Personal Data Protection and Data Localization-2

Posted on August 30, 2018 by Vijayashankar Na

[This is a continuation of the earlier article]

Having debated the need to “Restrict” the operation of the word “Indirectly identify” in the definition of “Personal Data”, we can now look at Section 40 once again.

We know that PDPA 2018 is a law that has been framed under the Indian Constitution (Just like the GDPR which is a law under EU Constitution) and its basic jurisdiction is for the citizens and activities that fall under its geographical boundaries. If “Privacy Protection” is the basic objective of the law then the mandate for the Government is to protect the privacy of Indian citizens. India cannot assume the responsibility to protect the Privacy of global citizens just as EU cannot assume responsibility for protecting the privacy of an Indian citizen.

However, law makers arrogate to themselves the right to frame laws with universal jurisdiction as if they are protectors of the whole world. GDPR did it and PDPA 2018 had no option but to follow suit.

Hence PDPA 2018 has stated that the law will have extra territorial jurisdiction in some respect though it is more humble than GDPR.

Basically PDPA 2018 applies under Section 2, to the following:

(a) processing of personal data where such data has been collected, disclosed, shared or otherwise processed within the territory of India; and
(b) processing of personal data by the State, any Indian company, any Indian citizen or any person or body of persons incorporated or created under Indian law.

Under Section 2(1)(b), processing of data by an Indian company even of a foreign national is subject to this Act.

I consider this a needless responsibility that the law could have avoided.

Under Section 2(2)

(2) Notwithstanding anything contained in sub-section (1), the Act shall apply to the processing of personal data by data fiduciaries or data processors not present within the territory of India, only if such processing is —

(a) in connection with any business carried on in India, or any systematic activity of offering goods or services to data principals within the territory of India; or
(b) in connection with any activity which involves profiling of data principals within the territory of India.

This is better worded than similar regulation under GDPR and brings the foreign companies within the ambit of the Act which is only reasonable if they are doing business in India or profiling activities in India.

Obviously some of the industry giants appear to be miffed at the courage shown by the legislators in bringing them under Indian law. While US meekly surrenders to the EU GDPR and EU GDPR tries to lord over the global IT systems, there seems to be objection only when India tries to assert its rights equal to other countries. It is in this context that the need to defend the sovereignty of India arises even in defining the provision of the data protection law.

Unfortunately our industry is dominated by vested interests and we find that this provision is being opposed as part of opposition to “Data Localization”.

The arguments presented in this opposition is

  1. Restricting cross border data flow is against the basic philosophy of Internet
  2. Imposes Additional cost
  3. A balanced view is required between Safety and Security of India and flow of global data into and from India
  4. Approach is against the fundamental tenets of our liberal economy
  5. Localization may become a trade barrier and unlikely to benefit local industry

Additionally, recognizing that the key to escaping data localization lies in the definition of data, there is an industry view point presented as a dissenting note that wants “Financial Data” and “Password” to be not classified as “Sensitive Data”.

It is not possible to give any credence to any of the objections raised above. It is like the usual arguments we see from the Pseudo liberals in our country  who plot the assassination of the Prime Minister on the one hand but wants to be protected under free speech on the other hand.

The Pseudo Data Protectionists want the law to be tuned to the advantage of other countries rather than India. They are having a skewed interest in data protection from the point of view of what helps their commercial interests rather than what helps the country and its citizens. This attitude needs to be countered for a healthy development of “Privacy in harmony with Security”.

I am sure that as in many other instances, Naavi.org will be a contrarian thought leader and the industry professionals may have discomfort in accepting the “Nation First” view point even ahead of “Privacy”.

After all I consider that “Cyber Security is a fundamental Right” and Privacy right  has to be balanced with the Security of the State without any excuse.

However, there will be many debates on this concept and this is only the beginning of a long drawn data colonisation war which India has to fight with the world data business leaders.

Let’s watch the developments as they unfold.

Naavi

Posted in Cyber Law | Tagged | 2 Comments

Personal Data protection and Data Localization-1

Posted on August 30, 2018 by Vijayashankar Na

(This is in continuation of the earlier article on PDPA 2018)

After the discussions on Aadhaar the other hotly debated aspect of Srikrishna Committee’s report and the draft PDPA 2018 is the “Data Localization” recommendation.

The PDPA 2018 has recommended under Sections 40 and 41, the regulations on cross border movement of data and there is a strong opposition from the industry circles on the proposed requirement that suggests that at least one serving copy of personal data generated in India has to be retained in India.

The Data Localization debate  has also triggered the concept of “Data Sovereignty” under which it is argued that the nation has the right to expect control over data that belongs to it.

We can refer to a well articulated opinion expressed in Economic Times today titled ” Data Sovereignty-Economic Implications for the country”

The Indian IT industry represented by NASSCOM which was represented in the Srikrishna Committee as DSCI has through a dissent note submitted as part of the report expressed its reservations on the recommendations of the Committee. The industry is continuing to lobby for a change so that the proposed recommendation is scrapped.

Until there was no specific data protection law in India, the IT industry lobbied for the law stating that it is important under the EU data protection guidelines. The EU guidelines even before GDPR threatened that no data would be transferred to Indian data processing industry unless there is a strong data protection law in India. The industry failed to recognize that ITA 2000/8 was itself a strong data protection law in India and was sufficient to claim the status of a “Adequate Data Protected Nation” under EU regulations. What was lacking was perhaps an effective implementation which could have been corrected administratively without another law.

However, after the Supreme Court jumped into the fray with the Puttaswamy judgement essentially to reign in the use of Aadhaar, there was no option for the Government but to develop a separate Personal Data Protection Law and the result is the PDPA 2018.  While the industry was earlier crying that data inflow has been curtailed because of lack of a law in India, now they are raising an objection that the law is restricting the data outflow. The stand taken by the industry therefore lacks conviction and looks like a lobbying by vested interests.

Let’s us first see what PDPA 2018 has proposed and what are the objections of the industry.

Section 40 of the proposed PDPA 2018,

40: Restrictions on Cross Border Transfer of Personal Data

(1) Every data fiduciary shall ensure the storage, on a server or data centre located in India, of at least one serving copy of personal data to which this Act applies.

(2) The Central Government shall notify categories of personal data as critical personal data that shall only be processed in a server or data centre located in India.

(3) Notwithstanding anything contained in sub-section (1), the Central Government may notify certain categories of personal data as exempt from the requirement under sub- section (1) on the grounds of necessity or strategic interests of the State.

(4) Nothing contained in sub-section (3) shall apply to sensitive personal data.

For the purpose of this section, data has to be considered as belonging to four types namely

a) Personal data to which Section 40(1) applies

b) Critical Personal data to which Section 40(2) applies

c) Exempted categories of data to which Section 40(3) applies

d) Sensitive Personal data to which Section 40(4) applies.

Of these, Personal data and Sensitive personal data is defined in the law and the Critical and Exempted data categories need to be notified by the rules or the Data Protection Authority of India (DPAI) when established.

Essentially the restrictions under Section 40 states that “Sensitive Personal Data” has to be compulsorily retained within India. As regards Personal Data, a copy alone need to be compulsorily retained in India and otherwise the data can move freely outside. Additionally the Government has kept the power to notify any other type of data that can be mandated for processing in India as “Critical Information” and those which can be exempted for local retention (of even a copy) under grounds of necessity or strategic State interests.

We should also observe the section carefully and note that Section 40(1) applies only to personal data to which this Act applies.

To understand Section 40(1) we need to therefore visit the definition of Personal Data and the Applicability of PDPA 2018.

The definition of “Personal Data” under Section 3(29) follows the global standards of defining anything and everything as “Personal” and if we raise objection to this, the very foundation of all personal data protection laws including GDPR would be threatened.

The definition given is

Personal data” means data about or relating to a natural person who is directly or indirectly identifiable, having regard to any characteristic, trait, attribute or any other feature of the identity of such natural person, or any combination of such features, or any combination of such features with any other information”

The definition is clearly omnibus with the use of the words “relating to”, “Indirectly identifiable” and “any combination”.

Data exists for a purpose and Law basically exists for the protection of a “Natural Person”. Hence almost all “Data” is indirectly related to a Natural person. In the days of “artificial Intelligence” supported by “Quantum Computing Power”, it is impossible to find data that is not related a natural person. Take for example a “Google Glass”. If I am wearing a Google Glass, every thing I see around me can be tagged to the identity of the face recognition. A Place can be identified with the people who have visited the place and it becomes “related to an individual”.

To expect any data to be “Not Related to a Natural Person indirectly or directly even with a combination of information sorrounding it and the use of technology” is a figment of imagination and living in a fools paradise.

I therefore consider that the law whether PDPA 2018 or GDPR has to recognize its own limitations and provide for a less than universal definition of “Data to which this Act applies”.

If we donot recognize this, there will be endless litigations and Supreme Court of India will have nothing to do expect interpreting how a particular piece of data is related to an individual.

This article which you are reading on the internet is a non-personal data but it is related to a person whose nick name is Naavi but who has a real name and identity associated with an e-mail address, a mobile number, aadhaar etc. Can we then say that this article is subject to Section 40(1) of PDPA 2018?. A strict interpretation will essentially agree with such an interpretation.

We therefore should recognize that if we donot confine the meaning of the “Personal Data” and remove the word “Indirectly” and stick to specific identifiers being defined (like in HIPAA), we are in for a chaotic time. This is not just for PDPA 2018 but also for all other legislation such as GDPR.

We shall however for the time being donot stir this hornet’s nest and accept the word “Indirect” as part of the definition and move on.

(To Be continued)

Naavi

 

Posted in Cyber Law | Tagged , , | 1 Comment

PDPA 2018 and Aadhaar-2

Posted on August 29, 2018 by Vijayashankar Na

Continuing our discussion on the draft PDPA 2018 (proposed by the Srikrishna Panel) and the proposed amendments to the Aadhaar Act embedded in the report under the Appendix, the following observations can be made.

  1. Offline Verification

One of the proposed changes is the introduction of the concept of “offline verification” which is defined as

“a process of verifying the identity of the Aadhaar number holder without authentication through such offline modes as may be specified by the regulations”.

We had a brief discussion on the possibilities of how an “Offline Verification System” can be used as a substitute to the present system where the authentication is based on the provision of biometric (Finger prints and/or Face recognition) at the service provider’s end and a direct connection to the CIDR for real time verification.

More discussions on the way the offline verification system can be designed will be required and hopefully UIDAI will come up with some innovative ideas of its own. For the time being we shall take this as a suggestion of the Srikrishna Committee to be further explored and developed. But this should be an alternative to the current system of authentication (both through global AUAs and Local AUAs with the use of the real Aadhar number and the virtual aadhaar number) and reduce the risk of leakage of biometrics during the billions of authentications that will be happening on the system on a daily basis.

2. Consent before Verification

Srikrishna Committee has proposed introduction of Section 8A to the Aadhaar Act which specifies that

(1) Any offline verification of Aadhaar number holder shall take place on the basis of consent provided to such verification by the Aadhaar umber holder

(2) Any offline verification-seeking entity shall,

(a) obtain the consent of an individual before verifying him offline, in such manner as may be specified by regulations; and
(b) ensure that the demographic information or any other information collected from the individual for offline verification, if any, is only used for the purpose of such verification.

(3) An offline verification-seeking entity shall inform the individual undergoing offline verification the following details with respect to offline verification, in such manner as may be specified by the regulations, namely: —

(a) the nature of information that may be shared upon offline verification;
(b) the uses to which the information received during offline verification may be put by the offline verification requesting entity;
(c) alternatives to submission of information requested for, if any.

(4) An offline verification-seeking entity shall not:

(a) subject an Aadhaar number holder to authentication;
(b) collect, use or store an Aadhaar number or biometric information of any individual for any purpose;
(c) take any action contrary to any obligations on it, specified by regulations.

It can therefore be observed that the entity seeking authentication through the off-line process has been mandated to obtain an informed consent. This is anyway covered under the PDPA 2018 also since the person receiving the information would be a data fiduciary even before he tries to verify the data.

There is need to recognize one anomaly here. The Aadhaar comes into the picture only for “Verification” of the “Data already provided by the data principal to the service provider (eg SIM card provider). It is at the time of providing his personal information to the service provider that he is obligated under PDPA2018 to obtain the necessary consent. Subsequently the interaction with UIDAI is not “Collection of Information”. It is only “Verification” of information already collected. So we may argue that no consent would be required to be taken from the data principal for the service provider to verify the data with the UIDAI. As long as the verification is the binary answer to the parameters submitted “Correct” or “Incorrect”, there is no information collection beyond what the data principal has already given.

The consent suggested therefore may be considered as a means of abundant caution. It may be relevant when the service provider just provides an Aadhaar number and the UIDAI send out the demographic data. This is being followed now but should perhaps be discouraged. The proposed amendment to Aadhaar Act will perhaps provide the backing to this system where data is thrown out of UIDAI to the service provider when a form is populated automatically with the data to be used by the service provider.

3. Purpose Limitation

Aadhaar service providers would be bound by the terms of the consent to use the data only for a specified purpose. This is also reiterated under the amended section 29 (4) which states

No Aadhaar number, demographic information or photograph collected or created under this Act in respect of an Aadhaar number holder shall be published, displayed or posted publicly, except for purposes, if any, as may be specified Provided, nothing in this sub-section shall apply to core biometric information which shall only be governed by sub-section (1).”

The amendment under 29(4) on restrictions on sharing the information addresses the many cases of aadhaar leakage that we have observed in the past.

4. Civil Penalties

It is proposed that an entire new chapter VIA on Civil Penalties along with Chapter VIB on appeals is proposed to be added. The civil penalty can extend upto Rs 1 crore and in the case of continued failure can extend to Rs 10 lakhs for each day of failure. Civil Courts will not have jurisdiction and the appeal from the Adjudication authority (to be appointed) goes to the Appellate Tribunal and then directly to the Supreme Court.

5. Criminal Penalties

Under Sections 38 and 39 it is suggested that the term of imprisonment can be increased from 3 years to 10 years.

Not obtaining a proper consent or unauthroized publication of data or unauthrorized use of biometric is considered as a criminal offence that can attract an imprisonment of 3 to 10 years with fine upto fifty lakhs. (Section 40, 41A, 41B,41C and 41D)

Punishments under  section 42 (residual penalty) has also been increased from 1 year to 3 year making it possibly a cognizable offence.

In view of the above, it can be stated that the Srikrishna Committee has suggested a substantial hardening of the Aadhaar act which should be welcomed.

However it is strange that we see some objections on the propositions including the dissent note from one of the members that suggestions on Aadhaar was beyond the scope of the committee’s terms.

While we are open to further suggestions and refinements regarding the controls that can be suggested for preventing misuse of the Aadhaar system, it is necessary to record that the recommendations are welcome.

Naavi

Posted in Cyber Law | 2 Comments

Srikrishna Panel report and Aadhaar

Posted on August 29, 2018 by Vijayashankar Na

Throughout the one year when the Justice Srikrishna Committee was deliberating on the Privacy Legislation in India, Aadhaar was the focus of the privacy activists. There was one group of people who were completely against Aadhaar and have been trying to convince the Supreme Court that Aadhaar is a threat to Privacy Right and has to be abandoned. They cited the many data breaches sorrounding the Aadhaar to discredit the Aadhaar system. On its part, UIDAI introduced the Virtual Aadhaar facility so that the Aadhaar identity need not be over exposed and also brought some additional controls on the Aadhaar authentication agencies by treating only a few as “Global AUAs”  and the rest as “Local AUAs”. During most of the public consultantion programs that the Srikrishna Panel held across the country, several concerns were expressed that because of Aadhaar non availability or failure, people are losing their ration and facing several difficulties etc.

Naavi has been speculating that the opposition was mainly from those who were hurt with the liking of Aadhaar to the Bank and PAN numbers and the proposed linking of Aadhaar to the property records. These measures were a blow to the holders of black money and they were voicing their opposition to the Aadhaar on grounds of Privacy and Security threats.

Even the Supreme Court held back its judgement awaiting the passing of the Privacy Act on which the Srikrishna Panel was working.

It was therefore logical that the Srikrishna committee when it was finalizing its report had several suggestions to harden the Aadhaar legislation. Justice Srikrishna is a pragmatic judicial expert whose years of experience were available for drafting of the report and his views are therefore to be considered as  meaningful suggestions that need to be translated into action at the earliest.

However, when we look at the final release of the Srikrishna committee report, it appeared that there was some difficulty in forging consensus in the committee as to the final recommendations. While the report did contain a whole Appendix where suggestions for amendments to the Aadhaar (Target delivery of financial and other subsidies, benefits and services) Act 2016, it was not incorporated into the draft Bill namely the “Draft Personal Data Protection Act 2018” (PDPA2018). Only amendments to ITA 2000 (Removal of Section 43A) and a small amendment to the RTI Act were added. The Committee in fact identified a list of 50 allied laws which were affected by the proposed legislation of which only amendments to ITA 2000 and RTI Act were incorporated in the draft bill.

Given the expertise which was at hand, the committee was capable of suggesting amendments to all these legislations but did not do so. In fact even the critical suggestions regarding Aadhaar were only incorporated as a suggestion in an Appendix and it is now left to the Government to bring a separate bill for the amendment of the Aadhaar Act.

After the release of the two documents namely the draft bill and the committee’s report, we have seen that there has been sharp criticisms on the proposed amendment to the RTI Act. The opposition to Aadhaar was expressed in the report itself in the form of the dissenting notes from one Professor and another representative of DSCI. Additionally there has been dissent on the Data localization suggestions of the Committee.

There is a possibility that some minor changes to the draft bill can be made before it is passed.

We shall therefore try to discuss the major points of dissent and try to understand why there is an opposition from some sections of the industry which has tried to express itself in the dissenting note of the DSCI representative in the report itself.

….To be continued

continued Naavi

Posted in Cyber Law | Tagged , , , | 1 Comment

Puneet Prakash Vs Suresh Kumar Singhal…Evidence under Section 65B.. unacceptable judgement

Posted on August 18, 2018 by Vijayashankar Na

The law regarding Section 65B of Indian Evidence Act 1872 was laid down on 17th October 2000 when the amendment was passed after Information Technology Act 2000 was notified. However the lack of proper understanding of the purpose of the section continues till date.

The judgement in the case of Puneet Prakash Vs Suresh Kumar Singhal (RFA 744/2016) in the High Court of New Delhi (Judgement reserved on 30th May 2018 and published on 13th July 2018) is yet another judgement where the Judge of the day has used his discretion to interpret the law as he deems fit.

The judgement was on account of an appeal filed against the earlier judgement of the Trial Court dated 18th August 2015 from a lower court in which they were the plaintiffs. The then dispute was on an incident which occured on 3rd January 2005 in which certain photographs were taken and became evidence in the case. The main dispute was regarding a rental agreement dating back to 1994 in which the grand mother of the appellants was the owner and the defendant was the tenant who had rented the property way back in 1975 from the erstwhile owner of the property from which the grand mother of the appellants had purchased it.  The  property consisted of a house along with two tenanted shops and the defendant was the tenant of one of the shops which consisted of two portions one of which was a store/office. The dispute was that the rent of Rs 3000/- pm as agreed was not paid and also that on 3rd January 2oo5, the appellants came to know that the defendants had illegally tresspased into a storeroom at the back of the shop by breaking the wall. Consequently, Puneet Prakash (appellants of this case and plaintiffs) filed an “Eviction Petition” before the Assistant Rent Controller (ARC) Delhi (which is stated to be pending). It is interesting to note that the property allegedly broken into was not part of the tenanted portion but the plaintiffs claimed the relief from the ARC for decree for possession of one portion of the property which was in the custody of the defendants and also increase the rent for another portion.

The evidence presented included a site plan showing the disputed properties and a photograph taken on a digital camera showing a small gate in the back wall of the store (which was broken into allegedly). The photograph was taken by  Varun Prakash (brother of Puneeth Prakash the plaintiff)  who was the principal witness 1. (PW1). The defendants claimed that there was no such gate and there was a wall in its place and the photograph was manipulated.

The Trial Court had dismissed the evidence and concluded that even the rent deed was not properly established as it was only a photo copy. Even the will executed by the grandmother of the plaintiffs was not considered as established. Incidentally, while speaking of the site plan and the photograph, going by a siteplan filed with the eviction petition, concluded that there was no gate at the rear of the store as claimed by the plaintiff and also refused to consider the photographs produced as evidence on the basis of the Anvar P.V. Vs P.K. Basheer (2014) 10 SCC 473. The trial court also held that the suit was barred by limitation.

During the appeal it was argued that there was a separate entrance to the store on the back of the shop which had been closed by the defendants. The plaintiffs had produced one picture during the Rent Controller proceedings which showed no gate but now produced an earlier photograph which showed the gate as existing prior to the date of the document produced for the eviction petition before the rent controller.

From the above description it is clear that this is a typical case of a rent dispute where the owner is aggrieved because of the low rent etc and the tenant claims rights by possession for over 33 years.

Justice Pratibha M Singh in her judgement has however taken a view that over turned the trial court order and allowed the appeal. In the process the Judgement passes its own interpretation of Section 65B which needs to be questioned. The judgement also ignores several other established principles which together with the ruling on Section 65B indicates that the judgement is perhaps flawed on more than one ground. We shall however restrict ourselves to the discussion on Section 65B.

The judgement makes the following statements.

“..these photographs are disputed by the Defendant on the ground that these photographs are digital photographs and were not proved in accordance with law. The Trial Court has held that the photographs having not been proved as per the dictum of the Supreme Court in Anvar vs Basheer (supra), cannot be taken in evidence. The said objection is not tenable inasmuch as the objection raised is that the negatives in respect of these photographs have not been placed on record. It is a matter of which judicial notice ought to be taken that digital photographs no longer have negatives, as in olden times. PW-1 has clearly stated in his affidavit that the photographs were taken on a digital camera. The relevant portion of his affidavit is set out below: –

“The photographs taken on digital camera showing small gate in the back wall of the
small store are Ex.PW-1/9 (colly).”

(Ed: Colly is the short form for the word collectively. It denotes that there are more than one document in the particular annexure.)

“In his cross-examination, this evidence is not impeached. He asserts in his cross-examination is as under

“The photographs Ex.PWl/9 (colly) were taken by me and got the said photographs developed from one shop at Kalka Ji but I do not remember the name of the said shop. I do not remember as to how many photographs are developed by me from the said shop at that time. I might have obtained cash memo for developing of the photographs from the said shop. I do not remember the amount paid by me for developing charges. It is wrong to suggest that Ex.PWl/9 (colly) are manipulated and are not of the property in dispute.”

He asserted that the photographs were taken by him personally and he got them developed. The Defendant has tried to confuse the issue by relying upon PW-1’s cross-examination in respect of Shop No.2 for which PW-1 stated that there was no gate between the store shown in black colour and Shop No.2. This is not to be confused with the shop in issue which is Shop No.1 and the store behind it, which is the suit property. The Defendant did not produce any photographs to show that the position on the spot is different than what is shown in Exhibit PW-1/9 (colly).

In his  cross examination, DW-1 merely denies the existence of the door/gate as shown in Exhibit PW-1/9 (colly).

Insofar as proving of the photographs under Section 65B of the Indian Evidence Act (hereinafter, Evidence Act) is concerned, when photographs are taken digitally and the person taking the photographs himself has deposed in the Court, his statement that he got the photographs developed himself is sufficient and satisfy the requirements of Section 65B of the Evidence Act.

Section 65B of the Evidence Act is not to be applied mechanically. A digital photograph which is proved constitutes electronic evidence, which is admissible. The Defendant has not filed any other photographs to show or establish that the position on spot is different from what is depicted.

Recently in Shafhi Mohammad v. State of Himachal Pradesh (2018) 2 SCC 801 the Supreme Court held as under:

“29. The applicability of procedural requirement under Section 65-B(4) of the Evidence Act of furnishing certificate is to be applied only when such electronic evidence is produced by a person who is in a position to produce such certificate being in control of the said device and not of the opposite party. In a case where electronic evidence is produced by a party who is not in possession of a device, applicability of Sections 63 and 65 of the Evidence Act cannot be held to be excluded.

In such case, procedure under the said sections can certainly be invoked. If this is not so permitted, it will be denial of justice to the person who is in possession of authentic evidence/witness but on account of manner of proving, such document is kept out of consideration by the court in the absence of certificate under Section 65-B(4) of the Evidence Act, which party producing cannot possibly secure. Thus, requirement of certificate is not always mandatory.

30. Accordingly, we clarify the legal position on the subject on the admissibility of the electronic evidence, especially by a party who is not in possession of device from which the document is produced.

Such party cannot be required to produce certificate under Section 65-B(4) of the Evidence Act. The applicability of requirement of certificate being procedural can be  relaxed by the court wherever interest of justice so justifies.” 

The Plaintiffs having deposed that he took the photographs himself, got them developed and filed them in the Court, the non-filing of negatives cannot be a ground to reject them, especially since they are digital photographs. Thus, in the facts of the present case, the photographs are taken to be proved in accordance with law.

The above conclusion arrived in the judgement reflects an arbitrary interpretation of the law and deserves to be challenged.

The judgement records that in the case of digital documents, there is no “negatives” but accepts the contention of the witness that he himself “Developed” the photographs. The photographer in this case is the plaintiff himself and had a vested interest and hence the possibility of manipulation should be presumed.

Hence this is a case where the procedures of Section 65B(4) should have been strictly interpreted and there was no scope for relaxation except giving a room for speculation that the judgement is not based on facts and principles of justice.

In order to justify the upholding of the appeal and accept the digital evidence produced by a party with vested interest, the Court has taken refuge under the Shafhi Mohammad judgement  which itself was a faulty judgement in which a two member bench over ruled an earlier three member judgement using an SLP as an excuse.

The witness claims to have taken the pictures himself and also “Developed” it himself. Even according to the Shafhi Mohammad judgement, he should have then produced the original camera and the storage device inside the camera. The Judge seems to have not raised this requirement. Then the witness says that he does not remember where it was developed etc and prevented further evidence to be presented.

Assuming that the digital photographs were processed into a printed photograph as it appears to be the case in this process, the digital process involves conversion of the digital file into a “negative” and then printing the “negative” into a positive. If this was the process used, then there should be a negative.

If the digital file was directly fed into a printer and printed out on an inkjet type of printer, then it is a digital printing process and the photograph is a “Computer Output” as per Section 65B of Indian Evidence Act 1872 and by virtue of Section 65A of the Act, can be accepted only on the production of a section 65B certificate by the person who converted the digital bytes into a “Computer Output” in the form of a photo.

The judgement is therefore completely arbitrary and fallacious.

It appears that in trying to find justice to what could be a rental dispute  the High Court where the evidence seemed to be heavily loaded against the appellant, the High Court has over stepped its limits and passed an order justifying the presentation of digital evidence against the provisions of the law and the rule laid down by the Supreme Court in the P. V.Anvar Vs P.K. Basheer case.

As long as such judgements can be brought out of our Courts, the justification for strict compliance of Section 65B(4) actually increases.

I hope this verdict is over turned quickly in a further appeal.

Naavi

Posted in Cyber Law | Tagged , , , | Leave a comment

Here is the identity of the suspected fraud agent. No more excuses for the Police to ignore

Posted on August 13, 2018 by Vijayashankar Na

This is in continuation of my two earlier articles titled

“A Suspected fraud in the names of Dr Jitendra Singh and the President of India… Who Cares?” and

“Here is the Proof of Fraud. Will it still be ignored?”.

I had already indicated a Delhi address in the document revealed in the previous article.  Now I place before the public another document that exposes some names in Chennai as people who are involved in the chain of this scam representing a suspected fraud to impersonate the President of India, Union Minister Dr Jitendra Singh as well as former Chief Justice of India Mr R.M Lodha .

The offence also involves possibly five forgeries, which includes the signatures of the above impersonated persons and that of Nilam Sawhney, Secretary of the office of CVC and a Trade Mark officer, Mr O.P.Gupta of Mumbai Trademark office.

It is now time for Chennai Police to act and continue this investigation.

I request Ms S.P. Lavanya in charge of the Cyber Crime Cell to take up the investigation suo moto and bring the culprits to justice. 

There are two addresses in Chennai viz., No 44A, 18th Avenue, Ashok Nagar, Chennai 600083 as well as No 34, swathi complex, 2nd floor, Venkata Narayana Road, Nandanam, Chennai 600035.

There is a “Registration Number” in the letterhead (shown in the previous article) which could be a registration of a society under the Tamil Nadu Societies Registration Act which also can provide some lead just like the Trademark registration number mentioned in the previous article which has confirmed the fraud.

There is a suspected forged e-mail sent in the name of R.M. Lodha and  an IP address to follow which may even provide a mobile identity of the forger if investigated.

But in view of the address and landline number itself being available in the enclosed document, the IP address may not be required except to prove that the e-mail address of R M Lodha is being operated from a Chennai IP address and constitutes another proof of impersonation through a fraudulent G mail address registered in the name of rmlodha.justice@gmail.com

I do recognize that the persons indicated in the enclosed document may themselves be not fully aware of the root of the scam and can turn out to be the proverbial “Mules” themselves. But investigating through them may be required to find out the central conspirators.

I request these persons whose names are visible in the document not to panic and if they are innocent, they should themselves approach the Police and initiate investigation to absolve themselves and help the authorities to  find the real culprits. They should preserve whatever evidence they presently have with them to assist the Police.

Chennai Police has to their credit the first Cyber Crime conviction in India (Suhas Katti case) and further many more successes in the Credit Card fraud cases. Now here is an opportunity to bust a major National racket. I wish they take up this challenge and continue the investigation to the logical end.

If properly pursued, we donot know what surprises may be in store. This may reveal lot more than an attempted advance fee fraud and bust a national cyber crime syndicate.

The question is,

“Are We Serious in nipping the Cyber Crimes in the bud?” or

“Are we happy in letting it grow into a major scam in which several innocent persons lose their money before we start investigating?

Chennai Police have to make the choice.

Naavi

Posted in Cyber Law | Tagged , , , , , , , | 2 Comments