17, Nov 2022 | Sanchita Kadam
The Supreme Court recently imposed costs on the Union Government for failing to file counter-affidavit in a writ petition seeking guidelines for the seizure of personal electronic devices by investigating agencies. The government had filed an affidavit earlier, however, the court was not happy with it and directed that new affidavit be filed as proper reply to the petition.
“We are not satisfied with the counter and we seek a new and proper reply”, bench of Justices SK Kaul and AS Oka had said. The bench said that the court will take on record the new affidavit only after the cost of Rs. 25,000 is deposited with the court. The bench had given the government two weeks’ time to file the new affidavit, which it had failed to file and hence the cost was imposed. The matter will now be heard on December 5.
The petition has been filed by academicians, namely, Ram Ramaswamy (retired JNU Professor), Sujata Patel (Distinguished Professor at Savitribai Phule Pune University), M Madhava Prasad (Professor of Cultural Studies at English and Foreign Languages University, Hyderabad),Mukul Kesavan (Delhi based writer) and Deepak Malghan (theoretical ecological economist).
The petition seeks clear guidelines from the Centre with regards to seizure, examination and preservation of personal digital and electronic devices and their contents thereof and also focuses on right to privacy, right against self-incrimination, protection of privileged communication, integrity of electronic material and the return of copies of seized material to the accused or person under the investigation.
The Supreme Court order may be read here:
In August Delhi Deputy CM Manish Sisodia’s phone and laptop were seized by the CBI while conducting a raid at his residence. Early November, Delhi Police seized 16 electronic devices from the residences and office linked the to the staff of The Wire. In Delhi, searches were carried out on Monday at the portal’s office, and the homes of founding editors Siddharth Varadarajan and MK Venu and deputy editor Jahanvi Sen. In Mumbai, founding editor Siddarth Bhatia’s house was searched.
Hard disks from two computers used by the company’s accounts staff were also seized. The raiding teams reportedly sought, and took, passwords to official and personal email accounts belonging to one or more staffers, and asked some of those raided to disable passcodes from their devices.
In June, when journalist and activist Teesta Setalvad was forcibly taken into custody by the Gujarat ATS, they had also seized her mobile phones at her home and in absence of any legal procedure laid out for the same, these devices were seized by them officers as per their own whims. No panchnama was made for having seized her phones either. Worse, seizing the phones and or other devices without recording the hash value makes these prone to post facto tampering.
What is Hash Value?
While speaking to the media, The Wire editor Vardarajan had stated that the police had not shared the hash value of the devices seized despite insisting upon the same.
To ensure that data has not been tampered with, hashing is used as a mathematical function. It can be thought of as a digital fingerprint of an electronic record. For instance, if one runs a hashing function on “Report”, it could be hashed as R$c. Even a slightest change in the input – “rEport” instead of “Report” – would result in a change in hash. This is a standard technique used in digital forensics to ensure the integrity of digital evidence. Even the slightest activity on the storage device will lead to significant changes in the hash value, reported News Laundry.
Lack of sanctioned legal procedure
Without any clear guidelines in the Criminal procedure Code (CrPC) regarding seizing electronic devices, the investigating agencies are taking such material from suspects or accused persons in a rather haphazard manner which, in most cases, amounts to violation of one’s right to privacy and most importantly, right against self-incrimination. This point was recently highlighted by a Sessions Court in Delhi which held that revealing password of computer amounted to self-incrimination.
In its July 2018 report, the Committee of Experts on a Data Protection Framework For India stressed on “informed consent” for processing of personal data and recommended, besides a high-powered statutory authority for enforcement, deterrent penalties for wrongful processing of data. Chairman of the committee, Supreme Court Justice (retired) B.N. Srikrishna, told Article 14 that the absence of a law on protecting data privacy opens the gates for police to interpret existing rules on search and seizure.
“Under the CrPC, the police need to obtain a warrant to enter your house or arrest you. The same principle should apply if they’re dealing with data, because data privacy is also a fundamental right under Article 21. It is as sacrosanct as one’s right to life and liberty, both of which are protected under Article 21,” said Justice Srikrishna while speaking to Article 14
As reported by LiveLaw, to aid the government in formulating these guidelines, the petitioners have provided some guidelines for consideration:
- As far as possible, prior permission or order from a Judicial Magistrate should be attained before opening, examining and seizing digital/electronic devices .
- In case the seizure is urgent, the reasons for not seeking prior permission or orders should be recorded in writing and served upon the owner of the device
- In either case, the material or nature of the material sought to be examined or seized, its relevance and link with the offence anticipated or being investigated should be specified with as much clarity as possible
- The owner of the device should not be compelled to reveal his passwords, and in case of biometric encryption, should not be forced to unlock his devices.
- At the time of seizure, the hash value should be noted and ideally, a copy of the hard drive should be taken, and not the original, else copy of the hard-drive has to be given to the person whose device it is or to his representative
- After seizure, the hard disk should be examined in the presence of the person whose device it is or from whom it was seized, as also a neutral computer professional.
- Material, mails and other data, agreed to by all sides as irrelevant to the crime under investigation, should be removed from the investigator’s copy in the presence of the representative of the accused and the independent professional and a renewed hash value should be recorded in a memo drawing up such proceedings.
Password and self-incrimination
The Delhi district court had held that the accused cannot be compelled to provide any password to his computer as he is protected by Article 20(3) of the Constitution of India as well as Section 161(2) of Cr.P.C.
The court held that Even if there is apprehension that the data revealed after entering the password may be incriminating, the accused has the right to not give such password to the investigating agency as per section 161(2) of CrPC which uses the words “tendency to expose him to a criminal charge or to a penalty or forfeiture.”
Evidence obtained by illegal means can still be used in the court in certain circumstances, hence if after being forced to reveal password, incriminating data is revealed, it will amount to self-incrimination by the accused.
Karnataka High Court ruling
In March 2021, Justice Suraj Govindaraj of the Karnataka High Court while dealing with a petition (Writ Petition no. 11759/2020) laid out certain guidelines for seizure of electronic devices in much detail:
- When carrying out a search of the premises as regards any electronic equipment smart phone or e-mail account the search team to be accompanied by a qualified forensic examiner.
- when carrying out a search of the premises the investigating officer should not use the computer or attempt to search a computer for evidence. The usage of the computer and/or search should be conducted by a properly authorized and qualified person like a properly qualified forensic examiner
- At the time of search the place where the computer is stored or kept is to be photographed in such a manner that all the connections of wires including power network etc are captured in such photographs
- The front and back of the computer and or the laptop while connected to all the peripherals to be taken.
- A diagram should be prepared showing the manner in which the computer and her laptop is connected.
- If the computer or laptop is in the power off mode, the same should not be powered on.
- If the computer is powered on and the screen is blank the mouse could be moved and as and when the image appears on the screen the photograph of the screen to be taken.
- If the computer is powered on the investigating officer should not power off the computer. As far as possible the investigating officer should secure the services of a computer forensic examiner to download the data available in the volatile memory i.e. RAM since the set data would be lost on the powering down of the computer or laptop.
- If the computer is switched on and connected to a network the investigating officer to secure the services of a forensic examiner to capture the volatile network data like IP address, actual network connections, network logs etc.
- The MAC address also to be identified and secured.
- In the unlikely event of the forensic examiner not available then unplug the computer pack the computer and the wires in separate Faraday covers after labelling them.
- In case of a laptop, if the removal of the power cord does not shut down the laptop, to locate and remove the battery.
- If the laptop battery cannot be removed, then shut down the laptop and pack it in a Faraday bag so as to block any communication to the said laptop since most of the laptops nowadays have wireless communication enabled even when the laptop is in standby mode.
Seizure of networked devices
- To ascertain as to whether the set equipment is connected to any remote storage devices or shared network devices, if so to seize the remote storage devices as also the shared network devices.
- To seize the wireless access points, routers, modems and any equipment connected to such access points, routers, modems which may sometimes be hidden.
- To ascertain if any unsecured wireless network can be accessed from the location. If so, identify the same and secure the unsecured wireless devices since the accused might have used the said unsecured wireless devices.
- To ascertain who is maintaining the network and to identify who is running the network get all the details relating to the operations of the network and role of the equipment to be seized from such network manager.
- To obtain from the network manager network logs of the machine to be searched and/or seized so as to a certain the access made by the said machine of the network.
Mobile devices (smart phone, tablets)
- Prevent the device from communicating to network and or receiving any wireless communication either through Wi-Fi or mobile data by packing the same in a Faraday bag.
- Keep the device charged throughout since if the battery drains out the data available in the volatile memory could be lost.
- Look for slim slots; remove the SIM card so as to prevent any access to the mobile network back the SIM card separately in a Faraday bag. If the device is in power off mode, the battery could also be removed and kept separately.
- If the device is powered on, then put it in an airplane mode.
- In all the cases above the seized equipment should be kept as far as possible in a dust free environment and temperature controlled.
- While conducting the search the investigating officer to seize any electronic storage devices like CD DVD pen drive hard drive USB etcetera located on the premises label and packed them separately in a Faraday bag.
- The computer storage media laptop etcetera to be kept away from magnets radio transmitters police radios since they could have an adverse impact on the data and the set devices.
- To carry out a search of the premises to obtain instruction manuals documentation as also to ascertain if a password is written down somewhere since many a time a person owning equipment would have written the password in a book writing pad or the like at the set location.
- The entire process and procedure followed to be documented writing from the time of entry of the investigation or search team into the premises until they exit.
The complete judgement may be read here:
Thus, in absence of a set legal framework, electronic devices are being handled and seized haphazardly by investigating agencies, infringing the fundamental rights of an accused person. Further, the Centre’s lackadaisical approach towards the petition that seeks such legal framework show lack of political will and intent to safeguard such rights. The Supreme Court, in imposing a cost, has demonstrated how pertinent it has become for the Centre to file a proper response to the petition; a response that has been pending for over a year.