Today's Editorial

E-evidence, new criminal law, its implementation

Relevance: GS Paper II & III

Why in News?

The three newly-enacted criminal laws, the Bharatiya Nyay Sanhita (to replace the Indian Penal Code), the Bharatiya Nagarik Suraksha Sanhita (to replace the Code of Criminal Procedure) and the Bharatiya Sakshya Adhiniyam (to replace the Indian Evidence Act) will come into force on July 1, 2024.

Preparation for transition:

• The Ministry of Home Affairs (MHA) and State governments are preparing for a smooth transition.
• Changes made in Bharatiya Nagarik Suraksha Sanhita (BNSS):
• In connection with the investigation and police functioning.
• Changes made in Bharatiya Nyaya Sanhita (BNS):
• A few new offences and some changes have been introduced.
• Section 106(2) of the BNS, which prescribes 10 years imprisonment for fatal accidents if they are not immediately reported to the police, has been put on hold, as notified by the Central government.
• Changes made in Bharatiya Sakshya Adhiniyam (BSA):
• The contents of the Indian Evidence Act, 1872 have changed little as far as the Bharatiya Sakshya Adhiniyam (BSA) is concerned.
• The scope of secondary evidence has been slightly broadened and some changes have been made in the provisions relating to electronic evidence in the BSA.

Clarity on electronic record:

• The definition of “document” (which includes electronic and digital records) says that an electronic record on emails, server logs, documents on computers, laptops or smartphones, messages, websites, locational evidence and voice mail messages stored on digital devices are documents.
• Limitation:
• With regard to locational evidence, should have used the term ‘information’ in place of evidence.

• Section 57 deals with primary (electronic) evidence: It says that where a video recording is simultaneously stored in electronic form and transmitted or broadcast or transferred to another, each of the stored recordings shall be primary evidence.
• Significance:
• This may help the investigating agencies in fixing the culpability of a cyber-criminal even if he destroys his original electronic record to deny the allegations as it may be collected from other sources without its value getting diminished.

Admissibility of electronic records:

-Section 63 of the BSA (equivalent to 65-B of the Indian Evidence Act):

• It deals with the admissibility of electronic records, including terms such as ‘semi-conductor memory’ and ‘any communication device’ for better visibility.
  • This does not change the impact of the provision because the definition of ‘electronic form’ given in the Information Technology (IT) Act, 2000 includes information generated, sent, received or stored in ‘computer memory’.
    • This memory may reveal very important information if electronic devices are recovered and seized in ‘power-on’ condition.

• The definition of ‘computer network’ in the IT Act is comprehensive and includes ‘communication device’.

-Requirement of certificate:

• The Supreme Court in Arjun Panditrao Khotkar vs Kailash Kushanrao Gorantyal & Ors. (2020) held that the required certificate under Section 65-B(4) — now Section 63(4) of the BSA — is the sine qua non for the admissibility of electronic records i.e., without a certificate, admissibility of electronic records won’t be possible.
• The court had said that if the required certificate could not be secured from the person in possession of an electronic device, an application could always be made to a judge for the production of such a certificate from the person concerned in cases where such a person refuses to give it.
• Section 65-B (and Section 63 of the BSA now) does not speak of the stage at which such a certificate must be furnished to the court, the court may in appropriate cases allow the prosecution to produce such a certificate at a later point of time without causing any prejudice to the accused in the trial.
• The court also held that when if it is impossible to produce the required certificate, the court can exempt the mandatory production of the certificate.
• The other provisions with regard to the admissibility of secondary evidence will not apply to electronic records as Section 65-B of the IE Act starts with a non-obstante clause (i.e., notwithstanding anything contained in this Act) and Section 65-A and Section 65-B are a complete code by themselves.
• The non-obstante clause of the Indian Evidence Act is retained in the BSA.
• Section 63(4) of the Bharatiya Sakshya Adhiniyam requires the certificate to be signed by two persons instead of one as required under the Indian Evidence Act — the first by the person in charge of the computer or communication device or the management of the relevant activities, and the second, by an expert.

Challenges posed by the certificate & its format:

• A standard format of the certificate is prescribed in the Schedule to the BSA.
• Though no notification has been issued by the Central Government under the IT Act, with regard to hash algorithms for encryption for the secure use of electronic medium, the standard format of certificate lists ‘SHA1, SHA256, MD5 and other (legally acceptable standard)’ as applicable hash algorithms.
• The standard format MD5 (Message Digest5) and SHA1 (Secure Hash Algorithm1) are known to have vulnerabilities.
• The expert has to verify the certificate by stating that a particular hash value is obtained by applying a particular hash algorithm.
• While expert certification may help the court in the admission of electronic records, this will increase the workload of cyber laboratories, as many cyber labs may not be equipped with sufficient manpower.
• Some cyber labs (such as in Chhattisgarh) are not even notified under the IT Act to give an expert opinion on electronic records.

Way Forward:

• An expert opinion should be called for only when the integrity of the seized electronic record is disputed by the opposing party during trial.
• The investigating officer could ensure that one of the hash algorithms was applied and the message digest was attached to the certificate before it was collected.
• The standard format of certificate SHA256 is considered more secure and, therefore, be used by the agencies to ensure the integrity of the data.

• There needs to be a general awareness drive about the modes and methods of encryption, particularly for private agencies that install closed-circuit televisions on their premises or use other electronic devices for security purposes.
• Simultaneously, the time before July, must be used by the enforcement agencies to ensure that the required infrastructure is in place to take on the added responsibilities.

Conclusion:

With the impending changes in criminal law, there is a need for a thoughtful understanding of electronic evidence and the challenges imposed by it. The laws should be implemented such that there is no extra burden on the cyber labs and data integrity and security are maintained through the use of necessary algorithms.