AC
Anasayfa Makaleler Evidence Law and Precedent Decisions

Is IP Address Alone Sufficient for Conviction? — Supreme Court Approach

15 Mart 2026 Evidence Law and Precedent Decisions 7 dk okuma 219 görüntülenme

One of the most frequently discussed issues in cybercrime trials; It is whether the person who is pointed out as the perpetrator of the crime based on the internet subscriber information (IP address) actually committed that act. In many cases, an indictment is prepared by determining only the IP address; The defendant says, "I didn't do it, others also use the home/office Wi-Fi." This article discusses the evidentiary value of the IP address within the framework of the established Supreme Court jurisprudence.

Reminder: This article is for informational purposes only. The following principles are given within the framework of general legislation and jurisprudence, and the conclusion specific to the concrete file is at the discretion of the judge; No definitive results are promised.

Legal Framework — CMK Article 217 and the "Defendant Benefits from Doubt" Principle

According to the provision of Article 217/2 of the Code of Criminal Procedure, "The charged crime can be proven with all kinds of evidence obtained in accordance with the law." At the same time, in accordance with CMK article 230, the court makes its decision based on conscientious opinion; However, this opinion must be based on concrete, solid and unquestionable evidence.

The principle of "the defendant benefits from the doubt" (in dubio pro reo) stated in the Constitution Article 38/4 and the Turkish Penal Code Article 5 is the fundamental principle of criminal procedure. Any reasonable suspicion that the crime has been committed must be evaluated in favor of the defendant. This principle is of decisive importance in files based on IP address.

Technical Fact of IP Address

The claim that an IP address indicates the "perpetrator" is often debatable due to the following technical facts:

  • Dynamic IP: Internet providers can assign the same IP to different subscribers at different times. The IP at the time of detection may belong to another user.
  • NAT (Network Address Translation): Thousands of users can be behind the same IP. Especially under CGNAT (Carrier-Grade NAT), IP alone without port information does not point to the concrete user.
  • Shared Wi-Fi: Family members, employees, customers, guests or unknown users whose passwords have been leaked can connect to the Wi-Fi network in places such as home, office, cafe, hotel, store.
  • VPN and Proxy: Common methods used by perpetrators to hide their real IPs; Even if the real perpetrator is in another country, a different IP may appear in the logs.
  • Cracking the Wi-Fi password: Unauthorized access to the network is possible with a weak password or WPS vulnerabilities.
  • Bots and malware: The victim's computer may be part of a botnet; The criminal act may be committed without the user's knowledge.

Settled Approach of the Supreme Court

Relevant chambers, especially the 8th Criminal Chamber of the Supreme Court of Appeals, and the General Criminal Assembly of the Supreme Court of Appeals have established consistent jurisprudence stating that the IP address alone is not sufficient for conviction. The basic principles of established jurisprudence that can be summarized:

  • The IP address only indicates internet subscriber information; It does not directly prove the identity of the concrete person who committed the criminal act.
  • The Internet subscriber and the actual user are not always the same person; They may be connected to the same network as family members, employees or guests of subscribers.
  • The possibility of the Wi-Fi network being used by others and the possibility of dynamic/shared IP should be taken into account.
  • IP detection for conviction must be supported by supporting evidence (device examination, digital trace, eyewitness, camera recording, payment record, seizure of criminal product, etc.).
  • The contradiction between the defendant's defense and the IP determination must be resolved with concrete side evidence.

Precedent Decisions (Reference)

The following decisions are examples of established practice that include decisions to overturn decisions due to the fact that IP alone cannot be considered sufficient for conviction or due to lack of supporting evidence. The decision principles are summarized in the voice of our office; For the full text, you can access the Supreme Court Decision Search (karararama.yargitay.gov.tr) or UYAP.

  • Supreme Court Criminal General Assembly - Condition for IP to be Supported by Strengthening Evidence: In the CGK decisions, it is emphasized that a conviction based solely on IP detection is against the principle of "the defendant gets the benefit of the doubt" and that additional evidence must be sought to connect the IP to the concrete user.
  • The 8th Criminal Chamber of the Supreme Court of Appeals - Child Pornography/Obscenity (TCK Article 226): The distinction between the IP subscription information and the real user must be established; When the defendant claims that his home/office IP is also used by others, there are reversal decisions stating that this possibility must be excluded with concrete evidence.
  • 16th Criminal Chamber of the Supreme Court of Appeals - Digital Evidence in Terrorism Accusations: There are evaluations that technical proof of whether the defendant actually accessed his account/device, IP matching alone is not considered sufficient.
  • Supreme Court of Appeals 12th Criminal Chamber - Banking Information Crimes: It is emphasized that it must be demonstrated with additional evidence (device forensic examination, bank log match, eyewitness, etc.) that the subscriber detected via IP is actually the user who committed the criminal act.
  • Constitutional Court Individual Application - Right to Fair Trial (AY Art. 36): Constitutional Court, conviction decisions based solely on IP; It has been determined in various individual application decisions that there is a violation of the right to a fair trial due to reasons such as insufficient justification, not providing the defense with an effective opportunity to object, or not evaluating expert reports even though they are contradictory.

Note: The above references are given to reflect the consistent practice of the Supreme Court. Since the fact pattern of each file is different, the application of decisions to the concrete event is specific to the file.

Strengthening Evidence the Court Expects to Seek

The Supreme Court generally expects one or more of the following evidence to be added to the IP determination:

  • Forensics examination of the defendant's device (PC, phone, tablet) and matching digital traces (browser history, cache, log files)
  • Witness statement, camera recording, card usage, door pass record showing that the defendant had actual access to the device on the date of the crime
  • Material evidence regarding criminal content (seized fake card, file, correspondence)
  • Match bank, crypto exchange or payment service provider records
  • Obtaining data that can be linked via username, e-mail or account information of the defendant
  • Evidence that excludes the defendant being elsewhere (alibi) at the time of the crime

Practical Considerations for Defense Strategy

Points to consider in terms of defense in files based on IP detection:

  • Wi-Fi password sharing: Detecting people accessing the network, such as households, employees, guests, former tenants.
  • Dynamic IP/CGNAT search: Requesting port information (NAT log) from the internet provider; IP detection alone may be insufficient.
  • Device computer forensics examination: If there is no trace of the crime on the defendant's device, IP matching alone can be considered weak evidence.
  • VPN/proxy claim: The defense that the perpetrator hid his real IP can be supported by a technical expert report.
  • Historical usage inquiry:The date and time of the crime and where the defendant was at that time must be documented (work record, health record, card pass, GSM base station).
  • Objection to expert report: A single expert report should not be relied upon; additional experts should be requested for contradictory/controversial results.

    • Which crimes are frequently encountered?

    • Insults, threats, sexual harassment on the Internet
    • Obscenity (TCK Article 226), child pornography
    • Entering the information system (TCK art.243)
    • Abuse of bank or credit card (TCK art.245)
    • Fraud (TCK art.158/1-f)
    • Illegal betting and gambling
    • Copyright violations
    • Terrorism-related sharing allegations

    Conclusion

    The established approach of the Turkish judiciary is that the IP address alone cannot be considered sufficient for conviction, and that it must be supported by strengthening digital and material evidence. In accordance with the principle of "the defendant gets the benefit of the doubt", acquittal or reversal decisions are frequently encountered, even if there is an IP match, if there is no other concrete evidence. However, since the concrete facts of the files are different, the result requires a unique evaluation for each file; The judge's discretion is decisive.

    Telif bildirimi This content and all related Q&A texts are protected under Turkish Copyright Law No. 5846. Unauthorized copying, reproduction, publication, adaptation, bulk extraction, or commercial use is prohibited; legal and criminal remedies are reserved in case of infringement.

    Hukuki destek arıyorsanız

    Bu konuda profesyonel hukuki destek için Aycan Ceylan Avukatlık Bürosu olarak yanınızdayız.

    Görüşme Planla