issued by the 16^th Criminal Chamber of the Court of Cassation, reads as follows:

"... The Chamber decided to quash the first instance decision due to the inadequate inquiry as the relevant inferior court should have qualified the criminal act in question and decided on the legal status of the accused person by ascertaining whether there was any criminal case filed against the accused person’s husband [Z.A.] -who was revealed to actually use ByLock program according to the username, password and messages as noted in the ByLock Report- and if there was any pending case, by joining it to the present case; if it became final, making the case-file subjected to examination; after asking the relevant departments to determine whether there was any other ByLock registration on the other GSM numbers registered in the name of the accused person or his wife, and if any, ensuring the identification and assessment reports to be issued with respect to these numbers; and ultimately by considering all available evidence as a whole.”

103. Relevant part of the judgment, no. E.2019/4284, K.2019/5832 and dated 7 October 2019, which was issued by the 16^th Criminal Chamber of the Court of Cassation, reads as follows:

" The Chamber decided to quash the first instance decision on the ground that it was found established through the identification and assessment reports that the accused person used the ByLock application with ID numbers no. 46420 and 24659; however, it was also accepted that the accused person used ByLock application also through the GSM number 505 485 … 85, which was registered in the name of the accused person’s aunt-in-law, revealed to have had ByLock application but was not proven to be used by the accused person, without conducting the necessary inquiries as to the user of the GSM number.”

104. The judgments rendered by the General Assembly of the Criminal Chambers of the Court of Cassation, the 16^th Criminal Chamber of the Court of Cassation and the regional courts of appeal, which concern the examination and investigation processes required to be conducted in consideration of the particular circumstances of each case in order to establish with legal certainty that the accused persons have used ByLock, may be classified as follows:

a. Judgments/Quashing Judgments indicating that the accused person’s use of ByLock must be proven through technical or expert reports

i. Unless substantiated with technical data, the statements that the accused person has been a ByLock user would not be deemed sufficient, and in this sense, the technical reports on this matter must be requested from the relevant authorities and must also be subject to an expert examination if necessary (see, among many other authorities, the judgment of the 16^th Criminal Chamber of the Court of Cassation, no. E.2018/4983, K.2019/4707 and dated 3 July 2019; the judgment of the 2^nd Criminal Chamber of the Sakarya Regional Court of Appeal, no. E.2018/252, K.2019/45 and dated 10 January 2019; and the judgment of the 18^th Criminal Chamber of the Gaziantep Regional Court of Appeal, no. E.2019/510, K.2020/314 and dated 25 February 2020).

ii. By the nature of the defence submissions and the available evidence in the case-file, the reports on ByLock inquiry results and CGNAT records must not be deemed sufficient to prove the accused person’s use of ByLock (see, among many other authorities, the judgments of the 16^th Criminal Chamber of the Court of Cassation, no. E.2018/5974, K.2019/575 and dated 6 February 2019 and no. E.2018/5974, K.2019/575 and dated 29 April 2019; and the judgment of the 2^nd Criminal Chamber of the Sakarya Regional Court of Appeal, no. E.2018/235, K.2019/27 and dated 4 January 2019).

iii. The detailed ByLock Report issued by the relevant units must be made available, during the hearing, for the accused person and his defence counsel who should be asked to make comment if they have (see, among many other authorities, the judgment of the 16^th Criminal Chamber of the Court of Cassation, no. E.2018/5710, K.2019/331 and dated 22 January 2019; and the judgment of the 18^th Criminal Chamber of the Gaziantep Regional Court of Appeal, no. E.2019/269, K.2020/139 and dated 17 January 2020).

b. Quashing judgments requiring the identification of the real user(s) of the subscriptions revealed to have connected to the IP numbers of ByLock server

i. Within the scope of the claims raised during the defence submissions, it must be ascertained whether the GSM subscriptions in question were registered in the name of the accused person and were active during the dates when ByLock was used (see, among many other authorities, the judgment of the 16^th Criminal Chamber of the Court of Cassation, no. E.2018/5974, K.2019/575 and dated 6 February 2019).

ii. In cases where it is maintained that the GSM and ADSL subscriptions, revealed to have connected to IP addresses of the ByLock servers, or the internet service provided through these subscriptions were used by any person other than the subscriber himself or used jointly by other persons, an inquiry -and an investigation if necessary- must be conducted against these persons who should also be heard as a witness, and the files of the cases conducted against them -if any- must be made available and subject to examination (see, among many other authorities, the judgments of the 16^th Criminal Chamber of the Court of Cassation, no. E.2018/5481, K.2019/891 and dated 14 February 2019; no. E.2019/3621, K.2019/6616 and dated 5 November 2019; no. E.2019/4284, K.2019/5832 and dated 7 November 2019; and no. E.2018/4983, K.2019/4707 and dated 3 July 2019; the judgment of the 2^nd Criminal Chamber of the Adana Regional Court of Appeal, no. E.2018/1874, K.2018/2147 and dated 13 December 2018; the judgment of the 4^th Criminal Chamber of the Ankara Regional Court of Appeal, no. E.2018/3588, K. 2019/71 and dated 31 January 2019; the judgment of the 2^nd Criminal Chamber of the Van Regional Court of Appeal, no. E.2019/155, K.2019/136 and dated 11 December 2019; the judgment of the 2^nd Criminal Chamber of the Adana Regional Court of Appeal, no. E.2019/1412, K. 2020/51 and dated 22 January 2020; and the judgment of the 18^th Criminal Chamber of the Gaziantep Regional Court of Appeal, no. E.2019/471, K.2020/302 and dated 20 February 2020.)

iii. In the face of the defence submissions that the passwords necessary for ensuring access to the internet were extorted, sufficient inquiries into these allegations -if necessary, CGNAT inquiry records pertaining to the ADSL and GSM numbers revealed to have connected to IP addresses of ByLock server and HTS records of the relevant GSM number -if any- as well as the current report on ByLock inquiry results issued by the EGM-KOM must be requested and made available- (see, among many other authorities, the judgment of the 16^th Criminal Chamber of the Court of Cassation, no. E.2018/6860, K.2019/3369 and dated 13 May 2019).

iv. The information on the device through which ByLock program was used must be compared with the documents included in the file. It must be ascertained whether IMEI number of the device was copied and an expert report, if found necessary, must be obtained in this respect (see, among many other authorities, the judgment of the 16^th Criminal Chamber of the Court of Cassation, no. E.2019/3252, K.2019/5524 and dated 24 September 2019; and the judgment of the 3^rd Criminal Chamber of the Gaziantep Regional Court of Appeal, E.2017/1258, K.2017/1232 and dated 11 October 2017.)

c. Quashing judgments requiring the determination whether the accused person connected to ByLock against his will:

i. Legal status of those who have revealed to have connected to ByLock server against their own will due to Morbeyin applications must be reassessed (see, among many other authorities, the judgment of the 16^th Criminal Chamber of the Court of Cassation, no. E.2017/4314, K.2018/3545 and dated 18 October 2018).

ii. Any allegation raised by the accused person that he connected to ByLock server against his will must be assessed (see, among many other authorities, the judgment of the 16^th Criminal Chamber of the Court of Cassation, E.2018/2857, K.2019/3190 and dated 6 May 2019).

d. Judgments/quashing judgments with respect to other claims:

i. In case of any claim that even if there was a match between the accused person’s IP number and ByLock user-ID number, any person other than the accused person has used the ByLock program through the User-ID number in question or in case of any doubt in this respect, the CGNAT records with respect to ByLock as well as HTS records including IMEI number must be obtained from the BTK, with a view to identifying the real user of the User-ID number matched with the accused person; and these records must be assessed in conjunction with all data included in the report on the ByLock inquiry result as well as in the ByLock report (see the judgment of the General Assembly of the Criminal Chambers of the Court of Cassation, no. E.2018/16-418, K.2019/513 and dated 27 June 2019; and the judgment of the 16^th Criminal Chamber of the Court of Cassation, E.2019/6556, K.2019/7769 and dated 12 December 2019).

ii. It must be ascertained whether any investigation or prosecution has been conducted against those who exchanged message/e-mail and made voice call with the persons who were added by a User-ID number indicated in the ByLock report or who added this User-ID number; if conducted, the files must be obtained and subject to examination and if necessary, these persons must be heard as a witness (see, among many other authorities, the judgment no. E.2018/1681, K.2019/227 and dated 17 January 2019; and the judgment of the 16^th Criminal Chamber of the Court of Cassation, E.2019/368, K.2019/4877 and dated 2 July 2019).

B. International Law

1. Relevant Provisions of the Convention

105. Article 6 § 1 of the European Convention on Human Rights (“the Convention”), insofar as relevant, reads as follows:

"In the determination … of any criminal charge against him, everyone is entitled to a fair and public hearing … by an independent and impartial tribunal established by law.”

2. Established Case-law of the European Court of Human Rights

106. According to the European Court of Human Rights (“the ECHR”), while Article 6 of the Convention guarantees the right to a fair hearing, it does not lay down any rules on the admissibility of evidence as such, which is primarily a matter for regulation under national law (see Jalloh v. Germany [GC], no. 54810/00, 11 July 2006, § 94).

107. In its judgments, the ECHR indicates that it is not its role to determine, as a matter of principle, whether particular types of evidence – including those obtained unlawfully in terms of domestic law –may be admissible or, indeed, whether the applicant was guilty or not. The question which must be answered is whether the proceedings as a whole, including the way in which the evidence was obtained, were fair. This involves an examination of the “unlawfulness” in question and, where violation of another Convention right is concerned, the nature of the violation found (see Jalloh v. Germany, § 95; Ramanauskas v. Lithuania [GC], no. 74420/01, 5 February 2008, § 52; and Khodorkovskiy and Lebedev v. Russia, no. 11082/06, 13772/05, 25 July 2013, § 699).

108. Emphasising that it is not its role to determine whether particular types of evidence may be admissible or, indeed, whether the applicant was guilty or not, the ECHR notes that the question which must be answered is whether the proceedings as a whole, including the way in which the evidence was obtained, were fair. This involves an examination of the “unlawfulness” in question and, where a violation of another Convention right is concerned, the nature of the violation found. In determining whether the proceedings as a whole were fair, regard must also be had to whether the rights of the defence were respected. It must be examined in particular whether the applicant was given the opportunity of challenging the authenticity of the evidence and of opposing its use. In addition, the quality of the evidence must be taken into consideration, including whether the circumstances in which it was obtained cast doubt on its reliability or accuracy. While no problem of fairness necessarily arises where the evidence obtained was unsupported by other material, it may be noted that where the evidence is very strong and there is no risk of its being unreliable, the need for supporting evidence is correspondingly weaker (see Bykov v. Russia [GC], no. 4378/02, 10 March 2009, §§ 89, 90; and Ilgar Mammadov v. Azerbaijan (no.2), no. 919/15, 16 November 2017, §§ 208, 209).

109. From the ECHR’s point of view, when determining whether the proceedings as a whole have been fair, the weight of the public interest in the investigation and punishment of the particular offence in issue may be taken into consideration and may be weighed against the individual interest that the evidence against him be gathered lawfully (see Jalloh v. Germany, § 97). Notably with respect to the examination on the nature of the violation of the Convention found, the ECHR states that, in many cases, the fixing of a listening device was found to be in breach of Article 8 of the Convention as such an interference was unlawful. However, the admission of secretly taped material as evidence -in the particular circumstances of a given case- did not conflict with the requirements of the right to a fair trial guaranteed by Article 6 § 1 of the Convention (see Khan v. the United Kingdom, no. 35394/97, 12 May 2000, §§ 29-35; Bykov v. Russia, §§ 94-105).

110. According to the ECHR, the use of any material obtained without sufficient legal basis in the domestic law, or through unlawful means, as evidence in the proceedings does not, in principle, contravene with the standards of the fairness set forth in Article 6 § 1 of the Convention, provided that the applicant has been afforded necessary procedural safeguards and the relevant material has not been obtained under pressure, under duress or by entrapment which may impair the proceedings (see Chalkley v. the United Kingdom (dec.), no. 63831/00, 26 September 2002).

V. EXAMINATION AND GROUNDS

111. The Constitutional Court, at its session of 4 June 2020, examined the application and decided as follows.

A. Alleged Violation of the Right to a Fair Hearing

1. The Applicant’s Allegations and the Ministry’s Observations

112. The applicant maintained that his right to a fair trial had been violated, stating that the data from ByLock had been obtained unlawfully and was relied on as a substantive basis for his conviction.

113. In its observations, the Ministry of Justice (“the Ministry) made a reference to the examinations and findings as to the ByLock communication system, which are specified in the judgments of the 16^th Criminal Chamber of the Court of Cassation (no. E.2015/3, K.2017/3; 27/1443, K.2017/4758), the General Assembly of the Criminal Chambers of the Court of Cassation (no. E.2017/16.MD-956, K.2017/370) as well as the Court’s judgment in the case of Aydın Yavuz and Others. The Ministry further indicated that as a result of the investigation conducted against the applicant for his alleged membership of the FETÖ/PDY, it was found established that ByLock application had been downloaded on, and used through, the mobile phones operated through the GSM subscription that the applicant admitted to being in his use; and that the applicant, represented by a lawyer during the proceedings, had been provided with the opportunity of challenging the authenticity of the evidence against him and opposing its use. The Ministry emphasised that the applicant had been convicted based on his use of ByLock through the GSM subscription and mobile phones that were used by him, which involved no manifest arbitrariness to the extent that would ignore justice and common sense.

114. In his counter-statements against the Ministry’s observations, the applicant asserted that the ByLock data, the underlying ground of his conviction, had been obtained unlawfully; that there were doubts as to the authenticity and reliability of these data, and they could not be therefore used as evidence during the proceedings; and that there were discrepancies between the data included in the ByLock Report and those included in the CGNAT records. He further maintained that the information on the online dates indicating his initial and last connections to ByLock system, which is indicated in these documents, is contradictory; that the date/time information as to e-mails, incoming/outgoing calls of the relevant User-ID number, which is indicated in the ByLock Report, was not consistent with the CGNAT records; and that there were findings as to the records of incoming/outgoing calls with User-ID numbers which are not included in the list. He finally alleged that one of the IP addresses, which he had allegedly connected to, was not indeed assigned to the ByLock server at the relevant time; that according to NAT technology, it was not possible to permanently use the same dynamic IP address; however, according to the findings, he had ensured connection for a long time through the same IP; and that therefore, the findings that he had been using ByLock did not reflect the truth.

2. The Court’s Assessment

115. Article 36 § 1 of the Constitution, titled “Right to legal remedies”, reads as follows:

"Everyone has the right of litigation either as plaintiff or defendant and the right to a fair trial before the courts through legitimate means and procedures. No court shall refuse to hear a case within its jurisdiction.”

116. The Constitutional Court is not bound by the legal qualification of the facts by the applicant and it makes such assessment itself (see Tahir Canan, no. 2012/969, 18 September 2013, § 16). In this sense, the applicant’s allegations were examined from the standpoint of the right to a fair hearing falling under the scope of the right to a fair trial.

a. Admissibility

117. The alleged violation of the right to a fair hearing must be declared admissible for not being manifestly ill-founded and there being no other grounds for its inadmissibility.

b. Merits

i. General Principles

118. The aim of criminal trial is to establish the material truth. However, the inquiries conducted to achieve this aim is not unlimited. Establishment of the material truth lawfully is necessary to ensure criminal justice in an equitable manner. In this sense, obtaining evidence through lawful means is considered as one of the basic principles of the state of law. In this regard, it is explicitly enshrined in Article 38 § 6 of the Constitution that the findings obtained unlawfully cannot be admitted as evidence (see Orhan Kılıç [Plenary], no. 2014/4704, 1 February 2018, § 42).

119. As regards the legislative intention for addition of the notion of “… and the right to a fair trial” to Article 36 of the Constitution, it is emphasized that the right to a fair trial, which is safeguarded also by the international conventions to which Turkey is a party, has been incorporated into the provision. As a matter of fact, the right to a fair hearing is set forth in Article 6 § 1 of the Convention. Likewise, the Constitutional Court has examined, in its several judgments involving assessments under Article 36 of the Constitution, the allegations raised on account of the use of evidence obtained without any legal basis or unlawfully during the proceedings under the right to a fair hearing, one of the safeguards inherent in the right to a fair trial. In these assessments made under Article 36, Article 38 § 6 of the Constitution is also taken into consideration (see Orhan Kılıç, § 43).

120. However, the question of fairness, under the substantive limb, of the establishment of the imputed acts, the interpretation and implementation of legal provisions, the admissibility and assessment of evidence, and the resolution offered for the dispute, by the Court of Cassation and inferior courts in a given case cannot be subject to an examination through individual application. Therefore, in the present case, it is not for the Court to review the lawfulness of the assessment made, and the conclusions reached, by the Court of Cassation and the inferior courts. It primarily falls within the inferior courts’ jurisdiction to consider the available evidence in a particular case and to decide whether the relevant evidence is related to the case (see Orhan Kılıç, § 44).

121. On the other hand, it should be taken into consideration that the use of evidence, which could be prima facie revealed to be obtained without any legal basis or to be unlawfully obtained or which were considered unlawful by the inferior courts, as the sole or decisive evidence during the proceedings may constitute a problem with regard to the right to a fair hearing. In the criminal trial, the way in which the relevant evidence has been obtained and the extent to which it has been relied on in conviction may render unfair the proceedings as a whole (see Orhan Kılıç, § 45).

122. In this sense, the Court’s task is not to ascertain whether certain evidential elements were obtained lawfully, but rather to examine whether the evidence which is prima facie unlawful or which has been found unlawful by the inferior courts has been relied on as the sole or decisive evidence during the proceedings, as well as whether such unlawfulness has had any bearings on the fairness of the proceedings as a whole (see, in the same vein, Yaşar Yılmaz, no. 2013/6183, 19 November 2014, § 46).

123. In making an assessment in this respect, it must be also considered whether the conditions under which the evidence was obtained has casted doubt on its authenticity and reliability (see Güllüzar Erman, no. 2012/542, 4 November 2014, § 61). A fair hearing entails the elimination of doubts as to the authenticity and reliability of the evidence, as well as the grant of an opportunity to effectively challenge to its reliability and authenticity. In this regard, the Court also examines, with regard to the alleged unlawfulness of the evidence, whether the applicants were granted the opportunity of challenging the authenticity of the evidence and opposing its use; whether the principles of equality of arms and the adversarial proceedings were observed; and whether the defence was afforded sufficient safeguards for the protection of their interest (see Orhan Kılıç, §§ 47, 48).

124. The above-cited constitutional requirements are also set forth in the relevant procedural laws. As a matter of fact, Article 217 § 2 of Code no. 5271 provides for “The imputed offence may be proven by using all kinds of legally obtained evidence”. In Article 206 § 2 of the same Code, it is set forth that in cases where the evidence is unlawfully obtained, it shall be denied, and Article 230 § 1 sets out that the evidence which has been relied on as a basis for the conviction and has been denied shall be indicated, and thereby, the evidence which has been included in the file and obtained unlawfully shall be separately and clearly demonstrated (see Orhan Kılıç, § 50).

125. In the examinations of individual applications, the binding norm is the Constitution, and no review as to the lawfulness is not conducted. In assessments as to whether the admission of the evidence obtained without any legal basis or unlawfully has impaired the fairness of the proceedings from the standpoint of the safeguards afforded under Articles 36 and 38 of the Constitution, the particular circumstances of each case must be taken into consideration (see Orhan Kılıç, § 51).

ii. Application of the Principles to the Present Case

 (1) As regards the data obtained from ByLock server

126. The applicant maintained that the ByLock data were obtained through intelligence methods and unlawfully; and that therefore they could not be relied on as evidence in conviction. Accordingly, the nature of the ByLock application as well as the way how it became known to investigation authorities must be primarily ascertained.

127. In the course of the period during which the investigation authorities and the State’s security agencies started to perceive the FETÖ/PDY’s staffing within the public institutions and organisations along with its activities within the different social, cultural and economic areas, notably education and religion, as a threat to the national security, the MİT also conducted inquiries and inspections, within the boundaries of its own field of work, into the FETÖ/PDY’s activities. As a matter of fact, it is laid down in Article 4 § 1 (a) of Law no. 2937 that the MİT is liable to create state-wide national security intelligence in respect of the existing and probable activities, performed at home and abroad, against the territorial integrity, existence, independence, safety, constitutional order and national power of the Republic of Turkey, as well as to report this intelligence to the relevant institutions (see § 83 above).

128. During these inspections and inquiries conducted by the MİT, a foreign-based mobile application, namely ByLock, which was apparently developed to ensure organisational communication among the FETÖ/PDY members was discovered, and it was also found out that there were servers with which the ByLock application was in contact. These findings were subject to detailed technical examinations. The inquiries and inspections conducted into this application by the MİT within its own field of work are not in the form of a judicial investigation. In Article 4 § 1 (i) of Law no. 2937, it is set forth that the MİT is empowered to gather, record and analyse information, documents, news and data on counter-terrorism issues by use of any kind of procedures, means and systems of technical and human intelligence and to report the intelligence created to the relevant institutions (see § 83 above).

129. In Article 6 of the same Law, it is set forth that in performing its duties, the MİT may apply clandestine working procedures, principles and methods as well as collect data on foreign intelligence, national defence, terrorism, international offences and cyber security which are conveyed through telecommunication channels (see § 84 above). It thus appears that the MİT is empowered through this Law to collect information and data on relevant persons and groups by technical means as well as to analyse these information and data, with a view to revealing the terrorist activities in advance without being performed for the purposes of maintaining the constitutional order and national safety of the country.

130. As a matter of fact, it is inevitable, in democratic societies for the protection of fundamental rights and freedoms, to need intelligence agencies and the methods employed by such agencies for effectively fighting against very complex structures such as terrorist organisations and tracking such organisations through covered methods. Therefore, to collect and analyse information about terrorist organisations, with an aim of collapsing them through covered intelligence methods, meet a significant need in democratic societies. Threats against democratic constitutional order may be identified and precautions may be taken against these threats through the information and data obtained by intelligence agencies. In this regard, the MİT is vested, by Articles 4 and 6 of Law no. 2937, with the powers to obtain and analyse information, documents and all other data concerning terrorist offences, which are transmitted through telecommunication channels, by using any kind of intelligence methods, to purchase any computer data available abroad, as well as to report them to the relevant institutions.

131. The organisation of, and activities performed by, the FETÖ/PDY have been a subject of social debate for a long time, and notably in the aftermath of 2013, the investigation authorities and the State’s security agencies started to consider this structure as a threat to national safety (see, §§ 12 and 13 above). In this regard, notably the investigations of 17-25 December and the stopping of MİT trucks are, inter alia, the basic grounds of the conclusion reached by the investigation authorities and the judicial bodies to the effect that the activities of this structure have been intended for overthrowing the Government (see §§ 15 and 16 above). It is further indicated in several investigation/prosecution files that many cases filed/conducted by judicial members, who were considered to have a link with this structure, have been also intended for ensuring or increasing its efficiency within public institutions notably at the TAF as well as within different field of the civil society (see § 14 above). During such a period, the public authorities have, on one hand, issued decisions and carried out practices revealing the illegal aspect of the FETÖ/PDY and taken certain measures against the organisation on the other (see §§ 18 and 19 above).

132. It is not for the Constitutional Court to decide on the lawfulness or expediency of the performance of intelligence activities by the State’s intelligence agencies by considering that the threat posed by FETÖ/PDY to national security turned into an imminent threat. Nor is it the subject-matter of the examination in the present case. The relevant authorities cannot be asked to wait, so as to take the necessary preventive measures, until the realisation of any terrorist threat. It has been comprehended that the complex structure and international nature of the FETÖ/PDY necessitated the performance of certain intelligence activities concerning this organisation before the coup attempt. In this sense, the coup attempt of 15 July demonstrated how great the threat posed by the FETÖ/PDY to national security was and how it turned into a severe risk against the existence and integrity of the nation despite the certain measures taken prior thereto (see, for detailed explanations and assessments, Aydın Yavuz and Others, §§ 12-25; and 212-221).

133. The MİT delivered to judicial/investigation authorities (the Ankara Chief Public Prosecutor’s Office) the FETÖ/PDY-related information of which it had become aware while performing its duties under Articles 4 and 6 of Law no. 2937. This act -whereby the MİT merely informed the competent judicial authorities of concrete information which was related to an issue falling into the scope of its own field of work (counter-terrorism) and which was found out on a legal basis- cannot be construed to the effect that the MİT, an intelligence agency, had engaged in law-enforcement activities. In this sense, it has been observed that the MİT had found out the impugned digital materials not as a result of an inquiry conducted for the purpose of collecting evidence, but within the scope of the intelligence activities conducted to reveal the activities of the FETÖ/PDY during a period when the public authorities, notably the National Security Council, started to perceive the FETÖ/PDY as a threat to the national security.

134. Besides, it must be borne in mind that the Ankara Chief Public Prosecutor’s Office was not provided with hearsay intelligence information which was of abstract and general nature, but rather with digital data regarding a program which was considered to be the covered communication means used by the FETÖ/PDY’s members and heads. The MİT’s notification of the digital materials -found out during an inspection within the scope of its own field of work- to the relevant judicial/investigation authorities in order to have them examined so as to ascertain whether these materials involved any criminal element -thereby revealing the material truth- does not render them unlawful merely on account of the nature of the notifying authority, namely the MİT.

135. The judicial authorities are always entitled to test the data delivered to them and to conduct necessary inquiries, examinations and assessments with respect to the authenticity or reliability of digital materials. In the present case, the incumbent judicial authorities, having received the impugned data, conducted the investigation process by making inspections and inquiries, through the competent law-enforcement units, within the framework of the provisions on search and examination of digital data, which are set out in the relevant procedural law, and in line with the decisions taken by the incumbent judges concerning the necessary preventive measure. Within this process, the necessary information, documents and evidence were obtained from the other relevant institutions and organisations. Besides, the defence has been always provided with the opportunity of challenging the authenticity or reliability of these digital materials and opposing their use, as required by the principles of equality of arms and adversarial proceedings inherent in the right to a fair trial.

136. Consequently, the delivery of the data concerning the ByLock application, which were found out during the intelligence inquiries conducted into a terrorist organisation aiming at overthrowing the constitutional order, to the Ankara Chief Public Prosecutor’s Office for making contribution to revealing the material truth during the investigation and prosecution against this organisation does not involve any prima facie unlawfulness. Nor did the Court of Cassation or the inferior courts make any determination to the effect that this process involved any. On the contrary, the General Assembly of the Criminal Chambers of the Court of Cassation concluded in its several judgments that the way in which the ByLock data were obtained -as evidence- was lawful (see the judgment of the General Assembly of the Criminal Chambers of the Court of Cassation, no. E.2018/16-419, K.2018/661 and dated 20 December 2018). Therefore, the submission, to the Ankara Chief Public Prosecutor’s Office, of the digital materials concerning the ByLock communication system, which were obtained by the MİT within the scope of its legal powers, as well as of the technical report issued in this respect cannot be considered as practice involving a manifest error of judgment or manifest arbitrariness.

(2) As regards the process following the submission of the ByLock data to the judicial authorities

137. A criminal case was filed against the applicant for his alleged membership of the FETÖ/PDY. In the report of 30 June 2017 titled “Result of New ByLock Inquiry”, which was submitted to the relevant court by the EGM-KOM, it is indicated that the applicant used ByLock application several times through the GSM subscription registered in his name and with 4 different mobile phones IMEI numbers of which were determined; and that the first time he signed up for this application is 13 August 2014. The applicant was convicted for being a member of the said terrorist organisation by the court decision of 8 November 2017. In its conviction decision, the court relied on the consistency between the ByLock Report issued in respect of the applicant by the EGM-KOM and the CGNAT data on the GSM number used by him as well as on the applicant’s use of ByLock communication program, designed for the use of the FETÖ/PDY’s members, with his username “serhat1299”. In this decision, it is further indicated that the ByLock program, which was used by the applicant, is the communication network of the FETÖ/PDY and has been developed and used by this organisation; and that in consideration of the features of the program, those using this application have been considered to have connection with the organisation.

138. Accordingly, the decisive evidence underlying the applicant’s conviction is the finding that he was a user of the ByLock. The applicant asserted that the ByLock data were unlawful and therefore could not be a ground for his conviction. Therefore, an assessment must also be conducted as to the period following the submission of the relevant data on ByLock program to the judicial authorities.

139. Upon the submission of the digital materials obtained from the ByLock server and the technical report issued with respect to these materials to the Ankara Chief Public Prosecutor’s Office, the investigation process was thereafter conducted in accordance with Law no. 5271. In this sense, the Ankara Chief Public Prosecutor’s Office requested the Ankara 4^th Magistrate Judge to conduct inquiry into, make a back-up and transcribe the digital materials in question pursuant to Article 134 of Code no. 5271. Upon the said the request, the magistrate judge issued an order for “conducting an inquiry, making a back-up and conducting an expert examination as to the digital materials”.

140. Also in the judgment of the General Assembly of the Criminal Chambers of the Court of Cassation, which is no. E.2017/16.MD-956, K.2017/370 and dated 26 September 2017, it is underlined that the data obtained through the ByLock communication system fall under the scope of Article 134 of Code no. 5271. According to this judgment, as the records concerning communication through internet are saved in the computer file, these communication records may be subject to the search, back-up and seizure processes, which are set out as a measure in Article 134 § 1 of Code no. 5271. As noted by the Court of Cassation, the notion of “computer files” stated in Article 134 of Code no. 5271 does in technical sense include not only the records recorded in desktops and laptops but also all digital files that may be available in CDs, DVDs, flash disks, floppy disks as well as in any data processing or data collection means or tools including all removable storages, digital-based mobile devices such as mobile phones and etc.. It has been observed that the determinations and assessments which were made by the Court of Cassation and the inferior courts with respect to the preventive measures applied did not involve any manifest error of judgment and arbitrariness.

141. The judicial authorities conducted the necessary inquiries, examinations and assessments as to the authenticity or reliability of the digital materials submitted, which were also examined and interpreted by the relevant technical units. The defence was also granted the opportunity of challenging the authenticity of the evidence demonstrating that the applicant used ByLock application and opposing its use in accordance with the principles of the equality of arms and adversarial proceedings.

142. Consequently, in the present case, there has been no violation with respect to the allegations that the ByLock data were obtained without any legal basis or unlawfully.

143. For these reasons, the Court has found no violation of the right to a fair hearing under the scope of the right to a fair trial safeguarded by Article 36 of the Constitution.

B. Allegation that the Bylock cannot be relied on as the sole or decisive evidence for conviction

1. The Applicant’s Allegations and the Ministry’s Observations

144. The applicant maintained that his conviction was based on ByLock data as single or decisive evidence, which was unlawful; that the documents issued with respect to ByLock were contradictory, inconsistent and ambiguous; and that these data were nevertheless relied on by the relevant courts as evidence against him. He accordingly alleged that his right to a fair trial had been violated.

145. In its observations, the Ministry pointed to the information and documents indicated by the incumbent court as evidence in the reasoned decision and noted that the applicant and his lawyer had the opportunity of raising their claims and challenges against the impugned data. The Ministry also indicated that it was within the inferior courts’ jurisdiction to assess the evidence.

146. In his counter-statements against the Ministry’s observations, the applicant reiterated the issues noted in the application form and annexes thereto.

2. The Court’s Assessment

147. In Article 148 § 4 of the Constitution, it is set out that the complaints concerning the issues to be examined in appellate review cannot be subject to an examination through individual application. Accordingly, in principle, any question with respect to the establishment of impugned facts, the assessment of the evidence, the interpretation and implementation of provisions of law as well as the fairness of the conclusion reached with respect to the dispute cannot be subject-matter of an individual application. However, the findings and conclusions constituting an interference with the rights and freedoms falling under the scope of individual application and involving a manifest error of judgment or manifest arbitrariness are excluded from this rule (see, among many other authorities, Ahmet Sağlam, no. 2013/3351, 18 September 2013).

148. However, in cases where there is an interference with the fundamental rights and freedoms, it is the Constitutional Court that will assess the effect of the inferior courts’ decisions and assessments on the safeguards provided for in the Constitution. In this respect, any examination to be made, by taking into account the safeguards provided for in the Constitution, as to whether the fundamental rights and freedoms falling into the scope of individual application have been violated cannot be regarded as “an assessment of an issue to be considered in appellate review” (see, Şahin Alpay (2) [Plenary], no. 2018/3007, 15 March 2018, § 53).

149. Besides, the Constitutional Court is entitled, in very exceptional cases, to examine a complaint with respect to the issues to be considered in appellate review, which is not directly related to the fundamental rights and freedoms, without being subject to the above-cited restriction. In very exceptional cases where the fairness of the proceedings has been undermined to a great extent and the procedural safeguards inherent in the right to a fair trial have thereby become dysfunctional, this situation -which is indeed related to the outcome of the proceedings- has by itself turned into a procedural safeguard. Therefore, the Constitutional Court’s examination as to whether the inferior court’s assessments rendered the procedural safeguards dysfunctional and whether the fairness of the proceedings was impaired to a great extent due to manifest arbitrariness does not mean that the Court has dealt with the outcome of the proceedings. As a result, the Constitutional Court may interfere with the inferior courts’ assessments concerning evidence only in case of a practice which is manifestly arbitrary and has rendered dysfunctional the procedural safeguards inherent in the right to a fair trial.

150. In the present case, although the applicant maintained that his right to a fair trial had been breached due to the use of ByLock data as decisive evidence for his conviction, he did not clearly indicate which of the procedural safeguards inherent in the right to a fair trial had been violated. It does not also seem possible to examine the allegation raised by the applicant under any aspect of the procedural safeguards inherent in the right to a fair trial. In this sense, what remains to be determined is whether the inferior court’s reliance on the ByLock data as sole or decisive evidence for the applicant’s conviction is a practice which has completely rendered dysfunctional the procedural safeguards inherent in the right to a fair trial or has been manifestly arbitrary. To that end, the process whereby the ByLock data were relied on as evidence as well as the inferior court’s assessment with respect thereto must be taken into consideration.

151. The investigation units issued technical and chronological reports including comprehensive information on technical features of the ByLock program ensuring its confidentiality, its use, its encryption method, the way how it is downloaded, the fields it is used and its intended purpose and submitted them to the relevant judicial authorities. In these reports, the differences between ByLock program and the common commercial messaging programs as well as the organisational features of the former one are indicated. In this sense, it is indicated therein that the common commercial messaging programs enable for easy download, synchronisation of the persons in the phonebook with the program, identification through phone number and e-mail address and encryption, whereas ByLock program, to the contrary, makes it difficult to download, to be included in the system and to get in contact with persons, and it does not demand, during the signing up process, any personal information which would lead to the identification of the user partially or wholly.

152. Certain abbreviations and organisational literature, which were also mentioned by the organisation members in their statements, were used in the messages and e-mails sent/received through the Bylock program. Seeking mutual consent of two users to enable them to get in contact -adding as a friend- was considered as an indication of the fact that the program was designed in accordance with the cell-type structure of the organisation. It was also admitted in the statements included in the files of investigation and/or prosecution conducted in the aftermath of the coup attempt, as well as in the messages and e-mails sent by the organisation members, that ByLock was a program designed to ensure organisational communication and was used to that end.

153. In the judgment rendered by the General Assembly of the Criminal Chambers of the Court of Cassation, no. E.2017/16.MD-956, K.2017/370 and dated 26 September 2017, it was concluded -in consideration of the technical data and information revealed by the investigation authorities and structuring and characteristics of the FETÖ/PDY- that ByLock was, by its functioning systematics and structure, a program designated and offered for the exclusive use of the FETÖ/PDY members. In the Court of Cassation’s jurisprudence, ByLock communication system is regarded as a network created for the use of the FETÖ/PDY members. Therefore, the finding -through technical data which are beyond any doubt and capable of forming an exact conclusion that the relevant persons have involved in this network upon organisational instruction and it has been used for confidential communication- is admitted as evidence demonstrating the relevant person’s relation with the said organisation (see §§ 94, 97 and 104 above).

154. As inferred from the Court of Cassation’s judgments, the ByLock data are mainly based on two sources. The first one is the data which were obtained from the ByLock server and were then subject to examination by technical units, pursuant to a magistrate judge’s/court’s decision, upon being submitted by the MİT to the judicial authorities. The second one is the CGNAT records demonstrating the IP addresses in Turkey which connected to IP addresses of the Bylock server. In this sense, the judicial bodies relied on the data obtained from the ByLock server, which play a significant role for the identification of the ByLock users and determination of their hierarchical positions within the organisation. It is thereby possible to ascertain the User-ID numbers, usernames and passwords of the users signed up for the ByLock server, the dates of access, IP addresses connected to the server, the number of connections between particular dates and with whom the relevant persons communicated.

155. In these judgments, it is further indicated that CGNAT (HIS) records saved by the operators are a kind of metadata which are used for the exact identification of the ByLock users; that as these records are in the form of summary data, they are considered as a sign and indication and would not per se prove that a given person is a real user of the ByLock application. It is also noted therein that the probability that the relevant persons may have been routed to the ByLock servers against their own will must also be taken into consideration. It is further emphasised that in cases where a given person has been revealed to connect to ByLock server through CGNAT records but has not been matched with a ByLock User-ID number yet, it must be borne in mind that he may either be a real ByLock user or have been routed to the ByLock servers through trap methods (Morbeyin and etc.). The Court of Cassation notes that in such cases, no conviction decision may be issued due to inadequate inquiry (see, §§ 97, 104/c above).

156. As noted in the court decisions as well as in the judicial and technical reports, merely the download of the ByLock application to a device is not sufficient for messaging/communication. At the sign-up stage, the user is required to create a username and password. For sending/receiving messages and ensuring communication, the username/user-code, which has been created by the users in the course of sign-up stage and which is specific to each user, is to be known, and mutual consent is sought for adding a friend. It is not possible to get in contact with any person without two persons’ mutual consent to add each other. In its judgments, the Court of Cassation points to the significant role of the ByLock Report in determination of the legal status of the relevant person. This report is a document which indicates User-ID number, username, password of the user of the ByLock server, log records available in the server and transcription of messages/e-mails if any, as well as the relation between the user and the other users in the groups created or joined by the user. In these judgments, it is accordingly noted that the ByLock report and the documents including CGNAT records are important in proving that the relevant person has signed in and used the ByLock system with a view to ensuring organisational confidentiality and communication (see §§ 97, 104/d-i above).

157. In the judgment of the General Assembly of the Criminal Chambers of the Court of Cassation, no. E.2018/16-418, K.2019/513 and dated 27 June 2019, it is also indicated that despite the finding whereby the User-ID has been matched with the relevant person, there may be doubts as to the fact that the User-ID number indeed belongs to another person in consideration of the other evidence available in the file. Accordingly, in the face of defence submissions that the GSM or ADSL subscription registered in the accused person’s name or the device connecting to internet through these subscriptions has been indeed used by another person or that information -such as password- required for accessing to internet connection through these subscriptions has been shared by the accused person with others or obtained unlawfully by others, necessary inquiries and examinations must be conducted in this respect. The reports including the User-ID information, which were issued by the EGM-KOM, must be assessed in conjunction with the data to be obtained as a result of the inquiries with respect to the person allegedly using the accused person’s subscription or device. If considered necessary for revealing the material truth, the report on the up-to-date report on ByLock inquiry results as well as, if available, the CGNAT and HTS records must be also obtained and examined.

158. According to the judicial and technical reports as well as the Court of Cassation’s judgments, an organisation member is to be informed, by another member of the organisation, of the existence of ByLock application, its organisational significance and confidentiality, how it is downloaded and used, and how a friend is added to get in contact. As also indicated in the inquiries conducted by the judicial units, the ByLock program does not include any sections such as user manual, frequently asked questions and feedbacks. Therefore, any person -who has no relation with the organisation but has downloaded the application, designed to be used for organisational purposes, by change through general application stores and certain websites- cannot use it and get in contact with organisation members by adding them as a friend without the assistance of any other member of the organisation. In the judicial processes, not download of the impugned application, but signing up to it and its use for organisational purposes were relied on. As a matter of fact, according to the findings of the judicial authorities, no investigation was conducted against individuals only for having downloaded the ByLock application to their device. However, in case of any allegation to the contrary, the judicial authorities conducted inquiries in this respect (see § 98 above).

159. In the light of the above-mentioned explanations, the determinations and assessments made by the Court of Cassation and inferior courts as to the ByLock application cannot be said to be devoid of factual basis. In this sense, the inferior courts adopt the evidence-based method (identifying the accused person on the basis of the available evidence) in making assessments as to the ByLock application and matching the data on this application with the accused persons. Moreover, these assessments are based not on a single set of data but on the comparison and ultimately confirmation of several information, documents, records and data obtained from different sources. Those accused have the opportunity, at any time during the investigation and prosecution stages, to challenge the authenticity and soundness of the evidence demonstrating that they are a ByLock user, as well as to raise any kind of claims and requests with respect thereto. Besides, the appellate authorities may also decide to quash any conviction in cases where such allegations have not been sufficiently dealt with (see §§ 97-104 above). Accordingly, it has been concluded that neither the Court of Cassation nor the inferior courts have adopted a categorical approach with respect to the Bylock.

160. In principle, it is for the trial courts to assess the available evidence in a given case and to decide whether the evidence adduced relates to the case. It is not the Constitutional Court’s task to make an assessment in this respect. Therefore, it falls within the inferior courts’ jurisdiction to assess whether a single piece of evidence per se suffices to find established the offence of membership of a criminal organisation. As the inferior courts are in direct relation with the accused person and have the opportunity of a first-hand examination of the evidence, they are in a better position in that regard than the Constitutional Court.

161. In the present case, the inferior court relied on the applicant’s signing up and registry to the ByLock server by obtaining a user-ID, through his own devices and his GSM subscription, and his use of ByLock for ensuring the confidentiality of organisational communication as evidence demonstrating his relation with the organisation. In making this assessment, the court referred to the data obtained from the ByLock server and discovered by the technical units, as well as to the CGNAT records. The applicant’s conviction for his membership of a terrorist organisation based solely on the use of an encrypted communication network, which was apparently used -by its structure, way of use and technical features- merely by the FETÖ/PDY members to ensure organisational confidentiality, cannot be considered as a manifestly arbitrary practice which has completely rendered dysfunctional the procedural safeguards inherent in the right to a fair trial. It has been accordingly concluded that the allegations that ByLock data were relied on as sole or decisive evidence in the conviction were in the form of a complaint that should have been examined at the appellate stage.

162. Finally, the applicant maintained that there were discrepancies in certain ByLock data. In the assessment of the said allegation, it must be taken into consideration -independently of the present application- that the data available on the ByLock server and the CGNAT records could not be fully obtained. Therefore, there may be insubstantial differences among the data concerning the persons, depending on the ability of recovering and transcribing the data obtained from the ByLock database.

163. In the present case, as a result of the technical inquiries, the User-ID number 114205 was matched with the IP numbers used while the accused person connected to ByLock server, and all other data with respect to this User-ID number -which could be recovered- were also included in the ByLock Report. It has been revealed that the devices, which were found -through the report on ByLock inquiry result and CGNAT records- to be used with this GSM subscription, were the mobile phones that the applicant admitted, at the hearing, to having used. According to the inferior court’s finding, the data such as the GSM number and log records indicated in the ByLock Report are so consistent with the CGNAT records that would not cast any doubt on the applicant’s use of ByLock. Therefore, the existence of insubstantial differences between the log records pertaining to the User-ID matched with the applicant and the CGNAT records as well as among certain data included in the different sub-charts related to this User-ID, due to the inability to completely recover the relevant data, does not lead the Court to reach any conclusion to the contrary.

164. For these reasons, this part of the application must be declared inadmissible for being manifestly ill-founded.

C. Alleged failure to bring the digital data before the incumbent court

1. The Applicant’s Allegations and the Ministry’s Observations

165. The applicant maintained that his right to a fair trial had been violated, stating that the relevant digital data had not been brought before the incumbent court.

166. In its observations, the Ministry did not provide any explanation with respect to this allegation.

2. The Court’s Assessment

167. As enshrined in Article 36 of the Constitution, everyone has the rights to self-defence and to a fair trial. The safeguards afforded in pursuance of the right to self-defence are in essence inherent in the right to a fair trial. As regards the legislative intention for addition of the notion of “… and the right to a fair trial” to Article 36 of the Constitution, it is emphasized that the right to a fair trial, which is safeguarded also by the international conventions to which Turkey is a party, is incorporated into the provision. Article 6 § 3 (b) of the Convention sets forth that everyone charged with a criminal offence has the right to have adequate time and facilities for the preparation of his defence (see Ufuk Rifat Çobanoğlu, §§ 35 and 37). Therefore, the right to have adequate time and facilities for the preparation of his defence undoubtedly falls within the scope of the right to a fair trial safeguarded by Article 36 of the Constitution.

168. The notion of necessary facilities for the defence means the requisite facilities which would or may assist the suspect/accused person in his self-defence. The facilities to be afforded to the person charged with a criminal offence are the ones that are requisite for the defence. One of these facilities is to enable the relevant person to access the information and evidence so as to prepare his defence submissions and thereby defend himself before the court in the most appropriate and effective manner as well as to thus influence the outcome of the proceedings. Granting access to the information and evidence likely to lead to the accused person’s acquittal or any reduce in his penalty is among the facilities to be afforded (see, mutatis mutandis, Ufuk Rifat Çobanoğlu, § 45).

169. The right to have necessary time and facilities, which is to be afforded to the defence, is directly related to the principles of equality of arms and adversarial proceedings. The principle of adversarial proceedings entails that the parties be granted the opportunity to have knowledge of, and comment on, the case file. Therefore, in criminal trials, the accused person must be given the opportunity to have knowledge, and to thereby effectively challenge, the observations filed and evidence adduced by the other party, with a view to influencing the court’s decision (see Tahir Gökatalay, no. 2013/1780, 20 March 2014, § 25; and Cezair Akgül, no. 2014/10634, 26 October 2016, §§ 27-31). The principle of equality of arms means that parties of a case shall be subject to the same conditions in terms of procedural rights and that both parties shall be afforded equal opportunities to submit their allegations and arguments before the courts, without placing any party in a disadvantageous position (see Yaşasın Aslan, no. 2013/1134, 16 May 2013, § 32). This principle also entails that the material information -which is submitted and obtained by the prosecution- would be explained; and that in criminal trials, the accused person would not be subject to a legal condition to his detriment (see Yankı Bağcıoğlu and Others, §§ 63 and 64).

170. However, the burden of proof rests on the applicant by substantiating his allegations with respect to the impugned facts by means of adducing the relevant evidence before the Constitutional Court and providing explanations as to the allegedly violated constitutional provisions invoked by him. The applicant is required to indicate, in his application form, the rights or freedoms allegedly breached due to any act, action or negligence of a public authority, the constitutional provisions invoked, the grounds of the alleged violation, the evidence relied on, as well as the practices or decisions allegedly giving rise to violation. The facts as to the violation allegedly caused by a public authority must be summarized chronologically, and the way how the rights safeguarded by the individual application mechanism have been violated, as well as the reasons and evidence with respect thereto, must be explained in the individual application form (see Veli Özdemir, no. 2013/276, 9 January 2014, §§ 19 and 20; and Ünal Yiğit, no. 2013/1075, 30 June 2014, §§ 18 and 19).

171. However, the applicant failed to provide sufficient explanation in his application form as to the said allegation, as well as to substantiate it. In his counter-statements against the Ministry’s observations, he made a reference to certain petitions he had submitted to the inferior courts and requested the Court to take them into consideration. Although he provided explanations, in one of these petitions, as to the failure to bring the digital evidence before the incumbent court, these explanations were made not within the scope of the concrete problems he had encountered during his trial within the context of ByLock data but rather, in general terms, within the scope of his allegation that the relevant ByLock data had been obtained unlawfully. In other words, there is no information and document to the effect that the applicant raised before the inferior courts the concrete problems resulting from the use of ByLock data during his trial and requested the courts to conduct necessary inquiries and examinations; but the inferior courts failed to take any action.

172. For these reasons, as the applicant’s allegation that the relevant digital data had not been brought before the inferior courts was not substantiated, this part of the application must be declared inadmissible for being manifestly ill-founded.

VI. JUDGMENT

For the reasons explained above, the Constitutional Court UNANIMOUSLY held on 4 June 2020 that

A. 1. The alleged violation of the right to a fair hearing be DECLARED ADMISSIBLE;

2. The allegation that the ByLock data could not be relied on as sole or decisive evidence for conviction be DECLARED INADMISSIBLE for being manifestly ill-founded;

3. The alleged failure to bring the relevant digital materials before the inferior courts be DECLARED INADMISSIBLE for being manifestly ill-founded;

B. There was NO VIOLATION of the right to a fair hearing inherent in the right to a fair trial safeguarded by Article 36 of the Constitution;

C. As the payment of the court expenses by the applicant would be unjust pursuant to Article 339 § 2 of the Code of Civil Procedure no. 6100 and dated 12 January 2011, he would BE COMPLETELY EXEMPTED from payment of the court expenses;

D. A copy of the judgment be SENT to the Ministry of Justice.