Search and Seizure of Electronic Devices: Accused cannot be compelled to give password of an electronic device during investigation proceedings.
We live in an era in which, almost every investigation matter has an electronic component involved, and be it a computer or mobile phones or even a small SD Card. Mobile phones, laptops, computers can be used for storing vital information and can further be helpful for investigating agencies to unveil the issue(s) under consideration.
Article 20(3) of the Indian Constitution prohibits that no accused can be forced to give evidence or to become a witness against himself. This right is sometimes described as anachronism and sometimes it has been criticized for making the assumptions. But considering the intent of the framers of the constitution and the interpretation of the judiciary it can be rightly said that rights given to the accused opposing self-incrimination are important to the Indian context as ‘Fruit of the poisoned tree’ doctrine doesn’t apply in India discussed herein under.
A Special Central Bureau of Investigation (CBI) Court in Delhi recently held that an accused cannot be compelled to provide the password of his electronic device to the investigating agency in view of the protection guaranteed by Article 20(3) of the Constitution [in CBI v. Mahesh Kumar Sharma & Ors dated 29.10.2022].
However the judgement clarified that the investigating officer was within their right to access such data with the help of experts.
Dismissing the plea of the CBI seeking the relevant information, the order highlighted,
“Accused cannot be compelled to give such information and in this regard he is protected by Article 20(3) of the Constitution of India as well as Section 161(2) of the Code of Criminal Procedure (CrPC). However, the IO is within his right to access the data of the computer system and its soft-wares which were seized from the accused with the help of specialised agency or person at the risk of accused for loss of data, if any.”
Article 20(3) of the Constitution provides that no person accused of any offence shall be compelled to be a witness against himself, whereas Section 161 (2) of CrPC reads,
“Such person (an accused or a witness) shall be bound to answer truly all questions, other than questions the answers to which would have a tendency to expose him to a criminal charge or to a penalty or forfeiture.”
The “interesting question” the Court was dealing with was on the power of the investigating agency to seek the password of the computer system seized from the accused along with password of the accounting software he had used on it.
While the CBI did not mention any specific provision of the CrPC under which it was seeking the password from the accused, the Court said that the settled proposition of law was that in the absence of any specific provision of law or even when a wrong provision of law was cited, such plea ought not to be rejected straight away.
In its opinion, the CBI plea was to be treated under Sections 102 (power of police officer to seize certain property) and 161 (examination of witnesses by police) of CrPC read with Section 91 (summons to produce document or other thing) CrPC or such provisions that relate to “investigation” as given in criminal procedure code.
“However, the said provisions like any other statutory legislation or delegated laws/rules are always subject to Constitutional law especially the Fundamental Rights as given, inter alia, in Article 20(3) of the Constitution of India which gives protection to the persons who are accused of committing criminal offences to maintain silence when they are compelled to give self-incriminating testimony,” the Court held.
Giving password comes under “testimonial fact”:-
The Court relied upon several Supreme Court judgments before concluding that such information sought to be disclosed by the accused requires application of mental faculty or memory, which is purely based on personal mental effort or knowledge. Therefore, the required information was in the category of “testimonial fact” as explained in the Supreme Court decision in State of Bombay v. Kathi Kalu Oghad.
In that case, the Supreme Court laid down the test to identify whether information or evidence comes within the category of “testimonial fact”.
Eliciting the password of a computer system from an accused for accessing data was, in the Court’s view, not akin to carrying out a comparison or identification. The court held:
“The fact of first category may be based on oral or written statement of an accused but they can still be compelled for the purpose of identification or comparison with facts and materials which are already in the possession of the investigating agency. The Article 20(3) can be invoked when the statements are likely to lead to incrimination by themselves or “furnish a link in the chain of evidence” needed to do so but not for comparision/identification with other evidence.”
It further held :
“In the case of Narco Analysis/Lie Detection Test, the Hon’ble Supreme Court of India has held that such procedure involves personal knowledge of the accused, therefore, this cannot be done without his consent. Same logic applies to an password which is sought in this case as it also involves import of personal knowledge…
The same will also apply to drawing of a pattern as a security feature on a mobile phone or other electronic device, since the same requires application of mind and personal knowledge.”
Distinction between password and biometrics
The Court said that though the Karnataka High Court in Virendra Khanna v. State of Karnataka held that password and biometrics are one and the same, the recent enactment of the Criminal Procedure (Identification) Act, 2022 called for a different approach to be adopted for password and biometrics of the accused.
Though the legislature did not include the words “password” and/or user ID in the definition of “measurement” or anywhere else in the 2022 Act, powers have been given to the police and the Magistrate to direct an accused to provide his biometrics as mentioned in the definition of “measurement”, the Court noted.
“In other words, said biometrics can be taken from an accused and used for opening of mobile phone/computer system/email/software applications, etc. by the police agency, wherever such need arises for a fair investigation…”
‘Fruit of the poisoned tree’ doctrine doesn’t apply in India
Interestingly, the Court referred to United States law, under which evidence obtained through illegal means cannot be relied in a court of law based on the doctrine of ‘fruit of the poisoned tree’. However, in India, if evidence was obtained by resorting to illegal means or by not following the established procedure of law, the same could still be used in certain circumstances, it pointed out.
“Therefore, there is a risk of the Constitutional Right under Article 20(3) of the Constitution of India being jeopardised if such request of the IO to compel an accused to provide his password is allowed because once his data is accessed/opened by IO and if it reveals something incriminating, it may be read against the accused,” it added.
The court further held that no doubt, a password does not itself constitute a ‘self-incriminating testimony’ against an accused who gives such password, but from practical point of view, the said password alone is not the sole objective of the IO and in fact he wants to use it for the purpose of accessing data which is contained in a computer system or a mobile phone which is/are seized from the accused and, therefore, the said password is to be taken as integral part of the said computer system/mobile phone which is/are not severable from it. While considering the status of such information being incriminating or not, this court cannot consider password alone in isolation.
In the light of aforesaid discussion, the court held that the accused cannot be compelled to give such information and in this regard he is protected by Article 20(3) of the Constitution of India as well as Section 161(2) of Cr.P.C. However, the IO is within his right to access the data of the computer system and its softwares which were seized from the accused with the help of specialized agency or person .
In pursuance to the influential role of technology and proliferation of laptops and the storing up of data in digitized form, amendments are required to the laws inculcating the provisions of digital evidence and its utilization thereof.
[This article has been initially published at Taxmann- Citation 144 taxmann.com 60 (Article) and again re-published only for wider circulation with due permission of the author.]
CA.Mohit Gupta can be reached at firstname.lastname@example.org, 91-9999008009 (A-301, Defence Colony , New Delhi-110024).