In an era where technology is deeply embedded in our daily lives, from social media interactions to financial transactions, the footprint we leave behind is increasingly digital. Consequently, “electronic” or “digital” evidence has become the backbone of modern criminal and civil investigations. With the introduction of the Bharatiya Sakshya Adhiniyam, 2023 (BSA), the landscape of how this evidence is appreciated and admitted in Indian courts is undergoing a significant transformation.
Here is a deep dive into the nuances of digital evidence, the transition from the Indian Evidence Act (IEA) to the BSA, and the technical rigors of cyber forensics.
What Constitutes Digital Evidence?
While the term “electronic or digital evidence” isn’t explicitly defined in the old IEA or the IT Act, the IT Act defines an “electronic record” as data, images, or sounds stored, received, or sent in an electronic form,. This includes everything from emails and CCTV footage to social media posts and server logs.
Under the new BSA, the definition of “document” has been expanded to explicitly include “electronic and digital records”. Section 61 of the BSA ensures that the admissibility of a record cannot be denied solely because it is digital, granting it the same legal validity as traditional paper documents.
The Admissibility Framework: IEA vs. BSA
For years, Section 65B of the IEA was the gatekeeper for electronic evidence. It required a certificate to prove the authenticity of secondary electronic evidence (like a printout or a copy on a CD). The Supreme Court, in landmark judgments like Anvar P.V. v. P.K. Basheer and Arjun Panditrao Khotkar v. Kailash Kishanrao Gorantyal, clarified that this certificate was a mandatory condition precedent for admissibility,.
The BSA introduces a more structured and perhaps more stringent framework under Section 63 (analogous to Section 65B of IEA).
Key Changes in Certification
1. The “Person in Charge”: Under Section 65B(4) of the IEA, the certificate had to be signed by a person occupying a “responsible official position” regarding the device. The BSA Section 63(4) changes this terminology to “a person in charge of the computer or communication device”.
2. Dual Certification Requirement: The BSA appears to introduce a dual certification mechanism. Section 63(4) requires the certificate to be signed by two entities:
- The person in charge of the computer/device.
- An expert.
This addition of an “expert” signature is a significant departure from the IEA. This expert is likely referred to as an “Examiner of Electronic Evidence” notified under Section 79A of the IT Act.
3. Mandatory Hash Values: A major technical upgrade in the BSA is the inclusion of Hash Values in the certification process. A hash value is a unique alphanumeric string (like a digital fingerprint) generated by an algorithm (e.g., MD5 or SHA256). Even a tiny alteration to a file changes its hash value entirely, making it a powerful tool to prove that evidence has not been tampered with,. The BSA requires the expert to certify this hash value in Part B of the schedule.
The Role of Cyber Forensics
Collecting digital evidence is not as simple as seizing a physical weapon. Digital data is volatile and easily altered.
Search and Seizure Best Practices
To ensure evidence stands up in court, investigators must follow strict protocols:
- Isolation: Devices like mobile phones should be isolated from networks (e.g., using Faraday bags) to prevent remote wiping.
- Chain of Custody: A detailed record of who handled the evidence, when, and how must be maintained to prevent claims of tampering.
- Imaging: Investigators should work on a “forensic image” (a bit-by-bit copy) of the hard drive rather than the original to preserve integrity.
The Challenge of Encryption
A growing challenge is accessing data on locked devices. While an accused cannot be compelled to provide self-incriminating testimony, High Courts have held that providing a password or biometric to unlock a device does not amount to being a witness against oneself, as it is akin to providing a physical sample like a fingerprint,.
Conclusion
The shift from the Indian Evidence Act to the Bharatiya Sakshya Adhiniyam represents a modernization of India’s legal approach to technology. By explicitly recognizing digital records, mandating expert certification, and incorporating cryptographic hash values, the law aims to enhance the reliability of evidence in cyber crimes,.
For legal practitioners and tech professionals alike, understanding these nuances is no longer optional—it is essential for navigating the future of justice.