Prosecution By Deception
Gautam Patel
A little over four years ago, on the night of 16-17 May 2008, 14-year-old Aarushi Talwar was found dead in her bedroom at her family’s residence in Noida. A day later, the family servant, Hemraj, was also found dead. Aarushi’s parents, Rajesh and Nupur Talwar, are the main accused. From the start this has been a bewildering case, with the newspapers reporting one inconsistency after another, the trading of allegations on both sides, and the periodic uncovering of yet another bizarre surrounding circumstance. Had this been the stuff of a novel or a movie, people would have found it less than credible. And yet, in this as in so many other things, life is proving itself stranger than the strangest fiction.
For some weeks now, Avirook Sen has been reporting in the Mumbai Mirror on the trial before the special Central Bureau of Investigation (CBI) court in Ghaziabad. Sen’s reports are first-rate reportage: engaged yet detached, balanced, with startling insights into serpentine path of this trial and with independent cross-checking of the facts.
Last week’s reports by Sen are startling. It seems that in the course of its investigation, the CBI — the investigating agency — created a macabre email address: hemraj.jalvayuvihar@gmail.com; Hemraj was the murdered servant; and Jalvayu Vihar is the house where the murders took place. Sen’s reports, as also those in the Indian Express from a year ago in May 2011, indicate that high-level officers used this email address to communicate with the Talwars on a range of matters. Even the director of the CBI seems to have been copied on some of these emails (though there’s no evidence yet that he responded or used this email id himself). The address was used to send summonses, requests for Rajesh Talwar’s consent to undergo narco-analysis, and more. The principal user of this email address is one A.G.L. Kaul, the investigating officer in this case. Email print outs from this address have been submitted in the trial court and to the Supreme Court too. Faced with this, the CBI is in furious denial; but lying to cover a lie is never a very bright idea, and is very like using one credit card to pay off the bill on another. Sooner or later, it catches up with you. So, for instance, when CBI’s Chief Information Officer claimed that this address was used only during the investigation — something that raises more questions than it answers — this, too, was found to be untrue. The address was used as recently as May this year. And the CBI also used this address to write to others, including defence counsel and the accused’s friends, and even implemented court directives with it.
To describe this conduct as disturbing is to put it mildly. It is downright dangerous, certainly dubious and calls into question the CBI’s motives and intentions, especially given that the CBI, like every arm of the government, has official email addresses. The implications of permitting this conduct are serious. A non-official email id has been created and used to introduce material into the record of a court trying a criminal case. Does this contaminate the entire evidence pool? Does it jeopardize the integrity of the judicial record? The CBI once actually denied ever creating or using this address, but that, as Sen points out, was because the news report of a year ago in the Indian Express contained a typographical error in the email (hemraj.jalvauvihar.com@gmail.com), thus providing the CBI with a facile, but less than honest, denial.
Why should any government agency be allowed to communicate with anyone using a non-official address? Imagine what might happen if, say, the Enforcement Directorate or Income Tax starting sending us emails from unverifiable gmail or hotmail addresses. How would we even know if these emails were authentic, spam or some new form of digital trickery? Have agencies like the revenue services ever communicated with anyone in this manner? Has the CBI itself ever created or used non-official addresses in any investigation previously? If it has not, then why is it doing so now? And what is to be made of its many denials?
The law on evidence and information technology should help us in such situations. Neither does. Technically, a print out of an email is no evidence at all; the Evidence Act requires all kinds of strange things to be done before any such print out can be received in evidence.1 From an operational perspective that may be merely tiresome, but the thinking behind it is sound: emails are, by their nature, fungible and malleable; email print outs even more so. All you need is decent word processing software. Therefore, to rely on emails as proof of anything — despatch, delivery, truth of contents — is unsafe for any record. I could, for instance, in a matter of 10 or 15 minutes drum up an email apparently from the Central Government offering to sell Rashtrapati Bhavan to a Mumbai developer. This couldn’t possibly be evidence; and yet, if the CBI’s actions are to be permitted, there’s nothing to stop this.
Introducing emails reliably into evidence requires a special set of circumstances: laws that require the retention of email traffic logs by service providers (none in India keep these beyond a few weeks; VSNL for a few months); the compulsory retention by corporates and government of all emails on their servers; penalties for destruction of these digital records; and strict, yet practical, rules for authenticating print-outs. A print out of an email should, for instance, be required to have its extended headers — all that technical gobbledy-gook that is kept hidden for better legibility — because without these it is impossible to know if an email ever even existed; and to verify these headers, one would need the server and ISP logs. If these conditions are absent, no court has a legitimate or reliable way to determine the authenticity of digital material sought to be introduced into evidence. In the Aarushi case, it is unclear how the trial court can now be expected to sift through the material and determine what is or is not genuine.
We also need to take a closer look at our evidentiary laws and the ways our courts view — still with needless suspicion — at digital records and new technologies in forensics. In America, for instance, “forensic linguistics” is a field that has been used at least since 1979 with some success, most notably in catching the Unabomber in 1996 when an analysis of his anonymous writings helped to identify him. This science analyses patterns in writing and language, as these patterns hold important clues to individual personalities. How we punctuate, the words we use, the way we construct sentences are all reflections of unique, identifiable personas and predilections. In India, any such evidence into a criminal trial could only be a nightmare. You would first have to establish, as a matter of fact, that any such field exists and is valid and recognised: you’d need, in short, evidence of the evidence. This needs to change, and it needs to change now.
The private sector is altogether more careful about these matters. Many large corporates have self-imposed restrictions on the use of their corporate email addresses (no subscriptions to Facebook, YouTube or pornography sites, for instance). They understand a simple principle: that in an organisation of substantial size, there will always be someone who tries to use an official email id for personal purposes. Therefore, an enterprise-wide restriction serves as both a discipline and a check on abuse. There is no reason this should not apply to government, too, especially agencies involved in investigations and criminal trials.
More than allowing unauthenticated and unofficial material to pass muster as ‘evidence’, this is about allowing an agency that should be bound by certain rules to operate outside those boundaries. Police investigations, for example, are required to be carried out by police officers, appointed by notification in official publications and, often, only by those of a certain rank and above. Suppose an investigating agency decided to use a private player and decided to do this with no prior sanction, approval or notification? A business rival could then be used as an “expert” to dig up dirt on his competitor, and all kinds of other scenarios then become possible, including blackmail and extortion. Limiting agencies to operational rules may seem to some agencies to be an irritant and an inconvenience; but it is a necessary bulwark against abuse. The Aarushi court is, after all, dealing with a criminal matter, an issue of liberty and possibly life itself, and the CBI’s actions in using this fake email address might have the effect of tilting the balance. If the CBI felt it all right to create false email ids, what else did it also do?
Imprinted on the wall of every courtroom behind the judges’ Bench is the legend Satyameva Jayate: The truth alone shall prevail. And litigants are supposed to assist courts in this endeavour. Muddying the waters by fudging digital records is a very strange way of going about this. Whose ‘truth’ is it anyway?
A shorter version of this article first appeared in the Mumbai Mirror, Bangalore Mirror, the Ahmedabad Mirror and in the Pune Mirror on Friday, 17 August 2012.
-
Good luck with this amendment to the Evidence Act by the Information Technology Act, introducing S.65B:
Admissibility of electronic records.
65B. (1) Notwithstanding anything contained in this Act, any information contained in an electronic record which is printed on a paper, stored, recorded or copied in optical or magnetic media produced by a computer (hereinafter referred to as the computer output) shall be deemed to be also a document, if the conditions mentioned in this section are satisfied in relation to the information and computer in question and shall be admissible in any proceedings, without further proof or production of the original, as evidence of any contents of the original or of any fact stated therein of which direct evidence would be admissible.
(2) The conditions referred to in sub-section (1) in respect of a computer output shall be the following, namely:—
(a) the computer output containing the information was produced by the computer during the period over which the computer was used regularly to store or process information for the purposes of any activities regularly carried on over that period by the person having lawful control over the use of the computer;
(b) during the said period, information of the kind contained in the electronic record or of the kind from which the information so contained is derived was regularly fed into the computer in the ordinary course of the said activities;
(c) throughout the material part of the said period, the computer was operating properly or, if not, then in respect of any period in which it was not operating properly or was out of operation during that part of the period, was not such as to affect the electronic record or the accuracy of its contents; and
(d) the information contained in the electronic record reproduces or is derived from such information fed into the computer in the ordinary course of the said activities.
(3) Where over any period, the function of storing or processing information for the purposes of any activities regularly carried on over that period as mentioned in clause (a) of sub-section (2) was regularly performed by computers, whether—
(a) by a combination of computers operating over that period; or
(b) by different computers operating in succession over that period; or
(c) by different combinations of computers operating in succession over that period; or
(d) in any other manner involving the successive operation over that period, in whatever order, of one or more computers and one or more combinations of computers, all the computers used for that purpose during that period shall be treated for the purposes of this section as constituting a single computer; and references in this section to a computer shall be construed accordingly.
(4) In any proceedings where it is desired to give a statement in evidence by virtue of this section, a certificate doing any of the following things, that is to say,—
(a) identifying the electronic record containing the statement and describing the manner in which it was produced;
(b) giving such particulars of any device involved in the production of that electronic record as may be appropriate for the purpose of showing that the electronic record was produced by a computer;
(c) dealing with any of the matters to which the conditions mentioned in subsection (2) relate, and purporting to be signed by a person occupying a responsible official position in relation to the operation of the relevant device or the management of the relevant activities (whichever is appropriate) shall be evidence of any matter stated in the certificate; and for the purposes of this sub-section it shall be sufficient for a matter to be stated to the best of the knowledge and belief of the person stating it.
(5) For the purposes of this section,—
(a) information shall be taken to be supplied to a computer if it is supplied thereto in any appropriate form and whether it is so supplied directly or (with or without human intervention) by means of any appropriate equipment;
(b) whether in the course of activities carried on by any official, information is supplied with a view to its being stored or processed for the purposes of those activities by a computer operated otherwise than in the course of those activities, that information, if duly supplied to that computer, shall be taken to be supplied to it in the course of those activities;
(c) a computer output shall be taken to have been produced by a computer whether it was produced by it directly or (with or without human intervention) by means of any appropriate equipment.
Explanation.—For the purposes of this section any reference to information being derived from other information shall be a reference to its being derived therefrom by calculation, comparison or any other process.