The Digital Panopticon: States' Surveillance Arsenal, Spyware, and Our Trampled Rights

Our smartphones are no longer merely communication devices; they are digital copies of our memories, our political thoughts, our bank accounts — in short, of our very existence. This situation makes these devices "the greatest prize" not only for judicial authorities wishing to fight crime, but also for structures wishing to surveil and keep their citizens under control. No matter how advanced encryption technologies become, the arsenal developed by states and the contractor cyber-firms serving them grows just as fast.

The Software Used to Surveil and Decipher the Digital World

The software used by legal and judicial authorities must fundamentally be divided into two main categories: Forensic Tools (Physical/Legal Intervention) and Remote Spyware (Intelligence/Surveillance Tools).

A. Forensic Software

This software is used in police laboratories to copy the data inside legally seized devices (detention, search warrants, etc.), to recover deleted messages, and to crack passwords.

• Cellebrite UFED: The most dominant player in the sector on a global scale. By exploiting vulnerabilities in the phone's operating system, it bypasses lock screens and takes a full image (copy) of the device.
• Magnet GrayKey: A box-shaped combination of hardware and software designed specifically to bypass the firewalls in Apple's iOS operating system and to crack iPhone passwords using the "brute force" method.
• Oxygen Forensic Detective: An advanced platform that parses data on computers, cloud accounts, and mobile devices, maps the suspect's social network, and analyzes deleted location histories and messages.
• Magnet AXIOM: Forensic software that deepens smartphone analyses by gathering evidence collected from different digital sources into a single interface.

B. Remote-Access Spyware

These are military-grade cyber-weapons that infiltrate the target person's phone remotely and completely covertly, without needing physical access.

• NSO Group Pegasus: The world's most well-known remote infiltration software. It is sold to states through the developer firm's official platform on the grounds of "fighting terrorism and serious crime."
• Predator (Intellexa): Another system launched as Pegasus's biggest rival, which similarly seizes complete control of the phone. The working principles of this shadowy software, which has no official website, and the states to which it has leaked, are exposed to the public through the independent cybersecurity organization Citizen Lab Research.

The Israel-Based Cyber-War Industry and the Services Offered to States

It is no coincidence that the first country that comes to mind when remote infiltration and password-cracking technologies are mentioned is Israel. Software developers who have left the Israeli army's cyber-intelligence units have turned the military experience they gained into commercial weapons by founding civilian companies.

[Cyber-Intelligence Units] > [Private Cyber Companies (NSO, Intellexa)] > [State Customers / Law Enforcement]

These Companies' Role in the Process and Their Working Methods:

• Zero-Click Attacks: The most terrifying feature of this software is that it can infiltrate a phone without the target person needing to click any link at all. For example, a ghost call coming through WhatsApp that doesn't even make the phone ring, or an invisible iMessage, triggers a vulnerability (Zero-Day) in the operating system. The user loses control of their phone without even noticing.
• Defeating End-to-End Encryption: The fact that apps like WhatsApp, Signal, or Telegram are encrypted in transit is irrelevant to this software. Because the spyware infiltrates the operating system itself (the keyboard, the screen, the microphone). As you write the message, that message is sent to the attacker's server as "plaintext" before it is even encrypted.
• Live Espionage: Once the software has settled into the phone, it turns the device into a spy that fits in your pocket. It can secretly turn on the camera, record ambient sound, perform real-time location tracking, and steal all the photos in the gallery.

The Situation in Türkiye: The Cyber-Police's Digital Toolkit

In Türkiye, the Cyber Crime Department of the General Directorate of Security and the Gendarmerie Criminal laboratories possess world-standard digital tracking and forensic capacity.

• The Most Frequently Used: Cellebrite UFED: The cyber-police's most basic and widespread tool in Türkiye is the Israel-based Cellebrite technologies. Almost every suspect phone taken to police stations or cyber branches is connected to this device. It is the primary tool in cracking passwords and resurrecting deleted WhatsApp databases.
• Spyware Allegations: Although there is no open declaration that the Turkish state is officially a customer of these cyber-firms, the international cybersecurity organization Citizen Lab has alleged in its reports that traces of Pegasus and Predator have been found on the phones of dissidents, journalists, and politicians in many countries, including Türkiye.
• The Search for Domestic Solutions: In order to reduce dependence on foreign sources, Türkiye is also developing its own forensic and data-analysis software through TÜBİTAK and domestic defense industry companies; however, foreign software that possesses global vulnerability databases still predominates when it comes to cracking mobile device locks.

Trampled Human Rights and Legal Violations

The uncontrolled, arbitrary use of this software without judicial oversight directly destroys many fundamental human rights guaranteed by international conventions and the constitution:

• The Right to Privacy and Confidentiality of Private Life (Constitution Art. 20, ECHR Art. 8): Infiltrating a person's phone is no different from placing a hidden camera in their bedroom. Spying on a person's digital life without any concrete suspicion of a crime is the gravest violation of the right to privacy.
• The Right to a Fair Trial and the Right Against Self-Incrimination (Nemo Tenetur — Constitution Art. 38/5): Law enforcement forcing a suspect to give up their phone password, or accessing their data without consent using password-cracking devices, damages the principle that "no one can be forced to provide self-incriminating evidence." Moreover, in violation of Article 134 of the Code of Criminal Procedure (CMK), the risk that phones seized without an image being taken could later be tampered with from the outside utterly devastates the right to a fair trial.
• Freedom of Expression and of the Press (Constitution Art. 26, 28): The wiretapping of journalists' phones with this software destroys the principle of confidentiality of news sources. A journalist who knows their sources will be exposed cannot report the news, and society cannot learn the truth. This situation creates a wave of self-censorship over all of society.

How Should We Defend Our Rights and What Should We Demand?

At this frightening stage that digital surveillance technologies have reached, the technical measures we take individually (strong passwords, updates) provide protection only up to a point.

https://paragraph.com/@bilisimsen/akilli-telefonlar-konusunca-rok-operasyonu-ve-dijital-mahremiyetin-sinirlari

We discussed this subject in detail in this article.

The real struggle must be carried out through legal and social demands. Citizens, civil society organizations, and bar associations must voice the following demands loudly:

What Should We Demand?

• The Uncompromising Application of CMK 134: The moment courts and law enforcement seize a device, they must extract the device's hash (digest) value at the scene and hand a copy over to the suspect. The excuse "we'll take it to the police station and examine it there" must be completely banned. No digital data whose image is not taken immediately should be accepted as evidence in court.
• A Transparency Report on Surveillance Tools: The relevant ministries and information technology institutions must make a public statement each year: Which password-cracking software has been purchased? How much money was paid from the budget for this software? How many people's phones were subjected to digital examination during the year? This data must be opened to oversight.
• The Banning of Military-Grade Spyware: The trade in, and use by law enforcement of, uncontrolled spyware that works with "zero-click" methods, such as Pegasus and Predator, must be declared completely illegal.
• An Independent Digital Oversight Mechanism: The digital examination laboratories of law enforcement must be regularly audited by an independent supervisory board composed of the Parliamentary Human Rights Commission, the Bar Associations, and independent cybersecurity experts. Whether the police are exceeding their authority must be examined by this board.

How Should We Voice Our Rights?

When you encounter a detention or search situation, knowing your legal rights is your greatest weapon:

1. Record Your Objection in the Report: If the image (copy) of your device is not taken before your eyes and its hash value is not given to you, be sure to have the annotation "The procedures of CMK 134 were not followed; evidence security has been violated" recorded in the report through your lawyer.
2. Use Your Right Not to Give Your Password: Remember, you cannot constitutionally be forced to hand over, of your own free will, evidence (your password) that would incriminate you. Even if law enforcement applies pressure, not giving your password is your legal right; if they have the technical means, they must try to examine it themselves.

Protecting our digital privacy is not just about keeping our personal messages hidden; it is about defending future free thought, the right to be a dissident, and democracy itself.