Guidelines for search & seizure of Electronic Devices by Police : Karnataka HC Case Law


Guidelines for search & seizure of Electronic Devices by Police: Karnataka HC Case Law

Releasing this Blog on the event on my session for Maharashtra Cyber (MahCyber) police officers :

In the case Virendra Khanna vs. State of Karnataka and others (2021), the high court underlined guidelines to be followed by investigating officers regarding the manner of carrying a search and/or for the preservation of evidence gathered during an investigation that concerns smartphones, electronic equipment, or email accounts.

The court was hearing a case where the investigation involved the search and seizure of an accused mobile phone. In this context, the judgment highlights that there is no specific law regarding the procedure to be followed during an investigation that involves electronic devices.

The judgment concludes that detailed guidelines must be prepared by the police department in relation to the search and seizure of electronic devices. Meanwhile, until such instructions are formulated, the court issued a minimum set of rules to be followed in any such scenario.

The followed guidelines: In the case of a personal computer or a laptop;

1. When carrying out a search of the premises, as regards any electronic equipment, Smartphone, or an e-mail account, the search team is to be accompanied by a qualified Forensic Examiner.

2. At the time of the search, the place where the computer is stored or kept is to be photographed in such a manner that all the connections of wires including power, network, etc. are captured in such photographs.

3. A diagram should be prepared to show the manner in which the computer and/or the laptop is connected.

4. If the computer is powered on and the screen is blank, the mouse could be moved, and as and when the image appears on the screen, the photograph of the screen to be taken.

5. The MAC address also to be identified and secured. In the unlikely event of the Forensic examiner not being available, then unplug the computer, pack the computer and the wires in separate faraday covers after labeling them.

Apart from the above steps regarding the seizure of the computer, laptop, etc., if the said equipment is connected to a network, the following was recommended:

1. To ascertain as to whether the said equipment is connected to any remote storage devices or shared network drives, if so to seize the remote storage devices as also the shared network devices.

2. To seize the wireless access points, routers, modems, and any equipment connected to such access points, routers, modems which may sometimes be hidden.

3. To ascertain if any unsecured wireless network can be accessed from the location. If so, identify the same and secure the unsecured wireless devices since the accused might have used the unsecured wireless devices.

4. To ascertain who is maintaining the network and to identify who is running the network – get all the details relating to the operations of the network and the role of the equipment to be seized from such network manager.

In the case of mobile devices, the following was recommended:

Mobile devices would mean and include smartphones, mobile phones, tablets GPS units, etc.

1. Prevent the device from communicating to the network and/or receiving any wireless communication either through Wi-Fi or mobile data by packing the same in a faraday bag.

2. Keep the device charged throughout, since if the battery drains out, the data available in the volatile memory could be lost.

3. Look for slim slots, remove the sim card so as to prevent any access to the mobile network, pack the sim card separately in a faraday bag.

4. While conducting the search, if the investigating officer seized any electronic storage devices like CD, DVD, Blu-Ray, pen drive, external hard drive, USB thumb drives, solid-state drives, etc., located on the premises, label and pack them separately in a faraday bag.

5. The computers, storage media, laptops, etc. to be kept away from magnets, radio transmitters, police radios, etc. since they could have an adverse impact on the data in the said devices.

6. To carry out a search of the premises to obtain instructions manuals, documentation, etc., as also to ascertain if a password is written down somewhere since many a time person owning equipment would have written the password in a book, writing pad or the like at the said location.

7. The entire process and procedure followed to be documented in writing from the time of the entry of the investigation/search team into the premises until they exit.

Password confiscating procedure :

An investigating officer can issue such directions in the course of an investigation accused to furnish passwords/ passcodes/ biometrics. 

If the accused were to not comply with the officer’s directions, the officer could then apply to the Court seeking issuance of search order. 

The necessity to search a mobile phone or laptop would arise in two circumstances – in an emergency when there is an apprehension that the potential evidence contained on a device may be destroyed, in this scenario, it would be futile to insist on a search warrant, and it would instead be appropriate if the investigating officer recorded his reasons in writing as to why such search was being conducted without a warrant, i.e., objective satisfaction by such officer regarding the emergent nature of the search would have to be recorded in sufficient detail, failing which the search without a warrant would be without jurisdiction.

In the second case in the regular ordinary course of an investigation, it would be essential to procure a search warrant to obtain the requisite passwords. 

Chapter VII of the CrPC which provides for powers to search and seize was relied upon to assert that smartphones can be searched as well. Should an accused person resist a search warrant and/ or a direction to provide a password, an adverse inference can be drawn against him/ her and the investigating officer can proceed to get the device hacked to obtain the information.

Giving Passwords Doesn't amount to self-incrimination:

Karnataka HC also held that evidence that is obtained from a smartphone cannot ipso facto prove the guilt of the accused. Such evidence is on par with other evidence that has to be cumulatively relied on to decide the guilt of an accused. Since evidence obtained from a mobile device cannot ipso facto render an accused person guilty, the HC reasoned that the act of giving passwords cannot amount to self-incrimination.  

Giving passwords does not violate the right to privacy

The Karnataka HC also held that furnishing passwords does not violate the right to privacy, and information that is obtained from the concerned device can be used in the course of the investigation as it falls within the exceptions carved out in Puttaswamy. However, it acknowledged that the investigating officer would have access to a plethora of personal information of the accused, which is to be handled in the same way that evidence in physical forms is handled; and that the investigating officer would be liable for misuse of any personal information or sharing of information with third parties.

General Guidelines :

In all cases, seized equipment to be placed in a dust-free and temperature-controlled environment;

While conducting the search, the investigating officer to seize any electronic storage devices like CD, DVD, Blu-Ray, pen drive, external hard drive, USB thumb drives, solid-state drives, etc, located on the premises, label and pack them separately in a faraday bag;

Computers, storage media, laptops, etc to be kept away from magnets, radio transmitters, police radios, etc since they could have an adverse impact on the data in the said devices;

Carry out a search of the premises to obtain instruction manuals, documentation, etc, as also to ascertain if a password is written down somewhere since many a time the person owning the equipment would have written the password in a book, writing pad or the like at the said location;

The entire process and procedure followed to be documented in writing from the time of the entry of the investigation/ search team into the premises until they exit.

Conclusion :

This decision is likely to open a treasure trove of options for accused persons, especially those implicated in white-collar matters, to point out technical lapses in investigations and seek reliefs on these technical counts. On the other hand, the HC has also made the job easier for investigators to follow a set pattern, which if implemented correctly, can lead to less scope for assailing an investigation. It remains to be seen as to how quickly and to what extent these guidelines are followed in other States where Rules regarding search and seizure of electronic equipment are silent on the subject.


Comments

Popular posts from this blog

Consumer Dispute resolution under the Telecom Act 2023

Types of Cyber Attacks

What to do when police does not take your FIR?