The Turkish government has proposed a new cybersecurity law that could make it a criminal offense to report data breaches. The legislation suggests harsh penalties for those who falsely claim a data breach has occurred, even if no breach has taken place. This provision has raised concerns among journalists, cybersecurity experts, and opposition leaders, who argue that the law could be used to stifle free speech and intimidate individuals reporting on cybersecurity vulnerabilities, even when their reporting is accurate.
Opposition figures have criticized the law, claiming that it could be used to silence journalists who report on data breaches or cybersecurity incidents. They argue that the fear of facing imprisonment for flawed reporting or government denial of a breach may discourage journalists from investigating or covering cybersecurity issues altogether. This could potentially leave the public uninformed about critical data security risks, hindering efforts to address vulnerabilities and protect sensitive information.
The proposed legislation comes amid increasing threats against journalists in Turkey, including the case of İbrahim Haskoloğlu, a journalist who was arrested after reporting on the theft of sensitive government data. Haskoloğlu faced a potential prison sentence for his investigation into a hack that exposed personal information of high-ranking officials, including the president. The timing of the law’s introduction has led some to suspect that it is a direct response to Haskoloğlu’s findings, aimed at discouraging further investigative reporting on cybersecurity incidents in the country.
Critics argue that the law will do more harm than good by discouraging the reporting of cybersecurity breaches and flaws.
By potentially punishing those who bring attention to vulnerabilities, Turkey risks undermining its cybersecurity landscape and preventing the identification of critical weaknesses that could be exploited by cybercriminals. The proposed law would prioritize protecting the reputation of institutions over the safety and security of the public, potentially allowing threats to go unreported and unaddressed.