CERT-IN's Cyber Security Breach Reporting: An Update

The Indian Computer Emergency Response Team (CERT-In) was constituted in 2004 under section 70B of the Information Technology Act, 2000. It is the national nodal agency that responds to cyber security threats within the country and is under the Ministry of Electronics and Information Technology, Government of India. Recently, CERT-In released a direction [1] relating to information security practices, procedures, prevention, response and reporting of cyber security threats.

Key Features of the Cyber Security Breach Reporting Directions 

 

Mandatory Reporting

The direction mandates all service providers, government organisations, data centres, intermediaries and body corporates to mandatorily report within 6 hours of noticing or being brought to notice of any cyber incident. Rule 12(1)(a) of the Information Technology (The Indian Computer Emergency Response Team and Manner of Performing Functions and Duties) Rules, 2013 provides for a list of cyber security incidents that needed to be reported mandatorily by these entities mentioned above. The rules had previously listed 10 different types of cyber security incidents which need to be mandatorily reported. Apart from these 10 types, the new direction has also categorised data breaches, data leaks, attacks on IoT, and payment systems, fake mobile apps, unauthorised access to social media accounts and attacks or suspicious activities affecting software/servers/systems/apps relating to big data, blockchain, virtual assets, 3Dand 4D printing, drones as cyber security incidents which should be mandatorily reported. 

 

 

Point of Contact

All service providers, intermediaries, data centres, body corporates and Government organisations shall appoint a point of contact within their organisation, who shall ensure effective coordination with the CERT-In. The name and other details of the point of contact shall be sent to CERT-In and the entity should also ensure that it is updated every now and then when there is a change.

 

 

Log Retention and Data Localisation Requirement

The direction mandates all entities mentioned in the direction to mandatorily maintain and secure logs of their ICT systems for a period of 180 days. All such logs should be stored within the jurisdiction of the country and the same should be handed over to the CERT-In in the event of a cyber security incident or any order or direction from CERT-In.

 

 

Registration of Information

The direction has mandated data centres, Virtual Private Server (VPS) providers, Cloud Service providers and Virtual Private Network Service (VPN Service) providers to register certain information with CERT-In. All these entities are required to maintain such information for a period of 5 years or longer duration as mandated by law, even after the cancellation or expiration of the registration. The following information is required to be registered with CERT-In:

  • Validated names of subscribers/customers hiring the services.
  • Period of hire, including dates.
  • IPs allotted to/being used by the members.
  • Email address and IP address and time stamp used at the time of registration/on-boarding.
  • The purpose of hiring services.
  • Validated address and contact numbers.
  • Ownership pattern of the subscribers/customers hiring services.

 

KYC Requirement

This decade has witnessed the rise of cryptocurrencies across the globe and most countries, including India, still lack a dedicated framework to regulate this space. These new directions from CERT-In intend to regulate and streamline some aspects of this exponentially expanding sector. The directions mandate that virtual asset service providers, virtual asset exchange providers and custodian wallet providers to obtain KYC information from their customers. Further, these entities are also obligated to record all their financial transactions for a period of 5 years. Entities are also directed to maintain information about the IP addresses along with timestamps and time zones, transaction ID, the public keys, addresses or accounts involved, the nature and date of the transaction, and the amount transferred. 

 

 

Integration into ICT System

The direction calls on data centres, body corporates and government organisations to connect to the Network Time Protocol (NTP) Server of the National Informatics Centre (NIC) or the National Physical Laboratory (NPL) for synchronisation into the ICT system. Moreover, where ICT infrastructure of the entities are scattered in multiple locations, the entities are free to use accurate and standard time sources other than NPL and NIC.

 

Non-compliance

In the event that the above-mentioned entities fail to adhere or comply with these directions issued by CERT-In, they shall be punishable with imprisonment for a term which may extend to one year or with a fine which may extend to one lakh rupees or with both under subsection (7) of section 70B of the IT Act, 2000.

 

Conclusion

These new directions issued by CERT-In have acknowledged the concerns of end-users, who were kept in the dark regarding their data and the process undertaken by a corporate body in the event of a data breach or leak. The directions have also touched upon the latest technological developments like cloud services, virtual assets, and online payments, which are yet to be completely regulated by the government. When compared with the CERT rules 2013, the new directions have an expanded scope and applicability as well as a significantly increased compliance bracket for entities.

The European Union enacted the EU Directive on Security of Networks and Information Systems (called the NIS Directive), which supervises the cyber security of European markets. Unlike the present directive, the scope and applicability of the NIS directive are much larger. Certain critical sectors such as energy, transport, water, health, digital infrastructure, finance, and digital service providers such as online marketplaces, cloud and online search engines are all required to comply with these directives.

CERT-In has provided the entities with a 60-day window to comply with the directions. The increased compliance requirements and the added cost that comes along with such compliance will make smaller entities anxious. Hence, the effectiveness of these directions can only be judged with the passage of time. Significant concern can also be placed on the fact that these new directions will merely add to the compliance burden rather than improve the cyber security environment of the country.

References:

[1] https://www.cert-in.org.in/Directions70B.jsp

Image Credits: Image by Pete Linforth from Pixabay

These new directions issued by CERT-In have acknowledged the concerns of end-users, who were kept in the dark regarding their data and the process undertaken by a body corporate in the event of a data breach or leak. The directions have also touched upon the latest technological developments like cloud services, virtual assets, and online payments, which are yet to be completely regulated by the government. When compared to the CERT rules 2013, the new directions have an expanded scope and applicability and a significantly increased compliance bracket for entities.

Related Posts

POST A COMMENT

Cryptocurrency and Money Laundering: Deciphering the Why and the How

The financial sector continues to revel in the advancement of disruptive technological innovations. Due to the attractive rates and fees, ease of access and account setup, variety of innovative products and services, and improved service quality and product features, financial technology is attracting more customers and investors today.[1] Despite the numerous advantages of these sectoral transformations, it is impossible to deny that the digitization and ease with which the internet has enabled all of us to function effectively in our day-to-day work has also created a space for virtual crimes.

Amidst the pioneering fintech revolution, cryptocurrency has emerged as a modern financial technology that can be used to easily launder money. Despite rapid market fluctuations and an uncertain legal status, cryptocurrency continues to captivate Indian investors, who are undeterred and unbothered by the associated risks of cyber fraud.

This article will explore how the crypto market nurtures a convenient and fertile ground for money laundering activities.

 

Cryptocurrency and India

 

The Indian regulatory market has had a hot and cold relationship with cryptocurrency over the years. The RBI, vide Circular DBR.No.BP.BC.104/08.13.102/2017-18 dated April 06, 2018[2], restricted all crypto transactions. However, in 2020, the Supreme Court effectively struck down the ban. As a result, the RBI stated in Circular DOR. AML.REC 18/14.01.001/2021-22 that banks and financial institutions cannot cite the aforementioned circular to warn their customers against dealing in Virtual Currencies. However, it did state that, “Banks, as well as other entities addressed above, may, however, continue to carry out customer due diligence processes in line with regulations governing standards for Know Your Customer (KYC), Anti-Money Laundering (AML), Combating Financing of Terrorism (CFT) and obligations of regulated entities under the Prevention of Money Laundering Act (PMLA), 2002, in addition to ensuring compliance with relevant provisions under the Foreign Exchange Management Act (FEMA) for overseas remittances.”[3]

At present, while the talks of implementing comprehensive legislation governing cryptocurrencies have fizzled out, the Union Budget 2022 brought digital currencies under the tax net. As of 2022, the crypto asset market in India stands at an approximated evaluation of 45,000 Crores and 15 million investors[4].

However, it is pertinent to note that it is transactions, not investments, in the digital currency that pose an issue. In India, the Enforcement Directorate discovered over 4,000 crores of such illegal cryptocurrency transactions in 2021. As per the 2022 Crypto Crime Report by blockchain data firm Chainalysis[5], cybercriminals laundered $8.6 billion worth of cryptocurrency in 2021, $6.6 billion in 2020 and $10.9 billion in 2019. Furthermore, the study discovered that at the moment, darknet market sales or ransomware attack profits are virtually derived in cryptocurrency rather than fiat currency, thus significantly contributing to the data. 

Money laundering, terror financing, drug dealing, and other criminal activities are all done using cryptocurrency transactions. Although these transactions are recorded on a blockchain and are traceable, criminals use mixers and tumblers to make it difficult for a third party to track them.

 

The Laundering Mechanism

                           

                                    Eurospider Information Technology AG, “Mixers Tumbler Example,” fig.

For clarity, refer to the above image. Using the OHNE mixer, A sends 20 bitcoins to B, U sends 15 bitcoins to V, and X sends 5 bitcoins to Y. These are single-layer transactions that are simple to trace and identify.

The transaction takes place in a different way in the second image, where the MIT mixer is used. For the sake of brevity, let us consider a single layer of mixer being used. In real life, the number of mixers used is in the thousands. Here, A sends 20 bitcoins to M1, U sends 15 bitcoins to M2 and X sends 5 bitcoins to M3. In the next stage, B receives 20 bitcoins from M2, V receives 15 bitcoins from M1, and Y receives 5 bitcoins from M1. The difference we must notice is that B, V, and Y are receiving the same number of bitcoins as in picture one, but not from A, U and X, respectively. Because there is no information about A sending bitcoins to B, U sending bitcoins to V, or X sending bitcoins to Y, these transactions are not single-layered and are impossible to trace. Hence, making the transaction anonymous.

Criminals use a similar method to send money using cryptocurrencies. Consider the following scenario to gain a better understanding: A, B, C, and Z are cryptocurrency users who keep their coins in their digital wallets. They use the same mixing service to make transactions. A, B, and C are law-abiding citizens, while Z is a criminal involved in drug trafficking. A has to pay X a certain amount of money. X is paid, but the bitcoins he received were deposited by Z, a drug trafficker. When X received the payment, he had no idea that the bitcoins he had were dirty bitcoins and had been used for illegal activities. This is a straightforward explanation of how dirty bitcoins are making their way through the market, paving the way for money laundering. 

 

What can be done?

 

The International Monetary Fund (IMF) has released a report titled “Global Financial Stability Report”[6] which discusses the following details about how cryptocurrencies should be regulated, considering their increasing market capitalization and the growing exposure of banking and financial systems to crypto assets:

  1. Implementation of global standards applicable to crypto-assets should be the key focus area of national policies.
  2. Regulators should identify and control the associated risks of crypto assets, specifically in areas of systemic importance.
  3. Coordination among national regulators is key for effective enforcement and fewer instances of regulatory arbitrage.
  4. Data gaps and monitoring of the crypto ecosystem for better policy decisions should be prioritised by the regulators.

The report also discusses how stablecoins and decentralized finance pose a significant risk to the crypto market and the overall economy if they are not properly regulated and supervised by issuers.

  1. Regulations should be proportionate to the risk and in line with those of global stablecoins.
  2. Coordination is a must, to implement requisite recommendations in the areas of acute risks, enhanced disclosure, independent audit of reserves, and fit and proper rules for network administrators and issuers.

The report also discusses the importance of managing macro-financial risks through:

  1. Enactment of de-dollarization policies, including enhancing monetary policy credibility.
  2. Formulating a sound fiscal position with effective legal and regulatory measures and implementing central bank digital currencies
  3. Reconsidering Capital Flow Restrictions with respect to their effectiveness, supervision, and enforcement

However, according to the report, cryptoization would make finance more cost-effective, quick, and accessible.

There is also an intergovernmental organisation known as the Financial Action Task Force, which is constantly updating its recommendations to maintain legal, regulatory, and operational methods for combating money laundering, terrorism financing, proliferation, and other threats to the integrity of the international financial system. The Financial Action Task Force (FATF) recently released a compliance framework recommending that all anti-money laundering rules that traditional financial systems follow be applied to stable coins, cryptocurrency, and virtual asset service providers. Even though identifying the source of such funds and keeping track of who is the beneficiary of such funds is difficult, countries are still being encouraged to develop provisions that provide for due diligence, record keeping, and the reporting of suspicious transactions.[7]

 

The Legislative Way Forward for India

 

At present, there is no comprehensive legislative framework to govern fintech advancements encompassing blockchain and cryptocurrencies. At best, the present regulatory framework is a patchy, cross-networked arrangement that demands careful deliberations in alignment with the evolving technological innovations in the sector.

The Information Technology Act, 2000:

While the legislation successfully addresses issues like identity theft, hacking, and ransomware and provides a means to tackle the issue of extraterritorial jurisdiction, it is safe to conclude that the serpentine considerations of blockchain cannot be comprehended and addressed by the Act.

The Prevention of Money Laundering Act, 2002 and the Prevention of Money Laundering Rules, 2005

The offences listed in Parts A, B and C of the PMLA Schedule attract the penalties enumerated under the Act.

Part A categorises offences under: Indian Penal Code, Narcotics Drugs and Psychotropic Substances Act, Prevention of Corruption Act, Antiquities and Art Treasures Act, Copyright Act, Trademark Act, Wildlife Protection Act, and Information Technology Act.

Part B enlists offences under Part A with a valuation of Rs 1 crore or more.

Part C exclusively deals with trans-border crimes.

Recently, the Enforcement Directorate attached proceeds of crimes amounting to Rs 135 crores in 7 cases in which the usage of cryptocurrency for money laundering activities was flagged by the authorities.[8]

However, it is pertinent to note that the offences recognised under the respective parts of the schedule only comprise the offences under the current framework of legislation, which is at present not equipped to regulate any segment of cryptocurrency transactions and digital currency operations in the country. 

Foreign Exchange Management Act, 1999

Even though the Act specifies procedures to conduct cross-border and foreign exchange transactions, it fails to identify the role of technology as an instrumental enabler of such transactions at present. However, it is interesting to note that it empowers the RBI to establish a regulatory framework to address the same.

The Payment and Settlement Systems Act, 2007

The PSS Act was enacted with the objective of establishing a regulatory framework for banks and ancillary financial institutions, designating RBI as the nodal authority. Section 4 of the Act states that no payment system shall operate in India without the prior due authorization of the RBI.

Apart from the above-mentioned legislation, regulators like SEBI, Ministry of Electronics and Information Technology (MeitY), Insurance Regulatory and Development Authority of India (IRDAI), and Ministry of Corporate Affairs (MCA) have also undertaken initiatives to implement specialised guidelines. While these regulations deal with the contemporary issues of payments, digital lending and global remittances, none of them has managed to find a concrete ground for effectively supervising and regulating cryptocurrency transactions backed by blockchain in the current volatile ecosystem.

At present, key industry regulators and stakeholders should collaborate to understand the novelty, process and extent of the present disruptive fintech trends. Furthermore, initiatives should be taken to ensure transparency of such transactions, establish secure authentication transactions for the exchanges and tighten the legislative noose on cyber security systems in the country. Additionally, establishing a centralised statutory body and local self-regulatory bodies across the sovereign, and implementing an extensive centralised framework is also imperative. The current scheme of criminal activities in virtual space transcends geographical boundaries, hence it is crucial for global policymakers to implement mechanisms to ensure coordination and collaboration by institutionalising inter-governmental bodies.

References: 

[1] ‘The Current Landscape Of The Fintech Industry – Fintech Crimes’ (Fintech Crimes, 2022) <https://fintechcrimes.com/the-landscape-of-fintech-in-year-2020/> accessed 9 February 2022.

[2] https://www.rbi.org.in/scripts/FS_Notification.aspx?Id=11243&fn=2&Mode=0

[3] https://rbi.org.in/Scripts/NotificationUser.aspx?Id=12103

[4] https://timesofindia.indiatimes.com/business/india-business/union-budget-2022-no-crypto-bill-listed-this-budget-session/articleshow/89265038.cms

[5] https://go.chainalysis.com/rs/503-FAP-074/images/Crypto-Crime-Report-2022.pdf

[6] ‘Global Financial Stability Report’ (2021) <https://www.imf.org/en/Publications/GFSR/Issues/2021/10/12/global-financial-stability-report-october-2021> accessed 11 February 2022.

[7] ‘VIRTUAL ASSETS AND VIRTUAL ASSET SERVICE PROVIDERS’ (2021) <https://www.fatf-gafi.org/media/fatf/documents/recommendations/Updated-Guidance-VA-VASP.pdf> accessed 11 February 2022.

[8] https://economictimes.indiatimes.com/news/india/ed-investigating-7-cases-of-cryptocurrency-usage-in-money-laundering-attaches-rs-135-crore/articleshow/90200012.cms

 

Image Credits: Photo by Bermix Studio on Unsplash

At present, key industry regulators and stakeholders should collaborate to understand the novelty, process and extent of the present disruptive fintech trends. Further, initiatives should be undertaken to ensure transparency of such transactions, establish secure authentication transactions of the exchanges and tighten the legislative noose on cyber security systems in the country.

Related Posts

POST A COMMENT

The Admissibility of Electronic Evidence

  • 16 October , 2020
  • Anand Sagar S

With constant technological innovation and dynamic transformation of related laws happening worldwide, the jurisprudence regarding reliance on evidence in electronic form is also evolving. Judges these days have demonstrated considerable perceptiveness towards the intrinsic ‘electronic’ nature of evidence, which includes insight regarding the admissibility of such evidence, and the interpretation of the law in relation to the manner in which electronic evidence can be brought and filed before the court.

The term   record has been defined under Section 2(t) of the Information Technology (IT) Act as under:

data, record or data generated, image or sound stored, received or sent in an electronic form or micro-film or computer-generated micro fiche”

Further, Electronic records have also been given an overarching legal recognition through Section 4 of the IT Act which provides that:

“Any law provides that information or any other matter shall be in writing or in the typewritten or printed form, then, notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied if such information or matter is– (a) rendered or made available in an electronic form; and (b) accessible so as to be usable for a subsequent reference.”

Moreover, Section 79A while authorizing the Central Government to notify the Examiner of Electronic Evidence also explains what would be called “electronic form evidence” as under:

“Electronic form evidence means any information of probative value that is either stored or transmitted in electronic form and includes computer evidence, digital audio, digital video, cell phones, digital fax machines.”

In addition, Section 3 of the Indian Evidence Act, 1872 was also amended to include electronic records as documentary evidence and now it reads as follows:

“all document including electronic records produced for the inspection of the Court, such statements are called documentary evidence”

In the case of State (NCT of Delhi) vs. Navjot Sandhu[1], the Supreme Court had held that courts could admit electronic records such as printouts and compact discs as prima facie evidence without notification.

However, oral admission as to the contents of electronic records is not relevant unless the genuineness of the record produced is in question.[2]

In cases of cybercrime, a suggestive list has been provided by the National Cyber Crime Reporting Portal on the type of information that would be considered as evidence while filing any complaint related to cybercrime:

  • Credit card receipt
  • Bank statement
  • Envelope (if received a letter or item through mail or courier)
  • Brochure/Pamphlet
  • Online money transfer receipt
  • Copy of email
  • URL of webpage
  • Chat transcripts
  • Suspect mobile number screenshot
  • Videos
  • Images
  • Any other kind of document

Admissibility of “Electronic Evidence”

Sections 65A and 65B of the Evidence Act particularly deal with the information contained in electronic records. The marginal note to Section 65A indicates that “special provisions” as to evidence relating to electronic records are laid down in this provision. The marginal note to Section 65B then refers to “admissibility of electronic records”.

Section 65B (1)[3] states that if any information contained in an electronic record produced from a computer has been copied onto an optical or magnetic media, then such electronic record that has been copied ‘shall be deemed to be also a document’ subject to conditions set out in Section 65B (2)[4] being satisfied.

Section 65B (2) provides some conditions which are to be satisfied in order to accept electronic records as evidence, which are briefly provided below –

  • the computer was used by a person to store or process information for carrying on any activity regularly over a period of time and has lawful control over the use of such computer,
  • such information must have been regularly fed into the computer in the ordinary course of the said activities. Throughout the material part of the said period, the computer was operating properly, and even if not operating properly, it does not affect the electronic record or accuracy of its contents and
  • information in the electronic record reproduced / derived from information fed into the computer in the ordinary course of the said activities.

In Anvar P.V. vs. P.K. Basheer and ors[5] , the Court has interpreted sections 22A, 45A, 59, 65A & 65B of the Indian Evidence Act and held that secondary data contained in a CD, DVD or a Pen Drive are not admissible without a certificate under section 65 B(4) of the said Act. In the case, it was said that electronic evidence without a certificate under section 65B cannot be proved by oral evidence and also the opinion of the expert under section 45A of the said Act cannot be resorted to make such electronic evidence admissible. After this case, it was clarified that the only way to prove an electronic record/evidence is by producing the original media as primary evidence and the copy of the same as secondary evidence under section 65B of the Indian Evidence Act, 1872.

Thereafter, the Supreme Court in Shafhi Mohammad[6] case, held that the requirement of producing a certificate under Section 65B(4) is procedural and not always mandatory. A party who is not in possession of the device from which the document is produced cannot be required to produce a certificate under Section 65B (4). The Court was of the view that the procedural requirement under Section 65B(4) is to be applied only when electronic evidence is produced by a person who is in control of the said device, and therefore in a position to produce such a certificate. However, if the person is not in possession of the device, Sections 63 and 65 cannot be excluded.

Recently, the Supreme Court in the decision of Arjun Panditrao Khotkar vs. Kailash Kushanrao Gorantyal and Ors.[7]has settled the controversies created by previous judgments as to whether certificate under Section 65B of the Indian Evidence Act is a condition precedent for admissibility of any Secondary electronic record, and at what stage the same may be produced. This judgment arose from a reference by a Division Bench of the Supreme Court, which found that the Division Bench judgment in Shafhi Mohammad v. State of Himachal Pradesh (supra)  required reconsideration in view of the three-judge bench judgment in Anvar P.V. v. P.K. Basheer(supra).Some of the key takeaways from the decision are as follows –

  1. Section 65B differentiates between the original information contained in the “computer” itself and copies made therefrom – the former being primary evidence, and the latter being secondary evidence. Required certificate under Section 65B(4) is unnecessary if the original document itself is produced. This can be done by the owner of a laptop computer, computer tablet, or even a mobile phone, by stepping into the witness box and proving that the concerned device, on which the original information is first stored, is owned and/or operated by him. In cases where the “computer” happens to be a part of a “computer system” or “computer network” and it becomes impossible to physically bring such system or network to the Court, then the only means of providing the information contained in such electronic record can be in accordance with Section 65B(1), together with the requisite certificate Under Section 65B(4).
  2. If the certificate is not issued or refused, the Court may order production of the certificate by the concerned authority.
  3. Evidence aliunde given through a person who was in-charge of a computer device in the place of the requisite certificate is not allowed.
  4. The decision in Anvar P.V. cited above has been upheld and the judgment in Tomaso Bruno v. State of U.P.[8] has been overruled.

The person who gives this certificate can be anyone out of several persons who occupy a ‘responsible official position’ in relation to the operation of the relevant device, as also the person who may otherwise be in the ‘management of relevant activities’ spoken of in Sub-section (4) of Section 65B. Also, it is sufficient that such person gives the requisite certificate to the “best of his knowledge and belief.”

These directions issued by the Supreme Court are welcome as they will improve the efficacy of criminal and investigative proceedings.

When should the certificate be produced?

Although not expressly provided for under the Indian Evidence or the Information Technology Act, the Anvar P.V. case and the Arjun Panditrao case cited above have shed adequate light on the stage at which such certificate must be furnished to the court.

In terms of general procedure, the requisite certificate must accompany the electronic record pertaining to which a statement is sought to be given in evidence when the same is produced in evidence i.e. in a criminal trial, the prosecution is obligated to supply all documents upon which reliance may be placed to an accused before commencement of the trial. Therefore, the electronic evidence, i.e. the computer output, has to be furnished at the latest before the trial begins. The reason is not far to seek; this gives the Accused a fair chance to prepare and defend the charges levelled against him during the trial.

However, the Court may in appropriate cases allow the prosecution to produce such certificate at a later point in time. If it is the Accused who desires to produce the requisite certificate as part of his defense, this again will depend upon the justice of the case discretion to be exercised by the Court in accordance with the law.

Position across the globe

The Indian law relating to electronic evidence has adopted the language of Section 5 of the UK Civil Evidence Act, 1968 to a great extent, however this provision had already been repealed by the UK Civil Evidence Act, 1995 and even Section 69 of the Police and Criminal Evidence Act, 1984 which related to the admissibility of computer evidence in criminal cases was revamped to permit hearsay evidence. Therefore, in UK currently, no special provisions have been made in respect of the manner of proof of computerized records.

In USA, a person seeking to produce an electronic record has more than one option to do so under the Federal Rules of Evidence (FRE). A person can follow either the traditional route under Rule 901 or the route of self-authentication under Rule 902 whereunder a certificate of authenticity would elevate its status. This is a result of an amendment introduced in the year 2017, by which sub-rules (13) and (14) were incorporated in Rule 902.

In Canada, the position is similar to India although the Canadian law takes care of a contingency where the electronic document was recorded or stored by a party who is adverse in interest to the party seeking to produce it. Section 31 of the Canada Evidence Act, 1985 deals with electronic evidence and the application of the ‘best evidence rule’.

The future holds definite challenges as far as electronic evidence is concerned and constant legal overhaul and vigilance of judiciary are anticipated but the legislature also needs to take a proactive step in making laws consistent with the changing technology environment.

References

[1] State (NCT of Delhi) vs. Navjot Sandhu (2005) 11 SCC 600.

[2]Section 22A of Indian Evidence Act

[3] Indian Evidence Act, 1872.

[4] Ibid

[5] Anvar P.V. vs. P.K. Basheer and ors  AIR 2015 SC 180, [MANU/SC/0834/2014]

[6] (2018) 2 SCC 801

[7] 2020 SCC OnLine SC 571

[8] [(2015) 7 SCC 178]

 

Image Credits:  Photo by Maxim Ilyahov on Unsplash

Though the Amended Act endeavours to address issues related to the land acquisition process being faced by industrialists for causing industrial development in Karnataka, ambiguity remains as to what extent the Amended Act shall be able to achieve ease of land acquisition process for tangible industrial development in the state.

Related Posts

POST A COMMENT