Systems Built on Trust
birbsophone
Introduction
Recently, another exploit was discovered on the Turkish government’s web-based platform “E-devlet”. On this platform is stored a high amount of personal data that belong to citizens living in Turkey, such as:
Their student certificate/student transcript
Criminal record
Name, surname, government ID, mother’s and father’s name
etc.
Unfortunately, this important data is not handled with care at all, and there’s been leaks in the past. In Turkey, as soon as you’re born, you’re already out in the open.
E-devlet, and the Digitalization of Turkey
There’s never been any true education about the dangers of the internet in Turkey. Although there are people that care about their privacy, because of their cluelessness, they don’t realize how they’re being violated out in the open. Be it Google’s doing, or the Turkish government.
This lack of awareness applies how everything digital in Turkey was implemented as well. From basic services such as Yemeksepeti (food delivery company with an app to order from various restaurants), leaking data when users input their addresses into the platform, to important data mentioned above. The country pretended to advance ahead into technology and practical systems, while all that was done was being reckless. And now, citizens pay for it. Meanwhile governments of Japan, Germany and such, were aware of the consequences and are still wary, using analog tech, or writing letters.
In Light of the Event
Now for the recent exploit that proves a system built on trust cannot and will not work (at least in Turkey).
Recently, there’s been discovered a forgery network that produces fake university diplomas, altering academic records that belong to others, making tampered driver’s licenses. It is suspected that the people behind this, infiltrated E-devlet. Some say that they bought into it. The most scandalous item was the stolen identities of lawyers who had died in a big earthquake that had happened in 2023. Or a drug dealer, becoming the chief superintendent in the narcotics bureau [1], using a fake electronic signature.
The Results of a Transparent Network
As seen in conclusion to this, it’s impossible for a trust-based system to last. It is bound to be abused no matter to what extent. It is why insecure e-signatures should not be used, why data transferred should be encrypted. Inaccessibility of personal data must be valued. Proper software has to be made, and audited.
Conclusion
There are an uncountable amount of holes in Turkey’s systems’ security, and I don’t believe that it can be fixed without starting over. I’ve heard of similar platforms in other countries, and I find that it has to be improved upon.