New Regulation May Imply Jail for Reporting Information Leaks

The Turkish authorities is proposing a controversial new cybersecurity regulation that would make it a legal act to report on data breaches. 

The brand new laws proposes penalties for numerous cybersecurity-related offences. However they key one which has folks involved is that this:

“Those that perform actions geared toward focusing on establishments or people by creating the notion that there was an information breach in our on-line world, although there was no information breach, shall be sentenced to imprisonment for a time period of two to 5 years.”

The issue is, after all, that such a regulation could discourage the reporting of any potential information leaks. 

Opposition leaders in Turkey have criticised the laws as a technique to stifle journalism and free speech, arguing that it might be used to focus on journalists or people who report on suspected information breaches or cybersecurity vulnerabilities, even when their reporting is correct. 

It is easy to see how journalists – involved that they might face a jail time period if their reporting is flawed, or if the authorities merely deny a breach has occurred – might select to not report on the subject in any respect. 

The brand new laws has been proposed in Turkey amid a background of journalists being intimidated within the nation. 

Turkish journalist İbrahim Haskoloğlu introduced he was leaving the nation final month following what he described as mounting loss of life threats. In April 2022, Haskoloğlu reported on how hackers had stolen delicate private data from authorities web sites, together with the ID playing cards of President Erdoğan and the pinnacle of Turkey’s nationwide intelligence company, Hakan Fidan. 

Within the wake of his report, Haskoloğlu was arrested, and prosecutors sought a 12 year prison sentence, alleging he had illegally obtained and unfold private data. 

Some suspect that the brand new laws is being launched as a response to Haskoloğlu’s findings. 

One factor is obvious. It isn’t going to enhance the state of cybersecurity if those that try to lift issues are silenced by accusations that they’re creating pointless panic or damaging the reputations of establishments. 

There was an extended historical past around the globe of whistleblowers and cybersecurity researchers elevating issues about information safety, and defences enhancing as a direct outcome. The folks of Turkey might be poorly-served if their authorities discourages reporting of vulnerabilities and safety failures simply to save lots of its face. 

It’s a sorry state of affairs if extra consideration is given to punishing those that report on poor safety, hacks, and breaches relatively than the cybercriminals who commit the crimes themselves.


Editor’s Be aware: The opinions expressed on this and different visitor writer articles are solely these of the contributor and don’t essentially mirror these of Tripwire.