Header image alt text

Naavi.org

Building a Responsible Cyber Society…Since 1998

During the last week, Bengaluru witnessed a disturbing display of lawlessness by a group led by a son of a Congress MLA. The case involved a brawl in a Pub called “Farzi Cafe” in UB City in which another person was beaten to near death by the group.

Similarly there was another incident of VIP misbehaviour of another Congress worker sprinkling petrol and threatening destruction of a BBMP office also in the same week.

While the discussion on the incidents is outside the scope of this website, I would like to only discuss the role of “Digital Evidence” that plays an important part in both these incidents.

In both the incidents, there is video evidence and in one case the offence is an “Attempt to Murder” and in the other case it is “Threatening to commit arson and destruction of Government property”.  Both are very serious offences and requires a fair trial in a Court. The evidence available would therefore be very important.

But there are unconfirmed media reports indicating that since the offenders in both cases relate to the ruling party, the Police are favouring the accused and are unlikely to pursue the case properly. In the process, there will be a possibility of destruction or manipulation of the digital evidence which is in the form of CCTV footages.

The Video in the case of threat to burn BBMP office has already gone viral and is now in the public space. Courts can take cognizance of the incident even if the Police try to suppress it.

But in the incident related to the brawl in the Pub,  there are two videos one from the Farzi Cafe where the brawl first took place and the other from Mallya Hospital where the accused tried to break in perhaps to cause further hurt to the victim. Initial media reports suggest that the Farzi cafe Video has already been tampered with by the Police and will only show the victim slapping the accused and not the earlier first attack by the accused.

If the report is true, it is expected that the case will eventually not get proved in a Court of law and will be dismissed for lack of evidence. Worse still, the victim himself may be punished for attacking a respectable person who is the present accused and provoking him.

The incident highlights the importance of protecting the digital evidence which is extremely useful in such cases with CCTV cameras spread across the city and in most public establishments. Recently, Bangalore Police solved a case of harassment of a lady in the middle of the night only through the CCTV footage that was available.

But if CCTV footages become only tools of manipulation where at the discretion of the Police it would be used in certain cases and in certain other cases it would simply vanish, then the question of accountability for such CCTVs arise.

There is already an argument that installation of CCTV cameras is a threat to the Privacy of Citizens. This will only gets strengthened. The defence that it helps in “Security” falls flat because of the frequent misuse of the CCTV footage by the law enforcement to suit their political objectives.

I therefore request the Bangalore Police to make public the entire unedited version of the Farzi Cafe incident to the public in the interest of transparency in public life. The Court should also direct for such a disclosure.

I believe that Farzi Cafe owners would be having a copy of the video and unless they want to be called for taking sides in the dispute, should go public with the copy of the video in their hands. Since this Video would be relevant not only to the accused but also to the victim as well as other people who would be in the Cafe at the time of the incident, there is a “Public Interest” in the disclosure and Courts can order for the disclosure.

While some body who has the courage to face the wrath of Congress Government in Karnataka can take up the issue as a public interest litigation, the Courts also can take suo moto action if they consider the matter to be of consequence.

If however Farzi Cafe owners have deleted the evidence then they would be liable for prosecution under Section 65 of ITA 2000/8 and Section 204 of IPC for destruction of evidence. If manipulation of evidence has taken place after the Police took charge of the evidence, similar charge can be made on the police personnel also. Probably the Karnataka Human Rights Commission has the jurisdiction to investigate the matter.

It would be interesting to see how the case proceeds from here and what lessons the police and organizations like Farzi Cafe will take from the current incident on handling of CCTV footages which become “Potential Evidence” in criminal cases.

Our discussion would be incomplete without also highlighting why the recent decision on an SLP by the Supreme Court in the case of Shafhi Mohammad  was called by us as an “Recipie for Corruption…” If the order is to be accepted, then the CCTV footage which the Police will produce may be argued as acceptable as evidence without a Section 65B certificate. If the decision in the Basheer case is followed at least there will be one person who will look into the evidence and certify and while doing so will consider if the evidence is trustworthy or not. This important element of check on fraudulent production of digital evidence for admission would be removed if the Safhi Mohammad decision is to be considered as valid. Fortunately this is a two member order on an SLP where as the Basheer judgement is a three member judgement and hence it would prevail.

Naavi

Section 65B clarified… e-book

Posted by Vijayashankar Na on February 11, 2018
Posted in Cyber Law  | Tagged With: , , , , | No Comments yet, please leave one

 

 

Naavi has published a few e-books as detailed here

In order to update the e-books a supplementary e-book exclusively on Section 65B titled “Section 65B of Indian Evidence Act clarified” has been published as an “Add-On E Book” and is being provided along with the e-books Cyber Crimes & ITA 2008 and Cyber Laws for Engineers.

This book is also independently made available at rs 100/- on request.

Hope readers would find this  useful

Naavi

New Year Resolutions

Posted by Vijayashankar Na on January 1, 2018
Posted in Cyber Law  | Tagged With: , , , , , | No Comments yet, please leave one

As the new year 2018 dawns on us and we complete the sending of greetings to all our friends, it is time to start thinking how this year will be different from our previous years and how we make it better in terms of the values we cherish.

In pursuance of this objective, we need to set some goals for ourselves in the form of New year Resolutions which are measurable and achievable.

I urge all my friends to start drawing up their New Year Resolutions and share it in the various groups in which they otherwise exchange greetings.

For me, the year behind has been a reasonably satisfying year in which the RBI confirmed the “Limited Liability Circular”. Though it was not entirely satisfactory and the Banks as usual are ignoring it, still it was a major development that was satisfying, after years of struggle on assisting the Bank fraud victims.

The set back however was that the Cyber Appellate Tribunal did not start functioning and having been merged with TDSAT will become further marginalized. May be we need to take up this issue once again in the coming year.

In the meantime, the immediate task is to continue the fight on Bitcoin which is a tough fight since the Finance Ministry is itself determined to legalize Bitcoin and provide an avenue of all Black money in India to be laundered. The attempt to wake up Mr Modi and make him open his third eye will continue.

Year 2017 also saw a perceptible increase in the awareness of Section 65B Certification. This gave a boost to the activities of CEAC after years of hibernation and low growth and the increased level of operations should continue this year as well. Hopefully, the activities should grow at least by 100% during this year over the previous year.

The ODR project (odrglobal.in)  will be another project in long hibernation which forms part of the New Year Resolution of Naavi in 2018 to be pushed up so that it atleast takes some baby steps ahead.

But the next big thing to watch out is the new “Data Protection Act” that will be passed in India and how it works in tandem with the GDPR. HIPAA Audit and compliance has been a good prospect so far and probably GDPR compliance and Data Protection Compliance will be new areas of interest both from academic perspective and business perspective. One of the New Year resolutions to pursue is to develop a compliance framework for these emerging areas.

Hopefully, GOD gives strength and energy to make at least some of these New Year Resolutions to be realized during the year.

I wish all my friends and well wishers a happy new year through these columns and request their support for the future endeavours of Naavi and Naavi.org.

Naavi

 

 

 

Recently, I was posed a question as follows:

Quote:

Mr A who produced the CDR from SERVER with Sec. 65B certificate which was filed in the court by IO. However, since Mr. A was not produced as witness, both the CDR as well as Sec. 65B certificate issued by Mr. A were not proved in court. The prosecution produced Mr. B in the court as witness to prove the CDR. Mr. B brought a fresh printout of the CDR from the computer where Mr. A had saved it, before leaving the MSP. The fresh printout of the CDR and the earlier one, both are exactly identical and both carry the same date on which the first person (Mr. A) had produced the CDR from SERVER. Mr. B also brought a fresh Sec. 65B certificate, signed by him. He also stated that in his testimony that the CDR had been transferred from SERVER to the computer by Mr. A, and now he (Mr. B) has brought a printout of the same. In this scenario, when the original Sec. 65B certificate issued by Mr. A has not been proved, although on record, how the court will hold the subsequent Sec. 65B certificate issued by Mr. B valid in law.

Unquote:

P.S: My views on the above are given below. It may however be noted that-

I am aware that there are a few professionals who may not agree entirely with what is stated here. However, I consider that we are still in the process of crystallising the Cyber Jurisprudence regarding submission of Section 65B certificates and some differences of opinion are natural and are also welcome.

I am also aware that some Courts have accepted certificates under Section 65B under circumstances that are contrary to my view also. Even such decisions are part of the development of Cyber Jurisprudence.

We must not forget that even the honourable Supreme Court in 2005 made a mistake in the Afsan Guru case which was corrected in the Basheer case on 18th September 2014.  In 2004 itself honourable judge of AMM Egmore Court, Chennai in the Suhas Katti case and Trisha defamation case had established certain principles consistent with the views held by me since 17th October 2000 till date. Some experts argued that after the Afsan Guru judgement, my views were incorrect at least partially. But they had to accept the views after the Basheer judgement.

Similarly, what I am stating here could be disagreed with by some advocates and even by some Courts. Even in such a circumstance, I expect that these views will prevail in due course…. Naavi

Under Section 65B it is not mandatory that the certifier has to be a “Witness”. Even if this is so, the only requirement is to identify the person who has signed the report and to confirm to the Court that the report itself is not forged. If however, there are means for the Court to establish that a given report is not forged, then there is no need for the person to be also produced as a witness.

In fact, “Oral Evidence” with respect to an “Electronic Document” is not acceptable. When the signatory of a Section 65 B certificate stands as a Witness, he cannot therefore provide any information other than what is already written down in the certificate.

He can only  say “This is my signature. This report does not appear to have been tampered with”.

If he starts saying anything outside the written report, it could either be considered as “Irrelevant” or “An Opinion for which the witness has to be considered as an Expert Witness under Section 45A of IEA”.

The structure of Section 65B Certificate, if submitted in the correct format, is such that it would indicate the process by which the “Computer Output produced for Evidence” was produced and if any other person of ordinary prudence under similar circumstances repeat the process, he should get similar results.  The exception would be when the evidence in the original binary form has been erased by some body in which case it would be a section 65 and Section 67C offences under ITA 2000/8. Then the Court has to admit or reject the computer output based on the establishment of the fact whether the witness is reliable or considered unreliable. If considered unreliable, the witness could be charged for perjury and hence Court has to be reasonably convinced that the witness is falsifying the document before rejecting the certificate or atleast qualify the rejection suitably so as not to endanger an honest witness who has produced the certificate in good faith.

In the instant case, it was not necessary for A to be produced as a “Witness” and hence the contention that because he was not available as a witness, the document is not proved is in my opinion incorrect, though it may be an age old practice in respect of paper based documents.

We are here not discussing evidence which is “Oral” or “Documentary” but another category of evidence which under Section 17 of IEA is classified as a document “contained in electronic form” (Electronic Document).

Rules for admission of an “Electronic Document” is based only on Section 65B and other sections and prior practices are irrelevant.

Prosecution may therefore argue that the rejection of the first certificate was itself not correct, though I am not aware if it was produced and presented as per the standards which I recommend under Cyber Evidence Archival Center. (Naavi: Other experts are open to disagree that the standards set by CEAC need not be accepted and reject my views if they so desire. ).

Additionally, B has two options. Since he is an authorized person to log in to the server and view the CDR once again, he can do so and produce another Section 65B certified Computer Output which should be admissible in the proceedings. He can testify his signature to the report and that the report has not been tampered with by personal deposition and the Court would be comfortable.

Alternatively, his certificate can create a new Computer Output which may say, ” I observed a document in xxx computer, which contained a document named……….. which has been produced here under the process described……..” etc.

The defence may after admission, question the genuinity of the  original binary document on the basis of which B’s certificate was produced. If the Court has reasons to accept the objection as reasonable and relevant, it can then call another expert under Section 45A to enable the Court to take a final decision. Court in my opinion need not reject B’s certificate for admission but accept the defence plea to call in another expert to assist the Court in examining the genuinity of the document.

This will naturally rise another question whether such an “Expert” should necessarily be a Section 79A accredited Government agency. Since no such entity exists as of now and also that Section 79A does not necessarily say that any evidence given by any other expert is null and void, it is open to the Court to call an expert on whom they can rely on and satisfy itself about the genuinity of B’s certificate.

I hope this satisfies the query.

(Kindly note that this is only the opinion of the undersigned as a person who has a demonstrated experience in the field related to Cyber Evidence and has submitted over 105 Section 65B Certificates since 18th February 2004 when the first certificate was produced and I was examined as an “Expert” in the Court on a subsequent date.)

Naavi