Professional Documents
Culture Documents
Module 8 Part 1
Information Technology Act 2000
Section 78-90:-
CrPC section 155 that a police officer cannot investigate a non-cognizable case without
Magistrate’s order. While investigating the commission of a cognizable offence the police
officer can investigate any non-cognizable offence, which may arise out of the same facts.
Chapter XII CrPC gives right to the police to investigate based on FIR or other 1 st
information suggesting a cognizable offence. Office-in-charge has to register the case.
(a) section 155 under non-cognizable offence, police officer is to obtain the order of a
Magistrate and
(b) section 156 under cognizable offence, any officer in charge of a police station may
proceed without the order of a Magistrate
(1) For any 3rd party information, communication link, or data which was made available to
an intermediary or hosted by him, he will not be liable under this provision for the same. It
removes civil liability of an intermediary.
(2) conditions -
(a) his functions should be limited to providing access to communication system over which
data made available is transmitted, temporarily stored or hosted; or
(b) he doesn’t
(i) start the transmission,
(ii) select the receiver of the purpose of transmission and
(iii) select or modify the data contained in the transmission.
(c) he has followed due diligence while performing his duties and also followed guidelines as
prescribed by the Central Govt.
(3) Exemption shall not apply if-
(a) he has conspired, abetted, aided or induced, in commission of the unlawful act.
(b) after getting knowledge, or on being informed by Govt that any data in or connected to a
computer resource controlled by him is being used to commit some illegal act, he fails to
remove or disable access to that data without destroying the evidence in any manner.
CHAPTER XIIA
EXAMINER OF ELECTRONIC EVIDENCE
For the purposes of providing expert opinion on electronic form evidence the Central
Government may by notification in the Official Gazette specify any Department, body or
agency of the Central or a State Government as an Examiner of Electronic Evidence.
Section 45A of Indian Evidence Act gives power to Examiner of Electronic Evidence to
appear as an expert to give opinion on electronic form evidence.
CHAPTER XIII
MISCELLANEOUS
80. Power of police officer and other officers to enter, search, etc.–
(1) any police officer, not below the rank of an Inspector, or any other officer of the Central
or a State Government may enter any public place and search and arrest without warrant any
person found therein who is reasonably suspected of having committed or of committing or
of being about to commit any offence.
(2) Where any person is arrested under by an officer other than a police officer, such officer
shall, without unnecessary delay, take or send the person arrested before a magistrate
It was held that the section 81 cannot override Limitation Act to give effect to any appeal
barred by limitation.
(1) The act will apply to electronic cheques and the truncated cheques subject to
modifications and amendments for the purposes of the Negotiable Instruments Act,
1881.
82. Controller, Deputy Controller and Assistant Controller to be public servants.–
Deemed to be public servants within the meaning of section 21 of the Indian Penal Code.
Deemed public servant not for the purpose of IPC.
83. Power to give directions.– The Central Government may give directions to any State
Government.
Exception:
Without knowledge and with all due diligence to prevent
(2) where a contravention of any of the provisions has been committed by a company and it is
proved that the contravention has taken place with the consent or connivance of, or is
attributable to any neglect on the part of, any director, manager, secretary or other officer of
the company, such person shall also be deemed to be guilty of the contravention and shall be
liable to be proceeded against and punished accordingly.
Aneeta Hada vs Godfather travels and tours (P) ltd.
YOUSAFALLI ESMAIL NEGREE Vrs State of Maharashtra (not sure ki isi case ka
judgement hai)
"tape recording" is an admissible evidence if it can be proved beyond reasonable doubt that
the record was not tampered with.
The imprint as magnetic tape is the direct effect of tape sounds. Like a photograph of a
relevant incident, a contemporaneous tape record of a relevant conversation is relevant fact
and is admissible u/s. 7 of Indian Evidence Act.
1. Section-3: "EVIDENCE" means and includes (1) All statements which court permits or
requires to be made before it by witness, in relation to matter of fact under inquiry; Such
documents are called "documentary evidence" (includes electronic records)
3. Section 22:
"Section 22A when oral admission as to contents of electronic records are relevant- not
relevant, unless the genuineness of the electronic record produced is in question.
4. Section 34: Entries in books of account when relevant: Entries in the books of account
including THOSE MAINTAINED IN AN ELECTRONIC FORM in the course of
business, are relevant, whenever they refer to a matter into which the court has to inquire, but
such statements shall not alone be sufficient evidence to change any person with liability.
6A. Section45:
45A opinion of Examiner of ELECTRONIC EVIDENCE when a proceeding, the court has
to form an opinion on any matter relating to any information transmitted or stored in any
COMPUTER SOURCE or any ELECTRONIC OR DIGITAL form the opinion of
Examiner of Electronic Evidence referred to in Section 79A of IT Act 2000 is relevant fact.
7. Section 47
"47A opinion as to digital signature when relevant- when a court has to form an opinion
as to the electronic signature of any person, the opinion of the certifying Authority which has
issued the Electronic Signature Certificate is a relevant fact".
8. Section 59: For the word "Contents of documents" the words “contents of documents or
ELECTRONIC RECORDS" shall be substituted.
9. Section 65
Section 65A special provision as to evidence relating to electronic record-
The contents of electronic records may be proved in accordance with provisions of section
65B.
(2) conditions:-
a) the computer output containing the information was produced by the computer during the
period over which the computer was used regularly to store or process information for the
purposes of any activities regularly carried on over that period by the person having lawful
control over the use of the computer.
(b) during the said period, information of the kind contained in electronic record or of the
kind from which the information so contained is derived was regularly fed into the computer
in ordinary course of the said activities.
(c) throughout the materials part of the said period the computer was operating properly or if
not, then in respect of any period in which it was not operating properly or was out of
operation during that part of the period, was not such as to affect the electronic record or the
accuracy of its contents and
(d) the information contained in the electronic record reproduces or is derived from such
information fed into the computer in ordinary course of the said activities.
(3) where over any period, the function of storing or processing information for the purposes
of any activities regularly carried on over the period as mentioned in clause (a) of sub section
(2) was regularly performed by the computer, whether
(a) by a combination of computers operating over that period
(b) by different computers operating in succession over that period; or
(c) by different combination of computers operating in succession over that period,
(d) in any other manner involving the successive operation over that period, in whatever
order, of one or more computers and one or more combinations of computers,
All computers used for that purpose during that period shall be treated for the purpose of this
section as constituting a SINGLE COMPUTER; and references in this section to a computer
shall be construed accordingly.
(4) In any proceedings where it is desired to give a statement in evidence by virtue of this
section, a certificate doing any of the following things, that is to say,
(a) identifying the electronic record containing the statement and describing the manner in
which it is produced.
(b) giving such particulars of any device involved in the production of that electronic record
as may be appropriate for the purpose of showing that the electronic record was produced by
a computer.
(c) dealing with any of the matters to which the conditions mentioned in sub section (2)
relate, And purporting to be signed by a person occupying a responsible official position in
relation to the operation of relevant device or the management of the relevant activities shall
be evidence of the matter stated in the certificate, and for the purposes of this section it shall
be sufficient for a matter to be stated to the best of the knowledge and belief of the person
stating it.
10. Section 67 –
67A. Proof as to digital signature- Except in the case of a secure [electronic signature] if
the electronic signature of any subscriber is alleged to have been affixed to an electronic
record the fact that such electronic signature is the electronic signature of the subscriber must
be proved.
12. Section 81
"81A-Presumption as Gazettes in electronic form:- The court shall presume the
genuineness of every electronic record purporting to be the official gazette, or purporting to
be electronic record directed by any law to be kept by any person, if such electronic record is
kept substantially in form required by law and is produced from proper custody."
(2) In any proceedings involving a secure electronic signature, the court shall presume unless
the contrary is proved that-
(a) The secure electronic signature is affixed by subscriber with the intention of signing or
approving the electronic record
(b) Except in the case of a secure electronic record of a secure electronic signature nothing in
this section shall create any presumption relating to authenticity and integrity of electronic
record or any electronic signature.
85C. Presumption as to Digital Signature Certificate- The court shall presume unless
contrary is proved, that the information listed in a electronic signature certificate is correct
except for information specified subscriber information which has not been verified, if the
certificate was accepted by the subscriber".
Bodala Murali Krishna v. Smt. Bodala Prathima 2007 (3) ALD 72.
"... the amendments carried to the Evidence Act by introduction of Sections 65-A and 65-B
are in relation to the electronic record. Sections 67-A and 73-A were introduced as regards
proof and verification of digital signatures. As regards presumption to be drawn about such
records, Sections 85-A, 85-B, 85-C, 88-A and 90-A were added. These provisions are
referred only to demonstrate that the emphasis, at present, is to recognize the electronic
records and digital signatures, as admissible pieces of evidence."
It distinguished as there being two levels of an electronic record. One is the hard disc which
once used itself becomes an electronic record in relation to the information regarding the
changes the hard disc has been subject to and which information is retrievable from the hard
disc by using a software program. The other level of electronic record is the active accessible
information recorded in the hard disc in the form of a text file, or sound file or a video file
etc. Such information that is accessible can be converted or copied as such to another
magnetic or electronic device like a CD, pen drive etc. Even a blank hard disc which contains
no information but was once used for recording information can also be copied by producing
a cloned had or a mirror image.
Anvar P.V. v P.K. Basheer and Others, Computer Output is not admissible without
Compliance of 65B, this overrules the judgment laid down in the State (NCT of
Delhi) v. Navjot Sandhu alias Afzal Guru by the two judge Bench of the Supreme
Court. The court specifically observed that the Judgment of Navjot Sandhu", to the
extent, the statement of the law on admissibility of electronic evidence pertaining to
electronic record of this court, does not lay down correct position and is required to be
overruled. This judgment has provided a guideline regarding the practices being
followed in the various High Courts and the Trial Court as to the admissibility of the
Electronic Evidences.
The legal interpretation by the court of the following Sections 22A, 45A, 59, 65A &
65B of the Evidence Act has confirmed that the stored data in CD/DVD/Pen Drive is
not admissible without a certificate u/s 65B(4) of Evidence Act and further clarified
that in absence of such a certificate, the oral evidence to prove existence of such
electronic evidence and the expert view under section 45A Evidence Act cannot be
availed to prove authenticity thereof.
The apex court in its judgement had laid down that since Section65B is a "non obstante
clause it would have an overriding effect on the law relating to secondary evidence as
mentioned in Section 63 and 65. Secondary evidence would be entirely administered by
section 65A and 65B of the evidence act.
The main and only option to present the electronic record is by creating the first electronic
media as Primary Evidence to the court or its duplicate through secondary evidence under
sections 65A/65B of Evidence Act. In this way, on account of CD, VCD, chip, and so on, the
same should be submitted with a certificate as far as Section 65B is concerned, not complying
with the same would lead the evidence to be inadmissible.
1. Cyber crimes research and development unit (CCRDU) is charged with the
responsibility of keeping track of the developments in this ever growing area. It has following
tasks-
a) Liaison with the state police forces and collection of information on case of Cyber Crime
reported to them for investigation and to find out about the follow-up action in each case.
b) Liaison with software experts to identify areas, which require attention of State Police
Force for prevention and detection of such crimes with a view to train them for the task;
c) Collection of information on the latest cases reported in other countries and innovations
employed by Police Forces in those countries to handle such cases,
d) Prepare a monthly Cyber Crime Digest for the benefit of state police forces and,
e) Maintenance of close rapport with ministry of IT, Govt. of India, and other
organizations/institutions and Interpol Headquarters, Lyons for achieving its objective of
giving the needed thrust to collection and dissemination of information on Cyber Crimes.
2. The Cyber Crime investigation cell (CCIC), it is a part of the Economic Offences
Division. The cell has all-India Jurisdiction and investigates criminal offences under the
information Technology Act 2000, besides frauds committed with the help of computers,
credit cards etc. It is also a round the clock NODAL POINT of CONTACT for Interpol to
report Cyber Crimes in India and also a member of "Cyber Crime Technology Information
Network System" Japan.
3. The Cyber Forensics Laboratory (CFL), functions under the Director, central Forensic
science Laboratory.
When the Investigating Officer is required to carry out search in a place where it is suspected
that computer network or any other electronic memory devices are likely to be found, it is
advisable to contact computer forensic scientist of a forensic science laboratory to accompany
the search team- in case it is not possible, information may be collected regarding the type,
make, model operating system, network architecture, type of location of data storage, remote
access possibilities etc, which can be passed on to forensic experts as that would help making
necessary preparation to collect and preserve evidence. It must be remembered that on some
occasions, it may not be possible to remove the computer system physically and data may
have to be copied at the scene of crime/ place of search. The investigator or expert must carry
necessary media, software, and other specialized items as well as special packing materials
which can prevent loss of data as data of magnetic media can be destroyed by dust, jerks, and
electrostatic environment.
It is extremely important to ensure that suspect or an accused is not allowed to touch any part
of the computer or accessory attached to it either by physical means or through wireless.
Since, systems could be connected through physical networks such as fiber optics, cables,
telephone or on wi-fi or wi-max wireless networks or even through a mobile phone having a
wireless communication port, the investigator, has to be extremely alert and may seek
guidance from an expert, if not available on site, on telephone and take steps as per
instructions. The Investigator must remember that even by pressing a key or by giving a
command through a wireless mouse or keyboard or even by executing a command through an
e-mail message, the entire data either could be wiped out or corrupted, making it useless for
the Investigator. This is also applicable in case of small devices or removable storage devices,
which have the capacity of storing huge amount of data.
The information in a network environment need not be stored at the same site. The data could
reside at a remote Location and take action accordingly. In case, storage of data is suspected
to be located outside the country, it may be necessary to alert the Interpol and take necessary
follow up steps to issue letter rogatory under the provisions of section 166 A Cr. P.C.
Before conducting the search, the Investigator will need to decide whether to seize data on
site, or seize hardware for examination at a computer forensic Laboratory. While on site data
seizure has the advantage, that one does not have to transport much hardware, one may need
services of a computer Forensic Expert to download data for analysis and preserve data for
presenting it in the Court. When in doubt, make use of a computer Forensic Expert Specialist
at the scene, if possible, to determine whether one needs to seize data or seize hardware. In
case, a specialist is not available, it is recommended that one seizes everything.
Do not disconnect the computer if networks or mainframes are involved, pulling a computer
from a network may damage the network, and cause harm to the company's operations. It is
generally not practical to seize a mainframe because it requires disconnecting all the
computers that are attached to it. Hardware seizure with computers on a network can be very
complicated, and one should definitely enlist the help of computer forensic specialist in these
cases.
Labeling and photographing everything prior to dismantle the system is an important first
step- Take some general photographs of the search site to document its pre-search condition
for legal purpose and to serve as a reference during investigation. This documentation on how
the system was configured may prove essential when the system is reconnected in the
Forensic Laboratory. As the Investigating Officer is taking the pictures, he should pay special
attention to DIP switches on the back of certain equipment that must be in a certain
configuration. These switches settings could accidentally be removed in transport creating
problems for the examiners.
The Investigating Officer should label each part before he starts dismantling any of the
equipment. He should remember to label all the connectors, and plugs at both ends, and on
the computer so that re-assembly is easy and accurate.
Once system is labeled and powered down, it can be dismantled into separate components for
transportation.
Seize all manuals for the computer, its peripheral devices and especially the software and
operating system. The examiners at Forensic Laboratory need to refer to a manual to
determine the kind of hardware and its technicalities. Seizing other documentation at the site
like notes, passwords, and journals may prove very useful. Sticky notes or other pieces of
paper around the computer systems that may have passwords or login ID's written on them,
should be seized from the spot.
The Investigating Officer should also write / protect disks or cartridges he finds at the site of
search in order to protect data. Most disks and cartridges have a small sliding tab that
prevents changing the disc content when set correctly. Placing a blank disk in the hard drive
of a computer system will keep them from booting up from the hard drive if they are
accidentally turned on.
Computers parts being sensitive are handled carefully. One should not wrap the computer
components using Styrofoam because small particles can break off and get inside the
computer causing it to malfunction. Antistatic bubble/wrap is preferred.
Keep the components of each computer system together. This small organizational step can
save lots of time when the examiners are trying to reconstruct the system.
The computer system should be secured in a way that would reduce vibrations that may shake
a part loose. The Investigating Officer should store the computer in a secure, cool dry place
away from any generators or other devices that emit electromagnetic signals.
DSCI is focused on capacity building of Law Enforcement Agencies for combating cyber
crimes in the country and towards this, it operates several cyber laboratories across India to
train police officers, prosecutors and Judicial officials in Cyber forensics. "Cyber Crime
Investigation Manual" was printed to help police officers in Cyber Crime investigation using
cyber forensic tools and standard operating procedures - it was released by the Union Home
Secretary in March, 2011.
The onus is on the prosecution to show the Court that evidence produced is no more and no
less than when it was first taken into possession." The Association of Chief of Police Officers
(ACPO) has given some "Good Practice Guide" for Computer based Electronic Evidence.
1. Disc Forensic deals with extracting data / information from storage media by searching
active, deleted files and also from unallocated, slack spaces.
2. Network Forensics: is a sub branch relating to monitoring and analysis network traffic for
the purposes of Information Gathering, legal evidence detection. Network investigation deal
with volatile and dynamic information. Network traffic is transmitted and then lost, so
network forensic is often a proactive investigation.
3 Wireless Forensics: is a sub discipline of network forensic. The main goal of wireless
forensic is to provide the methodology and tools required to collect and analyse wireless
network traffic data. The data collected can correspond to plain data, or, with broad usage of
voice-over-IP (VoIP) technologies, especially over wireless, can include voice conversations.
4 Database Forensics: is a branch of digital forensic science relating to the forensic study of
databases and their related metadata (a set of data that describes and gives information about
other data).
5. Malware Forensics: deals with investigation and analysis of Malicious Code for
identification of Malware like viruses, Trojans, worms, keyloggers etc. and study their
payload which causes.
6. Mobile Device Forensics: deals with examining and analyzing Mobile devices like mobile
phones, pagers, to retrieve address book, call logs, Missed, dialed, received), paired device
history, Incoming/outgoing SMS/MMS, videos, photos, Audio etc.
7. GPS Forensics or Sat Nav Forensics: It is used for examining and analyzing GPS devices
to retrieve Track fogs, Track points, way points, Routes, stored locations, Home, Office etc.
8. E-mail Forensics: deals with recovery and analysis of e-mails including deleted emails,
calendars, and contacts.
9. Memory Forensics: deals with collecting data from system memory [e.g. system registers,
cache, RAM (Random Access Memory)] in raw form and carving the data from the raw
dump.
Knowing what evidence is present, where it is stored, and how it is data stored is vital in
determining which processes are to be employed to facilitate its recovery. In addition, the
cyber forensic examiner must be able to identify the type of information stored in a device
and the format in which it is stored so that the appropriate technology can be used to extract
it. After the evidence is identified the cyber forensic examiner / investigator should image /
clone the hard disk or the storage media.
Any examination of electronically stored data can be carried out in the least intrusive manner.
Alteration to data that is evidentiary value must be accounted for and justified.
The extraction, processing and interpretation of digital data is generally regarded as main
element of cyber forensics. Extraction produces a "Binary Junk", which should be processed,
to make it readable by human being.
It involves deposing evidence in the Court of law regarding the findings and the credibility of
the processes employed during analysis.
Cyber forensic analyst should be able to extract and recover information from
(1) Active file (2) Deleted files (3) File Metadata (4) Software Applications (5) Hidden
files/Folders/Partitions (6) Encrypted files (7) Data in unallocated sectors, Swap files (8) Data
retrieval from formatted Disks, Defragmentation Disks. (9) E-mail tracing (10) E-mail box
recovery (11) Recycle Bin (12) Registry (13) Forensic Analysis of Mobile Phones (14) "Bios
examination (15) password Cracking (16) Bios, Os, Application Package (17) Hard held
devices (18) Mobile phones, PDA'S, SIM card examination.
When we create a new document then at the same time a shadow file (temporary file) is also
created which is invisible. When we delete the word file, it disappears. The file system
actually does not delete it, but its file structure; it turns the first letter of the file to a "geek
sigma" which says to the computer that it can over write this file. So, this content is actually
present very much in computer. Therefore, it is easy for a forensic investigator or a data
recovery program to bring back that file intact.
1. Documentation tools such as (a) Cable tags (b) indelible felt-tip markers (c) stick on
labels.
2. Dissembling and removal tools are available in variety of non-magnetic sizes and types
that includes packaging and transporting supplies such as a) Antistatic bags and bubble
wraps (b) cable ties and Evidence Bag (c) Evidence and packing tape (d) sturdy boxes of
various sizes (e) Faraday Bag to pack mobile / wireless devices.
3. Other items, such as (a) Evidence tags/evidence tape/ gloves/forms/large rubber bands (b)
List of contact telephone numbers for assistance (c) Magnifying glass/printed paper/seizure
disk/ small flash light
Secure and take control of the scene of crime, both physically and electronically.
(a) Make sure the computer is SWITCHED OFF; some screen savers may give the
appearance that the computer is switched off, but the hard drive and monitor lights may
indicate that the machine is switched on. Some laptops may power on by opening the lid.
(b) Remove the battery from the laptop
(c) Unplug the power and other devices from sockets.
(d) Never switch on the computer in any circumstances
(e) Label and photograph (or video graph) all components in-site and if no camera is
available draw a sketch plan of the system.
(f) Label the ports and (in and out) cables so that the computer may be reconstructed at a later
date, if necessary.
(g) Open side casing of CPU of laptop or Desktop.
(h) Identify the HARD DISK and detach it from power cables and mother-board
(i) Recover unique identifiers like make, model, and serial number.
(j) Take signature of accused and witness on hard disk
(k) Gather non-electronic records or evidence like diaries, note books, or pieces of paper with
passwords.
Record what is on the screen by photography and making a written note of the contents of the
screen.
a) Do not touch the keyboard or click the mouse and if the screen is blank or a screen saver is
present, the case officer should be asked to decide if they wish to restore the screen. If so,
then a short movement of the mouse will restore the screen or reveal that the screen saver is
password protected. If the screen restores, then photograph, video graph and note its contents.
If the password protected is shown, then continue as below without further disturbing the
mouse. Record the time and the activity of the use of mouse in these circumstances.
b) Take help of a technical expert to use live forensic tool to extract the information that is
present in temporary storage memory like RAM.
c) If no specialist advice is available, then remove the power supply from the back of the
computer, without closing down any program. When removing the power supply cable,
always remove the end attached to the computer and not the one attached to the socket. This
will prevent any database being written to the hard drive if an uninterruptible power
protection device is fitted.
FORENSIC DUPLICATION
WRITE BLOCKER:
A write blocker is a hardware or soft ware-based tool that prevents a computer from writing
to computer storage media connected to it. Hardware write blockers are physically connected
to the computer and storage media being processed to prevent any writes to that media. Wide
varieties of "WRITE BLOCKERS" devices are available based on the type of the interface
eg. SATA /IDE/USB etc. Never connect directly without Blocker device.
If the hard drive cannot be removed, then we have to image the computer using network
acquisition. This is done by connecting the evidence computer to the forensic computer via a
"SPECIAL ETHERNET CABLE" called a "CROS CABLE (Network Cross over cable).
Once the computers are connected, boot the evidence computer from a forensic Distribution
like "HELIX" or "LINEN" and connect the forensic computer to the evidence computer using
forensic tool like "ENCASE". Now the acquisition just occurs like regular hard drive
acquisition.
(a) Use antistatic aerated cover to place the seized hard disk. Send it to laboratory through
special messenger for imaging and analysis.
(b) Do not send it by post/courier
(c) The person who is transporting should be made to understand that the exhibit is not
exposed to any magnetic field during transportation.
(d) Computers are to be kept in Antistatic Bubble Wrap is preferable.
(e) Keep system and computer together.
(f) Single machine should have single seizing agent.
(g) Paper bags are not having static electricity and are preferable over plastic bags.
(h) Use of Faraday Bag while seizing mobile phones prevents data from network
communicating with the device thus preventing any chance of evidence being tampered with.
Ensure that a technical person from the responder side along with 2 independent witnesses
are part of search and seizure procedure to identify the equipment correctly and guide the
Investigating Officer and witnesses.
• Time zone/system time play a very critical role in investigation. Please make sure this
information is noted carefully in the Panchanama, from the systems that are switched
on condition.
• Please do not switch on any device.
• Please make sure that a serial number is allotted for each device and same should be
duly noted not only on panchnama but also in the chain of custody and Digital
evidence collection form.
CHAIN OF CUSTODY:
Chain of custody refers to documentation that shows the people who have been entrusted
with the evidence. These would be people who had seized the equipment, people who are in
charge of transferring the evidence from the crime scene to forensic lab, people in-charge of
analyzing the evidence and others. It includes details of digital evidence and technical
information and chain of custody.
Provides a fixed integer value represent data on seized media. Any changes if made to the
evidence will change the value of hash.
Introduction: The SWGDE was established in February 1998 through a collaborative effort
of the Federal Crime Lab. Directors. SWGDE, as the US based component of standardization
efforts conducted by the IOCE, was charged with the development of cross-disciplinary
guidelines and standards for the RECOVERY, PRESERVATION, and EXAMINATION OF
DIGITAL EVIDENCE, including AUDIO, IMAGING and ELECTRONIC DEVICES.
PURPOSE: From Law Enforcement perspective, more of the information that serves as
currency in the judicial process is being stored, transmitted, or processed in "digital form".
The connectivity resulting from a single world economy in which companies providing goods
and services are truly international, has enabled criminals to act trans-jurisdictionally with
ease. Consequently, a perpetrator may be brought to justice in one jurisdiction while the
digital evidence required to successfully prosecute the case may reside only in other
jurisdictions.
This situation requires that all nations have the ability to collect and preserve digital evidence
for their own needs as well as for the potential need of other countries. Each jurisdiction has
its own system of government and administration of justice, but in order for one country to
protect itself and its citizens; it must be able to make use of evidence collected by other
nations.
Though it is not reasonable to expect all nations to know about and abide by the precise laws
and rules of other countries, a means that will allow the exchange of evidence must be found.
This document by SWGDE is a first attempt to define the technical aspects of these
exchanges.
ORGANISATION: The format of this document was adopted in conformance with the
format of American Society of Crime Laboratory Directors/ Laboratory Accreditation Board
manual.
DEFINITIONS:
STANDARDS
These Principles were presented and approved at the "International Hi-tech Crime and
Forensic Conference" in October 1999. They are as follows.
1. Upon seizing digital evidence, actions taken should not change that evidence.
2. When it is necessary for a person to access original digital evidence, that person must be
forensically competent.
3. All activity relating to the seizure, access, storage, or transfer of digital evidence must be
fully documented, preserved, and available for review.
4. An individual is responsible for all actions taken with respect to digital evidence, while the
digital evidence is in their possession.
5. Any agency that is responsible for seizing, accessing, storing, or transferring digital
evidence is responsible for compliance with these principles.
Other items recommended by IOCE for further debate and/or facilitation included:
NET NEURALITY
Term "Net neutrality' was coined by Columbia University Professor Tim Wu in 2003. It is a
principle that mobile operators, internet service providers and governments should not
discriminate on data access on the internet. A service provider for instance, should not offer a
higher access speed to a website on basis of a higher payment by that website.
CHILE perhaps the 1 country to enact a net-neutrality law in 2010. Interestingly, the law was
a culmination of a citizen's movement, in particular the effort of citizen group
NEUTRALIDAD S1. In 2014 Chilean telecommunications regulator "SUBTEL" banned
mobile operators from "Zero- rating" whereby Internet companies strike deals with mobile
telecom operators to offer consumers free internet usage.
NETHERLAND
BRAZIL
USA
In INDIA, the civil society Organizations startups, and many ordinary people have been
aghast since word emerged that "FLIPKART" and "AIRTEL" were working on a "Free data
access" process. TRAI was also activated and invited public opinion on issue of "Net
Neutrality". Startups and venture capitalist said there is nothing open about this arrangement
and goes against innovation as the system unfairly gives preference to one firm over others.
The save the Internet. In coalition, an appolitical collective, said the timing of AIRTEL
ZERO showed little respect or even adopted a policy of forbearance during this period of
consultation organized by TRAI. "We believe that this is unfortunate since it appears to be
with a view towards consolidating violates of network neutrality as a norm", the organization
said in a statement. Karan Mahla, associate director and head of digital consumer investment
at V.C. firm IDG ventures, said that even from a capitalist perspective, the zero. rating plan
goes against innovation.
FLIPKART declared that it is quitting the "Airtel Zero". They said that it was committed to
the "larger cause of net-neutrality" in India.
In another development Mark Zuckerberg's argument for "Internet.org" was also criticized by
about 8 lakhs net users. IT Minister Ravishankar Prasad has voiced for "Net neutrality".
Meanwhile some mobile phone users have filed petition before the Delhi High Court
pleading that whatsapp's decision to share user data with parent company Facebook is acting
against "Privacy". TRAI was also asked by a bench of Chief Justice G.Rohini and Justice
Sangita to respond. Zukerberg's policy was criticized as variant "half a loaf is better than no
bread" argument. Search engine giant Google is also facing "Antitrust charges" in Europe for
similar offence-abusing its dominant position and manipulating on line traffic.
The Trai has been praised for its policy of "Free data" or low cost data in India. However, in
case of Net Neutrality Trai's Differential Pricing Policy is merely an eye wash today as it has
exempted "closed Network Services" and has refused to clarify whether Internet like services
(Music, News, Video, payments etc) offered on a closed network by telecom operators are
subject to net neutrality policy and rules or not.
INTERNET OF THINGS
The concept of Internet of Things was invented by and term coined by Peter T. Lewis in
Sept.1985 in a speech delivered at a US Federal communication commission. The Internet of
Things (IoT) is the internetworking of physical devices, Vehicles buildings and other items-
embedded with electronics software, sensors, actuators, and network connectivity that
enables these objects to collect and exchange data.
In 2013 the Global standards Initiative on Internet of Things (IoT-GSI) defined the loT as
"the Infrastructure of the Information Society. The loT allows objects to be sensed or
controlled remotely across existing network infrastructure, creating opportunities for more
direct integration of the physical world into computer-based systems, and resulting in
improved efficiency, accuracy and economic benefit in addition to reduce human
intervention.
When loT is augmented with "sensors and actuators" the technology becomes an instance of
more general class of cyber-physical systems, which also encompasses technologies such as
smart grids, virtual power plants, smarts homes, intelligent transportation and smart Cities.
Each thing is uniquely identifiable through its embedded computing system but is able to
interoperate within the existing Internet Infrastructure.
NET NEUTRALITY
Given the key terms such as "Equal treatment" are still contested, many have urged against a
right definition of Net Neutrality. This was also the view expressed by the DoT committee in
its report where it stated that, "The crux of the matter is that we need not hard code the
definition of net neutrality but assimilate the core principles of net neutrality and shape the
actions around them". The committee suggested the following as guide lines to define these
core principles.
1. USER RIGHT:- Subject to lawful restrictions the fundamental right to freedom of
expression and non-discriminatory access to internet will apply.
2. CONTENT:- right to create and to access any legal content, applications of services
without any restrictions.
3. DEVICES: Freedom to connect all kinds of devices, which are not harmful, to the network
and services.
4. HARMFUL PRACTICES: Practices like blocking, throttling and improper prioritization
may not be permitted.
OTHER COUNTRY: Countries including the US, EU, Norway and Chile have put in place
the core principles that end user's have a right to send or receive information/contents
irrespective of the content, source or destination of packets being transmitted. The EU
regulators provide for the safeguarding of non discriminatory Internet access laying down
that:-
1. END USERS have the right to (i) access and distribute information and content (ii) Use
and provide applications and service and (iii) Use terminal equipment of their choice.
2. PROVIDERS OF INTERNET "Access service should treat all Internet Traffic "equally
and without discrimination, restrictions or interference". Being Treated equally and without
discrimination is defined as treatment that is independent of the (1) Sender and receiver; (ii)
Content applications or services; or (ii) terminal equipment being used.
RESTRICTIVE PRACTICES
(1) Slow Down, alter, restrict, interfere with degrade or discriminate"- (EU),
(ii) "Impair or degrade" (US)
(iii) "Interfere with, discriminate, binder or restrict" (Chile)
(iv) "Unreasonable manipulation or degradation of traffic-(Norway)
Countries also differ in terms of their approach towards balancing the principles of Net
Neutrality with reasonable Traffic Management Principles (TMP)
i. In USA, the FCC has made it clear that "reasonable network management" is an exception
to "bright line rules" recognition of the service providers to manage the technical and
engineering aspect of their networks.
ii. In Chile, while the core principles prevents service providers from "arbitrary" interfering
with the right of users, there is a specific exception allowing them to "take the measures or
actions necessary for traffic management and network management provided that this is not
designed to perform actions that affect or may affect free competitions".
iii. In Slovakia, the law has a clear exception for "Urgent technical measures to secure the
undisputed operation of networks and services" as well as "Urgent Measures to preserve the
integrity and security of networks and services".
SCOPE OF "TRANSPARENCY"OBLIGATIONS
In the "Net Neutrality context the scope of "TRANSPARENCY OBLIGATIONS" cast upon
Technical Service Providers (TSP) to disclose technical information on QoS parameters, to
provide high level information that is widely understandable and may enable consumers to
make more informed decisions and detect violations.
The scope of "Transparency" cover (1) First, "price information and commercial terms"
relating to Internet access service being provided (ii) Second, relating to information on
"performance characteristics" of service being provided and (ii) third, relating to "Traffic
Management practices" deployed by the TSP as well as (iv) any other specialized services/
Enterprise solutions being offered.
Both FCC Transparency Notice" 2016 and the BEREC "Transparency Guidelines 2011
supplementing the disclosure requirements under the UNIVERSAL SERVICE DIRECTIVE
2009, recommend disclosure of information relating to these broad criteria as mentioned
above and below.
1. E.U Universal Service Directive,2009 requires the service providers to provide specific
information in a CLEAR, COMPREHENSIVE and ACCESSIBLE FORM at the time of
signing contract.
2. FCC open Internet Order: 2015 requires prominent display of disclosures relating to
commercial terms, performance characteristics and network management "ON A PUBLICLY
AVAILABLE WEBSITE and DISCLOSURE OF RELEVANT INFORMATION AT THE
POINT OF SALE.
INDIAN APPROACH
The TRAI had recommended for active reforms for N.N.. This may involve a self regulatory
model or the use of legal instruments for mandating BRIGHT LINE RULES on NN,
implemented through transparency, monitoring and consequences for any violations. Later
approach can help in sending a strong regulatory message to Telecom Service Providers
(TSP) while serving the interest of end-user choice, ensuring a level playing field for
"Content Providers and facilitating the overall growth of the Internet Sector. This approach
can be implemented by following ways:-
(1) LICENSE:- Clause 2.2 (i) of ISP License Agreement Provides for access to the Internet
and all content available without any access restrictions. Govt. of India may follow the UASL
and may amend the licensing clause as "The Subscriber shall have unrestricted access to all
the content available on Internet except for those contents which are restricted by the
direction issued by licensor/TRAI from time to time.
As per the section 11 (b) (v) of TRAI act, 1997, the Authority is mandated to "lay down the
standards of "Quality of Service" (QoS) to be provided by service providers and ensure the
quality of service and conduct the periodical survey of such service provided by service
providers so as protect the interests of the consumers of telecommunication services".
In this regulation one can put in place an Umbrella regulation on N.N. with subsections
addressing tariff. QoS and related transparency requirements.
(3) LEGISLATIVE CHANGES: The Govt. can think of passing a new law on net neutrality
basing on BEREC (Body of European Regulators for Electronic Communication) guidelines
2016, a variety of enforcement measures like (i) Issuing cease and desist orders in case of
infringement, (ii) Combined with periodical penalties or fines, in accordance with national
laws.