The Karnataka High Court on March 12 observed that the examination of a smartphone or an e-mail account is in the nature of a search being carried out and as such cannot be done without a search warrant. An accused has the right to remain silent to avoid self-incrimination, thus compelling one to give up passwords for their electronic devices would violate this right, the high court observed.
While issuing guidelines that police departments must comply with while gathering evidence from electronic devices, the high court further observed that personal details or data cannot be shared with any third party during the course of investigation without the written permission of the court seized of the matter.
"The responsibility of safeguarding the information or data which could impinge on the privacy of the person will always be that of the investigating officer, if the same is found to have been furnished to any third party the investigation officer would be proceeded against for dereliction of duty or such other delinquency as provided," the bench presided by a single judge observed.
The high court also set aside a trial court order directing an accused to undergo a polygraph test and to furnish the password, passcode or biometrics of his mobile phone/e-mail account.
The high court reiterated the Supreme Court's verdict in the Selvi case which said that a polygraph test cannot be administered without obtaining the consent of the person to whom the polygraph test is to be administered.
"Merely because an accused is silent, neither accepts or rejects the administration of polygraph test would also not amount to consent being provided by the accused. Such a consent has to be categorical without any doubt and be made after being informed and made aware of the implication of the polygraph test and effect thereof," Justice Suraj Govindaraj said in his order.
"It would be in the interest of all the stakeholders that detailed guidelines are prepared by the police department in relation to the same. Pending such formulation, it would be required that the following minimum guidelines are implemented," the judge observed.
Guidelines for search and seizure of personal computers
Qualified forensic examiners are required to accompany investigating officers during searches at premises for any electronic equipment including smartphones, e-mails etc.
A properly authorized and qualified person like a qualified forensic examiner and not an investigating officer will now be permitted to conduct searches of computers for evidence.
At the time of the search, the place where the computer is stored or kept is to be photographed in such a manner that all the connections of wires including power, network, etc. are captured in such photograph/s.
The front and back of the computer and/or the laptop while connected to all the peripherals to be taken.
A diagram should be prepared to show the manner in which the computer and/or the laptop is connected.
If the computer or laptop is in the power-off mode, the same should not be powered on.
If the computer is powered on and the screen is blank, the mouse could be moved and as and when the image appears on the screen, the photograph of the screen to be taken.
If the computer is powered on, the investigating officer should not power off the computer. As far as possible, the investigating officer to secure the services of a computer forensic examiner to download the data available in the volatile memory i.e., RAM since the said data would be lost on the powering down of the computer or laptop.
If the computer is switched on and connected to a network, the investigating officer to secure the services of a forensic examiner to capture the volatile network data like IP address, actual network connections, network logs, etc.,
The MAC address also to be identified and secured. In the unlikely event of the Forensic examiner not being available, then unplug the computer, pack the computer and the wires in separate faraday covers after labelling them.
If the removal of a power cord does not shut down the laptop, then efforts must be made to locate and remove the battery.
If the laptop battery cannot be removed, then shut down the laptop and pack it in a faraday bag so as to block any communication to the said laptop since most of the laptops, nowadays have wireless communication enabled even when the laptop is in standby mode.
Guidelines for the seizure of devices connected to a network
To ascertain as to whether the said equipment is connected to any remote storage devices or shared network drives, if so to seize the remote storage devices as also the shared network devices.
To seize the wireless access points, routers, modems, and any equipment connected to such access points, routers, modems which may sometimes be hidden.
To ascertain if any unsecured wireless network can be accessed from the location. If so identify the same and secure the unsecured wireless devices since the accused might have used the aid unsecured wireless devices.
To ascertain who is maintaining the network and to identify who is running the network - get all the details relating to the operations of the network and role of the equipment to be seized from such network manager.
To obtain from the network manager, network logs of the machine to be searched and/or seized so as to ascertain the access made by the said machine of the network.
Guidelines for search and seizure of Mobile Devices
Mobile devices would mean to include smartphones, mobile phone, tablets GPS units, etc. During the course of seizure of any of the mobile devices, apart from the steps taken in respect of a computer and/or laptop, the following additional steps to be taken:
Prevent the device from communicating to the network and/or receiving any wireless communication either through Wi-Fi or mobile data by packing the same in a faraday bag.
Keep the device charged throughout, since if the battery drains out, the data available in the volatile memory could be lost.
Look for sim slots, remove the sim card so as to prevent any access to the mobile network, pack the sim card separately in a faraday bag.
If the device is in power-off mode, the battery could also be removed and kept separately.
If the device is powered on, then put it on aeroplane mode in android devices or airplane mode in IOS devices.
In all the cases above, the seized equipment should be kept as far as possible in a dust-free environment and temperature controlled.
While conducting the search, the investigating officer seized any electronic storage devices like CD, DVD, Blu-Ray, pen drive, external hard drive, USB thumb drives, solid-state drives etc., located on the premises, label and pack them separately in a faraday bag.
The computers, storage media, laptop, etc. to be kept away from magnets, radio transmitters, police radios etc. since they could have an adverse impact on the data in the said devices.
To carry out a search of the premises to obtain instructions manuals, documentation, etc. as also to ascertain if a password is written down somewhere since many a time person owning equipment would have written the password in a book, writing pad or the like at the said location.
The entire process and procedure followed to be documented in writing from the time of the entry of the investigation/search team into the premises until they exit.