The grey area: Seizure of Electronic Device

The recent PIL in the Supreme court seeking direction from the court to the investigating agencies to seek permission from a judicial magistrate before accessing or seizing electronic devices and specifying how the material is relevant or linked to the alleged offence. The centre in its response stated that the right to privacy is not absolute and that seeking the government to put such a blanket order for all the investigating agencies is not possible and it might need to discuss the issue with various stakeholders in this matter.

The centre's response invoking the privacy debate in this matter seems absurd as even before the K.S.Puttaswamy judgement came, the CrPC had the provision to get a warrant in case of the investigating agency needs to enter one's house. In the current generation, a personal device contains millions of bytes of data which can be more valuable and sacred compared to a home. A careless handling might expose the individual's privacy to the open world. The investigating agency must definitely prove the evidentiary value of the usage of personal devices in the particular case. This brings us to the question of whether there is any law currently protecting the personal devices of an accused.

Currently, the Investigating agencies use Section 91 of CrPC which is "Summons to produce documents or other things." to procure devices. The High Court of Delhi in the case of Dharambir Vs. CBI?[148 (2008) DLT 289] observed that:

Given the wide definition of the words "document" and "evidence"' in the amended Section 3 of the Evidence Act, read with Sections 2(o)?and (t) of the IT Act, there can be no doubt that an electronic record‘ is a document.

Thus the same section is used to procure the electronic devices too. The ITprotectstection to such devices through the concept of hashing which is stated in section 3bydance with the international standards conferring authenticity and integrity to personal device data. To explain hashing, We can state that hashing is a process to ensure that data has not been tampered with. It can be thought of as a digital fingerprint of an electronic record. Hashes work by converting a chunk of data into an alpha-numerical value which will not overlap with any other hash value. Even the slightest change would result in a change in hash. This is a standard technique used in digital forensics to ensure the integrity of digital evidence. Even the slightest activity on the storage device will lead to significant changes in the hash value. For example, a video file in a device can have a hash value as follows: "Re@d$%jdkkls!". Once the file is tampered with or changed, the hash value will change stating that the evidence has lost its authenticity. It is the duty of the investigating officers to produce a hash value for every piece of digital evidence and to share the same with the owner of the data. If the device is protected by a password, the officer should not force the accused or suspect to reveal the password as it might amount to self-incrimination. Various judgements as well as Article 20(3) of the Constitution of India and Section 161(2) of CrPC allow him/her to withhold information which might tend to expose him/her to a criminal charge or to a penalty or forfeiture.

Justice Suraj Govindaraj of the Karnataka High Court in March 2021 while dealing with a petition (Writ Petition no. 11759/2020) laid out certain guidelines for the seizure of electronic devices in much detail

General guidelines

1. In all the cases above the seized equipment should be kept as far as possible in a dust free environment and temperature controlled.
2. While conducting the search the investigating officer to seize any electronic storage devices like CD DVD pen drive hard drive USB etcetera located on the premises label and packed them separately in a Faraday bag.
3. The computer storage media laptop etcetera to be kept away from magnets radio transmitters police radios since they could have an adverse impact on the data and the set devices.
4. To carry out a search of the premises to obtain instruction manuals documentation as also to ascertain if a password is written down somewhere since many a time a person owning equipment would have written the password in a book writing pad or the like at the set location.
5. The entire process and procedure followed are to be documented in writing from the time of the entry of the investigation or search team into the premises until they exit.

Along with these general guidelines, there were individual guidelines for various variants of electronic devices. The complete judgement is attached here for the reader's perusal.

But in reality, neither a summons through section 91 nor a hash value generation is followed. The investigating agencies use multiple unlawful ways to collect personal data and the judicial lacuna is profound. The recent raids in TheWire.in 's office, where multiple electronic devices were seized, none of them was secured through hash value. Even in the case of the arrest of journalist and activist Teesta Setalvad, her phone was seized without any legal documentation such as panchnama. As they procured the device without hashing it is impossible to verify whether the Gujarat ATS who arrested her, tampered with it or not.

This PIL is an important step in recognizing the importance of personal data being misused during an arrest or search. There should be a remedy made into a law for the accused or suspect to approach the court if proper protection through hashing is not followed while seizure. The case comes up during a time when the personal data bill has just been published for public opinion. It will be interesting to know how this case develops and what the new norms of data protection during seizures will be.

This article was inspired by the extensive reporting done by:

TheWire.in Newslaundry Scroll.in

Rohit Magesh | 30-11-2022.