Today with effect of technological progress, most of our important information’s stored at our computer systems. Because of this progress, security of this computer system much important than it was in past. Although certain measures are taken for the security of these channels and our privacy, these measures are not sufficient from time to time. This security problem makes IT law important nowadays.

There are some arrangements, for the uninterrupted continuation of the information system we have developed and protect privacy of IT systems which was build for job or haveseparate way of usage, In the Turkish Penal Code No. 5237, Regulation of Broadcasts on the Internet No. 5651 and Law on Combating Crimes Committed by This Broadcasts.

In addition, there are norms related to the IT law legislation in various laws. Besides all this regulations people using the information system want to feel themselves in safety by several ways. Foremost among these methods are methods such as frequently renewing the password, not using unsafe websites, and anonymizing the user identity by using a proxy. And we can count methods like Firewall or dealing with cyber security company as a more professional method. But still these methods not always can stop professional hackers.

Hackers are people who enter our information system without our consent and sometimes steal our information, lock or change our system or make it unusable. Hackers may have targeted person individually or person may have been targeted in a mass hacking process and persons information may have been stolen. At this point data at information system may be stollen or privacy may be in danger. The crime and sanction related to this situation are regulated in Article 243 of the Turkish Penal Code.

Article 243 of Turkish Criminal Code No. 5237

(1) Anyone who illegally enters or remains in the whole or part of an information system is sentenced to imprisonment of up to one year or a judicial fine.

(2) If the acts defined in the above paragraph are committed about the systems that can be used for a price, the punishment to be imposed is reduced by half.

(3) If the data contained in the system is destroyed or changed due to this act, a prison sentence of six months to two years is imposed.

(4) A person who unlawfully monitors data transmissions within an information system or between information systems, without entering the system, through technical means, is sentenced to imprisonment from one year up to three years.

Material Elements: Entering/infiltrating the information system or staying there for a while without permission/illegally

Moral Element: İntent Period of Limitation: 8 years, (6-month statute of limitations due to complaint is not applied.)

In addition to the elements listed above regarding this crime, there should be no reasons for compliance with law. For example, consent of the person is a compliance with law. For this crime to occur, an information system must be hacked, as the informatics world puts it. This entering the system should be without permission/unlawful and with intent.

The point which discussed about this is crime is if someone instantly infiltrated the system but not staid there, is crime committed or not? Some jurists think that instant infiltrations will not be the subject of this crime. At this point we can say that when we look at justification of this clause, we can see that instant infiltrations also will constitute this crime no matter how long criminal stayed there; ‘In the first paragraph of the article, illegally entering or staying in the whole or part of an information system has identified as a crime. It does not matter whether the person who entered the system illegally acted to obtain certain data or not. The fact that the system has been entered unfairly and deliberately is sufficient for the crime to occur.’

[Turkish Criminal Code 243 Justification (in Turkish)]

Another point of discussion, will attempt occur for this crime or not? We think that provision of attempt regarding this crime can be applied. Because if person want to enter the information system but can not because of the dynamics of the informatics world and because of this did not fully commit the crime. Then person should be judged because of the attempt to Turkish Criminal Code clause 243.

At the stage of complaint to the prosecution first we should identify the identity of hackers. This determination is provided by the service providers through the IP number and address information. But sometimes they don’t share this IP number and address information. In such cases, unfortunately, the desired results legally may not be obtained.

On the other hand, considering the importance of information systems nowadays and its relevance to the privacy of the individual, we can easily state that the sanctions stipulated in the law regarding this crime are insufficient. In this respect, we argue that cybercrimes and sanctions should be reorganized in a more comprehensive way.

Legal Intern Haldun Barış


1- Turkish Criminal Code article 243 law’s preamble