Cyber laws which they won’t teach anywhere – Connect the dots

Electronic Evidence

Author’s Note

Everyone screams “Section 65B Evidence Act” whenever electronic evidence is mentioned. Little do they know that it only deals with Secondary Evidence?

What about Primary Evidence?

How would you produce a real device before a court as evidence?

You need to connect the dots between the IT Act and the Evidence Act.

Leave suggestions and questions in the comments.

Table of Content

  1. Cyber laws which they won’t teach anywhere – Connect the dots
  2. What is an Electronic Record?
  3. Types of Evidence – Primary and Secondary
    1. Primary Evidence
    2. Secondary Evidence
  4. Primary v/s Secondary Electronic Evidence
  5. Cyber Forensics and Tampering- Primary Electronic Evidence
  6. Submission of Secondary Electronic Evidence – Section 65B Evidence Act
  7. Expert Opinion for Electronic Evidence

What is an Electronic Record?

Section 4 of the Information Technology Act, 2000 legally recognises the electronic records.

It acknowledges the importance of electronic records as evidence and due to which amendment in the Indian Evidence Act, 1872 (hereinafter referred to as “IEA”) was necessary.

For the purposes of the above, Electronic Record has been defined under Section 2(1)(t) of Information Technology Act as,

“data, record or data generated, image, or sound stored, received or sent in an electronic form or microfilm or computer generated microfiche.”[1]

Note: Microfiche is a card made of transparent film used to store printed information in miniaturized form.

To simplify what is an electronic record – it is something which has to be stored, received or sent in an electronic form or microfilm or computer generated microfiche.[2]

Section 3 of the IEA provides for two forms of evidence i.e oral evidence and documentary evidence.

Electronic records produced before a Court are documentary evidence.

Types of Evidence – Primary and Secondary

According to Section 61 of the Indian Evidence Act, the evidence to be produced before the courts are classified as based on their method of production:

Primary Evidence

The original copy of the documents produced before the court can become the primary evidence.[3] The original device is also a primary evidence.

Any original document of any sort of document would come under this.

Therefore, Primary Electronic Evidence is the electronic record retrieved from the computer, computer network or a computer system which is in question.

For e.g., evidence of a conversation over WhatsApp available in the murder victim’s phone. This evidence has to be retrieved from the phone by a cyber forensic expert before producing it before a court.

Note: Material evidence is also a primary evidence in this regard. A Material evidence would be something like a murder weapon or CCTV footage etc.

Secondary Evidence

Secondary evidence is the copy of the original document Section 63 of IEA defines Secondary evidence and includes:

  1. certified copies given under the provisions hereinafter contained;
  2. copies made from the original by mechanical processes which in themselves insure the accuracy of the copy, and copies compared with such copies;
  3. copies made from or compared with the original;
  4. counterparts of documents as against the parties who did not execute them;
  5. oral accounts of the contents of a document given by some person who has himself seen it.

A Secondary Electronic Evidence in case the certified copy is supplied etc or if it is a document of electronic record which has been verified by the owner of the computer, computer network or computer system.

Primary v/s Secondary Electronic Evidence

The courts permit secondary evidence only when primary is not available.

But in certain cases, such as where information is to be recalled from Intermediaries (Telecom operators, Internet Service Providers etc) where the evidence is stored on a server; it seems logical to not bring the servers to the courts for examination.

This is why the courts allow secondary cases in cases where CDR record is to be called or exchange of emails or other information stored on technology which cannot be summoned before the court reasonably.

However, in a case where data is stored in a technology which can be easily summoned before a court such as phones, laptops, tablets, pen drives etc. The court does not permit secondary evidence.

Cyber Forensics and Tampering- Primary Electronic Evidence

You just can not simply take the phone as evidence before the court and show it to the judge.

That phone can only be used as a primary evidence when all of the following has been proved that it has not been tampered with during investigation.

This is done by Cyber Forensic Experts.

  1. They collect the evidence and encrypt the volatile memory (RAM) of the using a 64-bit cryptographic hash called SHA-256.
  2. They would get this recorded in the panchanama if the evidence is found at a crime scene.
  3. This is done because the volatile memory changes with the slightest of change with the device, it would change even if you try to incorrectly unlock the phone or plug it in for charging.
  4. They would then mirror/clone the device, i.e. copy the memory of the device in a virtual machine in a similar environment and then retrieve whatever data or information they have to only from the copy.
  5. They would then have to prove the authenticity of the findings by again running the SHA-256 cryptographic hash against the volatile memory of the phone and showing that the same 64-bit result is generated as in the beginning when the evidence was collected.

Submission of Secondary Electronic Evidence – Section 65B Evidence Act

Section 65B of IEA lays down the essentials and procedure for submission secondary electronic evidence.

Secondary Electronic Evidence refers to any sort of certified copy of the original evidence, or copies that have been made from the original document.

It also mandates the production of a Certificate by the owner or manager of the computer, computer network or computer system.[4]

In the worst case, the courts may consider a certificate from anybody having any plausible knowledge of authenticity of the evidence.[5]

A Secondary Electronic Record would be considered equally valuable as Primary Electronic Evidence without a speck of doubt.[6] However, the secondary electronic evidence must satisfy all the conditions mentioned under Section 65B(2) of IEA.

Secondary electronic evidence provided as per the Section 65B is considered equally well as a primary electronic evidence because these evidence are derivatives of the original which are then supported by a certificate of the manager or the owner. For e.g. Call Detail Reports (CDR), certified copies of evidence from courts etc.

Expert Opinion for Electronic Evidence

Primary evidence has the risk of getting tampered.

The opinion of Cyber Forensic Experts taken by the courts in relation to the electronic evidence is a relevant fact as per Section 45A of IEA.

Section 79A IT Act allows the courts and the police to get expert opinion regarding electronic evidence by experts appointed by the Central Government.

  1. Arvind M. Bhandarwar, Electronic Record, Its Proof and Certificate Under Section 65B of Indian Evidence Act, http://mja.gov.in/Site/Upload/GR/%20ELectronic%20Record.pdf.
  2. ibid.
  3. Section 62, Indian Evidence Act, 1872.
  4. Section 65B(4), Indian Evidence Act, 1872.
  5. Arvind M. Bhandarwar, Electronic Record, Its Proof and Certificate Under Section 65B of Indian Evidence Act, http://mja.gov.in/Site/Upload/GR/%20ELectronic%20Record.pdf.
  6. Section 65B(1), Indian Evidence Act, 1872.

Related Posts

Leave a comment