No government can do it as easy as Turkish government, in many of the countries they have laws and there are mechanisms to ensure they are followed - if not there are punishments. Turkey does not have laws as for 2022 (they only exists on paper and no one cares). If Turkey does this there won't be any punishment to itself for harming the CA company and any journalist reporting this incident will be thrown to jail, if not killed for exposing Turkish Intelligence secrets.

The probabilities talk. 0.00001% this is happening in Europe (which would ended up with punishment for liable parties) vs. >50% this is happening in Turkey (punishment of journalists for exposing this etc).

If a country is corrupt from top to bottom then it doesn't really matter what the laws are.

But in the US the same thing can happen completely legally, via a National Security Letter, with no real oversight or appeal. And much of Europe is starting to follow the same path.

Sure, Turkey is way more likely to do it than other countries, but it is done in various places and various ways - the US even has a default page for "this domain has been seized" and they've been known to run "illegal" domains for quite awhile collecting data.

Which is not the same thing with issuing rouge certificates to MitM you, especially for political purposes. For example, a winner of local best talent TV show (Atalay Demirci)'s Twitter account hacked and his messages published online and just because of his ordinary messages with a former Turkish deputy (Hakan Sukur), who is now in exile in the U.S. - he got jailed for political reasons.

So a rouge certificate for *.twitter.com can really ruin ordinary people life in Turkey. We are talking about a human life here.