Cyber Crime in India is on the rise and

there is no figure needed to support

this assertion today. However there are
a number of loopholes and fallouts in
this particular nature of crime, the first
and most important being the
procedure. Statistically speaking as a
result of a survey, majority of the law
enforcement agencies do not know
about how to investigate a cyber crime.
The very basics embodied in the CrPC
about powers during investigation are
rarely specific. The second is related to
the evidence in such crimes.

Procedural Law and Cyber Crime

Nitish Chandan
R120212001
Int. B.Tech CSE+LLB Hons. Cyber Law

Contents
Acknowledgement ........................................................................................................................................ 2
1.

Introduction .......................................................................................................................................... 3

2.

The Law in Question.............................................................................................................................. 3

3.

The Sad IT Amendment Act, 2008: ....................................................................................................... 4

4.

How do they investigate? ..................................................................................................................... 5

4.1.

Reverse Engineer .......................................................................................................................... 5

4.2.

Notice under Section 91 CrPc ....................................................................................................... 5

4.3.

Evidence and Admissibility............................................................................................................ 8

5.

But the Real Problem- Case Study? .................................................................................................... 11

6.

What needs to be done? ..................................................................................................................... 12

Acknowledgement
I would like to extend my heartfelt gratitude to everyone who has been a part of this project. Dr. Mamta
Rana, without whose suggestions and guidance this project would never have reached completion. She
is also my mentor for this project. My friends, whose new inputs and skill sets always got me something
new to research about. My parents and grandparents whose views I took at regular times about how
things were in the past to relate them with the present scenario. All in all, without all these people this
project would not have been successful.
The biggest part of my gratitude extends to the law enforcement agencies of Dharamshala, Himachal
Pradesh, Gurgaon, Haryana and Saharanpur, Uttar Pradesh, interactions with whom have paved way for
the findings of this project.

1. Introduction
Cyber Crime- One of the most unexplored dimensions both procedurally and substantially in the Indian
Law is a growing menace these days. Research and Reports have shown that Cyber Crime is growing
tremendously and without any precedents on a lot of issues. This paper although about procedure also
looks at some part of substantive law. This is not a regular paper with sources limited to books and
journals, with this attempt I have taken to writing with my experience on the ground and with
interactions with Police Officials from different states in India. I have also tried to incorporate problems
as shared by them and a readiness estimation for a big boom of Cyber Crime in the coming years.
This paper limits itself to solving Cyber Crime and the role of intermediary data in it. Although there
have been strict and fairly good guidelines issued to the intermediaries under the IT Act, still the country
seems to lag behind in solving cases and getting convictions. So this becomes the next important
question to be discussed in the paper- What is the reason for a low conviction rate in Cyber Crime?

2. The Law in Question

For the most of it, procedurally, investigators across the country rely on only this provision to be able to
solve cyber crime because witnesses are often servers and evidence has to be taken from these sources.
Almost no proceeding or action takes place without this Section from the CrPC being used.

91. Summons to produce document or other thing.

Whenever any Court or any officer in charge of a police station considers that the
production of any document or other thing is necessary or desirable for the purposes
of any investigation, inquiry, trial or other proceeding under this Code by or before
such Court or officer, such Court may issue a summons, or such officer a written
order, to the person in whose possession or power such document or thing is believed
to be, requiring him to attend and produce it, or to produce it, at the time and place
stated in the summons or order.
(2) Any person required under this section merely to produce a document or other
thing shall be deemed to have complied with the requisition if he causes such
document or thing to be produced instead of attending personally to produce the
same.
In short, the provision gives the powers to a court or a police officer in charge of a police station to ask
for production of any document for the purpose of investigation. The first observation about this issue is
that Cyber Crime that is generally of a very different nature when compared to traditional crime is
rooted in the IT Act and the IT Act in itself has no modes laid down in procedure of the manner of
3

investigation. It only mentions in Section 78 of the Act that a police above the rank of Inspector may
investigate offences under IT Act.
Again, for the rest of it, Cyber Crime is reliant on the CrPC expect for another Section 80 for arrest and
search and Section 76 to confiscate any hardware in question.

3. The Sad IT Amendment Act, 2008:

Before the IT Act Amendment, most of the offences under the IT Act were non bailable and cognizable.
This is in coordination with the CrPc that all offences which lead to a punishment of 3 years and above
and under 7 years shall be non bailable and cognizable. Sadly the law framers during the time passed
this bill. Just after this bill was passed, Sec. 77-B was added into the IT Act which reads,
77 B Offences with three years imprisonment to be cognizable
(1) Notwithstanding anything contained in Criminal Procedure Code 1973, the offence punishable
with imprisonment of three years and above shall be cognizable and the offence punishable
with imprisonment of three years shall be bailable.
This section totally defies the CrPc and establishes new standards for itself, so the actual scenario under
CrPc as depicted is:
Punishment
Death, Imprisonment for life, or
more than 7 years

Cognizable

Bailable
YES

NO

Imprisonment more than 3 years

but less than 7 years

YES

NO

Imprisonment less than 3 years or

fine only

NO

YES

Now the current scenario:

Sections

Cognizable

Bailable

65, 66, 66A, 66B, 66C, 66D,

66E, 67, 67C, 69B, 72A.

YES

YES

66F, 67A, 67B, 69, 69A, 70

YES

NO

68, 71,72

NO

YES

4. How do they investigate?

For the purpose of this paper, a lot of law enforcement agencies were asked about how investigation is
done in cases of Cyber Crime and from that, a deduced activity chart has been framed. The source of
this data are law enforcement agencies of Himachal Pradesh and Haryana.

4.1. Reverse Engineer

In the first steps of investigation, it is very important to try to solve and get information about a profile
first handedly. In a case involving a fake profile, in the initial stage of complaint only, the police helped
the girl to identify the criminal. For this they tried to login into the fake account and at the recovery
options it was seen that there was a number for verification whose last two digits were shown. Upon
matching with the girls phonebook the criminal was found out and the case cracked open. It is a very
helpful tool for people. This is somewhat as it happens in traditional cases of crime as well, but the
bridge here is the fact that not all law enforcement agencies abide by this. After a Q&A with certain law
enforcement agency it was found that not most of them know or use this tool of Reverse Engineering.

4.2. Notice under Section 91 CrPc

The Section 91 of the CrPc is a very useful tool for the police wherein information can be asked for from
the required intermediary. Details like login and logout ips, browser details, creation ip, mobile number
used for registering, all email ids attached etc. are obtained. One of the biggest lacunas lies here. Once
illegal content (generally in these cases, offensive, demeaning content) has been identified, along with
this notice under Section 91, the police can not request the intermediary to take down any information
or data. Such orders have to flow from the state under Section 69A, Orders from the Central
Government or a Competent Court. Generally this lag results in a lot of cases of suicides among young
girls. For the purpose of this notice, the URL of the profile is to be mentioned along in the notice for the
legal team of the social network. They can be asked to preserve the profile and information for another
90 days if required. It is not possible however for the law enforcement agencies to tap into chats, gain
access of an account via these measures. Networks like whatsapp provide the agencies with IP logs of
users by means of which then tracking is done.
It is the duty of the IO to collect evidences in the form they are. If it is about a profile on a social network
then a CD with the screenshots of the profile from the top right to bottom right of the screen are to be
preserved. Print out of the screenshots signed by 2 witnesses is a compulsion to be preserved. When a
mobile is obtained then farady bags are used to seize the device and if a computer or laptop is obtained
then it is to be let in the on state and a clone of its hard disk is to be made for which required kits are
available.
After a great hustle and what actually needed time to obtain, here is a sample of the much talked about
notice under Section 91 of the CrPC. The problem has been that not all law enforcement agencies are
aware of how to use this tool. The intermediaries are bound to give all data that is being asked for but
often in the line of investigation, you may say because of lack of tech-savvy users, the specific
information is never asked for which creates problems later on. This hampers both the victim and the
investigating agency.

Note: Important Details have been wiped out as per the request of the Agency.

The replies from the intermediary look like this-

Also Login and Logout IPs of the user are given which help in establishing as to who really the criminal is.
For
this
purpose
the
reply
looks
like
this-

After obtaining the IP Addresses, it needs to be established as to who the IP address belongs. For this
the intermediary now shifts to being the service provider that allocated this IP address. Another notice
u/s 91 is sent to this intermediary seeking information about this user and his address etc. which takes it
further towards fixing liability.

4.3. Evidence and Admissibility

This fact does not need mention that the evidence in cases of Cyber Crime is very volatile, it resides on
servers, has no witnesses or people to corroborate. Still, the Indian law has a good position as far as the
law relating to digital evidence is concerned. Until 2014, this situation was not good because the law i.e.
Sections 65A and 65B of the Indian Evidence Act was not followed. The nature of evidence in the real
world and the virtual world is different. This disparity is conspicuous in all the stages of evidence
detection, gathering, storage and exhibition before the court. The critical part is that all the investigation
authorities that are responsible right from the stage of collection of the evidence to the presentation of
the evidence before the court must understand the distinguishing attributes of the evidence so that
they can preserve the evidence collected by them. In this regard the role of the judiciary also becomes
vital as the judiciary must also be in the position to appreciate the computer evidence presented before
them. Contrary to the real world crimes where any tangible evidence in the form of finger prints,
weapon of crime, blood stain marks etc can be traced, in the virtual world such traces become very
difficult to find.
The Indian Evidence Act has been amended by virtue of Section 92 of Information Technology Act, 2000.
Section 3 of the Act was amended and the phrase All documents produced for the inspection of the
Court were substituted by All documents including electronic records produced for the inspection of
the Court. Regarding the documentary evidence, in Section 59, for the words Content of documents
the words Content of documents or electronic records have been substituted and Section 65A & 65B
were inserted to incorporate the admissibility of electronic evidence. Digital Evidence can include
anything from word documents to transaction logs, ftp logs of a server, GPS System tracks, computer
memory, browser history and sorts of artifacts.
8

a. Sec 65-A is purely about how electronic records may be proved, It is to be in accordance with Sec 65-B
and the conditions as laid out in it.
b. Sec 65 B(1) is a little confusing in the language but it simply means that any information (from the
computer or device in question) which is printed on a paper, stored, recorded or copied in optical or
magnetic media shall be also called a document. And this is admissible in any proceeding when a proof
of the original or any fact stated of which direct evidence would be admissible, meaning that such a
document can also act as an admissible evidence when it satisfies all the requisites under Sec. 65B. That
is why for investigators, evidence retention and preservation important.
c. Sec 65 B(2) talks about the prerequisites that need to be satisfied for a piece of evidence to be
admissible:
1. Firstly, the computer output containing the information should have been produced by the computer
during the period over which the computer was used regularly to store or process information for the
purpose of any activities regularly carried on over that period by the person having lawful control over
the use of the computer.
2. The second requirement is that it must be shown that during the said period, the information of the
kind contained in electronic record or of the kind from which the information contained is derived was
regularly fed into the computer in the ordinary course of the said activity.
3. A third requirement is that during the material part of the said period, the computer should have been
operating properly and that even if it was not operating properly for some time that break should not aff
ect either the record or the accuracy of its contents.
4. The fourth requirement is that the information contained in the record should be a reproduction or
derived from the information fed into the computer in the ordinary course of the said activity.
Under Section 65 B(4), a certificate to identify the electronic record is issued and it describes the manner
in which it was produced giving the particulars of the device involved in the production of that record
and deals with the conditions mentioned in Section 65 B(2) and is signed by a person occupying a
responsible official position in relation to the operation of the relevant device shall be evidence of any
matter stated in the certificate.
Earlier,

Electronically stored information was treated as a document and secondary evidence of these
electronic documents was adduced through printed reproductions or transcripts, the
authenticity of which was certified by a competent signatory. The signatory would identify her
9

signature in court and be open to cross examination. This simple procedure met the conditions
of both sections 63 and 65 of the Evidence Act.
To bridge this gap the IT Act amended section 59 of the Evidence Act to exclude electronic
records from the probative force of oral evidence in the same manner as it excluded documents.
This is the re-application of the documentary hearsay rule to electronic records. But, instead of
submitting electronic records to the test of secondary evidence which, for documents, is
contained in sections 63 and 65, it inserted two new evidentiary rules for electronic records in
the Evidence Act: section 65A and section 65B.
However, the special law and procedure created by sections 65A and 65B of the Evidence Act for
electronic evidence were not used. Disappointingly, the cause of this non-use does not involve
the law at all. Indias lower judiciary the third tier of courts, where trials are undertaken is
vastly inept and technologically unsound. With exceptions, trial judges simply do not know the
technology the IT Act comprehends. It was easier to carry on treating electronically stored
information as documentary evidence.
This situation continued and was held high in the Parliament attacks case(State v Navjot
Sandhu)by the Supreme Court where copies of Call detail records were admitted without
following procedures of Sections 65A and 65B.
Here, generalia specialibus non derogant (the general does not detract from the specific),
lex specialis derogat legi generali(special law repeals general law) were reiterated.
The Supreme Court held that Sec 65A and 65B create some special provisions that override the
general law of documentary evidence. So now, all the conditions as listen under Sec 65B must
be satisfied and a certificate be taken to make an evidence admissible.
This disqualifies oral evidence to attest secondary documentary evidence. It is only restricted for
later when oral evidence under Sec. 22A speaks about genuineness of the evidence and not
content by an expert witness under Sec. 45A of the Act.
Now the thumb rule to expect is verification of evidence by means of the specific laws of the
Evidence Act, not the general ones.

This precedent by the Apex court in 2014 has made it mandatory to obtain a certificate first before
furnishing any digital evidence.

10

5. But the Real Problem- Case Study?

This is the case study of a girl Radhika (Name Changed) who I met outside one of these police stations
she went to get her FIR registered. As the procedure lays down, police station-SP-Magistrate flow in the
CrPC and so the girl followed. Someone had created a fake profile in her name and was posting obscene
content on the social media network Facebook. She in the need of quick response approached the Police
Station and to which she got the reply, There are a lot of these cyber cases pending, nobody cooperates
my dear! There is no point hoping. Get over this, it will soon be over. The unsatisfied girl approached
the SPs office where I met her and shockingly the reply there was somewhat similar, they had to take
down her FIR there but the response was that even the local MLAs account is under similar attack and
Facebook has asked for a lot of information and legal procedure so we are unable to investigate. The
result : Often these people are forced to withdraw complaints, chargesheets are filed showing no

11

response from Facebook and thousands of cases go unnoticed. There is a Cyber Crime every hour in
India it is said, even then NCRBs data shows only a handful of 5400 crimes committed in the last year.
This leads to the next problem of low conviction rate. Often due to lack of evidence, sometimes due to
improper provision of the law as discussed in the first sections about bailability, offenders walk free.

6. What needs to be done?

There is a wide range of things that can be done but among many these few are the ones that require
immediate attention.

Insertion of a provision in the IT Act to seek data expressly from Social Media Websites and
Other intermediaries with a waiting time of less than a week.
This could ensure quick takedown and damage control of the victim.
Intermediaries Legal representatives workgroup to be created which does away with requiring a
notice to gain data.
Access can be monitored and given to select group of personnel within the law enforcement.
CrPC should be followed for bailability of offences.
Power should be given to law enforcement to request to take down data immediately.

12