The Electronic Evidence behind a Crime

by Ishika Garg

Whether Sections 65A and 65B of the Indian Evidence Act are sufficient in their working and meet their legislative purpose?


Introduction

The Cyberspace is a vast expanse of devices and information, time and again nations have tried to summarize the applicability of the Cyberspace into the realm of domestic legislations. One such legislation would be the Indian Evidence Act, 1872, in its scope of Sections 65A and 65B.

Electronic evidence covers aspects that are intertwined with one’s daily lives; however, presenting and proving such aspects as evidence is a strenuous task. Initially, one must follow a breadcrumb trail left behind by the perpetrator or the device’s configuration to reach the point where it originated. Following this, one must obtain a copy of the original form of evidence and a certificate attesting to its authenticity. If such a strenuous task works out and all the respective authorities align to provide sufficient information as needed, you must then undertake the difficult task that follows admissibility. The nature of electronic evidence is as such that with just a few doubts, one can bring into question the evidentiary value of the same.

One of the most significant issues that arise, before the evidence can even go beyond the stage of admissibility, is that of obtaining such evidence from its primary source, with a Certificate attesting to the same. The issue here lies with the nature of crime on the Internet. For instance, a person residing in Mumbai having internet protocol address (“IP Address”) 123XX, could mask such IP address through a Virtual Private Network (“VPN”) and appear as IP Address 456XX, based in the United States of America.

While electronic evidence under the Indian Evidence Act, 1872 is applicable in terms of its admissibility and evidentiary value, for this Research Paper, we will only examine its requirements in terms of admissibility.

Admissibility of Electronic Evidence

Following the Information Technology Act, 2000 (“the IT Act”), the Indian Evidence Act, 1872 (“the IEA”) was amended to include Electronic Evidence as under Sections 65A and 65B.

Sections 65A and 65B of the IEA, deal with the admissibility of Electronic Evidence in Court. As per Section 65A, electronic records may be proved in accordance with Section 65B. At the same time, Section 65B stipulates that contents of electronic evidence may be established either as primary evidence, in the form of the original computer resource, or as secondary evidence, in accordance with the provisions of Section 65B.

Due to the nature of the original computer resources that tend to store such data, it usually becomes challenging to produce the original device in Court. Therefore, Section 65B becomes all the more important in its guidelines on secondary electronic evidence. Section 65B begins with a non-obstante clause, overriding the effects of any other legal provisions in the IEA. Section 65B(2) ascertains the conditions that must be met in order to produce secondary electronic evidence to the Court. Section 65B(4) mentions a certification standard that must be met in order to produce electronic evidence, albeit the standard is low in terms of admissibility and questions may be brought upon such standard following admissibility. [1]

Requirements as under Section 65B(2) of the IEA are that the computer from which information was used to store or process information with respect to the activity regularly carried out into the computer in the ordinary course of the activities of the person having lawful control over the computer; the computer was operating properly, and if not, was not such as to effect the electronic record or its accuracy; information reproduced is such as fed into the computer in the ordinary course of nature. [2]

In the case of Navjot Sandhu[3], the Supreme Court held that since the servers on which call records were maintained were huge and cannot be produced physically in Court, Section 63 and 65 of the IEA, permit secondary evidence to be led, through copies made from the original by mechanical processes which ensure accuracy. Taking note of 65B, it was held that there was “no bar to adducing secondary evidence under the other provisions of the Evidence Act, namely sections 63 and 65”.[4]

However, the case was overruled by Anvar v. Basheer,[5] where the Supreme Court held while applying the principle of generalia specialibus non-derogant, that to lead oral evidence on the electronic record as secondary evidence, compliance with section 65B is required. A certificate under Section 65B must identify electronic record containing statement; describe the manner in which it was produced; furnish particulars of device involved in the production of record; must deal with applicable conditions under Section 65B(2); signed by a person occupying a reasonable official position in relation to the operation of the relevant device. 

The Cyber Space

When the Internet began to grow across the world and became about user-based, John Perry Barlow made a declaration on the independence of the Cyberspace. He stated “…. Governments derive their just powers from the consent of the governed. You have neither solicited nor received ours. We did not invite you. You do not know us, nor do you know our world. Cyberspace does not lie within your borders. Do not think that you can build it, as though it were a public construction project. You cannot. It is an act of nature, and it grows itself through our collective actions. Your legal concepts of property, expression, identity, movement, and context do not apply to us. They are all based on matter, and there is no matter here….” [6]

The transnational nature of the Internet influenced this declaration. The Internet has functions that span across the globe; this declaration goes a long way in showing how complex and vast the nature of the Internet is. It is influenced by a libertarian idea of self-governance of the Internet. It is believed that due to the complexities and the fact that the Internet stretches beyond political and geographical boundaries, it can never be effectively governed by an individual nation.

The declaration for the independence of the Cyberspace is one of the most compelling examples of the vast nature of the Internet. In 2020, over 40 per cent in the world[7] and over 69 million[8] people in India use the Internet.

As of now, there is no uniform governing body of the Internet. Each respective nation has attempted to confine cyber activities within the scope of its domestic laws, such as the IT Act in India. However, these laws either have extremely poor construction due to lack of knowledge or have issues with implementation due to the transnational existence of the Internet. 

The most peculiar feature of Cyber-crimes is the trail left behind by them. This trail is vastly expansive and stretches across the boundaries of specific nations whether these are DDoS attacks committed on a particular server or someone stealing money from a Mobile wallet.

Firstly, such a trail can be easily masked through VPNs. Secondly, these breadcrumb trails require a form of expertise and efficiency, that must be inculcated into the Indian Legal System. It is also imperative to note that crimes committed through the use of the Internet are not restricted to the Internet itself.

To extrapolate, let us consider a hypothetical situation. Suppose a man residing in India, sends an e-mail to a person also residing in India, stating ‘I know you’ll be at the General Body Meeting of XYZ tomorrow, I’ll be coming to kill you with a new gun I have bought.’ This e-mail was sent from an e-mail address ABCD@yahoo.co.uk. Such a message would then constitute a crime as under the Indian Penal Code Sections 503, 354D, inter alia.

Now, the Court requires either primary or secondary evidence in accordance with sections 65B and 65C of the IEA. In order to prove that the e-mail came from the device belonging to the perpetrator, the authorities must now present secondary evidence from the e-mail server, where the IP address of the mail in question was logged. Herein comes up the catch existing within electronic evidence and the Cyberspace. The e-mail was sent from an account registered to yahoo.co.uk, the server in question is, therefore, is the Yahoo UK server.

Such small things have detrimental effects on cases. The e-mail being the only thing the case rests upon is, therefore, not backed up by secondary evidence either. This will lead to an immediate dismissal of the case because the prosecution does not have any admissible evidence against the accused. 

Another similar situation in terms of electronic evidence may arise out of the Cloud. For instance, when it comes to cloud computing, data may be stored in multiple locations, and this makes for a logistical disaster. [9]

Possible Remedies

There are two perspectives that such a situation may be looked at from, an international perspective and a domestic perspective.

In the domestic perspective, one must first look at Sections 65A and 65B of the IEA. The apparent Legislative intent behind these provisions was to enable the production of printouts or copies of electronic records, instead of the originals, which are only in electric form, as production of originals may be difficult or impossible and therefore cannot be produced before the Courts for verification. However, attempting to ensure the authenticity and integrity of these copies, extensive procedures have been put in place which seem to negate the purpose for which these provisions were enacted.[10] This calls for an immediate need for Legislative Action and Judicial Practice Directions in terms of Electronic Evidence.

However, for the present time, the Supreme Court’s practice guidelines in the Anvar v. Basheer case may be affected. The Supreme court has given four simplified pre-requisites as under Section 56B(2), namely “ (i) the electronic record containing information should have been produced by the computer during the period over which the same was used regularly to store or process information for the purposes of any activity regularly carried out over that period by the person having lawful control over the use of that computer; (ii) the information of the kind contained in electronic record or of the kind from which information is derive was regularly fed into the computer…;”. These pre-requisites along with five components for Section 56B(4) listed in the judgement, provide for a method of practice in lieu of an efficient redressal mechanism.

The international perspective would be the ideal remedy, as it would allow India and other such nations to effectively implement their domestic laws. The international remedy calls for a multi-stakeholder model of governance, where each respective nation understands that they have a stake in the matter and hand and provide cooperation in terms of effective coordination. While the nation state today is trying to reach out and negotiate through bi-lateral talks, such a bilateral method is insufficient. The speed of execution of cyber-crimes and the nature of electronic evidence needs a robust mechanism for international cooperation. Mere dialogues and cooperation will not suffice. [11]

One more adverse remedy as proposed by stakeholders in the Cyberspace is that of a self-governed cyberspace, though that may be a distant reality in terms of both technological and political efforts.

Conclusion

The intrinsic nature of the Internet is such that it creates issues as discussed above. However, with the widespread use of the Internet today, it becomes especially important to have effective legislations and rules governing such issues.

Even though the Legislative bodies try to enact laws to combat such issues, it doesn’t always work as effectively as hoped. This is so because of a lack of expertise, experience, and data on the Internet and its applicability to the legal sphere. 

The Indian Evidence Act sets up an impossible standard for simply admissibility of electronic evidence in the first place. With each passing day, more such cases could be denied justice due to a lack of effective systems and coordination amongst authorities.


[1] N.S. Nappinai, Technology Laws Decoded, 560-66 (1st ed 2017).

[2] The Indian Evidence Act, 1872, Section 65B(2).

[3] State of NCT v Navjot Sandhu (2005) 11 SCC 200.

[4] Ibid.

[5] Anvar v. P.K. Basheer (2014) 10 SCC 473.

[6] Barlow, J.P. (1996), A Declaration of the Independence of Cyberspace, https://projects.eff.org/~barlow/Declaration-Final.html (last visited Dec 9, 2020).

[7] Internet Live Statistics, https://www.internetlivestats.com/internet-users/ (last visited Dec 9, 2020).

[8] Total internet users in India, Statista, https://www.statista.com/statistics/255146/number-of-internet-users-in-india/ (last visited Dec 9, 2020).

[9] N.S. Nappinai, Technology Laws Decoded, 77-78 (1st ed 2017).

[10] N.S. Nappinai, Technology Laws Decoded, 573-74 (1st ed 2017).

[11] N.S. Nappinai, Technology Laws Decoded, 22-23(1st ed 2017).

About the Author

Ishika Garg is pursuing Law from O. P. Jindal Global University. She is also an in-house researcher and editor with The Digital Future.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s