Contingent Electronic Evidence and Evidence Drop Box, Concepts which we should be aware of..

Posted on February 17, 2018 by Vijayashankar Na

After the Basheer judgement, there has been several discussions on the Section 65B (IEA) certification of electronic evidence for “Admissibility”. I suppose some clarity has dawned on the community with these discussions, though there are some areas which continue to create doubts.

In the recent SLP order issued by Supreme Court in the case of Shafhi Mohammad Vs State of Himachal Pradesh, the two member bench consisting of Adarsh Kumar Goel and Uday Umesh Lalit actually challenged the P.V Anvar Vs P. K Basheer judgement given by a three member bench and created confusion in the judicial circles.

One of the issues discussed in the Shafhi Mohammad case was how an electronic document present in a device not under the control of the producer of the evidence be produced for admissibility. The Court came to a very illogical decision that in such cases, Section 65B certificate itself is not required. We have already stated that the decision has to be ignored since a two member SLP order cannot over ride a three member Judgement.

Our objection to the order was that if at some point of time the presenter of evidence had access to an electronic document and today that document is not available for Section 65B certification, then it is a failure of the person in getting the Section 65B certificate at the time when he had access to it.

Since Section 65B certificate can be provided by any person who has a viewing access to the document, there should be no problem in getting the certificate if people are aware of the provision. Ignorance of law is not an excuse and hence if the original electronic document is no longer available and the earlier copy is not admissible because it is not Section 65B certified, then the evidence should be considered as lost.

Just because “Documentary Electronic Evidence” is lost, it does not mean that justice would be lost. It would be difficult of course but not entirely unthinkable.

For example, if you have just witnessed a murder before your eyes but did not take out your mobile and take a picture, the documentary evidence of murder is lost for ever. It does not mean that you can excuse the evidence itself since every body does not carry a camera around to capture the events happening around.

However, we are not trying to debate why the SLP order said what it said and whether it was out of ignorance or out of a need to challenge other Judicial order or for any other purpose. We have another point emerging out of the situation which we have already discussed but can be recalled again.

In many instances, we donot know if an electronic document before us is an “Evidence” or not. But an intelligent person would know if it is a “Potential Evidence”. For example, when we enter into a business deal, we want a written paper so that if tomorrow there is any dispute, we know what we have agreed upon. The document becomes an evidence if there is a dispute before a judicial authority. Until such time, it is a redundant piece of paper.

In the case of electronic documents, the “Potential Evidence” if any, has to be archived along with a Section 65B Certificate so that if and when it is required later, the electronic document is already bundled with the Certificate at the archival center.

Once such a document is archived, even if the original gets destroyed, the evidence is still admissible. However, no person should deliberately destroy an evidence which is in his hands since it may attract Section 65 or Section 67C of ITA 2008 or Section 204 of IPC if what is being destroyed is an “Evidence” at the time it was destroyed.

There is however the case where we may have an archived electronic document along with Section 65B certificate but the original which was in the hands of a third party (eg ISP/MSP). Though law provides that such a person can be summoned to  produce the evidence, many times this may not be practical or the document might have been removed in the ordinary course of business by the holder who did not know that it was “Evidential Matter”.

It was to accommodate such a situation that Shafhi Mohammad order came to the absurd conclusion  “Let’s do away with the Section 65B certificate itself”.

On the other hand, CEAC (Cyber Evidence Archival Center)  when confronted with the challenge in the E Commerce scenario, thought differently and introduced a service called “Evidence Drop Box”.

Evidence Drop Box is a service provided by CEAC to ensure that “Contingent Evidence” can be submitted for Section 65B certification without any cost and held in “Contingent” condition for a period of 30 days. By the end of this 30 day period if the person decides to use the “Contingent Evidence” as “Evidence”, he may request for a Section 65B certificate and acquire it at the cost specified by CEAC.

The “Contingent Evidence” becomes “Evidence” when the contingency materializes. For example, in an E Commerce transaction, when a purchase has been made on the basis of a product description that has been mentioned on the E Commerce website, the information provided about the product is a “Marketing Information” and is read before the purchase decision is made but is more often not kept on record. If subsequently, a “Dispute” arises and the buyer or the seller is claiming that the product description was not what the product supplied indicates, the “Marketing Information” becomes an “Evidence”. The “Dispute” is therefore is the contingency under which the contingent evidence turns into evidence.

The CEAC-Evidence Drop Box provides an opportunity to the buyer to deposit the evidence before he completes the purchase with no financial stake until the contingency arises.

It will take some time for the market to absorb the utility of this proposition and also some time for CEAC to automate and fine tune the certification process but it will be a boon to E Commerce in India.

Explore it next time when you make any online purchase.

Naavi

Posted in Cyber Law | Tagged , , , , , | Leave a comment

RBI is making a mistake in the PNB fraud case

Posted on February 15, 2018 by Vijayashankar Na

As expected, media is crying as if Rs 11500 crores have been lost by PNB. Congress as expected is talking as if it is not Nirav Modi who is in question but Mr Narendra Modi himself. Both may be excused for their ignorance and need for TRP.

However, I am surprised that RBI has come out with a statement which is in my opinion legally incorrect.

Normally when letters of guarantee are issued, they are issued on stamped papers and with an understanding that the beneficiary will be “Paid without demur”. RBI is therefore saying that PNB should pay all the liabilities without contesting.

However , PNB Chairman has rightly stated  in his press conference that the bank would repay only bonafide claims.

I fully agree with the contention of PNB that they should not make payment blindly to anybody who makes a claim as beneficiary of the guarantee. They should challenge the claim since there is a “Notice of Defective Title” to the beneficiary and PNB is bound to exercise caution.

In this case, the lenders are supposed to have financed some valid business proposition with the letter of comfort as a collateral security. No Bank is supposed to treat a letter of guarantee as just an endorsement of a cheque and make payment just like that. If after this the venture fails for some reason and the cause of action for which the letter of guarantee was issued arises, then only the guarantee can be invoked and the issuing Bank is obliged to pay.

If the beneficiary is Nirav Modi’s own firm or there are other reasons for which the transaction for which the lender disbursed money was not justifiable for business purposes, then the transaction is prima facie suspect and the beneficiary himself can be considered as an accomplice to defraud PNB.

The forged letter of undertaking should be considered as a “Nullity” and not an “Authorized instrument that can create liability”.

If PNB can prove that the beneficiary had reasons to believe that the transaction is suspicious, then PNB would not be liable to pay.

Share holders of PNB should therefore object to RBI’s instructions which is meant to protect the other Banks which actually had a direct contractual relationship with Nirav Modi’s beneficiaries while PNB itself is a victim of the fraud committed by its own officers.

We can accuse PNB of negligence but it is for another day and for another argument . It does not give license to other banks to accommodate Nirav Modi beyond his genuine business requirements and claim protection under the guarantee. The Guarantee would be valid if the beneficiary had taken the decision to lend as if there was no collateral in the form of the guarantee.

Further PNB should immediately revoke its guarantee and if there is any claim by any beneficiary, the beneficiaries may be asked to raise their claims with full particulars of how the lending decision was taken. It can then evaluate genuineness of the claims and decide the course of action.

At this point of time we donot have the actual text of the document and hence we donot know whether it was transferable and could be discounted with secondary lenders or whether any transfer was required to be registered with the PNB, whether there was a time limit for validity and the claim, etc.

I suppose the press will get these details shortly but RBI should let PNB handle its liability without jumping in to protect other Banks like Allahabad Bank or State Bank of India.

If the liability gets divided with 30 Banks it may be fine. No single Bank will take a big hit. In future RBI should insist that the beneficiary should register his claim within a reasonable time after the guarantee letter is submitted to him and that would avoid situations like this.

The Swift system should provide for digital signature of such transactions and the digital signing should be registered automatically in the Core Banking System so that frauds like this cannot happen. Finacle as a CBS software should integrate the Swift messages with the CBS so that every SWIFT message is generated from within the Finacle system and duly recorded for audit at the Central office level

Since it is stated that more than Rs 6500 cores worth assets have already been confiscated, and the lenders will have additional securities available to them, a substantial part of the actual losses may be fully recovered.

Hence neither RBI nor the media need to sensationalize this scam. The officials however need to be punished for the fraud.

Naavi

Posted in Cyber Law | Tagged , , , | 1 Comment

PNB Fraud of Rs 11500 crores was waiting to happen.

Posted on February 15, 2018 by Vijayashankar Na

The Rs 11500 crore fraud in India in Punjab National Bank (PNB) was a fraud which was waiting to happen due to the negligence of the Bank and the software developers supporting the Banking operations.

It appears that those who developed the Core Banking software for the Bank had no understanding of the nature of controls that were required to prevent misuse of “Non Funded Lending”.  If money goes out of a lending transaction, it might be captured by the system. But when only a “Letter” goes out “Undertaking a liability to pay contingent to an event of default by a customer”, it may not get into the books until the liability fructifies.

If the liability does not fructify and the letter is issued for a period which lapses, no problem arises to the Bank except for the opportunity loss of a “Commission”.

Such activities lend itself to “Kite flying” frauds which is what has happened in this case. In the past the Harshad Mehta Scam.was in similar mould. Even the Satyam Computer fraud was also of the same nature. In all these cases, certain false papers were floated around on the basis of which another third party lent funds. When such kite flying frauds miss a repayment cycle, it would snow ball into a major scam with a casacading effect.

It is ironic that the name of the fraudster is Nirav Modi and the Congress would be happy to use the occasion to place the blame on Mr Narendra Modi as if Rs 11500 crores has gone to his pockets. Mr Rahul Gandhi who is an expert at spreading falsehood will soon start speaking about this fraud in the Karnataka elections. It would not help if Mr Nirav Modi has left the country and is absconding.

Compared to Mr Vijay Mallya’s case which appeared to be caused out of a business  failure of the companies of Mr Mallya, this fraud is of a more criminal nature since it involves “Forgery” of a document in the name of PNB.  Hence the kind of protection Mr Mallya may get from international legal processes for not forcing his return to India may not hold for Mr Nirav Modi. Once he is located, he can be quickly arrested in the foreign soil with the help of Interpol and brought back to India.

It is critical for such speedy action to categorize this scam as a result of a “Forgery”. The forgery is because a false unauthorized letter of undertaking has been issued by some of the officials of PNB. Since these letters were issued without proper authorization, they have no legal validity.

Whether the beneficiary of the letter can go behind the unauthorized letter and claim the money from PNB has to be evaluated from the terms of the letter. If the liability arises any time after the public notice of the fraud has been received, then the beneficiary cannot make any claim on PNB.

For the contingent liabilities to fructify, the cause of action should be before the date of publication of the fraud and and the demand should be immediately thereafter.

Whiles frauds using “Contingent Obligations” issued in the name of a Bank or another organization are not new, in this particular case, one can identify the failure of the internal controls of PNB in not properly recording the message sent out of SWIFT undertaking a liability as part of the Bank’s contingent liabilities in the balance sheet.

It is also supposed that no “Digital Signature” was used in the process of signing the letter of undertaking and it was an “Un-digitally signed” letter from the Bank sent out of a system where authentication was based only on password.

This is the failure of the design of the Banking software developed by large companies such as Infosys and used by all major Banks in India and abroad. The software developers only focus on functional aspects of the software and unless there is a domain specialist to assist the developer in understanding the fraud risks, they end up developing software which is not properly designed. The CBS used by PNB is one such software that appears to have not been developed by a proper Techno Banking professional team.

Unless Banks in India and the software companies providing CBS software donot understand the Fraud prevention requirements to be built into the software, we will continue to see more of such frauds not only in the Banking domain but also in other fields.

I recall one of the early software architecture suggestions given by the undersigned to a broking firm where I had suggested control in the form of using accounting principles to track the risks of trading from the placing of the orders to the realization of money from the client etc.  Though it was not implemented, it appears that the PNB fraud would have been caught by such a design.

For the records however, we need to remember that

a) not all of Rs 11500 crores will become a loss to PNB. PNB has to immediately send notices to recall all such undertakings and freeze their operations. They should give notices that these are forged letters not binding on the Bank. If there is any leal fall out arising out of this in international Courts, it should be faced.

b) This is a case of forgery and not a case of business failure like that of Mr Mallya and hence extradition from whichever country Mr Nirav Modi is in is not going to be tough.

c) PNB and other banks should review their software systems to ensure that they capture all contingent liabilities for which there could be a simple solution.

d) RBI should recognize that the failure of PNB and the CBS ( Finacle) as part of their supervision failure.

e) Media should not create false propaganda and fear mongering that Rs 11000 crores might have been siphoned off. Most of these may be in the form of loans against assets and if they are recovered, most of the losses can be recouped.

f) Congress will keep shouting and this should be ignored.

g) The Government should not lose time in taking swift action across the globe and confiscate as may properties of Mr Nirav Modi as possible even before full legal process is initiated.

h) Courts and Anti-National Lawyers should be prevented from placing hurdles in the recovery of money which is of paramount importance now.

If proper action is taken the adverse impact of the fraud can be managed. At the same time proper corrective measures must be initiated for the future. “FINACLE” as a product appears to require a complete overhaul and hopefully the software companies involved must act immediately.

Naavi

Posted in Cyber Law | Tagged , , | 3 Comments

Interaction with late Dr Abdul Kalam

Posted on February 13, 2018 by Vijayashankar Na

While exploring some archives at Naavi.org, I came across a memorable interaction with the Late Dr Abdul Kalam the scientist who became a unique President of India who remained a teacher till his death.

It was interesting to note that I had an occasion to explain to this teacher of teachers some aspects of digital forensics and demonstrate the utility of hardware disk cloning products.

This was during the 37th All India Police Science Congress held at Bangalore in June 06-08, 2006 at NIMHANS Convention Center.

Mr H.D. Kumaraswamy the then Chief Minister of Karnataka is in the background. It was during this occasion that Naavi’s book “Cyber Laws Demystified” was released.

During those days, Naavi was deeply involved in the marketing of Cyber Forensic devices and conducted many demos to Police and other authorities. Cyber Forensics has developed much from those days with Mobile Phone forensics becoming an important element of forensic investigation today. Naavi has also moved on acquiring additional knowledge in Cyber Forensics besides his work in Cyber Law and Information Security and could share his expertise in Cyber Forensics  in some consulting projects in the days to come.

Naavi

Posted in Cyber Law | Tagged , , , , | Leave a comment

Section 65B clarified… e-book

Posted on February 11, 2018 by Vijayashankar Na

 

 

Naavi has published a few e-books as detailed here

Additionally, e-book exclusively on Section 65B titled “Section 65B of Indian Evidence Act clarified” has been published.

This book is available at Rs 150/- as an E Book.

This  book can also be a useful add on book along with other E books such as Cyber Crimes & ITA 2008 and Cyber Laws for Engineers.

A limited copies of print version of this book are available at Rs 200/- per copy  and they may be delivered only within India.

Hope readers would find this  useful.

Naavi

Posted in Cyber Law | Tagged , , , , | 2 Comments

Recipe for corruption in Judiciary- Supreme Court judgement in Shafhi Mohammad V State of Himachal Pradesh

Posted on February 8, 2018 by Vijayashankar Na

Viewers would have observed several News paper reports in the last few days with headlines such as 

-“Courts can rely on Electronic Records without Certificate: SC” (Deccan herald), (Free Press Journal)

-“Party Not In Possession Of Device From Which Electronic Document Is Produced Need Not Produce Sec. 65B Certificate: SC …” (Livelaw.in), 

-“Supreme Court says certificate not mandatory for making electronic evidence judicially admissible” (Firstpost)

-“SC clears air on electronic records” (Telegraph)

…..etc., etc

The report originated from a PTI report and has been diligently carried by many publications. There is no doubt that this report has created a perception in certain circles that the Supreme Court has issued a judgement that in effect over rules the three member judgement in the case of P V Anvar Vs P.K Basheer.

The perception however is incorrect. It is false and incorrect to state that Section 65B certificate is no longer required for admissibility of electronic documents.

This order of the Supreme Court in a Special Leave Petition (CRL No 2302 of 2017) signed by a two member bench Adarsh Kumar Goel and Uday Umesh Lalit must be seen in the limited context of the SLP.

A two member SLP order cannot be accepted as an over ruling of a three member judgement as has been explained in our earlier article.

It is amusing to see the Court accepting the argument of the Senior advocate Jayant Bhushan who is stated to have said that section 65B of the Evidence Act was a “procedural provision” intended to “supplement the law” by declaring that any information in an electronic record, “is admissible in any proceedings without further proof of the original”.

We must state that Section 65B is part of the Indian Evidence Act in the main and not in any supplementary rule and hence has the same judicial value as any another section of Indian Evidence Act.

The Court itself quoted

“whether a person who wants to take a recourse of alibi in a criminal trial with the help of boarding pass of a flight, where there was no signature and was just a printout from a computer, can that document be not relied by the court for want of such certificate.”

but went ahead to state

“These are the questions, which we need to deliberate,” the bench said, and added that courts cannot afford to deny acceptance of such documents for want of certificate under section 65B.”

The senior counsel suggested that

” the evidence should be accepted by the court and later sent for verification to technical labs to see if it was tampered or not”.

This argument is fallacious and puts the defence in an untenable position as to justify an electronic evidence that might have been totally fabricated.

One report quotes that the bench of Justices A.K. Goel and U.U. Lalit said

“if this were not permitted, it would be denial of justice to the person who is in possession of authentic evidence/witness….Thus, requirement of a certificate under Section 65B(4) is not always mandatory,”

The order indicates that the honourable judges have not properly appreciated the need for Section 65B certificate in the case of Electronic evidences and the harm that it would create to the system of justice.

According to the report, the Court had considered the views of four senior advocates who had been appointed amicus curie to assist in the interpretation of the provision and the result is a disappointing reflection of the understanding of the requirements of Section 65B by the amicus curie.

Mr. Jayant Bhushan,  Ms. Meenakshi Arora,  Ms. Ananya Ghosh,  Mr. Yashank Adhyaru and Ms. Shirin Khajuria, learned counsel, appearing for Union of India have been quoted in the judgement as having assisted the Court.

The order is a recipe for corruption in judiciary where corrupt advocates can collude with fraudulent litigants and produce false evidence and the corrupt judges admitting the evidence and challenge the defense to prove that the electronic evidence is wrong.

The bench appears to have only tried to facilitate production of false evidence and change the onus of proving that it is in admissible on the defense. This is highly dangerous and bad in law.

The earlier provision where a Section 65B certificate was required introduced an intermediary to assist the Court who could be liable for false evidence if the certificate was “Not in good faith” and the content was fraudulently constructed. Now this thin layer of security has vanished. It appears that the Judges did not have the vision to look beyond the air line boarding ticket and thought that if necessary they can summon an airline official to corroborate the evidence.

But they seem to be unaware that electronic evidence may consist of e-mails and websites and in many cases the evidence could have been removed after they have been certified by a 65B certifier and in such cases the credibility of the Certifier was alone the trusted support for the Court. Now the Court seems to accept the electronic evidence as presented and let the adversary prove that it is wrong.

The Court has forgotten that there is no Section 79A certified Digital Evidence Examiner at present and there will never be sufficient number of such organizations in future to forensically examine the “Genuineness” of the document. The Basheer judgement had clearly segregated the “Admissibility” from the “Genuineness” and had indicated how the two should be handled by the Court. The current order has completely ignored this part of the Basheer judgement and has gone on its own line of thinking which is wrong.

If this rule is honoured, falsification of electronic evidence will be a rule and judicial process can be easily frustrated and production of false evidence and false witnesses will proliferate. Honest persons will be left to fight the false evidence presented by dishonest advocates and accepted as admissible by corrupt judges and incur disproportionate cost of litigation.

It is possible to ignore this order since it cannot over rule the larger bench order. But the misperception created by this order and the ignorant media stating it many times over is likely to mislead many judges in lower courts to believe that this is an operative order.

This order is an open challenge by the two member bench on a larger bench decision and has the effect of disrupting the judicial process.

The media blitz is perhaps orchestrated by some vested interests with an intention to slip in some Electronic documents as evidence in their respective cases where Section 65B evidence is not available and cannot be produced now.

Courts have allowed the earlier presented evidence to be resubmitted with Section 65B certificate but in some cases the evidence may be no longer available for certification.

No doubt some genuine parties would have been affected by this. But if so, such cases are because they did not know the law and ignored the need for Section 65B certificate and submitted their evidence earlier.

If law is sought to be changed because these parties and their advocates were ignorant, we will be opening doors for a large scale fraud in presentation of false and manipulated electronic evidence. It should not be done.

I request the Chief Justice of India to take steps to limit the damage caused by this order.

Naavi

 

Posted in Cyber Law | 5 Comments