Header image alt text

Naavi.org

Building a Responsible Cyber Society…Since 1998

Bhasmasura Syndrome grips Bitcoin supporters

Posted by Vijayashankar Na on July 27, 2017
Posted in Cyber Law  | 1 Comment

Bitcoin is now at cross roads. Which direction it may take globally is not clear. Indian regulators should consider themselves fortunate that they have not yet committed themselves to issuing of their guidelines despite pressure from different directions.

Currently the Bitcoin price has fallen from around Rs 210000/- to around Rs 162000/-.

One of the respected investors Mr Howard Marks has stated 

“In my view, digital currencies are nothing but an unfounded fad (or perhaps even a pyramid scheme), based on a willingness to ascribe value to something that has little or none beyond what people will pay for it,”

Simultaneously, a Bitcon laundering ring has been busted and a Russian (Alexander Vinnick)  has been arrested in Greece for being a suspected master mind behind a $4 Billion bitcoin laundering ring.

In the midst of these developments, the Bitcoin Improvement Proposal which was a proposal to make some code changes because the block chain storage capacity was getting congested. Over 93.8% of the Bitcoin nodes supported a modification of the code which will be implemented from 1st August 2017.

This will mean that a majority of the current nodes will upgrade themselves to the new protocol. However some will not. This will create two block chain forks to come into existence. The new block is referred to as “Bitcoin Cash”.

The creation of a new forked block chain which is referred to as a “Hard Fork” will mean that those who donot update to the new protocol will continue to be working on the old Blockchain fork. This could also create some transactions which may continue as a second version of the Bitcoin and there could be two market rates in the exchange. To avoid problems holders may sell out their bitcoin holdings and convert them into other AltCoins as soon as possible. However many Bitcoin holders have been defrauded recently in their transactions and hence there is lot of confusion in the holders about what action to take  while the conversion of Bitcoin to Bitcoin+Bitcoin Cash may happen on August 1st. Probably they need to rely on their exchanges to give out a solution. But it is clear that many may face problems and we will have lot of complaints surfacing after August 1st from those investors who were risking their hard earned money in Bitcoin as an investment proposition.

In the meantime there is another news item today that Karnataka Government is separately considering issuing some guidelines on Crypto Currencies. (Refer report here).

It is stated that the Government will host a seminar towards the end of August to discuss the issue with stake holders.

According to the minister  “”The seminar will give a perspective on whether Bitcoin should be used as a digital currency or as a securities or commodities”. He also said  “We will also see whether the platform of blockchain, which boosts efficiency in government administrations, can be used. Based on the inputs we receive from the stakeholders, we may consider a policy.”

In the past there have been several instances when Karnataka Government has taken decisions on Cyber Law which are ultra vires the Information Technology Act 2000.

Legislation on Crypto Currency is not in the domain of the State laws and hence it would be better if the State Government refrains from doing anything which is ultra vires the powers of the State Government at the behest of the Bitcoin Exchanges.

I would like to caution the Government that giving any kind of acceptance space to Bitcoin is harmful to the society. I am aware that many technologists are strongly supporting Bitcoins as well as the Block Chain technology. In my opinion this is representative of their myopic view that technology and innovation are welcome unmindful of its adverse impact on the society. If the Government falls prey to the PR efforts of the Bitcoin Exchanges, they will be damaging the economic framework and destroy the society.

This tendency to adopt measures which look attractive at first glance but could lead to self destruction is what I call  “Bhasmasure Syndrome” of creating a monster and later running to save our skin. People who advocate “Disruption” through “Innovation” should remember that disruption is welcome as long as there is no destruction. Otherwise it will be like the legendary story of Lord Eshwara giving a boon to Bhasmasura that if he places his hands on the head of any person, he would be burnt…. only to find that he wants to test it on Lord Eshwara himself.

I hope Karnataka Government does not invite problem by creating a Bhasmasura called Bitcoins.

Naavi

Print Friendly

Times of India carried a report today headlined ‘Banks lost Rs 88553 an hour to Cybercrime in last 3 years”. According to the report, the total money lost from April 1, 2014 to June 30, 2017 due to Cyber Crime was Rs 252 crores.

Data computed from the reports made to RBI has reportedly indicated that nearly 40 cases of cybercrime costing Rs 21.24 lakh a day on an average has occurred in India. This is the data of 102 banks of all categories obtained from the Reserve Bank of India. In all, 46,612 cases were reported in the said period.

We have always disbelieved the statistics reported by the Banks to the RBI since Banks for a large part have disowned frauds and always blamed the customers for parting with the credentials for a phishing attack and declined to register customer complaints as “Bank frauds” and report it to RBI.

Hence we consider that the above statistics only includes the losses that the Banks have not been able to push off to the shoulders of the customers since they were frauds involving ATM where no customer might have been targeted or where the frauds were due to reasons which directly indicted the fraud within the Banking system.

The actual frauds and the loss that the customers have suffered would be much more than the amount which the article mentions.

They need protection and it is heartening to take note that there is some thinking int he Government to consider mandatory Cyber Insurance at least to some categories of customers as Naavi has been suggesting for a long time provided the unwilling Bankers can be tamed.

What is surprising is that Banks continue to suffer because they have been grossly negligent on the security measures that have been mandated on them by RBI. Hence there is no need to be sympathetic to the losses suffered by the Banks. It is a their own creation.

Just to give an example, we can look at the cloned cards that have been used to withdraw money from the ATMs. What prevents the banks from having active CCTV cameras and using face recognition as additional authentication to allow a transaction and disable the transaction if CCTV and face recognition is not functioning?… Is it cost?…then let them spend Rs 88553 per hour in the future also… It is for the share holders of the Banks to question the Banks about the loss caused by the negligence of their CEO.

Most of the Banks are yet to implement the RBI instructions on the July 7 circular on “Limited Liability for Frauds”. ..Probably they are building a case for some kind of sympathy through articles such as these.

Customers have been fleeced by these Banks in the form of increased cost of E-Banking and Banks have collected enormous money directly in the form of service charges without being able to improve security.

In this respect Banks have become like politicians who keep on raising taxes and fill up the coffers of the Government only to increase the salaries of MPs, MLAs and Government employees while all the services are being implemented on “Toll charge basis”.

Why should there be a Government and Taxation system if the taxes are not being made available except to pay the Government employees and politicians? … is a question all honest citizens often ask. Now, a similar question can be asked for Banks. It is necessary for Banks to account for all the increase in service charges they have made since last one or two years and provide an account of how the increased revenue has been used.

I urge RBI to audit the increases in service charges made by Banks in the last three years and how the revenue has been deployed to improve security of transactions.

Naavi

 

 

Print Friendly

This is to ensure that we donot mis-interpret the judgement in the Sonu@Anvar Vs State of Haryana going only by the discussions on legal issues that the Judge has added in the Judgement before arriving at the final judgement.

My first reactions on the Sonu@Anvar case was based on the article titled : Evidence Law; Sonu @ Amar Vs. State of Haryana [Supreme Court of India, 18-07-2017], Published by Legal India on July 18, 2017.

It went on to present an abstract stating: Evidence Act, 1872 – S. 65B (4) – Interpretation of – Certificate for Proving Electronic Records – Criminal cases decided on the basis of electronic records adduced in evidence without certification have to be revisited as and when objections are taken by the accused at the appellate stage.

The report prominently highlighted the quotes from the judgement “…There is no doubt that the judgment of this Court in Anvar’s case has to be retrospective in operation unless the judicial tool of ‘prospective “overruling’ is applied.

The Social Media immediately picked up this lead and spread the words that old judgements delivered by the Courts between 04.08.2005 and 18.09.2014 (Between the Afsan Guru Judgement and basheer Judgement) need to be revisited because of the Sonu@Anvar judgement.

We consider that this view is misplaced.

We need to observe that the Sonu@Anvar judgement has also stated  “retrospective application of the judgment is not in the interests of administration of justice as it would necessitate the reopening of a large number of criminal cases

Hence it went on to dismiss the appeal.

It appears that many have read this judgement ignoring that the Court rejected the appeal and did not agree for whatever was the reason that there is a need to revisit cases where Section 65B certificate was not submitted and evidence was accepted by the Courts.

Many WhatsApp sharing messages highlighted the view that all old cases should be “re-visited” according to the Court. This is not the correct inference that we should derive.

Secondly, the Sonu@Anvar Judgement gives an impression that law on Section 65B was created by the Afsan Guru judgement and changed by the Basheer Judgement. This is not entirely correct.

Law was created with ITA 2000 and Supreme Court interpreted in one manner in the Afsan Guru case and corrected it in the Basheer case….It is only the Cyber Jurisprudence that is developing…

Judgements can change law where the the judgement adds or delets to the law as written… When it is only a realization and interpretation of law as it is, we need not treat as if law came into existence only because of the judgements….

Afsan Guru judgement did not create the Section 65B certification hence it is not only the cases between the two judgements that the Sonu@Anvar judgement should debate revisiting, but all bad judgements since 17th October 2000 where Courts have ignored presentation of Sec 65B certification. This view would have created more problems than it could solve. 

Now Sonu@Anvar judgement follows the Basheer judgement but only says that it would be impractical and hence un necessary to give it a retrospective effect and revise the earlier judgement of the High Court on which the appeal was made.

We agree that it would have created a chaos if a decision had been taken to re-visit earlier cases on this ground though we regret that the Courts were not interpreting the law properly at that time. This is one of those exceptional cases where the Courts erred and the error cannot be easily corrected by a general order to annul the earlier judgement.

Though the Court under a similar argument where the legislators were not clear in wording Section 66A, slapped the legislators and scrapped the section,  we cannot slap the Courts for their ignorant interpretation of Section 65B in the past and argue for scrapping all the old judgements. We have to let it pass.

I am however sure that in deserving cases where the evidence has been tampered with and Courts went on to base their judgements on “tampered uncertified electronic evidence“, it should be possible to challenge the judgement.

The cause of action for seeking such review may not be primarily for the technical reason that the evidence was not certified, but for the reason that the genuiniity of the evidence is questioned.

Naavi

Print Friendly

It was way back on 17th October 2000 that ITA 2000 was notified and long with it the Indian Evidence Act 1872 got amended with several new sections being added to address the issue of Electronic Evidence. One such issue was the “Admissibility of Electronic Evidence” for which certain procedure was introduced under Section 65B, a new section that was introduced into the Act along with Section 65A,

Since then there has been lot of confusion in the traditional legal circles as well as the Judiciary on how the section should be applied in actual practice.

The First Case where Section 65B certificate was used

The undersigned was the first person in India to have submitted a Section 65B evidence in a Court which was admitted and used to convict the accused to a sentence of 5 years. It was the case of The Government of Tamil nadu Vs Suhas Katti in the AMM Court, Egmore, Chennai which was decided in 2004. (Refer www.ceac.in for more information and copy of the judgement).

The essence of the case was that an offence had been committed by the accused in the form of publishing of an electronic document on groups.yahoo.com. A message appeared there which was posted by the accused and involved some content which could be considered as “obscene” under Section 67 of ITA 2000. However there was no way we could have sent a police party to  USA, and seize the electronic evidence in the form of the hard disk in the possession of  Yahoo. But it was not necessary since Section 65B was available for us and a Print out of what was seen by me sitting in Chennai could be considered “also as a document” without the need for production of the “Original”. The Judge therefore continued the trial with a print out certified by me and pronounced the judgement. The defense raised the issue that I was not a Government appointed expert but the Court felt that that was not necessary.  These were all very important judicial principles that the Judge of this Court actually enunciated though he was an unsung hero and no body praised him for his vision. (I hope some body traces this Judge and honours him even now).

Many judges even today call that hard disk in the yahoo server as the “Original Evidence” and anything else including a print out as “Secondary” evidence. This is the first myth that we need to break. In electronic documents there is no “original” electronic document that can be brought into the Court and handed over to the Judge. Only a “Container” can be handed over.

Secondly, many legal experts including some judges consider that if a Section 65B certificate is required to be submitted for an electronic document that is lying in the yahoo server, it has to be signed by the administrator of Yahoo. This is the second myth we need to break. Section 65B certificate is a certificate provide by an observer of an electronic document that he “experienced” the effect f the electronic document and affirms it through the certificate and the attached set of documents in print or electronic copies.

I have explained this a number of times but still it is necessary to repeat it if required.

Now even after the law came into being in 2000 and the Suhas katti judgemment came in 2004, being a judgement of a small Court lawyers failed to recognize the meaning of the judgement and the explanations that we have been giving ever since including the books that I have authored.

Section 65B under Supreme Court Radar

When the Supreme Court first addressed the issue in the Afzan Guru case, (Navjot Sandhu @Afzan Guru judgement dated 4/8/2005) some people took note since it was the decision of the Supreme Court. In this case the debate was that when the person who could have provided the Section 65B certificate himself is present in the Court and deposes on the electronic document, then there is no need for Section 65B certificate. Hence some of the CDs produced in that case which were also affirmed by the witnesses were accepted as evidence and the decision was taken.

Then came the celebrated three member judgement in the case of Anvar P.V. Vs P.K. Basheer (discussed in detail at Naavi.org) declared that the Afzan Guru judgement was wrong and it is mandatory that Section 65B certificate has to be produced for admissibility of all Electronic Evidences.

Subsequently a notification was issued by the Government under Section 79A regarding possible notification of agencies as “Digital Evidence Examiners” which created further confusion in the legal circles. Again Naavi.org explained its views in several articles to explain the role of Digital Evidence Examiners and how this is different from the Section 65B certificates provided at the time of admissibility. (see articles :The Role of “Notified Digital Evidence Examiners” and Clarification on Section 65B… Who should sign the Certificate? ,  More Clarification on Section 65B Certification… For Forensic Labs)

In all these discussions including after the Basheer case judgement, the classification of evidence as  “Primary”and “Secondary” continued to prevail and cloud the decisions of the legal fraternity.

We have repeatedly held that in the case of Electronic Documents, the discussion of Primary and Secondary is superfluous and will lead to contradictions. Unlike the views of many in the legal circles and Judicial circles, a “Hard Disk” seized from a computer is not a “Primary” document and it is only a “Container” of an electronic documents. Similarly, even the CD is not a “Primary Electronic Document” but only a “Container of Electronic Document”.

A Container of electronic document contains many electronic documents and just as Police may seize a box from an accused house that contains say some tools of crime along with other things, a CD or a hard disk is a “Bx of electronic documents” and one or more of them is what we recognize as “Evidence” that is required for judicial examination.

Now in the case of Suhas Katti such an electronic document was one of the messages appearing on groups.yahoo.com amidst lakhs of other messages. This message appeared to a viewer as “Text” and the meaning assigned to the “Text” leads us to the conclusion that it is “Obscene” or “Defamatory” etc. That is, the viewer “Experiences” a text document which is rendered before him in a browser application running on windows operating system.

If the document was an image we would have seen an image. if it was an audio, we would have heard it.

The computer monitor is the device which makes the human being read a text document, a speaker gives out the sound that a human being hears and the combination of the monitor and speaker gives an experience of the video.

Though the experiences are different, behind the experience, the electronic document is a “String of binary characters” and nothing else. Hence all electronic documents are “Binary Documents”.

On the hard disk they may appear as magnetic orientations of individual cells. In the CD they may appear as depressions and flat surfaces (Pits and lands).

The electronic document is always an “Experience” of an observer when he renders the binary expression using one or more devices which we call computers, operating systems, applications, monitors, speakers etc.

It is this experience which the Judge wants the Section 65B certifier to bring to the attention of the Court with his confirmation that the experience is “reliable” and a judicial verdict can be based on it. Without such a certificate the judge cannot see the electronic document and if he views it on a computer then it will be his experience that becomes an evidence and the Judge himself becomes a witness. .

It is for this reason that Section 65B expects that some human being who can be relied upon should say that “When I opened this document using a certain process, this is what I saw or heard”… . Such a certifier is the person who experiences the certificate and it is not always necessary for the admin of the hosting company to provide the certificate.

Such a certification is mandatory and has been mandatory since 17th October 2000 and not just because the Supreme Court pronounced its judgement in the Basheer case.

Sonu@Anvar Case

If we look at Sonu@Anvar appeal in the Supreme Court, the argument was that the electronic document relied upon were not certified under Section 65B and hence were invalid technically. The appellant therefore sought that his conviction for abduction and murder should be set aside.

There is no doubt that the Supreme Court went into a detailed debate on  what happens when an evidence is technically imperfect and a decision has already been arrived at etc.

But what we need to take note is that this judgement has graciously acknowledged that some times the superior Court cannot go back in time and correct things and has to take a view on the issue within the limitations that are presented. For example if an innocent has been sentenced and later he is to be released, we can regret the effect of wrongful confinement but the Court cannot return the lost time.

The Court therefore finally decided that the appeal has to be rejected and in turn implied that at the appeal stage it is not necessary to re-open past cases where there has been no Section 65B certificate.

This does not mean that in future Court would show a similar concession if the Certificate is not obtained.

Hence the legal community should not now jump to either conclude that they can file uncertified documents and seek pardon later or start filing appeals for reversing earlier convictions where electronic evidence has not been properly certified under Section 65B.

The Court  may however be  under liberty to question the genuinity of any document in the interest of proper justice to be done if evidences have been manipulated and such manipulated evidence has been used to arrive at wrong judgements in the lower Court.

The Basheer judgement therefore was not recommended to be applied retrospectively  though the first press reports as it normally happens were focussed more on the lines of thoughts discussed by the Judges in the judgement and gave an impression as if all the previous cases involving uncertified electronic documents would be annulled.

Fortunately, no such thing is happening though in future Courts will not take it kindly if the Certificate is omitted.

This,  is the lesson we need to draw from this Sonu@Anvar judgement. It does not condone non submission of certificate nor reverses the earlier Anvar Vs Basheer judgement nor calls for a review of all earlier cases. It upholds the earlier judgement unequivocally and for practical reasons applies it only in futuristic sense.

It is also to be noted that in the case of Section 65B, it is not a law created by the judgement of either Afsan Guru case or the Basheer case or this new Sonu@Anvar case. The law was created with the notification of ITA 2000 and all the Courts are only trying to understand and give their views when there is a need to apply it in any specific judgement.

If people think that law is only when it is expressed by the Supreme Court, they can wait for every aspect of opinion expressed above to be brought out in some judgement in future. I am sure it will happen but it will happen in bits and pieces and will take a long time. In the meantime we may come to wrong inferences which we should avoid if possible.

I am sure that the debate may still continue… I invite comments on the above and would be glad to clarify.

Naavi

 

 

Print Friendly

In the recent days, we have heard of many instances when CCTV footages have gone missing in important Criminal investigations. This will frustrate the investigations and completely destroy the case.

Deletion of CCTV footages have been alleged in the case of the complaint filed by a Police officer, in Karnataka against the privileged treatment meted out to some inmates of the Parappana Agrahara jail in Bangalore.

Though many of the CCTV footages are circulating in the media, the persons who were supposed to have collected and preserved it appear to have lost it.

Similarly, in the Sunanda Pushkar’s Case, the management of Leela Palace hotel apparently switched off the CCTVs just prior to the alleged murder (could be an excuse also) and the footages which should have showed who visited her earlier have been deleted. Additionally the mobile and the laptop also seems to have been cleaned out of any incriminating information.

Similarly in the case of the unnatural death of an IAS officer Mr D.K.Ravi, again in Karnataka, Police took custody of a storage device from a CCTV camera from the residence of the officer and returned it after two days saying that the tapes had no recording.

In all these cases, it is doubtful if the Courts would be naive enough to believe that the CCTVs were smart enough to have stopped working or go silent at the precise time when they could have provided evidence of what could be a murder or a high profile offence.

The persons responsible in all the three cases mentioned above are none other than the Police officers or Jail authorities who are supposed to know law and uphold it rather than being ignorant computer operators who did not know what they were deleting.

It is important to note that Information Technology Act 2000 (ITA 2000) had actually identified such possibilities and included Section 65 precisely for this purpose.

Section 65 of ITA 2000/8 states:

Whoever knowingly or intentionally conceals, destroys or alters or intentionally or knowingly causes another to conceal, destroy or alter any computer source code used for a computer, computer programme, computer system or computer network,

when the computer source code is required to be kept or maintained by law for the time being in force,

shall be punishable with imprisonment up to three years, or with fine which may extend up to two lakh rupees, or with both.

Explanation –

For the purposes of this section, “Computer Source Code” means the listing of programmes, Computer Commands, Design and layout and programme analysis of computer resource in any form.

I am aware that some observers of Cyber Law might not have observed this possibility that Section 65 can be used for deletion of evidence.

They may hold a view that Section 65 is not applicable in the case of CCTV footage either because CCTV footage is not “Computer Source Code” or that the footage was not “required to be maintained under law for the time being”.

But a “Techno Legal Interpretation” of Section 65 indicates that Section 65 can be applied to such cases for the following reasons.

  1. It is not difficult to accept that the CCTV recording (assuming that it was present at one point of time and vanished later) was an electronic document that was deleted.

This electronic document was recognized as evidence in a potential criminal offence and hence should have been treated as “Evidence” that should have been retained and submitted to the Court or the investigating officer.

It’s deletion was therefore a contravention of both Section 65 of ITA 2000/8 and also Section 204 of IPC.

For applying Section 204, it is enough if the deleted electronic document was an “Evidence” .

For the deletion to be covered under Section 65, we may also have to examine if the electronic document can be considered as a “Computer Source Code” as defined under this section.

2. Generally, the word “Computer Source Code” is understood as

“any binary string which triggers a computing device to alter its state of activity”

In this incident, the binary code which human beings may call as “Video Recording” is read by a computer, which human beings may call as a “Video Player” and the computer later instructs the screen to show some pixel transformations that human beings may call as a “Display of video”.

The video recording therefore is nothing but a “Computer Source Code which Section 65 has referred to.

It is therefore clear that deletion of CCTV footage is a punishable offence under Section  204 of IPC (Punishable with 2 years imprisonment) and under Section 65 of ITA 2000/8 (punishable with 3 years of imprisonment).

Additionally the action may also invoke Section 43(i) and 43 (j) of ITA 2008 which provides for civil damage to be claimed by any person who suffers a damage as a result of such action. Since Section 43 is linked to Section 66, the action would also become a criminal offence for which the punishment is imprisonment of upto 3 years.

Both Section 65 and 66 are cognizable offences though are bailable.

If the deletion has been done by the computer operator under the instructions of his bosses or political directions, the persons who gave such instructions would become “accomplices”.

In the event the affected Police Officer in the case of the Parappana Agrahara incident is eventually suspended or dismissed from service etc and there by suffers a financial loss resulting out of the deletion of the CCTV footage, the affected person can invoke Adjudication (followed by appeal in a Court if required). It is not clear if there is any civil damage in the case of the other tow incidents namely the Sunanda Pushkar or D K Ravi case.

The discussion here is  for academic purpose and to show how strong is ITA 2000/8 if it is properly interpreted. We are fully aware that since in all the above cases, the deletion can only be traced to law enforcement persons only, the possibility of any action being initiated there on is improbable and hence the above theory may never be tested at least in these three cases.

If however, CBI takes up the case or some body like Mr Subramanya Swamy takes note, they may bring up the issue before the Courts and we may have an interesting debate.

Naavi

Print Friendly

In what can be considered as a serious concern to criminal cases where decisions have already been taken based on electronic evidence without Sec 65B certificate, Supreme Court has debated the issue of challenge of Electronic Evidence at the appeal stage if Section 65B certificate is not adduced.

The following judgement of 18th July 2017 may be referred.

Sonu@Amar Vs State of Haryana (Supreme Court of India, 18/7/2017)

We will discuss this in detail shortly in a separate article.

However this could affect a very large number of decisions already taken and appeals may be made on the ground that the electronic evidence was not certified earlier.

In our opinion such appeals will not be sustainable.

We will elaborate the effect of this Judgement in our humble opinion in subsequent articles.

Naavi

Download Copy of Judgement

P.S: On detailed reading of the judgement, the title of this article has been modified and incidental corrections have been made.


 

 

Naavi

Print Friendly