Basics of Electronic Evidence – Part 2

The contents of a certificate u/s 65B of the Evidence Act and who is to issue the same is a matter of considerable debate, this post seeks to address these issues :

 Certificate u/s 65B of the Evidence Act : Who is to issue, and what is that it is supposed to contain ? 

The output of a electronic record, in order to be admissible in a court of law, has to be filed along with a certificate u/s 65B(4) of the Evidence Act. Such a certificate has to be issued by a person occupying responsible position with respect to the computer from which the data is produced. The certificate has to certify the conditions laid down in S. 65B(2) relating to integrity of data and computer system; the manner of production of the output of electronic record, identity and particulars of device used (including the original device).

The entire idea behind the certificate is to ensure, once again, integrity of source, authenticity of data, so that the court can place reliance on it. This is important since electronic data is more prone to tampering and alteration. 

Questions such as : How the certificate is to be prepared, who is to issue the certificate, and the exact contents of the certificate, will depend on the specific nature of electronic record that is sought to be proved.

For instance : A image taken with the mobile phone camera, will be first copied onto the laptop and thereafter printed out. In such a case, the certificate will have to mention the process of transfer and printing so as to prove ‘integrity in the chain of movement’ and will have to be prepared and given by the operator of the mobile phone and the laptop. It has to compulsorily conform to the conditions in S.65B(2) & (4). It has to identify the original mobile phone and the other devices used in preparing the output. In such cases, preserving the original is also extremely necessary. Computer Forensic Experts advise the retention of the original in a dust/transmission resistant environment, making a clone copy of the contents therein (after using devices such as write-blocker to ensure no data is written onto the device during access), and access to the document through the clone/mirror copy only. Taking the Hash value of the device at the time of seizure and, thereafter before the court convinces the court as to non tampering with the device. (The different forensic practices used to guarantee evidentiary value, in greater details, will be discussed in a different post of ours)

Things get slightly more complicated when information over the internet is sought to be proved. One view is that the person taking the printout from a website/email – is to give the certificate; the other view is that the person incharge and responsible for the server where the information resides is to give the certificate. The latter option spells great trouble and will render most electronic information extremely difficult to be proved as most servers are located in distant locations, spread over a large geographical area ,under managerial control of different personnel, and most importantly outside the jurisdiction of our courts.

The question on as to who is to issue the certificate assumes relatively greater importance in case of proof of Call Detail Records etc.

By virtue of decision of Delhi High Court in Kundan Singh Vs. The State [MANU/DE/3674/2015], the doctrine of hearsay, in its application to proof of electronic evidence, has been limited a great deal. The court has recognised the fact that in cases of huge information contained across various servers, which is sought to be proved years later, it may not be possible to procure the  evidence/certificate issued by persons incharge of the computer system at that time. In such cases, people who have subsequently taken over charge of such computers can issue certificate u/s 65B Indian Evidence Act.  Evidence in such cases cannot be eschewed merely on the ground of hearsay.  Therefore, what follows is that a person holding a responsible official position in relation to the operation of the relevant device/activities can give a certificate u/s 65B in relation to CCTV Records/CDR Etc.  This flows from the fact that the fact that system was working properly at a relevant time is something that can be gauged from system logs, and is not something that is strictly within personal knowledge of one individual.

Food for thought ! 

Another peculiar situation that may be visualised is when the output of an electronic record is seized from the Accused; for eg, at the time of arrest, the accused is made to take a printout from his email  account; whether in such a case it is the accused who can be made to issue the certificate; and if yes, whether the same amounts to ‘self incrimination’ and resultantly, runs foul of Article 20(3) of the Constitution. Conversely, can one also say that this printout is a ‘fact discovered’ for the purpose of Section 27 of the Evidence Act, and therefore, admissible in evidence even without compliance to Section 65B of the Evidence Act. The jury is out on this one, and a authoritative decision of the court is awaited. Till then, there are arguments for and against each position.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s