Digital evidence in the shadow of Pegasus

The Supreme Court must take suo moto cognizance of the Pegasus spyware controversy and issue directions in respect of a certificate issued under section 65B of the Evidence Act, 1872. This certificate must verify that the investigative agencies have found no tampering on electronic devices that become their basis to arrest an accused, writes ABHAY NEVAGI.


IN the recent Arjun Khotkar ruling, the apex court laid down the law relating to section 65B of the Evidence Act, 1872. However, after the Pegasus controversy, coupled with other episodes that reveal how easy it is to invade the electronic devices of any individual, more elaborate directions are needed.

Pegasus, the spyware developed by the Israeli cyber arms firm NSO Group, can easily infect electronic devices such as laptops and mobile phones. It can then read messages, track the location, access the device microphone and camera, etc of an unsuspecting user. It can avoid detection by antivirus and get deactivated remotely.

Considering how sophisticated Pegasus is, the only probable way to deal with this virus is to get rid of the phone. The gravity of the matter is such that after a hacking episode, WhatsApp admitted the data of its users was compromised and filed a suit in October 2019 in a California court. It has sought an injunction under multiple regulations.

NSO has opposed the suit on the ground of sovereignty and want of notice. Later, other IT giants joined this suit, which only marks the gravity of the issue.

Consider these recent developments in India against the background of Pegasus and other hacking scandals. A petition in the Bhima-Koregaon case, Dr Shoma Sen vs State of Maharashtra, has raised serious concerns about the nature of the evidence against the accused, based on the findings of Arsenal, a reputed cyber-forensics agency based in the USA. 

In the Bhima-Koregaon case, the NIA relies largely on digital evidence in its chargesheet, but the Arsenal report says the laptop of activist Rona Wilson got compromised on 13 June 2016, long before his alleged offences. The report found scripts that facilitated electronic surveillance planted on his laptop. It is why the Shoma Sen petition seeks to quash the Bhima-Koregaon case.

Also read: Bhima Koregaon accused Prof Shoma Sen claims evidence forged, planted on digital devices; moves Bombay High Court challenging UAPA charges

The NIA has opposed the Arsenal report, contending that it is for the trial court to decide whether material got planted or not. Even if it is proved in a trial that the evidence was planted, the accused would have spent many years in jail. The legal principle is “bail not jail,” yet that is not the usual course in cases registered by agencies such as the NIA, the CBI, the Economic Offences Wing or the Enforcement Directorate.

When these agencies seek custody based on digital evidence, under sections that provide for more than seven years imprisonment, the chances of getting bail drop dramatically. Even if a subsequent acquittal finds that evidence got planted, it cannot erase the stigma, mental torture and time lost in jail. For all these reasons, the Arsenal findings support the case for the Supreme Court to issue further directions on section 65B.

Cybercrimes no longer need to rely only on sophisticated software such as Pegasus. Tools are easily available on the darknet that allows hackers to anonymously, through highly secure communication channels, track and trace unsuspecting victims.

The dark market has a menu for every human want, need or greed. For a price, anybody can obtain drugs, arms, ammunition, fake credit cards and pornography. The darknet protocols have such a high degree of anonymity that even countries with the best tools can fail to find users. Lack of coordination between local, national and international investigating agencies makes detection nearly impossible.

Also read: Bhima Koregaon: Evidence was planted on a second detainee’s computer, says forensic report

In India, investigative agencies are bogged down because of a severe lack of IT infrastructure. Even the technology professionals are overburdened or inadequately trained to use the latest tools. There is also a lack of coordination amongst agencies and an unfortunate lack of awareness in the judiciary.

Consider the case of the Pune businessman, Deepak Shah, who was charge-sheeted for creating the profile of a woman. When the police came to take him into custody, he was in the ICU after bypass surgery. In this case, the police had failed to distinguish the American and Indian date formats and had sought to arrest him based on misinterpreted information.

The scenario is scary as the State frequently invokes sedition and other weighty provisions, in which the “bail is better than jail” principle goes for a toss. Hence the Supreme Court must mandate investigating agencies to file a certificate under section 65B when seeking custody of an accused. An authorised cybersecurity official, at least an assistant or deputy police commissioner, must endorse it and it must verify “no material is found to be planted in the device”. 

The certificate should verify that the digital evidence relied upon by the prosecution to seek custody is untampered. Even the Pune businessman, who later away, would have been saved from the torture of facing a criminal trial without having committed any offence.

Ideally, the court should take suo moto cognizance of all concerning issues raised in the Pegasus controversy. More so as it has cast a shadow on the Supreme Court as well. But that, of course, is for the Hon’ble judges of the High Court and the Supreme Court to decide.

(Abhay Nevagi is an advocate. The views expressed are personal.)