Cyber Forensics & Electronic Evidences: Challenges In Enforcement & Their Admissibility
Legal Service India

File your Caveat in Supreme Court INSTANTLY

Call Ph no:+9873629841
Legal Service India.com
  • Cyber Forensics & Electronic Evidences: Challenges In Enforcement & Their Admissibility

    Proliferation of Information technology has brought with itself a chequered scenario in society. The upcoming challenges in cyber forensics has brought it with itself problem of admissibility of electronic evidence as well...

    Author Name:   samarth


    Proliferation of Information technology has brought with itself a chequered scenario in society. The upcoming challenges in cyber forensics has brought it with itself problem of admissibility of electronic evidence as well...

    Proliferation of Information technology has brought with itself a chequered scenario in society. It has assumed a very significant position in our life. The unending quest to get better in technology has impregnated various vices in the society. The face of criminal activities has got a new dimension and outlook with the advent of latest technology. For sure, we cannot rule out the contribution of such fascinating technologies in our life, both personally and professionally. However, on the weighing scale, we find it difficult to balance both the situations.

    When we talk of the word ‘cyber’, it automatically takes us to the thought of internet, technology and virtual world. For a lawyer or a technician it brings within its nuances various other things as well. They include computer, networks, data storage, software, cell phones, ATMs, other peripherals. In a nut shell they include anything and everything which has its roots in technology or is somewhere related to the generic term ‘computer’ and its offshoots. All these things are collectively and generically called ‘cyber space’.

    The criminals are using these high end technologies to commit such crimes which are beyond the reach and understanding of a layman. A person unskilled in this art cannot fancy tracing the roots of the crime. In recent years it has given us a new term called cyber crime. It a crime in which computer (cyber, in general) is either used a tool or a target.

    In a crime involving the use of technology, the evidences so furnished will also be in some electronic form. At times it becomes difficult to test the veracity of such evidences, in absence of expert. Here comes the role of cyber forensics. Forensics generally means the use of science and technology to establish facts in courts of law. When prefixed by the word cyber, it obviously connotes the relation with cyber space. Etymologically we term them as ‘electronic evidence’. They are commonly defined as collection, preservation, analysis and court presentation of computer related evidences.

    Use Of Cyber Forensics In Various Aspects Of Law
    Criminal prosecution – Use electronic evidences in variety of crimes where incriminating evidences can be found. Homicide, financial fraud, drugs and embezzlement, harassment, recordkeeping and child pornography are some of the illustrations in criminal prosecution.
    Civil prosecution – Can make use of electronic evidences in unearthing business and personal records. Contracts, divorce, claims, harassment, defamation cases are some examples.
    Insurance cases – Insurance companies may be able to successfully defend themselves from any claim by furnishing electronic records of possible fraud in accident and arson cases.
    Corporations – They also make use of these evidences to ascertain any possible linkups in blackmails, frauds, trade secret, misappropriation and other internal and external information.
    Revenue/Enforcement/Regulation – Frequently used in post seizure precautions of computer assets.
    Counsels – They sometimes hire expert cyber forensics for handling and establish complex electronic records in various cases.

    Electronic Evidences: Considerations, Care And Caution
    It is very important to understand the nature of electronic evidences. Unlike any other form of evidences, it is quite easy to tutor electronic evidence, much less for an expert who deals with them on regular basis. Therefore, special care and caution must be attributed to handling such sensitive pieces of evidence. Primary threats to electronic evidence include virus, electromagnetic or mechanical damages.

    Such tools and methods must be adopted that are tested and tried, confirmed my experts are precise enough to get to the thin roots of nuances of complex evidence. As far as possible the tools must be subject to mock examination every time before use in order to avoid any sort of error at the time of collection/examination of evidence. As far as possible sensitive information must be analyzed by experts and amateur should not be allowed to fiddle with the data. These are some of the basics, which, if followed religiously, can bring about unprecedented change in successful culmination of the prosecution.

    Position In Federal Law Of Evidence
    In order for the ‘electronic evidence’ to be admissible, it must comply with the ‘best evidence rule’ and ‘chain of custody’ must be so that rules out any tampering. In most simplistic understanding ‘best evidence’ is considered to be in the original form. “(if) data are stored in a computer or similar device, any printout or other output readable by sight, shown to reflect the data accurately, is an original.”

    A duplicate is admissible to the same extent as an original unless (1) a genuine question is raised as to the authenticity of the original or (2) in the circumstances it would be unfair to admit the duplicate in lieu of the original.

    In a leading case of Lorraine v. Markel American Insurance Company, Grimm J. describes a model for addressing admission of electronic evidence. Lorraine model suggests that admissibility of electronic evidence focuses first on relevance, asking whether the electronic evidence has any tendency to make some fact that that is of consequence of litigation more or less probable than it would be otherwise. Secondly, it should address authenticity asking if the electronic evidence can be presented purporting its authenticity. Thirdly, the issues of hearsay concerns associated with the electronic evidence must be addressed properly , asking if it is a statement by the declarant, other than one made by the declarant while testifying at the trial or hearing, offered for the truth of the matter asserted, and, if the electronic information is hearsay, whether an exclusion or exception to the hearsay rule applies. Fourthly, the application of the original documents rule must be taken care of. Fifthly, and finally, it should be considered whether the probative value of the [electronic] evidence is substantially outweighed by the danger of unfair prejudice, confusion, or waste of time. Careful consideration of these traditional evidentiary principles will permit a proponent to successfully admit electronic evidence.

    Logical Relevance – Under Federal Rules of Evidence relevant evidence is generally admissible while irrelevant evidence is not. “Relevant evidence” is defined as evidence that has “any tendency to make the existence of any fact that is of consequence to the determination of the action more probable or less probable than it would be without the evidence.” Rules 401 and 402 of the Federal Rules of Evidence address this fundamental question of “logical relevance.

    The Federal Rules’ logical relevance test is quite yielding, particularly in light of the fact that a court’s determination of logical relevance is reviewed under an abuse of discretion standard. This test is applied to electronic evidence in the same way that it is applied to more traditional forms of evidence. To those accustomed to applying the Federal Rules’ logical relevance test to more traditional forms of evidence, the test’s application to electronic evidence is fairly intuitive; it seems that, even under the view that electronic evidence is fundamentally strange or “magical,” logical relevance is logical relevance.

    Pragmatic Relevance – At times it may happen that even a logically relevant evidence may be inadmissible. “if its probative value is substantially outweighed by the danger of unfair prejudice, confusion of the issues, or misleading the jury, or by considerations of undue delay, waste of time, or needless presentation of cumulative evidence”.

    Like logical relevance, the Federal Rules’ test for pragmatic relevance is applied to electronic evidence in the same way it is applied to more traditional forms of evidence. A court is most likely to invoke Rule 403 to exclude otherwise relevant electronic evidence where such evidence: (1) “contain[s] offensive or highly derogatory language that may provoke an emotional response;” (2) consists of computer animations or simulations where “there is a substantial risk that the jury may mistake them for the actual events [at issue] in the litigation;” or (3) it is potentially unreliable or inaccurate.

    Authentication – It is absolutely necessary for the court to delve deep into the authenticity of the evidence. It must be shown beyond any iota of doubt that the evidence is what it purports to be. It is a very common phenomenon that the electronic records can be easily tutored with and tampered to meet the desired ends. In this process, no one but the justice suffers. Absolute care and caution must be exercised in order to hold any electronic evidence as admissible.

    Position In India
    Information and Technology Act, 2000 was enacted to cater to the growing demand of legislation in cyber space. For the first time it introduced the concept of ‘digital signatures’, ‘encryption’, ‘electronic evidences’ etc. These terms were foreign to the then law of evidence. No provision was there to adduce them as evidences in courts of law. Inevitably, certain changes were made in the Indian Evidence Act, 1872 to make it more contemporary and in tune with the changing times. The Indian Evidence Act, 1872 and Information Technology Act, 2000 grants legal recognition to electronic records and evidence submitted in form of electronic records. According to section 2(t) of the Information Technology Act, 2000 “electronic record” means data, record or data generated, image or sound stored, received or sent in an electronic form or micro film or computer generated micro fiche. The Information Technology Amendment Act, 2008 has recognized various forms of communication devices and defines a “communication device” under section 2 (ha) of the Act “communication device” means cell phones, personal digital assistance or combination of both or any other device used to communicate, send or transmit any text, video, audio or image.

    The second schedule of The Information Technology Act 2000 is India’s only act dealing with computer crime, with an intension to introduce the concept of electronic evidence has added to the provisions of Indian Evidence Act, 1872 which had been drafted earlier keeping in mind only the physical world. These amendments can be summed up as following:

    1. In section 3,—
    (a) In the definition of "Evidence", for the words "all documents produced for the inspection of the Court", the words "all documents including electronic records produced for the inspection of the Court" have been substituted;

    (b) after the definition of "India", the following have been inserted, namely:— 'the expressions "Certifying Authority", "digital signature", "Digital Signature Certificate", "electronic form", "electronic records", "information", "secure electronic record", "secure digital signature" and "subscriber" with the meanings respectively assigned to them in the Information Technology Act, 2000. '

    2. In section 17, for the words "oral or documentary,", the words "oral or documentary or contained in electronic form" have been substituted.
    3. After section 22, section 22A has been inserted which says that “Oral admissions as to the contents of electronic records are not relevant, unless the genuineness of the electronic record produced is in question.".

    4. In section 34, for the words "Entries in the books of account", the words "Entries in the books of account, including those maintained in an electronic form" have been substituted.
    5. In section 35, for the word "record", in both the places where it occurs, the words "record or an electronic record" have been substituted.

    6. For section 39, the following section has been substituted, namely: —
    What evidence to be given when statement forms part of a conversation, document, electronic record, book or series of letters or papers.

    "39. When any statement of which evidence is given forms part of a longer statement, or of a conversation or pan of an isolated document, or is contained in a document which forms part of a book, or is contained in part of electronic record or of a connected series of letters or papers, evidence shall be given of so much and no more of the statement, conversation, document, electronic record, book or series of letters or papers as the Court considers necessary in that particular case to the full understanding of the nature and effect of the statement, and of the circumstances under which it was made.".

    7. After section 47, section 47A has been inserted, which talks about, Opinion as to digital signature where relevant.
    8. In section 59, for the words "contents of documents" the words "contents of documents or electronic records" have been substituted.
    9. After section 65, section 65A and 65B have been added laying down the provisions about Admissibility of electronic records.
    10. After section 67, section 67A has been inserted, which talks about Proof as to digital signature.
    11. After section 73, section 73A has been added which talks about Proof as to verification of digital signature.
    12. After section 81, section 81A has been added which talks about Presumption as to Gazettes in electronic forms.

    13. After section 85, the following sections have been inserted, namely: —
    i) 85A which talks about Presumption as to electronic agreements
    ii) 85B which talks about Presumption as to electronic records and digital signatures.
    iii) 85C which talks about Presumption as to Digital Signature Certificates.

    14. After section 88, section 88A has been inserted which talks about Presumption as to electronic messages.
    15. After section 90, section 90A has been added which talks about Presumption as to electronic records five years old.
    16. For section 131, the following section has been substituted, namely: — Production of documents or electronic records which another person, having possession, could refuse to produce.

    "131. No one shall be compelled to produce documents in his possession or electronic records under his control, which any other person would be entitled to refuse to produce if they were in his possession or control, unless such last-mentioned person consents to their production.".

    Prior to enforcement of this schedule, judiciary did not witness any evidence involving computer records. With the growth of the use of electronic evidence in courts of law, it has left opened a very pertinent question that whether the judiciary is well equipped to appreciate these highly technical evidences. It goes without saying that the judges will need to know the finer aspects of this branch. However, we have seen that the courts of India have very well encountered such electronic evidence in accordance with the newly introduced laws. They have been frequently assisted by cyber forensic expert and the cyber lawyer. The next question which strikes our mind is that whether such computer records are as good evidence as paper based documentary evidence. The nature of such electronic evidence is a complex one as it demands extra caution and care during collection of evidence. Moreover, the concept of electronic evidence fails to identify the kinds of documentary evidence namely the primary and the secondary evidence as every electronic record is an original as well as in duplicate. However, the provisions of section 65A and 65B help to overcome this complex situation.

    Cyber Forensics And Challenges For Law Enforcement
    Cyber forensics is a branch of forensics relating to computer based evidences, their storage, collection and admissibility. It is also known as digital forensics. The reasons for employing cyber forensics techniques are manifold. Firstly, analysis of computer systems belonging to accused; secondly, recovery of data in event of hardware/software failure; thirdly, to gather evidences against the employee or any person the organisation wish to terminate.

    Cyber forensics as a discipline requires highly trained professional operating in an organized and comprehensive manner. The growing number of cyber crime indicates setting up of support group consisting of police officers in CBI, CID, state police headquarters and detective department of computer investigation. These trained police officers are needed to understand the nature of crime at the threshold and proceed with the investigation in a correct and required manner. Failing which, it will result in a botched up investigation at the outset leaving no evidences and a total failure to convict the criminal.

    Special measure should be taken in conducting cyber forensics investigation. It must be kept in mind that only collection of evidences is not required. The agency is required to ascertain that whether or not the evidences so gathered are admissible in the court of law. For the purpose of admissibility they are supposed to make provisions so that those evidences are not tampered or toyed. Evidences are to undergo a strict test of admissibility. Hence they must draw a clear picture of sequence of events leading to one and only one conclusion of the accused being guilty.

    Another baffling aspect which is involved in these crimes is the intelligence of criminals. Those who commit these crimes are highly skilled persons especially trained in these fields. Hence their understanding of things is far more than what investigators can perceive. In order to match with the intellect and skill of criminals a hyper technical and sharp approach is needed.

    Cyber forensics became more challenging since new forms and techniques of data storage are continuously being changed and new technologies are being developed. One of the major challenges faced by the investigators and law courts is the legal framework. In India after the enactment of Information and Technology Act, 2000 and consequential amendments in the Indian Evidence Act, 1872 and the Indian Penal Code, 1860, electronic record is admissible evidence criminal can be bring to book. However, the major problem relates to jurisdictional issue. In case where laws of one country recognize a particular act as crime and laws of other country do not consider it as crime, the problem of enforcement arises. Not to mention the cooperation and support that is required from the other country is also very important.

    In State of Punjab v. Amritsar Beverages Ltd., the Supreme Court expressed that there are a lot of difficulties faced by investigating officers due to lack of scientific expertise and insight into digital evidences techniques. The court also noted that IT Act does not deal with all types of problems and hence the agencies are seriously handicapped in some respects.

    Evidentiary Value Of Electronic Records
    The evidentiary value of an electronic record is directly proportional to its quality. The Indian Evidence Act, 1872 has widely dealt with the evidentiary value of the electronic records. According to section 3 of the Act, “evidence” means and includes all documents including electronic records produced for the inspection of the court and such documents are called documentary evidence. Thus the section clarifies that documentary evidence can be in the form of electronic record and stands at par with conventional form of documents.

    The evidentiary value of electronic records is elaborated under sections 65A and 65B of the Evidence Act, 1872. These sections provide that if the four conditions listed are satisfied any information contained in an electronic record which is printed on paper, stored, recorded or copied in an optical or magnetic media, produced by a computer is deemed to be a document and becomes admissible in proceedings without further proof or production of the original, as evidence of any contacts of the original or any facts stated therein, which direct evidence would be admissible.

    The four conditions referred to above are:
    (1) The computer output containing such information should have been produced by the computer during the period when the computer was used regularly to store or process information for the purpose of any activities regularly carried on during that period by the person having lawful control over the use of the computer.

    (2) During such period, information of the kind contained in the electronic record was regularly fed into the computer in the ordinary course of such activities.

    (3) Throughout the material part of such period, the computer must have been operating properly. In case the computer was not properly operating during such period, it must be shown that this did not affect the electronic record or the accuracy of the contents.

    (4) The information contained in the electronic record should be such as reproduces or is derived from such information fed into the computer in the ordinary course of such activities

    It is further provided that where in any proceedings, evidence of an electronic record is to be given, a certificate containing the particulars prescribed by 65B of the Act, and signed by a person occupying a responsible official position in relation to the operation of the relevant device or the management of the relevant activities would be sufficient evidence of the matters stated in the certificate.

    The apex court in State v Navjot Sandhu, held, while examining the provisions of newly added section 65B that in a given case, it may be that the certificate containing the details in sub- section 4 of section 65B is not filed, but that does not mean that secondary evidence cannot be given. It was held by the court that the law permits such evidence to be given in the circumstances mentioned in the relevant provisions, namely, sections 63 and 65 of the Indian Evidence Act 1872. According to Section 63, secondary evidence means and includes, among other things, “copies made from the original by mechanical processes which in themselves insure the accuracy of the copy, and copies compared with such copies. Section 65 enables secondary evidence of the contents of a document to be adduced if the original is of such a nature as not to be easily movable. Hence, printouts taken from the computers/servers by mechanical process and certified by a responsible official of the service-providing company can be led in evidence through a witness who can identify the signatures of the certifying officer or otherwise speak of the facts based on his personal knowledge. Irrespective of the compliance with the requirements of section 65-B, which is a provision dealing with admissibility of electronic records, there is no bar to adducing secondary evidence under the other provisions of the Indian Evidence Act 1872, namely, sections 63 and 65.

    It is pertinent to note herein a recent development, as per the IT Amendment Bill 2008 (passed by both houses of Indian Parliament and yet to be enforced), section 79A empowers the Central Government to appoint any department, body or agency as examiner of electronic evidence for providing expert opinion on electronic form evidence before any court or authority. ‘Electronic form of evidence’ herein means any information of probative value that is either stored or transmitted in electronic form and includes computer evidence, digital, audio, digital video, cell phones, digital fax machines. Further as per Section 85 B of the Indian Evidence Act, there is a presumption as to authenticity of electronic records in case of secure electronic records ( i.e. records digitally signed as per Section 14 of the IT Act,2000. Other electronic records can be proved by adducing evidence and presumption will not operate in case of documents which do not fall under the definition of secure electronic records.

    With the passage of the Information Technology Amendment Act 2008, India would become technologically neutral due to adoption of electronic signatures as a legally valid mode of executing signatures. This includes digital signatures as one of the modes of signatures and is far broader in ambit covering biometrics and other new forms of creating electronic signatures. The position of electronic documents in the form of SMS, MMS and E-mail in India is well demonstrated under the law and the interpretation provided in various cases.

    In State of Delhi v. Mohd. Afzal & Others, it was held that electronic records are admissible as evidence. If someone challenges the accuracy of a computer evidence or electronic record on the grounds of misuse of system or operating failure or interpolation, then the person challenging it must prove the same beyond reasonable doubt. The court observed that mere theoretical and general apprehensions cannot make clear evidence defective and in admissible. This case has well demonstrated the admissibility of electronic evidence in various forms in Indian courts.

    The basic principles of equivalence and legal validity of both electronic signatures and hand written signatures and of equivalence between paper document and electronic document has gained universal acceptance. Despite technical measures, there is still probability of electronic records being tampered with and complex scientific methods are being devised to determine the probability of such tampering. For admissibility of electronic records, specific criteria have been made in the Indian Evidence Act to satisfy the prime condition of authenticity or reliability which may be strengthened by means of new techniques of security being introduced by advancing technologies.

    Conclusion
    It is quite notable achievement for law enforcement agencies and legislators that India has kept pace with the changing technological trends and introduced extremely important amendments in its laws to cater to the demands of technology. The only thing which needs a special and urgent attention is the training imparted to the implementing authorities so that the provisions are adequately enforced. Hopefully in years to come this problem will also be redressed and the country will witness a totally new, refreshed and technologically sound legal and enforcement framework.
    ***
    # Student, LL.M, I semester, Indian Law Institute, New Delhi
    # s. 1001(3), Federal Rules of Evidence.
    # s. 1003, Federal Rules of Evidence.
    # 241 F.R.D. 534.
    # FED. R. EVID. 402 (“All relevant evidence is admissible, except as otherwise provided by the Constitution of the United States, by Act of Congress, by [the Federal Rules of Evidence], or by other rules prescribed by the Supreme Court pursuant to statutory authority.”).
    # FED. R. EVID. 401 (emphasis added). This question is “different from whether evidence is sufficient to prove a point.” Lorraine, 241 F.R.D. at 541 (emphasis omitted).
    # See FED. R. EVID. 401; FED. R. EVID. 402.
    # See United States v. Becton, 601 F.3d 588, 594 (D.C. Cir. 2010) (stating that determinations of the district courts concerning relevancy are reviewed for an abuse of discretion); United States v. Alvarez, 358 F.3d 1194, 1205 (9th Cir. 2004) (acknowledging the wide discretion afforded to trial judges in determining whether evidence is relevant and noting that a reviewing court will only consider “whether the decision was based on relevant factors and whether there was ‘a clear error of judgment.’”) (quoting United States v. Soulard, 730 F.2d 1292, 1296 (9th Cir. 1984).
    # FED. R. EVID. 403.
    # Lorraine v. Markel Am. Ins. Co., 241 F.R.D. 534, 584 (D. Md. 2007) (citation omitted) (discussing electronic evidence); see also Monotype, 43 F.3d at 450 (holding that a district court did not err in excluding e-mails under Rule 403 because they were derogatory in nature and lacked probative value).
    # (2006) 7 SCC 607.
    # (2005) 11 SCC 600; para 150.
    # 2003 (3) SCC 1669.

    Authors contact info - articles The  author can be reached at: samarth@legalserviceindia.com




    ISBN No: 978-81-928510-1-3

    Author Bio:   Samarth Agrawal I am pursuing LL.M from Indian Law Institute, New Delhi. I have secured distinction in B.A.LL.B(Hons.) Course from University of Allahabad My key area of interests are Intellectual Property Rights and Constitutional Law
    Email:   samarth@legalserviceindia.com
    Website:   http://www.


    Views:  15065
    Comments  :  

    How To Submit Your Article:

    Follow the Procedure Below To Submit Your Articles

    Submit your Article by using our online form Click here
    Note* we only accept Original Articles, we will not accept Articles Already Published in other websites.
    For Further Details Contact: editor@legalserviceindia.com



    File Your Copyright - Right Now!

    Copyright Registration
    Online Copyright Registration in India
    Call us at: 9891244487 / or email at: admin@legalserviceindia.com

    File Divorce in Delhi - Right Now!

    File Your Mutual Divorce -
    Call us Right Now at: 9650499965 / or email at: tapsash@gmail.com