Technology Utilization In On-site Inspections – Example Of Turkish Competition Authority

1. Importance and Function of On-site Inspections in Competition Law

1.1- On-Site Inspections as A Last Way to Collect Evidence

In general, on-site inspections can be defined as searches conducted on the undertaking’s facility to gather any evidence for anti-competitive behaviours. On-site inspections have been an effective tool for competition authorities because traditional methods generally aren’t enough to detect evidence of collusive actions because of their secret nature. Mainly, the only way to reach success in investigations rests on circumstantial evidences, mostly gathered in on-site inspections.1

1.2- Most Common Type of Evidences Collected in On-Site Inspections

In on-site inspections, competition authorities collect all types of evidence. However, due to increasing digitalization in work system of undertakings, today most common type of evidences are digital ones. E-mails showing communications about collusive agreements between undertakings are key evidence.2 In addition to e-mails, we see authorities also inspect personal message applications like WhatsApp3 because those applications are the most common communication method in our age.

Digital evidences aren’t limited to communication applications. Today, an undertaking mostly has its corporate documents in digital areas; hence authorities also focus on digital data storage devices. Also, “cloud storage systems” are significant. Cloud storage is a part of cloud computing where data and files are stored online through a provider. Those data are accessible via public or -sometimes- private network connections.4 These systems become popular because they are cost-efficient. However, servers of these systems are generally in different countries and due to data transfer regulations and technicality of copying that data, these systems are harder to inspect for authorities.

2. Importance of Using Technological Devices in On-site Inspections

2.1- Amount of Data

In on-site inspections, the amount of data can exceed human-powered systems’ capacity because irrelevant data must be eliminated. As OECD states, relevant and accurate data are necessary for an efficient and beneficial inspection that will fulfil its purpose.5 Generally, authorities follow a way to copy data storage devices and inspect them in the Authority’s facility. Because of the amount of data that gets in inspection, authorities generally use eDiscovery tools to manage this amount of data, eliminating irrelevant ones.

2.2- Efficiency and Success of Inspection

Due to the amount of data obtained in inspections, time also has become an important issue. Like any judicial process, competition investigations must be conducted in a reasonable amount of time.6 In addition, technological devices or software can be more successful in inspection because of their abilities, like searching with concepts and categorizing information. Also, they become more intelligent using artificial intelligence and machine learning abilities.

2.3- Elimination of Human Error

The burden of inspecting a significant amount of data; lacking abilities in technological devices or software have, and conducting research with human capital sometimes can cause the omission of some relevant information. It’s quite possible that a human can miss out detailed information and -may affect the fate of the investigation in a negative way. However, software that is AI-powered and has the ability of machine learning advantages that conducts its research using the correlating concept with relevant information has less chance to miss out an information than a human.

3. Examples of Technologies Used in On-site Inspections from World

3.1- Natural Language Processing Systems

Natural Language Processing (NLP), offers significant knowledge derived from information sources to serve various analytical objectives, including explanation, categorization, data condensation, examination of subjects and sentiments, and others. NLP comprises statistical and linguistic analysis methods to generate a conceptual understanding of text, such as identifying named entities, phrases, and their connections. The output that the system will provide is valuable insight for authorities.7 They use this technique for automatically identifying and measuring similarities about documents obtained from different undertakings, checking the accuracy of text in extraction and even determining the possible impact of information got from the document, in a projection.8

3.2- eDiscovery Type of Software

Keyword searching is the most used method to analyse the data got in on-site inspection. In this process, authorities generally use developed forensic search software like EnCase and Nuix that can identify misspelled versions of the keywords and get comprehensive results, will increase their detection capability with self-learning algorithms.9 Also, this software can provide the ability to concept search to bring more comprehensive analysis that humans sometimes can’t think or miss out on.10 The concept searching system includes detecting synonyms and misspellings, identifying variations of keywords, and even detecting regularly communicated contact addresses.11 Also, this type of software can can detect encrypted information too.12 Generally, the NLP technique and eDiscovery tools are used together.

3.3- Hardware to Reach the Data

The critical component for hardware is reaching data with different input types.13 For example, a standard device for data collection called TX1 has SATA, USB 3.0, PCIe, FireWire, Ethernet and IDE connection points.14 Thanks to this, Authorities will quickly use all types of data storage, from flash drives to SSD, for inspection. Without such an ability, valuable data for investigations would’ve been missed. Another popular hardware device is Cellebrite, which is also used to retrieve deleted data. When deleting data is very common “escape way” in on-site inspections, it can be seen that it has an important function.

4. Türkiye Example

4.1- Inspection on Undertaking’s Access to Competitors’ Data/Systems

Turkish Competition Authority (TCA); conduct inspections on the undertaking’s IT system and security infrastructure, if necessary and in the scope of the case. In this inspection, TCA checks whether the undertaking has applied access/utilization restrictions against competing undertakings’ domain/IP range. In this process, inspections specially made on firewall, WAF, e-mail, log keeping and SIEM servers.15 With subtypes like WAF, Firewall can be considered a gated border that manages network web activity.16 SIEM is another security solution that shows log keeping, connection between activities and impacts.17 It can be said that using these systems for inspecting web activity of undertaking is a clever and efficient shortcut.

4.2- Hardware Systems to Collect Data

TCA also uses forensic software and hardware during on-site inspections to collect and analyze the data stored in a digital environment. TCA has published a guide that shows the procedure for the inspection of digital data.18 This procedure allows data to be copied and inspected in the undertaking’s facility. The competition enforcers use Cellebrite and XRY’s devices to collect data from the undertaking’s system and retrieve deleted data. This ability’s impact can be directly seen in cases.19

Cellebrite and XRY have various products primarily used for advanced logical data extraction. Advanced logical extraction is an extraction way enabling overcome complicated extractions by combining logical and file system extractions.20 Logical extractions involve using software to extract all data from a system; this data is then used to reconstruct the device’s state and the information it contains.21 Classical – file system extraction only extracts data. They don’t reconstruct the state of the device using software.22 Another way of data extraction involves physically accessing data storage devices. However, although this method can be used for devices with separable data containers, it cannot be used for mobile phone type of devices because the storage part is not removable without an invasive method.

XRY also have advanced systems that specialize in cloud storage systems. The system utilizes from tokens on mobile devices to facilitate app functionality, eliminating users’ need to input their login credentials repeatedly. It’s advantageous when seeking online content and application-related data for platforms like Google, iCloud, and WhatsApp. XRY can be employed in conjunction with the physical device or independently. It constitutes a distinct module within the XRY software suite.

4.3- eDiscovery Tools

TCA uses e-discovery tools in almost every on-site inspection examining digital environments. It uses this tool in data stored in hardware and communication applications like e-mail and WhatsApp. TCA generally uses built-in data detection systems like the “recover deleted items” feature in Microsoft Outlook. Experts of TCA also use their knowledge to manually inspect data to reach useful part.

TCA also uses Oxygen’s software for advanced eDiscovery inspection.23 Oxygen Corporate Explorer is designed for businesses and private entities, enabling efficient discovery of vital evidence through adaptable data retrieval from remote workstations, cloud platforms, and mobile/IoT devices. This advanced digital forensic tool simplifies automatic collection, thorough analysis, and versatile reporting, expediting investigative processes and even detect deleted data.24

Footnotes

1. Cruz, Axel Rupert M. “Competition Litigation: “Dawn Raids” and Administrative Searches and Seizure.” Ataneo Law Journal 61.491 (2016):492-553.

2. Ege Gübre Kararı – 07.02.2019 , 19-06/51-18 , https://www.rekabet.gov.tr/Karar?kararId=8ce10261-aaad-4c90-9b4c-381d9fa481fe , Access: 15.08.2023

3. Ortodonti Decision – 29.03.2018 ,18-09/157-77. https://www.rekabet.gov.tr/Karar?kararId=1dd166e7-fa79-4834-8ed8-3ef7f777974b , Access: 15.08.2023

4. What Is Cloud Storage? Amazon Web Services, https://aws.amazon.com/what-is/cloud-storage/?nc1=h_ls , Access: 08.08.2023

5. Volpin, Cristina and Ohno, Takuya, Digital Evidence Gathering in Cartel Investigations (September 2020). Available at SSRN: https://ssrn.com/abstract=3917878 or http://dx.doi.org/10.2139/ssrn.3917878 Access: 08.08.2023

6. TCC’s ruling on individual application of Ford Otomotiv Sanayi A.Ş. [GK], B. No: 2019/40991, 23/3/2023, https://kararlarbilgibankasi.anayasa.gov.tr/BB/2019/40991 , Access: 15.08.2023

7. Louisa Parks & Wim Peters (2023) Natural Language Processing in Mixed-methods Text Analysis: A Workflow Approach, International Journal of Social Research Methodology, 26:4, 377-389,

8. Thibault, Schrepel and Groza, Teodora, The Adoption of Computational Antitrust by Agencies: 2nd Annual Report (June 15, 2023). 3 StaSchrepelnford Computational Antitrust 55 (2023), Available at SSRN: https://ssrn.com/abstract=4476321 , Erişim Tarihi: 13.07.2023

9. Volpin and Ohno, s. 9

10. ibid

11. S. Ardiyok and B. Yüksel (2016), “The Use of Digital Evidence and Technological Tools in Competition Enforcement Actions and their Interference with Private and Privileged Information and Data Protection Rules”, https://www.mondaq.com/turkey/trade-regulation-practices/479716/the-use-of-digital-evidence-and-technological-tools-in-competition-enforcement-actions-and-their-interference-with-private-and-privileged-information-and-data-protection-rules. Access: 15.08.2023 ; Volpin and Ohno, s. 9

12. Volpin and Ohno, s. 9

13. Thibault and Groza

14. https://digitalintelligence.com/storeproducts/d6280 , Access: 15.08.2023

15. Thibault and Groza

16. https://www.kaspersky.com/resource-center/definitions/firewall , Access Date: 15.08.2023

17.https://www.microsoft.com/tr-tr/security/business/security-101/what-is-siem#:~:text=SIEM%2C%20bir%20kurumun%20siber%20g%C3%BCvenlik,ak%C4%B1%C5%9Flar%C4%B1n%C4%B1%20etkin%20bir%20%C5%9Fekilde%20kolayla%C5%9Ft%C4%B1r%C4%B1r , Access Date: 15.08.2023

18. https://www.rekabet.gov.tr/Dosya/kilavuzlar/yerinde-inceleme-kilavuz1-20201009091644514-pdf , Access Date: 15.08.2023

19. TMMOB Elektrik Müh. Odası Decision – 20.10.2022, 22-48/698-296, https://www.rekabet.gov.tr/tr/Kararlar?sayfaAdi=&YayinlanmaTarihi=&PdfText=&KararTuruID=&KararSayisi=22-48%2F698-296&KararTarihi= , Access: 15.08.2023

20. Due to being merged with another Corporation, Cellebrite’s website is currently unavailable however recent view can be reached by WebArchive: https://web.archive.org/web/20230206070433/https://cellebrite.com/en/glossary/advanced-logical-extraction-mobile-device-forensics/ ; https://www.msab.com/product/xry-extract/xry-logical/ , Access Date: 15.08.2023

21. ibid

22. https://web.archive.org/web/20230201022940/https://cellebrite.com/en/glossary/file-system-extraction-forensics/ ; https://www.msab.com/product/xry-extract/xry-logical/ , Access Date: 15.08.2023

23. Güven Grup Decision- 08.12.2022, 22-54/831-341, https://www.rekabet.gov.tr/Karar?kararId=4558f52a-f32a-470c-a47b-886a41fa32cc , Access Date: 15.08.2023

24. https://oxygenforensics.com/en/products/oxygen-corporate-explorer/ , Access Date: 15.08.2023

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

First published by Mondaq on 30 August 2023

Sosyal Medyada Paylaş:

Günay & Erdoğan Avukatlık Bürosu ismini veya yahut ekibimizin ismini kullanmak suretiyle farklı telefon numaraları üzerinden insanlara mesajlar gönderildiği, para talep edildiği ve insanların dolandırılmaya çalışıldığını öğrenmiş bulunmaktayız. Büromuzun söz konusu mesajlarda yer alan IFON HB veya bu anlamda başka herhangi bir oluşumla ilgisi bulunmadığı gibi mesaj ve link göndermek suretiyle ödeme talep etmek gibi bir uygulaması bulunmamaktadır. Bu kapsamda, söz konusu mesaj ve aramalara itibar etmemenizi bildirir, tarafımıza ulaştırılan numaralar hakkında yasal yollara başvurduğumuzu ve başvurmaya devam edeceğimizi ilan ederiz.