In an unexpected but significant development, the
investigations in the celebrated Shivani Bhatnagar murder case in Delhi has
now become a subject matter of interest to the Cyber Law and Cyber Crime
observers in India.
The investigations are now zeroing in its focus
on the way Electronic Evidence is handled in law and practice and irrespective
of the legal developments in the actual case, there will be several learning
points that would enlighten the Cyber Law community and the Cyber crime
investigators.
As per the recent
report in Hindustan Times, the Delhi Police were banking on the record of
Mobile Phone activities between the alleged conspirators to prove the
conspiracy. However it is now learnt that the mobile company has selectively
removed both the primary record and the backup records from its computers. The
Police are now left with only the print outs of the records obtained earlier.
It would be interesting to look at the implications of this development from
the angle of Cyber Evidence management.
The issues to be discussed here are
1. What provisions of Information technology Act-2000
(ITA-2000) apply to this incident?
2.What are the responsibilities of the Cell Phone operator in
preserving the mobile phone activity record?
3. How good is the Print outs presently available with the
Police for the purpose of the Court?
Applicability of Information Technology Act:
The first thought in many minds would be how ITA-2000
becomes relevant in a murder case. When ITA-2000 became a law and even after
two years since then, many legal professionals are still not convinced that
the law is relevant to them unless they are dealing with Computer Companies.
This case has highlighted how ITA-2000 has universal application and can be
invoked in a totally non Cyber Crime scenario.
In the present case, even though the offence is a "Murder"
the conspiracy involves exchange of conversations over the telephone. The
conversations are presently not available to the Police as records but the
mobile phone activity is captured in an electronic file at the mobile company
systems. These systems log the numbers called and the time and duration of the
call. Being electronic documents, they come under the definition of an
"Electronic record" as per section 2 (t) of the ITA-2000. These records are
therefore a subject matter of ITA-2000 and the consequential amendments made
to the Indian Evidence Act for acceptance of Cyber Evidence.
ITA-2000 therefore becomes applicable to determine not only
the acceptability of the electronic records in a court of law but also in
determining the liability of the intermediaries involved in handling this
Cyber evidence such as the mobile phone company.
Responsibilities of the Mobile Phone Company:
According to section 65 of the ITA-2000,
Whoever knowingly or intentionally conceals, destroys, or
alters or intentionally or knowingly causes another to conceal, destroy or
alter any computer source code used for a computer, computer programme,
computer system, or computer network, when the source code is required to be
kept or maintained by law for the time being in force, shall be punishable
with imprisonment up to 3 years or with fine that may extend up to Rs 2 lakh
rupees or with both.
Explanation: For the purpose of this section, "Computer
source code" means the listing of programmes, computer commands, design and
layout and programme analysis of computer resource in any form.
This section recognizes the importance of technical
intermediaries in Cyber Evidence usage by the law enforcement authorities and
defines their responsibilities. The provisions of this section would be
applicable to a network manager in a Company, the ISP or any other person or
organization who handle electronic documents.
The use of the word "Computer Source Code" has
unfortunately introduced an element of doubt on the applicability of this
section to all electronic documents as opposed to what are defined as
"Computer Source Codes".
The normal definition of a "Computer Source Code" is
restricted to the programme instructions and if the term is used in that
restrictive sense, the section cannot be applied to all electronic documents.
In such a case, one has to go back to the CrPC and the Indian Evidence Act to
determine the responsibilities of third parties who come to possess evidence
relevant to a criminal investigation.
However, a careful reading of the explanation under the
section extends the definition of the word Computer source code to "programme
analysis of computer resource in any form.". In the instant case, the call
management programme monitors the calls made from one mobile number and its
analysis is captured in the form of a statement. We can therefore conclude
that the call statement can be brought under the definition of "Computer
Source Code".
In view of the well developed meaning available to the word
"Source Code" in the IT industry, there will be some hesitation to extend its
definition to the outputs arising out of the programme functioning amongst the
computer specialists. However, considering the fact that ITA-2000 has also
re-defined the term "Hacking" as understood by the industry and given it a
legal meaning of its own (equivalent to "Cracking"), it is conceivable that
the ITA-2000 can also give an extended legal meaning to "Computer Source Code"
to cover the outputs of a programme.
There is therefore a strong case for invoking section 65 to
define the accountability of the mobile phone company for having knowingly and
intentionally destroyed evidence relevant to the investigations of a major
crime. The company is therefore liable under the section and its officials
will by virtue of section 85 of the ITA-2000 liable for imprisonment upto 3
years.
Obviously the defense will also draw attention to the fact
that the section applies only when the source code is required to be kept or
maintained by law for the time being in force and there appears to be no
specific laws applicable to the mobile phone records.
naavi.org has raised this issue several times in the past
in respect of e-mail records and urged for a suitable rule or notice to the
ISPs specifying the time for which various kinds of data has to be preserved.
Unfortunately no action has been taken in this regard which could be a
loophole that can be exploited by many.
In the instant case since the investigations are well
publicised and the Police have already obtained a print out of the
transactions, it may be concluded that there was sufficient notice to the
mobile company that the evidence was of legal importance and tampering with
them is an act of grave negligence bordering on "Co-Conspiracy" to destroy
incriminating evidence.
The Status of the Print Out:
In the absence of the electronic records which the Police
can still try to recover through forensic methods by seizing the computers and
analysing the erased data, the print outs with the Police become the primary
evidence for the Police.
According to the second schedule to the ITA-2000 which
amends section 65 of the Indian Evidence Act, 1872 and introduces a new
subsection 65 B, the print out can also be considered as an "Electronic
Document". However there are a series of certifications required to make this
print out acceptable as evidence in the court of law and it is most unlikely
that these formalities would have been completed at this stage. The Police
will therefore do well to cover up as much ground as possible in this
direction before it is too late.
Summary
To summarise, the mobile phone activity record maintained
by the Mobile Phone company qualifies to be called an "Electronic Document"
under ITA-2000 and tampering with this may constitute violation under Section
65 of the ITA-2000. Further the Police will have to work hard to make its
print out stick as evidence in the court of law.
