Evidentiary Challenges in Digital Crimes: The Adequacy of India’s Legal Framework Under the Information Technology Act, 2000 and the Bharatiya Sakshya Adhiniyam, 2023 for Electronic Evidence
By Guru Legal
Keywords
digital evidence; electronic evidence; cybercrime; Information Technology Act 2000; Bharatiya Sakshya Adhiniyam 2023; Indian Evidence Act; chain of custody; Section 65B certificate; hacking; identity theft; forensic investigation; admissibility; data integrity
Abstract
Digital crimes encompassing hacking, identity theft, cyberstalking, online fraud, and data breaches present distinctive evidentiary challenges that strain the capacity of traditional legal frameworks. Unlike physical evidence, electronic data is intangible, volatile, easily replicated, and potentially vulnerable to manipulation. This article examines the evidentiary challenges specific to digital crimes under Indian law, analysing the framework provided by the Information Technology Act, 2000 (IT Act), the Indian Evidence Act, 1872 (and its successor, the Bharatiya Sakshya Adhiniyam, 2023 BSA 2023), and the judicial developments concerning the admissibility and reliability of electronic evidence. The article identifies persistent gaps in the legal framework particularly relating to the chain of custody of digital evidence, the Section 65B certificate requirement, and the training of judicial officers and proposes reforms to strengthen the evidentiary basis for digital crime prosecution in India.
I. Introduction
The pervasiveness of digital technology in everyday life has made electronic evidence central to the investigation and prosecution of a wide range of offences not only cybercrime in the narrow sense, but also offences ranging from murder to corruption and terrorism, where digital devices serve as repositories of crucial evidence. India’s criminal justice system has been required to adapt, often imperfectly, to the challenge of collecting, preserving, analysing, and presenting electronic evidence in proceedings designed primarily for physical evidence. The Bharatiya Sakshya Adhiniyam, 2023, which replaced the Indian Evidence Act, 1872 with effect from July 1, 2024, represents the most comprehensive recent legislative effort to update India’s evidence law for the digital age, but significant challenges remain.
II. The Volatility and Integrity of Digital Evidence
The fundamental evidentiary challenge of digital evidence is its volatility and susceptibility to alteration. Electronic data can be deleted, overwritten, or fabricated with a facility that has no equivalent in the physical evidence domain. A hard disk that is powered on begins to overwrite deleted data; a mobile phone connected to a network may receive remote wipe commands; metadata embedded in documents can be modified without trace if inadequate forensic procedures are employed. The chain of custody for electronic evidence the documented sequence of possession, handling, and analysis from seizure to courtroom presentation is therefore of paramount importance and must be established with greater rigour than for physical evidence.
Indian forensic investigation practice has improved significantly, with the establishment of Cyber Forensic Laboratories by state police forces and the Central Forensic Science Laboratory (CFSL), and the development of standard operating procedures for the seizure and examination of digital devices. However, significant variation in capability and practice exists across jurisdictions, and the forensic examination of complex digital systems encrypted storage, cloud-based data, and distributed systems requires specialised expertise that is not uniformly available.
III. The Section 65B Certificate Requirement
Section 65B of the Indian Evidence Act, 1872 (now substantially replicated in the BSA 2023) provides for the admissibility of computer-generated electronic records as documentary evidence, subject to a certificate attesting to the conditions under which the record was produced: that the computer was used regularly to produce or store information of the kind contained in the record, that the information was derived from information regularly fed into the computer, and that the computer was operating properly during the relevant period. The Supreme Court’s evolving jurisprudence on Section 65B through Anvar P.V. v. P.K. Basheer (2014) 10 SCC 473, Shafhi Mohammad v. State of Himachal Pradesh (2018) 2 SCC 801, and Arjun Panditrao Khotkar v. Kailash Kushanrao Gorantyal (2020) 7 SCC 1 has established that the certificate is a mandatory condition for the admissibility of electronic records produced by a computer, and that secondary evidence of such records is not admissible in the absence of the certificate.
The requirement has created practical difficulties in investigations where the investigating agency is unable to obtain a Section 65B certificate for example, where foreign service providers hold the relevant data, where the system administrator of the computer that generated the record is unavailable, or where the investigating officer lacks awareness of the requirement. The BSA 2023 partially addresses these difficulties by expanding the scope of persons who may furnish the certificate, but the fundamental challenge of securing certification for data held by foreign entities remains unresolved.
IV. Prosecution of Specific Digital Offences
The IT Act, 2000 criminalises a range of cyber offences, including unauthorised access (Section 43/66), data theft (Section 43/66B), identity theft (Section 66C), phishing (Section 66D), cyberstalking (Section 66E), publishing obscene material (Section 67), and cyber terrorism (Section 66F). Conviction under these provisions requires the prosecution to establish the digital acts constituting the offence through electronic evidence. The evidentiary requirements vary by offence: in hacking cases, IP address logs, server access records, and intrusion detection system data are typically central; in identity theft cases, phishing website logs and financial transaction records are critical; in cyberstalking cases, social media communications and device activity logs are essential.
In each category of offence, the evidentiary challenges are compounded by the technical complexity of the evidence, the need for expert testimony to explain it to the court, and the requirement that the chain of custody be established from the point of data generation to the point of courtroom presentation. Gaps in any link of this chain may render evidence inadmissible or, at minimum, reduce its probative weight.
V. Reform Proposals
Reform in three areas would significantly strengthen India’s framework for digital crime prosecution. First, the BSA 2023 should be amended to provide a specific, streamlined procedure for obtaining electronic evidence from foreign service providers, including through mutual legal assistance treaties (MLATs) and the negotiation of data access agreements with major technology companies. Second, mandatory training in digital evidence collection and chain of custody procedures should be incorporated into the curriculum of police academies and judicial training institutes. Third, a statutory framework for digital forensic certification should be established, prescribing minimum standards for the accreditation of cyber forensic laboratories and the qualification of digital forensic examiners who provide expert testimony in criminal proceedings.
VI. Conclusion
Digital crimes present evidentiary challenges that are qualitatively distinct from those of physical offences, and that require sustained investment in forensic capability, legal training, and legislative reform. The Bharatiya Sakshya Adhiniyam, 2023 represents a significant step towards modernising India’s evidence law, but it must be complemented by institutional development better-equipped forensic laboratories, better-trained investigators and prosecutors, and clearer judicial guidance on evidentiary standards to ensure that the legal system can keep pace with the evolving landscape of digital crime.
Bibliography
Information Technology Act, 2000 (India).
Bharatiya Sakshya Adhiniyam, 2023 (India).
Indian Evidence Act, 1872 (India).
Anvar P.V. v. P.K. Basheer (2014) 10 SCC 473 (Supreme Court of India).
Arjun Panditrao Khotkar v. Kailash Kushanrao Gorantyal (2020) 7 SCC 1 (Supreme Court of India).
Shafhi Mohammad v. State of Himachal Pradesh (2018) 2 SCC 801 (Supreme Court of India).
