- We live in a world where, for our amusement and necessity, we have converted several things into virtual form, but there are major things which cannot partake physical things.
- We live in data-age, where data is propriety of the person and for all intents and purposes is his private property.
- No one is left out from surveying and prying eyes, be it Cyber Criminal or authorities and where virtual things are stolen or hacked or cloned.
- I take my learned friends through the nuances of Legal Validity of such hacked/cloned data.
- Let's take a look at some basic provisions of Information Technology Act [ITA] and Indian Evidence Act[IEA]
- ITA 2(a) - access with its grammatical variations and cognate expressions means gaining entry into, instructing or communicating with the logical, arithmetical, or memory function resources of a computer, computer system or computer network;
- 2(ha) - communication device, means cell phones, personal digital assistance or combination of both or any other device used to communicate, send or transmit any text, video, audio or image;
- 2(i) - computer means any electronic, magnetic, optical or other high-speed data processing device or system which performs logical, arithmetic, and memory functions by manipulations of electronic, magnetic or optical impulses, and includes all input, output, processing, storage, computer software or communication facilities which are connected or related to the computer in a computer system or computer network;
- 2(k) - computer resource means computer, computer system, computer network, data, computer database or software;
- 2(o) - data means a representation of information, knowledge, facts, concepts or instructions which are being prepared or have been prepared in a formalized manner, and is intended to be processed, is being processed or has been processed in a computer system or computer network, and may be in any form (including computer printouts, magnetic or optical storage media, punched cards, punched tapes) or stored internally in the memory of the computer;
- 2(r) - electronic form with reference to information, means any information generated, sent, received or stored in media, magnetic, optical, computer memory, microfilm, computer-generated microfiche or similar device;
- 2(t) - electronic record means data, record or data generated, image or sound stored, received or sent in an electronic form or microfilm or computer-generated microfiche;
- 2(u) - function, in relation to a computer, includes logic, control, arithmetical process, deletion, storage and retrieval and communication or telecommunication from or within a computer;
- 2(v) - information includes data, message, text, images, sound, voice, codes, computer programs, software and databases or microfilm or computer-generated microfiche;
- 2(w) - intermediary, with respect to any particular electronic records, means any person who on behalf of another person receives, stores or transmits that record or provides any service with respect to that record and includes telecom service providers, network service providers, internet service providers, web-hosting service providers, search engines, online payment sites, online-auction sites, online-market places and
- 2(za) - originator means a person who sends, generates, stores or transmits any electronic message or causes any electronic message to be sent, generated, stored or transmitted to any other person but does not include an intermediary
- 2(ze) - secure system means computer hardware, software, and procedure that� (a) are reasonably secure from unauthorised access and misuse; (b) provide a reasonable level of reliability and correct operation; (c) are reasonably suited to performing the intended functions; and (d) adhere to generally accepted security procedures
- 4. Legal recognition of electronic records.�Where any law provides that information or any other matter shall be in writing or in the typewritten or printed form, then, notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied if such information or matter is� (a) rendered or made available in an electronic form; AND (b) accessible so as to be usable for a subsequent reference
- IEA s.61: Proof of contents of documents.�The contents of documents may be proved either by primary or by secondary evidence.
- s.65B(2) (a) the computer output containing the information was produced by the computer during the period over which the computer was used regularly to store or process information for the purposes of any activities regularly carried on over that period by the person having lawful control over the use of the computer; (d) the information contained in the electronic record reproduces or is derived from such information fed into the computer in the ordinary course of the said activities
- 85B Presumption as to electronic records and electronic signatures (1) In any proceedings involving a secure electronic record, the Court shall presume unless contrary is proved, that the secure electronic record has not been altered since the specific point of time to which the secure status relates
- Admittedly in the process of cloning, the 1st computer including the software is used and hacked open with help of 2nd computer, and data is retired by the 2nd computer from the 1st computer and stored in the 2nd Computer. If the owner of the both the computers is not the same, it amounts to stealing of data from owner of 1st computer by the owner of 2nd computer. This itself is an offence under s.65 and other provisions of ITA.
- From above it is clear that there are 2 different computers involved in the process of hacking/cloning.
- 23. Now, the data which was in 1st computer, is stolen via the 2nd computer and stored on 2nd Computer, and is used as original data with fraudulent purpose, as if its data on the 1st Computer.
- There is great chance that the data on the 1st computer doesn't exist or is deleted or manipulated by the owner of the 2nd computer in the process of hacking/cloning. This is so, given the hi-tech software's used to hack/copy/clone even deleted data, the security of the data on the 1st computer is compromised by the owner of the 2nd Computer.
- It need not be mentioned that any ordinary person using his computer
in ordinary manner, cannot do such hacking/ cloning of data, whether
present or deleted, on others persons computer.
- Therefore the hacking/cloning is not legal means of "data/system/source/record" within meaning of ITA.
- The cloning if not made by the owner of the 1st Computer, and if made by hackers, would fall flat in face of section 2(r)/(t) of ITA as it is not "generated, sent, received or stored" in the 1st computer; but is acquired by hacker by trespass on the 1st computer device. Further if the intendment is to send/receive/store, only the senders/recipients intendment, is relevant.
- The provisions of ITA never intended to include cloning or hacking by 3rd party. In this regard even the intermediary is excluded from using the data. Therefore in case of emails, texts, and messages; even the "application owner" is also excluded from using of data. So if the intermediary 3rd party is excluded; the use of data by hackers is clearly beyond the scope of the ITA or IEA. Thus reliance on the cloned data by hacker is illegal for any purpose whatsoever.
- The data which is recognized by section 65B must be such data, from the computer from which it is generated, and subjected to proof, and which can at any point of time be generable/producible, from the very computer where the data is, and not otherwise.
- If a data is "altered" in the 1st computer by whatever means, it cannot be used for any purpose. Therefore to rely on a hacked data on 2nd computer is farfetched to relate, or relevant, to, the 1st computer or data thereon.
- Further there are 2 other prongs of alteration within meaning of section 85B, (a) the alteration is been done by the 2nd computer the moment the data is hacked/cloned in the form in which is not on the 1st computer (b) the data which is available on the 2nd computer doesn't match with data on the 1st computer or is not available on 1st computer. This assumes further importance, because in cases where data on the 2nd computer is relied as data on 1st computer; in the absence of data on the 1st computer, the data 2nd computer fails all tests of source verifiability and is even weak relevancy.
- Let me clarify any system interference with the toolkits softwares to override the original embedded software of the 1st Computer system violates the computer system and is therefore it amounts of data and system breach and several offences are thus committed by such hacker. Therefore the original become volatile and unreliable and thus not admissible in evidence therefore even the cloned hacked copy is also not admissible in evidence.
- The data so hacked/cloned/stolen/manipulated is in the 2nd computer and therefore the source of the data is that of the owner of the 2nd computer and not the 1st computer.
- By virtue of section 4 of the ITA, because the data is available on 2nd
computer [and data on the 1st computer may have been manipulated/erased],
and since the question of data on 1st computer is not intended to be proved
but only the data on the 2nd computer is sought to be proved, the data on
the 2nd computer cannot be used for any purpose. Therefore if the data is to
be proved, the data on the 2nd computer alone can be proved and not the data
on the 1st computer, as it violates several provisions of "secure data". And
any intent to prove data on 2nd computer as data on 1st computer is nothing
short of further manipulation or lack of cognition faculty. Here the
principle of primary evidence as stated hereafter is applicable strictly and
not beyond the data on 2nd computer, and of course not to legitimize the
illegal source of data, as it would amount to decriminalization of ITA and
- The data and the 2nd computer has to strictly comply with secured record under section 14 ITA and section 65B of IEA, absent which it cannot be considered for any purpose.
- Apart of that, only [a] data [b] from the original source -> can be proved. So the data on 2nd computer cannot be proved as data on 1st computer, directly or indirectly and violate the rules of relevance, admissibility to bring in arbitrariness wheresoever.
- By virtue of specific provision of section 65B r/w 85B, the "data and the computer of only the 1st computer" is allowed and not the "cloned data on 2nd Computer". Doing this would be clear case of proof of "2nd computer and data", and not the "1st computer or data". Further as applied to electronic data, the provisions of secondary evidence are not applicable, nor is it possible because the provisions of s/65 of IEA would have to be the strictly construed against the "data on the 2nd Computer" vis-�-vis the "data on the 1st computer".
- Further by virtue of best evidence rule, the fact that the 1st computer doesn't have data in "ordinary usage and form" is disproof of "data on the 2nd Computer".
- The extent of applicability of 65B rw 85B is limited to the "data 1st on the 1st computer" which has to "exist", and that's why unless the section 65B(2), and 65B(4)(b) of IEA.
- In view of this very specific mandate of "output" in s/65B(2), a hacked/cloned data or the second computer is not contemplated. This is so because certificate under 65B would then be in respect of the data on 2nd Computer and not the 1st Computer or data on 1st computer.
- The next question will be which is Original Data for the purpose of "Primary/ Deemed Original Document" and which will be Secondary Document for 65B. Obviously the Primary/ Deemed Original Document is the 1st Computer. But given the Original is tampered with, there is no Primary/ Deemed Original Document. Now can there be a Secondary Evidence under section 65B of the tampered Original�.???? Obviously no.
- In view of the above it is clear that there is no legal value to hacked/cloned data in court of law, and such hacker or cloner cannot rely/use such ill-gotten and illegal data for whatsoever purpose.
Written By: Advocate Sandeep Kapatkar,Pune