APPLICATION OF LAW OF EVIDENCE IN CYBER OFFENCES

INFORMATION TECHNOLOGY LAW

SUBMITTED TO:
Dr. Nandini CP Ma’am

Submitted by:
KHUSHBOO PAREEK
2015054
IX SEMESTER

1|Page
 ACKNOWLEDGEMENT

I have taken serious efforts in this project. However it would not have been possible without the kind
support and help of many individuals. I would like to extend my sincere thanks to all of them. I am highly
indebted to Dr. Nandini CP Ma’am for her guidance and constant supervision as well as for providing
necessary information regarding the project.

I would like to express my special gratitude and thanks to my faculty member for their patience, time and
helping me in developing the project and people who have willingly helped me out with their abilities.

2|Page
 TABLE OF CONTENTS

S.NO CHAPTERS PAGE NO.

1. SYNOPSIS 4
2. LITERATURE REVIEW 4
3. INTRODUCTION 9
4 DISTINCTION BETWEEN CYBER CRIMES AND 10
CONVENTIONL CRIMES
5. TYPES OF CYBER CRIMES 13
6. CYBER CRIMES INVESTIGATION: GOBAL AND 16
INDIAN PERSPECTIVE
7. INDIAN EVIDENCE ACT AND INFORMATION 21
TECHNOLOGY
8. CHALLENGES TO THE AUTHENTICITY OF 31
ELECTRONIC EVIDENCE
9. SUGGESTIONS AND CONCLUSION 33
10. BIBLIOGRAPY 34

3|Page
 INFORMATION TECHNOLOGY AND LAW

TOPIC: APPLICATION OF LAW OF EVIDENCE IN CYBER OFFENCES

SYNOPSIS

1) HYPOTHESIS-

• The provisions of the Evidence Law in India are strictly applicable to data protection, privacy,
encryption and other cybercrimes.

2) OBJECTIVE OF THE STUDY- Cybercrimes are a new class of crimes to India rapidly
expanding due to extensive use of Internet. The objective of the study is to critically analyze the
application of the law of evidence in cyber offences. The researcher also aims to do a comparative
analysis with respect to other countries.

3) SCOPE OF THE STUDY- The primary focus of the study is limited to the Indian Law and
the researcher shall compare the provisions of Indian Law with the laws of other country for
interpretation.

5) LITERATURE REVIEW

i. Cyber Crime: A Growing Problem1- The article focuses on the growth of cybercrime and the
challenges facing law enforcement agencies in combating this category of crime. It also highlights
the initiatives of different governments and international organizations in addressing this growing
problem. Availability is the characteristic which makes such information accessible and usable in
the required manner. Confidentiality is the characteristic which renders the data inaccessible by
unauthorized persons and entities. Integrity preserves the accuracy of the information and provides
the assurance that electronic data has not been altered. It has, however, been recognized that
although the Internet offers consumers greater access to information and opportunities, it provides
criminals with a new channel for committing fraud. Although the concept of ‘cybercrime’ has not
yet been given a generally accepted definition, it conveys illegal activities largely or completely
performed using a computer connected to the Internet. The ability of national authorities to police
cybercrime is highly questionable as this class of criminals is not restricted by geographical

1
Rita Esen, Cyber Crime: A Growing Problem, 66 J. CRIM. L. 269, 283 (2002).

4|Page
borders. It is hoped that the attempts made by international policymakers and organizations to form
global alliances will work to reduce, or better still, eradicate crime in cyberspace.

ii. Cyber Laws in India2- The author of this article has critically analyzed the impact of
digitalization and growing crimes, the legal experts have realized the lacuna that exists in the
current legal regime in India. If such a virus or contaminant were to be launched in India and the
culprit were to be arrested, under the current legal framework, such a person would not be
punishable as there are no laws making such an activity an offence. Under the proposed IT Bill,
extensive provision has been laid down for dealing with cybercrimes. An extensive definition
clause defines numerous activities that can amount to a cybercrime. Under this provision, almost
every conceivable misconduct relating to a computer can result in civil and criminal liabilities.

The consequence of power without the knowledge to use it in the right way or for the right purpose
could result in disastrous consequences for the internet industry in India, where improper action
by such officials could sap the internet boom of its energy. Hence, along with education and
training, it is imperative that these provisions need further tempering, and adequate checks and
balances need to be incorporated to ensure that there are no abuses.

iii. Cyber Crime Law in India: Has Law Kept Pace with Emerging Trends? An Empirical
Study3- The scope of this paper is to highlight some important provisions of the cyber-criminal
laws in India relating to data protection, privacy, encryption and other cybercrimes and the extent
to which the said provisions arm the enforcement authorities to combat not just existing but
emerging trends in Cyber Crime.
Whilst some inclusions in the ITA 2008 have been subject to criticism, the amendments and
additions made to the IT Act are expedient and much awaited additions. Absence of effective
provisions to combat offences like Cyber Stalking and cybersquatting are avoidable loopholes,
which one hopes will soon be rectified. One could safely conclude that whilst the ITA 2008 is still
work in progress, it is definitely headed in the right direction.
iv. Cyber-Conflict, Cyber-Crime, and Cyber Espionage4 - In this article, the author has voiced
his opinions regarding the emergence of era of digitalization and how it has led to the origination

2
Orijit Das, Cyber Laws in India, 28 INT'L BUS. LAW. 327, 329 (2000).
3
N. S. Nappinai, Cyber Crime Law in India: Has Law Kept Pace with Engineering Trends -An Empirical Study, 5 J.
INT'L COM. L. & TECH. 22, 28 (2010).
4
David Weissbrodt, Cyber-Conflict, Cyber-Crime, and Cyber-Espionage, 22 MINN. J. INT'L

5|Page
of various forms of crime. The article also explores different types of computer network operations
and the scope of existing legal paradigms that can be applied to computer network operations.
Cybercrimes are considered to be a new category of crime with unique challenges not present by
traditional crimes, such as issues regarding jurisdiction, international cooperation, intent, and
offender identification. Different states have their own criminal codes which define what cyber-
activities constitute crimes.

v. Cyber Crimes- Challenges & Solutions5- The article exposes the world to dangers it poses to
organizations, factors that encourage it, and recommending possible controls and preventive
measures against computer crimes. Internet is believed to be full of anarchy and a system of law
and regulation therein seems contradictory. However, Cyberspace is being governed by a system
of law called Cyber law. Cyber law is a generic term which refers to all the legal and regulatory
aspects of Internet. Publishing a web page is an excellent way for any business to vastly increase
its exposure to millions of individuals world-wide. The reasons for the vulnerability of computers
and growing cybercrimes can be due to the capacity to store data in comparatively small space,
the ease of access etc.

vi. Investigating and Prosecuting Cyber Crime: Forensic Dependencies and Barriers to
Justice6- The primary goal of this article is to raise awareness regarding legal loopholes and
enabling technologies, which facilitate acts of cybercrime. In perusing these avenues of inquiry,
the author seeks to identify systemic impediments which obstruct police investigations,
prosecutions, and digital forensics interrogations. The author offers a grounded, pragmatic
approach based on the in-depth experience gained serving with police task-forces, government
agencies, private sector, and international organizations. The secondary objective of this research
encourages policy makers to reevaluate strategies for combating the ubiquitous and evolving threat
posed by cyber criminality. In this way, the author invites the reader to contemplate the reality of
a cybercrime inquiry and the practical limits of the criminal justice process.

L. 347, 387 (2013).

5
Rajarshi Rai Choudhury, Investigating and Prosecuting Cyber Crime: Forensic Dependencies and Barriers to
Justice, IJCSIT, Vol. 4 (5), 729-732, 2013.
6
S. D. Brown, Investigating and Prosecuting Cyber Crime: Forensic Dependencies and Barriers to Justice, IJCC,
Vol. 9 Issue 1 Jan.,2015.

6|Page
vii. Cyber Security: A Legal Perspective7- Computer technology provides a boost to the human
life and adds accuracy, speed and efficiency. Computer crime is a great hurdle in the development
of a country. The rapid growth of cybercrime makes cyber security as an unavoidable part of our
lives. Normally a person is concerned with the tools and technologies used to prevent cybercrime.
This article emphasizes on legal response to cyber security and focuses on the importance of law
against cybercrime for achieving the cyber security in an indirect manner. Therefore, for detection
and prevention of such cyber threat, the industries are developing a range of products for use in
the home and the business, for example, intrusion detection systems, firewalls, antivirus software
etc. Despite all the preventive steps, we are not able to get rid of cybercrime. The internet security
problem is immensely growing and cybercrime continues to thrive even though we are using many
countermeasures.

viii. Cyber Crime and its Related Aspects under I.T. Act, 2000 and its Prevention 8- Cyber
Crimes are increasing day by day and are posing a great threat to internet users. The author
discusses the Cybercrime, its nature and types. Various tools and techniques used for cybercrime
are evaluated and the author has also discussed cyber related laws under Indian Penal Code and
their application to the cyber offences. With the discussion of cybercrimes, this paper proposes the
strategies to prevent cybercrimes and recommend policies for cyber-crime prevention. It also
becomes difficult to identify from which part of the world the crime is done. This increases the
difficulties to recognize the culprits and bring them under the law for justice. While the offense
carried out may be conspicuous, digital crimes represent various noteworthy troubles for
conventional policing over a wide range of crimes conferred on the web. While not many of them
apply to this situation, they are unmistakably recognized as issues in a large portion of the
examinations carried by law enforcement.

ix. A brief study on Cyber Crime and Cyber Laws of India9- The internet technology has been
using by the few people for criminal activities like unauthorized access to other’s network, scams
etc. These criminal activities or the offense/crime related to the internet is termed as cybercrime.
In order to stop or to punish the cyber criminals the term “Cyber Law” was introduced. We can

7
Dr. Sudhir Kumar Sharma, Cyber Security: A Legal Perspective, Vol. 9, No. 1, pp. 1-11, 2017.
8
Priya Singh, Cyber Crime and its Related Aspects under I.T. Act, 2000 and its Prevention, Int. Journal of Computer
Applications, Vol. 27, Oct 2015.
9
Animesh Sarmah , A brief study on Cyber Crime and Cyber Law’s of India, IRJET, Vol.4 Issue 6, 2017.

7|Page
define cyber law as it is the part of the legal systems that deals with the Internet, cyberspace, and
with the legal issues. It covers a broad area, encompassing many subtopics as well as freedom of
expressions, access to and utilization of the Internet, and online security or online privacy. The
unusual characteristic of cybercrime is that the victim and the offender may never come into direct
contact. Cybercriminals often opt to operate from countries with nonexistent or weak cybercrime
laws in order to reduce the chances of detection and prosecution.

x. Emergence of Cyber Crimes: A Challenge for the New Millennium10- There is no exhaustive
definition of cyber-crimes. It could cover activities which basically offend the human sensibilities,
for example, hacking and child pornography. Cyber-crimes may include any criminal act dealing
with computers and Internet. This may also include traditional crimes committed through Internet,
like Internet frauds, when the computers and internet are used as tools to commit an act which is
otherwise an offence. Defined broadly, the term ‘computer crime’ could reasonably include a wide
variety of criminal offences and unlawful activities related to or having connection to computers.
The potential scope is even larger when using the frequent companion or substitute term ‘computer
related crime’. Consequently, emerging cyber-crimes are not only posing threat to the commercial
world but also to the interest of the internet community and a common man at large.

10
Joyce Brown, Emergence of Cyber Crimes: A Challenge for the New Millennium, Vol. 6(1), pp. 1-12, Aug. 2016.

8|Page
 CHAPTER ONE

INTRODUCTION

The term cybercrime though technically speaking relates to the vandalizing and violation of the
network system, yet it is commonly used to mean crimes and breaches in relation to computers
which are not connected to the internet. It is a multidimensional term which entails a criminal
activity that takes myriad forms, like it may consist of freeing of a virus into a network, the
defacing of computer data or it may also be an unauthorized access into the information stored in
computer. The words cybercrimes and computer crimes are used interchangeably in common
parlance. The word computer crimes has wider ambit as it entails not only crimes committed on
the internet but also offences committed in relation to or with the help of computers. Sussman and
Heuston first proposed the term “Cyber Crime” in the year 1995. Cybercrime cannot be described
as a single definition, it is best considered as a collection of acts or conducts. These acts are based
on the material offence object that affects the computer data or systems. These are the illegal acts
where a digital device or information system is a tool or a target or it can be the combination of
both. The cybercrime is also known as electronic crimes, computer-related crimes, e-crime, high
technology crime, information age crime etc.11 In simple term we can describe “Cyber Crime” are
the offences or crimes that takes place over electronic communications or information systems.
These types of crimes are basically the illegal activities in which a computer and a network are
involved. Due of the development of the internet, the volumes of the cybercrime activities are also
increasing because when committing a crime there is no longer a need for the physical present of
the criminal. The unusual characteristic of cybercrime is that the victim and the offender may never
come into direct contact. Cybercriminals often opt to operate from countries with nonexistent or
weak cybercrime laws in order to reduce the chances of detection and prosecution. There is a myth
among the people that cybercrimes can only be committed over the cyberspace or the internet. In
fact cybercrimes can also be committed without ones involvement in the cyber space, it is not
necessary that the cybercriminal should remain present online.12 The first Cyber Crime was
recorded within the year 1820. The primeval type of computer has been in Japan, China and India

11
Prof. Hammond, Allen, Cyber-Crime: an Efficient Tool to Fight Crimes in Cyber-Space?,COUNCIL OF
EUROPEAN CONVENTION, June, 2001.
12
https://www.tutorialspoint.com/information_security_ cyber_law/introduction.html, last accessed at Oct. 18, 2019,
10:04 AM.

9|Page
since 3500 B.C, but Charles Babbage’s analytical engine is considered as the time of present day
computers. In the year 1820, in France a textile manufacturer named Joseph-Marie Jacquard
created the loom. This device allowed a series of steps that was continual within the weaving of
special fabrics or materials. This resulted in an exceeding concern among the Jacquard's workers
that their livelihoods as well as their traditional employment were being threatened, and prefer to
sabotage so as to discourage Jacquard so that the new technology cannot be utilized in the future.

CHAPTER TWO

DISTINCTION BETWEEN CYBER CRIMES AND CONVENTIONAL CRIMES

One of the contrasts amongst cybercrime and conventional crime is the proof of the offenses.
Customary crooks for the most part leave hints of a crime, through either fingerprints or other
physical confirmations. The Internet additionally permits the obscurity of its clients, and this infers
cybercriminals can utilize any nom de plumes their distinguishing proof.13 Then again, it is
troublesome for conventional hoodlums to counterfeit their sexual orientation, race, or age.
Therefore, this prompts the second contrast amongst customary and cybercrimes, length of
examinations. Since cybercrime includes culprits utilizing distorted names and working from
remote areas, it for the most part takes more time to recognize the genuine cybercriminals and
secure them.14 By and large, cybercriminals escape from capture on the grounds that the specialists
can't find them. Conventional crimes take shorter day and age to explore in light of the fact that
the hoodlums as a rule leave prove that can be utilized to spot them. For example, customary
hoodlums can leave confirmation, for example, DNA, fingerprints, photos and recordings caught
on reconnaissance cameras, or individual assets, for example, character cards, and this makes it
simple for examiners to recognize and catch the guilty parties. Furthermore, such confirmation
makes it simple for the legal to convict the guilty parties. Cybercriminals can utilize the
Constitution to shield themselves from arraignment. The Fifth Amendment brings up that no one
can be compelled to wind up an observer against himself in any criminal case. Subsequently,
cybercriminals can utilize this lawful arrangement to deny the agents any implicating proof that
could prompt the indictment of the cybercriminals. This suggests even in circumstances where

13
http://hubpages.com/hub/Cyber-Crime last access on dated 2/8/2015 last accessed at Oct. 15, 2019, 05:24 PM.
14
DR. MRS. K. SITA MANIKYAM, CYBER CRIME- LAW & POLICY PERSPECTIVES, HIND LAW HOUSE,
PUNE, Page 40.

10 | P a g e
cybercriminals are caught, the trial procedure may take long unless the specialists accumulated
evident proof about the crimes.

 Comparing Abetment in Cyber Crime and Conventional Crime

Whoever abets any offence shall, if the act abetted is committed in consequence of the abetment,
and no express provision is made by this Act for punishment of such abetment, be punished with
the punishment provided for the offence under this Act under Section 84B of Indian Penal Code.15
 Bailable and Non-Bailable Offences
 Under the existing Information Technology Act there is no specific provision regarding the
classification of cognizable, non-cognizable or bailable, non-bailable or otherwise hence
the classification of cybercrime cases has to be decided in accordance with Section 2(a)
and 2(c) read with 1st Schedule of the Cr.P.C in which the conventional crimes are dealt
with.
 Punishments in Cyber Crime and Conventional Crime
The complexities in getting cyber criminals have implied that previously numerous people have
become away with their crimes and don’t confront the same punishment as that of conventional
offenders, which no doubt prompt the fascination of carrying out the crime in any case. While laws
have been ease back to adjust to these more up to date types of criminal movement, advance has
been made. A couple of years ago, malevolent programmers could take a great amount of money,
they cause mass harm but then escape imprisonment. These days prosecution have enormously
risen along with imprisonment to those sentences. It is difficult to say that cybercrime should be
punished the same, more or less severely than conventional offenders because there is no clear
way to compare both of them. It cannot be said that all the time that cyber criminals get less serious
punishments than conventional crimes because money play a very vital role in our day to day life.
Sometimes wealthy men who have committed heinous offences like rape and murder can give
money to the authorities and can easily escape from the clutches of law whereas poor men who
had hacked some website, data theft or any form of cybercrime has to suffer many years of
imprisonment in jail. This is the exact scenario nowadays. 16

15
http://www.legalindia.com/cyber-crimes-and-the-law/ last access on dated 04/7/2014 last accessed at Oct. 13, 2019,
7.40 PM.
16
Suresh T. Vishwanathan, The Criminal Aspect in Cyber Law in The Indian Cyber Law, Vol. , Pg.7,2001.

11 | P a g e
HACKING

The principle goal of numerous programmers is to discover shortcomings, vulnerabilities, and bugs
in PC frameworks. Individuals who hack for no particular reason do as such to demonstrate their
specialized abilities in hacking different PCs. Individuals who hack for criminal pick up do as such
to swindle their breaking computerized security frameworks. Such programmers are not keen on
the data they access from casualties by getting to and controlling their own information. Such
programmers utilize monetary data and passwords of the casualties to move their assets into private
records, and this may bring about enormous budgetary misfortunes to the casualties. People who
hack to create an impression do as such to make ideological or political focuses by taking arranged
data from business and government databases. As a rule, the programmers assault these
associations to challenge inertia by the legislature in tending to different issues or shameful acts
executed by private organizations. 17This helps the organizations in enhancing the security of their
frameworks and averts assaults by vindictive programmers. Cybercrime for the most part has
budgetary outcomes since it brings about loss of protected innovation, money related misfortune
and corruption of shopper trust in different associations. Such misfortunes have extensive effects
to the general public. Cybercrimes cause exchange contortions, work misfortunes, loss of intensity
of influenced associations, prosecution costs in paying influenced customers, and expanded
protection costs. All these tend to reclaim the additions made in the general public. Cybercrime is
one of the cutting edge challenges that specialists are looked with today. Its regularly advancing
face makes it trickier to manage. Powerful cross-fringe participation is expected to definitively
decide the vast majority of the cases In spite of the fact that we discuss cybercrime as a different
element to conventional crime, it is completed by similar sorts of lawbreakers for a similar kind of
reasons. These programmers are proficient hoodlums, criminal packs, displeased workers,
proficient rivalry, activists, frustrated youth and state enemies. They have an indistinguishable
inspirations from customary offenders, for example, weariness and vandalism, ideological or
political help, malevolence or requital, fiscal increase through coercion or offer of unlawfully got
information, psychological warfare or reputation and drama.18 The strategies that cyber crooks use
to assemble information and play out an assault is tantamount to physical 'conventional' crimes.
For instance, how about we look at how a criminal pack may approach breaking into a bank to

17
Laura Ani, Cyber Crime and National Security: The Role of The Penal and Procedural Law, Vol. 1 2014.
18
Ibid at 14.

12 | P a g e
take cash against how a cyber-criminal group may approach breaking into a PC system to take
information. The Scale Assaults can be directed on a scale impractical in the physical world.

The Reach
Assaults can be performed from anyplace on the planet; they can be performed secretly and inside
locales where the outcomes of those activities may not, or can't, be tended to by the criminal equity
framework. Assailants are likewise ready to separate significantly more information carefully than
could ever be conceivable in the physical world. For instance: 1 gigabyte of information is around
4,500 soft cover books. Consider what number of gigabytes of information is hung on a framework,
programmers can extricate this inside a matter of minutes.
Perception and Media Effect
There is another piece of the cyber risk to be viewed as, general society and media impression of
cybercrime. Budapest Convention on Cybercrime and The Convention on the Prevention and
Punishment of the crime of Genocide are the two conventions related to the topic. India is a party
to The Convention on the Prevention and Punishment of International Journal of Pure and Applied
Mathematics Special Issue 1461 the crime of Genocide and unfortunately India is not a party to
the Budapest Convention on Cyber Crime, it is yet to become a party of it.19

CHAPTER THREE

TYPES OF CYBER CRIMES

Cyber Crime can be classified into four major categories. They are as follows:

Category Committed Against Types

a) Cyber Crime Crimes that are  Email spoofing: This technique is a forgery
against committed by the cyber of an email header. This means that the
individuals criminals against an message appears to have received from
individual or a person someone or somewhere other than the
genuine or actual source.
 Spamming: Email spam which is otherwise
called as junk email. It is unsought mass

19
Joga Rao, S.V., Law of Cyber Crimes, 2004.

13 | P a g e
 message sent through email. Recipient’s
email addresses are obtained by spam bots,
which are automated programs that crawls
the internet in search of email addresses.
The spammers use spam bots to create email
distribution lists.
 Cyber defamation: Cyber defamation
means the harm that is brought on the
reputation of an individual in the eyes of
other individual through the cyber space.
The purpose of making defamatory
statement is to bring down the reputation of
the individual.
 IRC Crime (Internet Relay Chat): IRC
servers allow the people around the world to
come together under a single platform
which is sometime called as rooms and they
chat to each other. Cyber Criminals
basically uses it for meeting. Hacker uses it
for discussing their techniques, Paedophiles
use it to allure small children.
 Phishing: Attackers tries to gain
information such as login information or
account’s information by masquerading as a
reputable individual or entity in various
communication channels or in email.
b) Cyber Crime These types of crimes  Software piracy: It can be describes as the
against includes vandalism of copying of software unauthorizedly.
property computers, Intellectual  Copyright infringement: It can be described
Property. as the infringements of an individual or
organization's copyright. In simple term it

14 | P a g e

 Trademark
c) Cyber Crime Unauthorized changing 
against or deleting of data. Or
organization reading or copying of
confidential information
unauthorizedly, but the
data are neither being 
change nor deleted.
 Salami attack: The other name of Salami
d) Cyber Crime Committed against 
against society at large
society
15 | P a g e
can also be describes as the using of
copyright materials unauthorizedly such as
music, software, text etc.
infringement: It can be
described as the using of a service mark or
trademark unauthorizedly
DOS attack: In this attack, the attacker
floods the servers, systems or networks with
traffic in order to overwhelm the victim
resources and make it infeasible or difficult
for the users to use them.
Email bombing: It is a type of Net Abuse,
where huge numbers of emails are sent to an
email address in order to overflow or flood
the mailbox with mails or to flood the server
where the email address is.
attack is Salami slicing. In this attack, the
attackers use an online database in order to
seize the customer’s information like bank
details, credit card details etc. Attacker
deduces very little amounts from every
account over a period of time. In this attack,
no complaint is file and the hackers remain
free from detection as the clients remain
unaware of the slicing.
Forgery: Forgery means making of false
document, signature, currency, revenue
stamp etc.
  Web jacking: The term Web jacking has
been derived from hi jacking. In this offence
the attacker creates a fake website and when
the victim opens the link a new page appears
with the message and they need to click
another link. If the victim clicks the link that
looks real he will redirected to a fake page.
These types of attacks are done to get
entrance or to get access and controls the
site of another. The attacker may also
change the information of the victim’s
webpage.20

CHAPTER FOUR

CYBER CRIMES INVESTIGATION: GLOBAL AND INDIAN PERSPECTIVES

Due to immense increase in the use of Internet and dependency of individuals in every field, a
number of new crimes related to Computer and other gadgets based on internet have evolved in
the society. Such crimes where use of computers coupled with the use of Internet is involved are
broadly termed as Cyber Crimes. Governing Laws.21 There was no statute in India for governing
Cyber Laws involving privacy issues, jurisdiction issues, intellectual property rights issues and a
number of other legal questions. With the tendency of misusing of technology, there arisen a need
of strict statutory laws to regulate the criminal activities in the cyber world and to protect the true
sense of technology “Information Technology Act, 2000” was enacted by Parliament of India to
protect the field of e-commerce, e-governance, e-banking as well as penalties and punishments in
the field of cybercrimes. The above Act was further amended in the form of IT Amendment Act,
2008.22 The ITA-2000 defines ‘Computer’ means any electronic magnetic, optical or other high-

20
http://www.nalsarpro.org/CL/Modules/Module4/Chapter-1.pdf last accessed on Oct. 16, 2019 at 8.00 PM.
21
tecindia.co.in/navneet/navneet-cyberlaw/MIR-012-B2 last accessed on Oct.16, 2019 at 9:24 PM.
22
U.N. Congress on prevention of crime & treatment of offenders, Viagna, April 10-17, 2000.

16 | P a g e
speed data processing device or system which performs logical, arithmetic, and memory functions
by manipulations of electronic, magnetic or optical impulses, and includes all input, output,
processing, storage, computer software, or communication facilities which are connected or related
to the computer in a computer system or computer network.23 The word ‘computer’ and ‘computer
system’ have been so widely defined and interpreted to mean any electronic device with data
processing capability, performing computer functions like logical, arithmetic and memory
functions with input, storage and output capabilities and therefore any high-end programmable
gadgets like even a washing machine or switches and routers used in a network can all be brought
under the definition.

 Scope and applicability

The scope and applicability of ITA-2000 was increased by its amendment in 2008. The word
‘communication devices’ inserted having an inclusive definition, taking into its coverage cell
phones, personal digital assistance or such other devices used to transmit any text, video etc. like
what was later being marketed as iPad or other similar devices on Wi-Fi and cellular models.
Though ITA, 2000 defined ‘digital signature’, however said definition was incapable to cater needs
of hour and therefore the term ‘Electronic signature’ was introduced and defined in the ITAA,
2008 as a legally valid mode of executing signatures. This includes digital signatures as one of the
modes of signatures and is far broader in ambit covering biometrics and other new forms of
creating electronic signatures not confining the recognition to digital signature process alone. The
new amendment has replaced Section 43 with Section 66. The Word “hacking” used in Section 66
of earlier Act has been removed and named as “data theft” in this section and has further been
widened in the form of Sections 66A to 66F. The section covers the offences such as the sending
of offensive messages through communication service, misleading the recipient of the origin of
such messages, dishonestly receiving stolen computers or other communication device, stealing
electronic signature or identity such as using another persons’ password or electronic signature,
cheating by personation through computer resource or a communication device, publicly
publishing the information about any person’s location without prior permission or consent, cyber
terrorism, the acts of access to a commuter resource without authorization, such acts which can
lead to any injury to any person or result in damage or destruction of any property, while trying to

23
Ibid at 14.

17 | P a g e
contaminate the computer through any virus. The offences covered under section 66 are cognizable
and non-bailable. Whereas, the consequence of Section 43 of earlier Act were Civil in nature
having its remedy in the form of damages and compensation only, but under Section 66 of the
Amendment Act, if such act is done with criminal intention that is mens rea, then it will attract
criminal liability having remedy in imprisonment or fine or both.24
 Adjudication
Adjudication powers and procedures have been dealt in Sections 46 and thereafter. As per the Act,
the Central Government may appoint any officer not below the rank of a director to the
Government of India or a state Government as the adjudicator. The I.T. Secretary in any state is
normally the nominated Adjudicator for all civil offences arising out of data thefts and resultant
losses in the particular state. However, the trend of receiving complaint under ITA is rapidly
growing. There is an appellate procedure under this process and the composition of Cyber
Appellate Tribunal at the national level, has also been described in the Act. Every adjudicating
officer has the powers of a civil court and the Cyber Appellate Tribunal has the powers vested in
a civil court under the Code of Civil Procedure.25 The Indian Penal Code was amended by inserting
the word ‘electronic’ thereby treating the electronic records and documents on a par with physical
records and documents. Now, electronic record and electronic documents has been treated just like
physical records and documents during commission of acts of forgery or falsification of physical
records in a crime. After the above amendment, the investigating agencies file the cases/ charge-
sheet quoting the relevant sections from IPC under section 463,464, 468 and 469 read with the
ITA/ITAA under Sections 43 and 66 in like offences to ensure the evidence and/or punishment
can be covered and proved under either of these or under both legislation. The Indian Evidence
Act 1872 Prior to enactment of ITA, all evidences in a court were in the physical form only. After
existence of ITA, the electronic records and documents were recognized. The definition part of
Indian Evidence Act was amended as “all documents including electronic records” were
substituted. Other words e.g. ‘digital signature’, ‘electronic form’, ‘secure electronic record’
‘information’ as used in the ITA, were also inserted to make them part of the evidentiary

24
https://en.oxforddictionaries.com/definition/cyberspace last accessed on Oct. 12, 2019, 5 .00 PM.
25
Rodney D. Ryder, Guide to cyber Laws, IRCC, Vol. 1, Pg. 23, 2003.

18 | P a g e
importance under the Act. The important amendment was seen by recognition of admissibility of
electronic records as evidence as enshrined in Section 65B of the Act.26
The Bankers’ Books Evidence Act 1891: Before passing of ITA, a bank was supposed to produce
the original ledger or other physical register or document during evidence before a Court. After
enactment of ITA, the definitions part of the BBE Act stood amended as: ‘bankers ‘ books’ include
ledgers, day-books, cashbooks, account-books and all other books used in the ordinary business of
a bank whether kept in the written form or as printouts of data stored in a floppy, disc, tape or any
other form of electro-magnetic data storage device”. The above amendment in the provisions in
Bankers Books Evidence Act recognized the printout from a computer system and other electronic
document as a valid document during course of evidence, provided, such print-out or electronic
document is accompanied by a certificate in terms as mentioned above. Territorial Jurisdiction is
a major issue which is not satisfactorily addressed in the ITA or ITAA. 27 Since cybercrimes are
basically computer based crimes and therefore if the mail of someone is hacked in one place by
accused sitting far in another state, determination of concerned P.S, who will take cognizance is
difficult. It is seen that the investigators generally try to avoid accepting such complaints on the
grounds of jurisdiction.
Concrete Global Development
Many countries across the world have enacted their own criminal laws, computer laws, information
technology laws and intellectual property laws etc. to prevent and combat the cyber criminality.
But in view of the international dimension of cybercrime, the problem of jurisdiction arose
particularly where the nationals or corporations of two or more than two countries were involved
in the crime or where the criminal belongs to a different nationality and the crime was committed
in a different country. Internet being a vast global network of computers and the feasibility of the
cyber criminals to perpetrate the crime from one destination and committing the crime at other
destination with anonymity urgently requires development of a universal and uniform law
governing and regulating the cyberspace transactions to resolve the issues of cyber criminality by
mitigating the jurisdictional problem and the conflict of laws. The ever increasing phenomenon of
cybercrime calls for immediate concerted efforts on the part all the countries, institutions,

26
Ibid at 17.
27
Karnika seth, IT Act 2000 vs 2008- Implementation, Challenges, and the role of adjudicating officers, 2017.

19 | P a g e
industries, technocrats and jurists alike to come up with universally uniform law so that the
common criminals of mankind may be tried.
 European Convention on Cyber Crime, Budapest, November 2001- One of the most
significant achievement in the direction of working out a uniform cyber law at the
international level was the European Convention on Cyber Crime held in Budapest on
November 23, 2001. This Convention was held for considering the changes brought about
by the digitalization, convergence and continuing globalization of computer networks and
the risks these computer networks and electronic information were creating in the form of
modes and methods for the perpetration of cybercrimes.28 Recognizing the urgency for
pursuing a common criminal policy aimed at protection of society against cybercrimes and
desirability of cooperation between different nations, the convention drew up a
comprehensive text of treaty comprising 48 Articles, divided into four chapters. The legal
provisions of the European Convention have served as a model framework for the
subsequent development of law on cybercrimes and preventive strategies through various
international forums.
 European E-Commerce Directive, 2000- The European community has adopted the
Directive on Electronic Commerce containing set of rules which lay down the standards
that will apply to various online intermediaries for their involvement in illegal or infringing
material put on their internet facilities by third parties. There are different types of storage
by an intermediary namely, mere conduit, proxy catching and hosting.29 The member states
cannot impose upon online intermediaries an obligation to monitor the information which
they transit or store, nor can member states require intermediaries to seek facts or
circumstances indicating illegal activity. The priority of the European Commission during
2007 has been on responding to the threat posed by cybercrime in various forms such as
phishing, Trojan horses and spamming which affect all economic sectors and call for urgent
actions. The Commission has laid greater stress on development of R & D as also the legal
and economic initiatives to enhance information security.

28
https://www.thegfce.com/news/news/2016/12/07/budapest-convention-on-cybercrime last accessed on Oct. 17,
2019 at 4:27 PM.
29
https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX%3A32000L0031 last accessed on Oct. 17, 2019 at
6:15 PM.

20 | P a g e
  International Conference on E-Security, Cyber Crime and Law, 2004- An International
Conference on E-security, Cyber Crime and Law was held in Chandigarh, India on 19-20
February, 2004. The main issues for deliberation in the Conference included:
(i) Network security for corporate governance and industrial intrusions as also the hacking
liability of network providers, which needed to be looked into with a fresh approach.
(ii) Data and transmission standards and encryption methods needed to be improvised. The
electronic fund transfer and security of data banking was also taken up for discussion
in the conference.
(iii) Issues related to computer forensics, preservation of computer evidence and methods
to be adopted by the police to procure evidence required re-orientation and adequate
attention.
(iv) Cyber law, data protection and need for appropriate legislation for the purpose were
highlighted by the delegates. The issues like policing the cyberspace, role of judiciary
in digital age, network security and law and public participation in prevention of
cybercrimes were also extensively discussed in the conference.30
 International Conference on Terrorism and Organized Crimes, 2008- An International
Conference on Terrorism and Organized Crimes was held in Anaheim, USA on August 25,
2008. It deliberated on problems of international and domestic terrorism, misuse of weapons
of mass destruction, organized crime, human smuggling and trafficking, identity theft, online
drug trafficking international monetary laundering, e-commerce, cyber frauds and computer
forensics. The focus of the conference was on the extensive use of forensics in cybercrime
investigations and involvement of computer experts in the process of investigation.

CHAPTER FIVE

INDIAN EVIDENCE ACT AND INFORMATION TECHNOLOY ACT

Admissibility of Electronic Evidence

The type of evidence that we are dealing with has been variously described as ‘electronic
evidence’, ‘digital evidence’ or ‘computer evidence’. The word digital is commonly used in

30
https://www.itu.int/en/ITU-D/Cybersecurity/Documents/CybcrimeE.pdf last accessed on Oct. 10, 2019 at 1:44 PM.

21 | P a g e
computing and electronics, especially where physical-world information is converted to binary
numeric form as in digital audio and digital photography.31 While the term ‘digital’ is too wide, as
we have seen the use of ‘binary’ is too restrictive, because it only describes one form of data.
Electronic evidence: Data that is manipulated, stored or communicated by any man-made device,
computer or computer system or transmitted over a communication system, that has the potential
to make the factual account of either party more probable or less probable than it would be without
the evidence. This definition has three elements-

First, it is intended to include all forms of evidence that is created, manipulated or stored in a
product that can, in its widest meaning, be considered a computer, excluding for the time being
the human brain.

Second, it aims to include the various forms of devices by which data can be stored or transmitted,
including analogue devices that produce an output.

The third element restricts the data to information that is relevant to the process by which a dispute,
whatever the nature of the disagreement, is decided by an adjudicator, whatever the form and level
the adjudication takes. This part of the definition includes one aspect of admissibility - relevance
only but does not use ‘admissibility’ in itself as a defining criteria, because some evidence will be
admissible but excluded by the adjudicator within the remit of their authority, or inadmissible for
reasons that have nothing to do with the nature of the evidence.

The definition of evidence as given in the Indian Evidence Act, 1872 covers-
a) The evidence of witness i.e. oral evidence, and
b) Documentary evidence which includes electronic record produced or the inspection of the
court.32 Section 3 of the Act was amended and the phrase “All documents produced for the
inspection of the Court” was substituted by “All documents including electronic records produced
for the inspection of the Court”. Regarding the documentary evidence, in Section 59, for the words
“Content of documents” the words “Content of documents or electronic records” have been
substituted and Section 65A & 65B were inserted to incorporate the admissibility of electronic
evidence. Traditionally, the fundamental rule of evidence is that direct oral evidence may be
adduced to prove all facts, except documents. The hearsay rule suggests that any oral evidence that

31
A.S. Chawla, Cyber Crime – Investigation and Prevention, the Indian Police Journal, Pg. 116, Mar. 2003.
32
Lakshmi Jambholkar, Cyber Laws: Issues and Perspectives, Indian Journal of International Law, Vol. 40, 2000.

22 | P a g e
is not direct cannot be relied upon unless it is saved by one of the exceptions as outlined in sections
59 and 60 of the Evidence Act dealing with the hearsay rule. However, the hearsay rule is not as
restrictive or as straightforward in the case of documents as it is in the case of oral evidence. This
is because it is settled law that oral evidence cannot prove the contents of a document, and the
document speaks for itself. Therefore, where a document is absent, oral evidence cannot be given
as to the accuracy of the document, and it cannot be compared with the contents of the document.
This is because it would disturb the hearsay rule (since the document is absent, the truth or accuracy
of the oral evidence cannot be compared to the document). In order to prove the contents of a
document, either primary or secondary evidence must be offered.33 While primary evidence of the
document is the document itself,34 it was realized that there would be situations in which primary
evidence may not be available. Thus secondary evidence in the form of certified copies of the
document, copies made by mechanical processes and oral accounts of someone who has seen the
document, was permitted under section 63 of the Evidence Act for the purposes of proving the
contents of a document. Therefore, the provision for allowing secondary evidence in a way dilutes
the principles of the hearsay rule and is an attempt to reconcile the difficulties of securing the
production of documentary primary evidence where the original is not available. Section 65 of the
Evidence Act sets out the situations in which primary evidence of the document need not be
produced, and secondary evidence as listed in section 63 of the Evidence Act can be offered. This
includes situations when the original document-
 Is in hostile possession.
 Or has been proved by the prejudiced party itself or any of its representatives.
 Is lost or destroyed.
 Cannot be easily moved, i.e. physically brought to the court.
 Is a public document of the state
 Can be proved by certified copies when the law narrowly permits; and
 Is a collection of several documents.35

Electronic Document- As documents came to be digitized, the hearsay rule faced several new
challenges. While the law had mostly anticipated primary evidence (i.e. the original document

33
Das gupta, S.N., Cyber Crimes in India, ILC, Pg. 201, 2014.
34
Ibid at 20.
35
BARKHA U RAMA MOHAN, CYBER LAW & CRIME, Asia Law House, Hyderabad, 2013.

23 | P a g e
itself) and had created special conditions for secondary evidence, increasing digitization meant
that more and more documents were electronically stored. As a result, the abduction of secondary
evidence of documents increased.36

Presumptions

Section 92 of IT Act 2000 made the amendments to the Indian Evidence Act, 1872 and inserted
certain presumptions of electronic evidence.

 S. 81-A It contains presumption as to genuineness of every electronic record purporting to be

the Official Gazette.
 S. 85-A There is a presumption that every electronic record purporting to be an agreement
containing the digital signatures of the parties was so concluded by affixing the digital
signature of the parties.
 S. 85-B Creation of a presumption of authenticity of secured digital signatures unless proven
otherwise.
 S. 85-C Creation of a presumption of authenticity of secured DSC unless proven otherwise.
 S. 88-A Creation as to the contents of electronic messages, but not the originator of the
electronic messages.
 S. 90-A Creation of a presumption as to the authenticity electronic records five years old,
which is produced from the custody of a person.

Presumption as to telegraphic messages: The Court may presume that a message, forwarded from
a telegraph office to the person to whom such message purports to be addressed, corresponds with
a message delivered for transmission at the office from which the message purports to be sent; but
the Court shall not make any presumption as to the person by whom such message was delivered
for transmission.

Presumption as to electronic messages.

 The Court may presume that an electronic message, forwarded by the originator through an
electronic mail server to the addressee to whom the message purports to be addressed
corresponds with the message as fed into his computer for transmission; but the Court shall not

36
Sec. 65 Indian Evidence Act, 1872.

24 | P a g e
 make any presumption as to the person by whom such message was sent. Explanation.—For
the purposes of this section, the expressions “addressee” and “originator” shall have the same
meanings respectively assigned to them in clauses (b) and (za) of sub-section (1) of section 2
of the Information Technology Act, 2000.
 The Presumption u/s. 88- A is a rebuttable presumption.
 Court shall not make any presumption as to the person by whom such e-message is sent [law
recognizes the vulnerability of fabrication of e-message].

Under the provisions of Section 61 to 65 of the Indian Evidence Act, 1872, the word “Document
or content of documents” have not been replaced by the word “Electronic documents or content of
electronic documents”. Thus, the intention of the legislature is explicitly clear i.e. not to extend
the applicability of section 61 to 65 to the electronic record. It is the cardinal principle of
interpretation that if the legislature has omitted to use any word, the presumption is that the
omission is intentional. It is well settled that the Legislature does not use any word unnecessarily.37

In this regard, the Apex Court in Utkal Contractors & Joinery Pvt. Ltd. vs. State of Orissa,38 held
that “Parliament is also not expected to express itself unnecessarily. Even as Parliament does not
use any word without meaning something, Parliament does not legislate where no legislation is
called for. Parliament cannot be assumed to legislate for the sake of legislation; Nor indulge in
legislation merely to state what it is unnecessary to state or to do what is already validly done.
Parliament may not be assumed to legislate unnecessarily.”

In Union of India and Anr, vs. G.M. Kokil and Ors,39 observed that it is well known that a non
obstante clause is a legislative device which is usually employed to give overriding effect to certain
provisions over some contrary provisions that may be found either in the same enactment or some
other enactment, that is to say, to avoid the operation and effect of all contrary provisions.

Further, the Hon’ble Apex Court in Chandavarkar Sita Ratna Rao vs. Ashalata S. Guram,40
explained the scope of non obstante clause as “It is equivalent to saying that in spite of the

37
http://catindia.gov.in/writereaddata/ev_rvnrbv111912012.pdf last accessed on Oct. 11, 2019, 9.21 PM.
38
Utkal Contractors & Joinery Pvt. Ltd. vs. State of Orissa, 1987 SCR (3) 317.
39
Union of India and Anr, vs. G.M. Kokil and Ors, 1984 SCR (3) 292.
40
Chandavarkar Sita Ratna Rao vs. Ashalata S. Guram, 1986 SCR (3) 866.

25 | P a g e
provision of the Act or any other Act mentioned in the non obstante clause or any contract or
document mentioned the enactment following it will have its full operation”.

CYBER FORENSICS

According to the National Crimes Record Bureau, 4,231 cyber-crimes were registered under the
IT Act and cyber-crime-related sections of the Indian Penal Code during 2009-11. A total of 1,184
people were arrested under the IT Act for cyber-crimes, while 446 people were arrested under IPC
sections. At least 157 cases were registered for hacking under the IT Act in 2011, while 65 people
were arrested. Although a very large number of cyber-crimes probably go unreported, this statistics
give us some idea about prevalence of cyber-crime in the country. This is making cyber forensics
increasingly relevant in today’s India.

Definition-The usage of apt forensic tools and technical knowledge to recover the electronic
evidence within the contours of the rules of evidence, for it to be admissible before the court of
law can be defined as cyber forensics.41

“Preserve the evidence, Analyze the evidence, Present the findings”

The confluence of two legal paradigms, i.e., the law of evidence and that of information technology
has made the legal domain at par with the contemporary challenges of the cyber space. Section
79A of the IT (Amendment) Act, 2008 has gone aboard to define electronic evidence as any
information of probative value that is either stored, or transmitted in electronic form and includes
computer evidence, digital audio, digital video, cell phones and digital fax machines. With regards
to admissibility of electronic records, Section 65-B of the Evidence Act, 1872 enunciates various
conditions for the same. Since digital evidence ought to be collected and preserved in certain form,
the admissibility of storage devices imbibing the media content from the crime scene is also an
important factor to consider.42 Reading Section 3 and Section 65-B, The Evidence Act, 1872
cumulatively, it can be inferred that certain computer outputs of the original electronic record, are
now made admissible as evidence “without proof or production of the original record. Thus, the
matter on computer printouts and floppy disks and CDs become admissible as evidence.” The other
most crucial question in cybercrime investigation regarding the reliability of digital evidence has

41
Data Security Council of India, Cyber Crime Investigation Manual. Accessible at
http://uppolice.up.nic.in/All%20Rules/Cyber%20crime/4.
42
T. Vikram, Cyber Crimes- A Study with a Case, Indian Police Journal, Pg. 78, July-September 2002.

26 | P a g e
also been clarified by Section 79A of the IT (Amendment) Act, 2008, which empowers the Central
government to appoint any department or agency of Central or State government as Examiner of
Electronic Evidence. This agency will play a crucial role in providing expert opinion on electronic
form of evidence.43

Cyber Crime Investigation

The CBI also can be approached for any serious economic offence, which is not of a general and
routine nature. It has Economic Offences Division for the investigation of major financial scams
and serious economic frauds, including crimes relating to fake Indian currency notes, bank frauds
and cyber-crimes. For the purpose of combating such crimes, CBI has certain specialized
structures, namely, Cyber Crimes Research and Development Unit (CCRDU), Cyber Crime
Investigation Cell (CCIC), Cyber Forensics Laboratory; and Network Monitoring Centre. The
CCRDU is mainly entrusted with the task of collecting information on cyber-crime cases reported
for further investigation in liaison with the State Police Forces. On a larger parlance, it plays a
pivotal role in the collection and dissemination of information on cyber-crimes in consonance with
the Ministry of IT, Government of India and other organizations/Institutions and Interpol
Headquarters. The CCIC has the power to investigate the criminal offences envisaged under the
Information Technology (Amendment) Act, 2008 and is also the point of contact for Interpol to
report the cyber-crimes in India.44 The third organ, i.e., CFL, is the one which provides
consultations and conducts criminal investigation for various law enforcement agencies. It not only
provides on-site assistance for computer search and seizure upon request, but also is the one which
provides expert testimony in the court of law. It is pertinent to note that, the CFL must also adhere
to all the legal formalities during the seizure of the media for making the media analysis
admissible. The analysis should be based on the image of the media, rather than the media itself
and the chain of custody should be maintained. Keeping the possibility of remote access from an
isolated location across the globe into consideration, the data storage in another jurisdiction cannot
be ruled out all-together. In situations involving the storage location of the data in another country,
the Interpol ought to be informed and Section 166, Cr PC needs to be complied. Last but not the
least, the Network Monitoring Centre is entrusted to monitor the Internet by the usage of various

43
Ibid at 30.
44
Chap 1, “Introduction to the Model Law: Purpose and origin of the Model Law: Purpose” in UNCITRAL Model
Law on Electronic Signatures with Guide to Enactment 2001.

27 | P a g e
tools. Recently, CBI has signed a memorandum of understanding (MoU) with Data Security
Council of India (DSCI) with a view to seek expert services from the latter in managing the new
challenges in cybercrimes and updating officials with the latest technology.45 This shows a novel
collaborative approach between the law enforcement agencies and IT Industry for strengthening
the security measures. The appointment of private investigators is not a preferable practice. It is
quite certain that, an assumption of adverse inference could be drawn leading to a dubious
conclusion and thereby raising a finger on the integrity of the evidence.

Sec.80- Power of police officer and other officers to enter, search, etc.-(1) Notwithstanding
anything contained in the Code of Criminal Procedure, 1973, any police officer, not below the
rank of a Inspector of Police, or any other officer of the Central Government or a State Government
authorized by the Central Government in this behalf may enter any public place and search and
arrest without warrant any person found therein who is reasonably suspected or having committed
or of committing or of being about to commit any offence under this Act. 46 Thus, for the purpose
of adducing the digital evidence before the court of law, it is wise to seek the assistance of a
forensic expert by various law enforcement agencies.

MODE OF PROVING ELECTRONIC EVIDENCE

The Supreme Court of India, in a path breaking dynamic judgment, Shafhi Mohammad vs. The
State of Himachal Pradesh,47 has rationalized the law relating to the admissibility of the electronic
evidence particularly in view of the provision of Sec. 65B of the Indian Evidence Act. Section 54-
A of the Cr.P.C. provide for videography of the identification process and proviso to Section
164(1) Cr.P.C. provide for audio video recording of confession or statement under the said
provision.

In Babu Ram Aggarwal & Anr. vs. Krishan Kumar Bhatnagar & Others,48 Hyderabad Cyber
Forensic Lab had confirmed that the recorded data including call conversation on CD as true copies
of the originals and hard disk was in working condition. Hard Disc is a storage devise. If written,

45
The Times of India, CBI signs MoU with Data Security Council of India for managing cybercrime, Mar 6, 2014,
03.54 PM IST. Accessible at http://timesofindia.indiatimes.com/india/CBI-signs-MoU-with-Data-Security-Council-
of-India-for-managing-cybercrime/articleshow/31537939.cms last accessed on Oct. 18, 2019 at 7:54 PM.
46
Sec. 80, The Information Technology Act, 2000
47
Shafhi Mohammad vs. The State of Himachal Pradesh, SLP (Crl.)No.2302 of 2017).
48
Babu Ram Aggarwal & Anr. vs. Krishan Kumar Bhatnagar & Others, 2013 IIAD (Delhi) 441.

28 | P a g e
then it becomes electronic record under Evidence Act. Under section 65B it has to be proved that
the computer during the relevant period was in the lawful control of the person proving the email.

In K.K. Velusamy vs. N. Palanisamy,49 the Hon'ble Supreme Court considered the point of
electronic evidence such as – the amended definition in Section 3 of Evidence Act 1872 read with
the definition of electronic record in Section 2 clause (t) of the Information Technology Act, 2000.
It includes a compact disk containing an electronic record of conversation. Section 8 of Evidence
Act provides that the conduct of any party or of any agent to any party, to any suit, in reference to
such a suit or in a reference to any fact in issue therein or relevant thereto, is relevant if such
conduct influences or influenced by any fact in issue or relevant fact and whether it was previous
or subsequent thereto. Hence compliance with Section 65B is now mandatory for persons who
intend to rely upon emails, websites or any electronic record in a civil or criminal trial to which
provisions of the Evidence Act are applicable.

In Ram Singh and Others vs. Col. Ram Singh,50 a Three-Judge Bench considered the issue of the
admissibility of the electronic evidence and held that it will be wrong to deny to the law of evidence
advantages to be gained by new techniques and new devices, provided the accuracy of the
recording can be proved. Such evidence should always be regarded with some caution and assessed
in the light of all the circumstances of each case. In the case of Jagjit Singh vs. State of Haryana,51
the speaker of the Legislative Assembly of the State of Haryana disqualified a member for
defection. When hearing the matter, the Supreme Court considered the digital evidence in the form
of interview transcripts from the Zee News television channel, the Aaj Tak television channel and
the Haryana News of Punjab Today television channel. Electronic evidence was held to be
admissible subject to safeguards adopted by the Court about the authenticity of the same. The
Supreme Court also referred to the case of Tukaram S. Dighole vs. Manikrao Shivaji Kokate52, and
observed that new techniques and devices are order of the day. Though such devices are susceptible
to tampering, no exhaustive rule could be laid down by which the admission of such evidence may
be judged. Standard of proof of its authenticity and accuracy has to be more stringent than other
documentary evidence. In Tomaso Bruno and Anr. vs. State of Uttar Pradesh,53 wherein a Three-

49
K.K. Velusamy vs. N. Palanisamy, 2011 EQ–SC–0–158.
50
Ram Singh and Others vs. Col. Ram Singh,1985 (Supp) SCC 611.
51
Jagjit Singh vs. State of Haryana, (2006) 11 SCC 1.
52
Tukaram S. Dighole vs. Manikrao Shivaji Kokate, (2010) 4 SCC 329.
53
Tomaso Bruno and Anr. vs. State of Uttar Pradesh, (2015) 7 SCC 178.

29 | P a g e
Judge Bench observed that advancement of information technology and scientific temper must
pervade the method of investigation. Electronic evidence was relevant to establish facts. Scientific
and electronic evidence can be a great help to an investigating agency.

In Anvar P.V. vs. P.K. Basheer and Others54, it was observed that electronic evidence by way of
primary evidence was covered by Section 62 of the Evidence Act to which procedure of Section
65B of the Evidence Act was not admissible. However, for the secondary evidence, procedure of
Section 65B of the Evidence Act was required to be followed and a contrary view taken in Navjot
Sandh that secondary evidence of electronic record could be covered under Sections 63 and 65 of
the Evidence Act, was not correct and clarified that primary evidence of electronic record was not
covered under Sections 65A and 65B of the Evidence Act. Primary evidence is the document
produced before Court and the expression “document” is defined in Section 3 of the Evidence Act
to mean any matter expressed or described upon any substance by means of letters, figures or
marks, or by more than one of those means, intended to be used, or which may be used, for the
purpose of recording that matter. Sec. 65B(4) of the Evidence Act of furnishing certificate is to be
applied only when such electronic evidence is produced by a person who is in a position to produce
such certificate being in control of the said device and not of the opposite party. In a case where
electronic evidence is produced by a party who is not in possession of a device, applicability of
Sections 63 and 65 of the Evidence Act cannot be held to be excluded. In such case, procedure
under the said Sections can certainly be invoked. The requirement of certificate under Section 65B
(h) is not always mandatory. The Supreme Court clarified the legal position on the subject on the
admissibility of the electronic evidence, holding that a party who is not in possession of device
from which the document is produced, such party cannot be required to produce certificate under
Section 65B(4) of the Evidence Act.

Hence, it can be safely held that electronic evidence is admissible and provisions under Sections
65A and 65B of the Evidence Act are by way of a clarification and are procedural provisions. If
the electronic evidence is authentic and relevant the same can certainly be admitted subject to the
Court being satisfied about its authenticity and procedure for its admissibility may depend on fact
situation such as whether the person producing such evidence is in a position to furnish certificate

54
Anvar P.V. vs. P.K. Basheer and Others, (2014) 10 SCC 473.

30 | P a g e
under Section 65B(h). Sections 65A and 65B of the Evidence Act, 1872 cannot be held to be a
complete code on the subject.

CHALLENGES TO THE AUTHENTICITY OF ELECTRONIC EVIDENCE

1. Claim that the records were altered, manipulated or damaged between the time they were
created and the time they appear in court as evidence.
2. The reliability of the computer program that generated the record ;may be questioned;
3. The identity of the author may be in dispute: for instance, the person responsible for writing a
letter in the form of a word processing file, SMS or email may dispute they wrote the text, or
sufficient evidence has not been adduced to demonstrate the nexus between the evidence and
the person responsible for writing the communication.55
4. The evidence from a social networking website might be questioned as to reliability;
5. It might be agreed that an act was carried out and recorded, but at issue might be that the party
introducing the evidence has failed to prove that where others might have access to a device
(such as a mobile telephone), there was no proof to show that the message was directed to a
particular person.
6. Whether the person alleged to have used their PIN, password or clicked the 'I accept' icon was
the person that actually carried out the action.
7. The data on local area networks, and whether there is a need to obtain an image of the complete
network, if this is possible. If an image of each computer comprising the network is taken, the
issue with networked computers is to demonstrate who had access to which computers at what
time, and whether this access is audited. The security mechanisms in place on the network will
be an important consideration when proving authenticity.56
8. Data from the Internet is also subject to problems, because reliance may be placed on data
obtained from remote computers, the computer of an investigator, and perhaps intercepted
evidence. With the increased use of cloud computing where data is stored on 'server farms',
accessible via the Internet, obtaining a copy of the data may be subject to contractual

55
http://mja.gov.in/Site/Upload/GR/Article%20on%20Electonic%20evidence.pdf last accessed on Oct. 17, 2019 at
2:44 PM.
56
http://www.nja.nic.in/Concluded_Programmes/2017-18/P-1077_PPTs/4.Electronic%20Evidence
%20Collection,%20Preservation%20and%20Appreciation.pdf last accessed on Oct. 13, 2019 at 3:15 PM.

31 | P a g e
 restrictions, or the data may be stored in another jurisdiction, which in turn may mean it will
be necessary to take local legal advice in relation to the obtaining of the data.
9. Where data is being updated constantly, such as transactional data-bases, or websites that are
continually updated, this poses problems, as the relevant evidence is point-in-time, which may
be extremely difficult to obtain.
10. Authentication of information on social media sites presents its own unique set of issues.
Firstly, it can be difficult to establish the author of the document, because social media sites
often have a number people writing to the one page. Secondly, proving the identity of an author
can be difficult, since it is still possible to create an internet profile without having to prove
identity.
11. Predictive Policing- Indian police forces have gradually started taking interest in crime
analytics using big data that involves the storage and analysis of volume of data in near-real
time. This is aimed at predicting and inference patterns and trends related to human interactions
and behaviors. By using tools and technologies in a democratic society being governed by the
rule of law, it is extremely important to respect the fundamental rights of individuals. Thus,
while using analytics tools, challenges that are intrinsic to predictive approaches being
followed by the law enforcement agencies should be avoided. One of the most important areas
under consideration is the danger of an erosion of privacy and other fundamental rights and
democratic principles like the presumption of innocence and the prohibition of penalties
without a law.57

57
http://ficci.in/spdocument/23009/FICCI_EY_Predictive%20Policing_.pdf last accessed on Oct. 14 at 5:28 PM.

32 | P a g e
 CHAPTER SIX

SUGGESTIONS AND CONCLUSION

Strict compliance with section 65B is now mandatory for persons who intend to rely upon e-mails,
web sites or any electronic record in a civil or criminal trial before the courts in India. This outlook
of the Supreme Court of India is to ensure that the credibility and evidentiary value of electronic
evidence is provided for, since the electronic record is more susceptible to tampering and
alteration. ‘Electronic records being more susceptible to tampering, alteration, transposition,
excision, etc. without such safeguards, the whole trial based on proof of electronic records can lead
to travesty of justice.’ Therefore, the computer generated electronic record cannot be solely relied
upon, because there is a possibility of it being hampered. The Indian Evidence Act could be further
amended to rule out any manipulation - at least for the purposes of presuming prima facie
authenticity of the evidence of the electronic record - by adding a condition that the record was
created in the usual way by a person who was not a party to the proceedings and the proponent of
the record did not control the making of the record. By ensuring that the record was created by a
party who was adverse in interest to the proponent of the record, and the record was being used
against the adverse party, the risk of the manipulation of the records would be reduced
significantly. This is because, it is argued, no disinterested party would want to certify the
authenticity of the record which to his knowledge had been tampered with. The law also needs to
creatively address the requirement of the burden being on the proponent to provide testimony as
to the author of a document to determine whether there was any manipulation or alteration after
the records were created, the reliability of the computer program that generated.

33 | P a g e
 BIBLIOGRAPHY

 Rita Esen, Cyber Crime: A Growing Problem, 66 J. CRIM. L. 269, 283 (2002).
 Orijit Das, Cyber Laws in India, 28 INT'L BUS. LAW. 327, 329 (2000).
 N. S. Nappinai, Cyber Crime Law in India: Has Law Kept Pace with Engineering Trends -An
Empirical Study, 5 J. INT'L COM. L. & TECH. 22, 28 (2010).
 David Weissbrodt, Cyber-Conflict, Cyber-Crime, and Cyber-Espionage, 22 MINN. J. INT'L
 Rajarshi Rai Choudhury, Investigating and Prosecuting Cyber Crime: Forensic Dependencies
and Barriers to Justice, IJCSIT, Vol. 4 (5), 729-732, 2013.
 S. D. Brown, Investigating and Prosecuting Cyber Crime: Forensic Dependencies and
Barriers to Justice, IJCC, Vol. 9 Issue 1 Jan.,2015.
 Dr. Sudhir Kumar Sharma, Cyber Security: A Legal Perspective, Vol. 9, No. 1, pp. 1-11, 2017.
 Priya Singh, Cyber Crime and its Related Aspects under I.T. Act, 2000 and its Prevention, Int.
Journal of Computer Applications, Vol. 27, Oct 2015.
 Animesh Sarmah , A brief study on Cyber Crime and Cyber Law’s of India, IRJET, Vol.4 Issue
6, 2017.
 Joyce Brown, Emergence of Cyber Crimes: A Challenge for the New Millennium, Vol. 6(1),
pp. 1-12, Aug. 2016.
 Prof. Hammond, Allen, Cyber-Crime: an Efficient Tool to Fight Crimes in Cyber-
Space?,COUNCIL OF EUROPEAN CONVENTION, June, 2001.
 Suresh T. Vishwanathan, The Criminal Aspect in Cyber Law in The Indian Cyber Law, Vol. ,
Pg.7,2001.
 Laura Ani, Cyber Crime and National Security: The Role of The Penal and Procedural Law,
Vol. 1 2014.
 Rodney D. Ryder, Guide to cyber Laws, IRCC, Vol. 1, Pg. 23, 2003.
 Karnika seth, IT Act 2000 vs 2008- Implementation, Challenges, and the role of adjudicating
officers, 2017.
 A.S. Chawla, Cyber Crime – Investigation and Prevention, the Indian Police Journal, Pg. 116,
Mar. 2003.
 Lakshmi Jambholkar, Cyber Laws: Issues and Perspectives, Indian Journal of International
Law, Vol. 40, 2000.

34 | P a g e
 Das gupta, S.N., Cyber Crimes in India, ILC, Pg. 201, 2014.
 BARKHA U RAMA MOHAN, CYBER LAW & CRIME, Asia Law House, Hyderabad, 2013.
 Data Security Council of India, Cyber Crime Investigation Manual.
 Vikram, Cyber Crimes- A Study with a Case, Indian Police Journal, Pg. 78, July-September
2002.

35 | P a g e