SCC Online Web Edition, Copyright © 2020

Page 1 Wednesday, December 09, 2020

Printed For: Chirag Agrawal, SCC Online MyLOFT Remote Access
SCC Online Web Edition: http://www.scconline.com

-----------------------------------------------------------------------------------------------------------------------------------------------------------
-

CNLU LJ (5) [2015] 62

Challenges to Cyber Crime Investigation : A Need for Statutory and Infrastructural Reforms

CHALLENGES TO CYBER CRIME INVESTIGATION : A NEED FOR STATUTORY AND INFRASTRUCTURAL

REFORMS
by
Raveena Rai*
Abstract The realm of cyber crimes is a relatively new complication to deal with in respect of
substantive as well as procedural laws. The incessant rise in the number as well as type of
cyber crimes has raised concerns over what laws are to govern these crimes. Investigation
on the other hand is one of the biggest part of a criminal trial and goes a long way in
proving the guilt of an accused. In India, with the introduction of the IT Act, 2000,
numerous cyber crimes are enlisted and dealt with. However, the Act merely provides that
the investigative agencies have the same powers as enshrined under the Cr.P.C. These
powers, generally, are not enough considering the unique nature of cyber crimes. Cyber
crimes investigation faces certain peculiar problems like the question of geographical
determinancy, issue of jurisdiction, inadequacy of laws, breach of privacy during
investigation, and lack of adequate investigative infrastructure. These are issues which are
the concern of almost all investigative agencies all over the world. The aim of the paper is to
highlight the challenges faced during cybercrime investigation. The paper analyses the
jurisdictional issue, issue of privacy, investigative technologies, the collection and validity of
evidence from a computer and similar challenges faced during investigating cybercrimes.
The paper would also draw comparatives from all over the world, to suggest the reforms
needed in the Indian cyber investigation system.

Page: 63

Keywords: Cyber Crimes, Investigation, Technology, Privacy, Jurisdiction, challenges, evidence,

forensics, evidence.
I. INTRODUCTION
As we are moving towards a life that is completely functioning through digital interfaces, and we
become more and more dependent on the Internet and digital networks, there is a simultaneous rise of
new vulnerabilities and new susceptibilities to crimes. Not only the conventional crimes can be
replicated in the online world, also there is rise in novel crimes that exploit peculiar features of the
digital world.1 The growth of the digital era, has thus led to equal number of complications and
challenges to the existing criminal law principles as much as it has rendered convenience to life.
The growth of the Internet has provided unmatched access to information all over the world. As
computer-crimes greatly differ from traditional crimes, it is difficult to investigate them by conventional
means. There are mainly three components to criminal investigations namely : information,
instrumentation and interviewing.2 However, such a bifurcation of components also fails to remain
comprehensible in cases of cyber crimes.3 This is mainly because unlike traditional crimes there is no
bulk of physical evidence available for agencies to investigate upon, the crime scene is not confined to
a small place, and there is also a requirement for technical skills to investigate the crime4 since
cybercrimes are more technical in nature. The growth of more complex hardware as well as software
has led to further complications.5
The biggest problem faced is that majority of cybercrime cases go unreported.6 One survey
conducted by a private sector organization suggests that 80 per cent of individual victims of core
cybercrime acts do not report the crime to the police.7 Further, Internet crimes in cyberspace do not
have any geographical or spatial restrictions given the ubiquitous nature of the Internet. There is
cooperation required at various levels when different

Page: 64
 SCC Online Web Edition, Copyright © 2020
Page 2 Wednesday, December 09, 2020
Printed For: Chirag Agrawal, SCC Online MyLOFT Remote Access
SCC Online Web Edition: http://www.scconline.com

-----------------------------------------------------------------------------------------------------------------------------------------------------------
-

nations are involved.8 Further, the difficulty also arises in criminal identification and securing of digital
evidence.

Law enforcement investigation techniques are generally divided into coercive and covert techniques,
the former involving powers of seizure and search, the latter involving interception and surveillance.9
However, there are several problems that are encountered during employing these techniques when
the question comes to cyber crimes. The issues that are generally raised are the determination of
jurisdiction for trying the crime, getting and collecting all the evidence, the admissibility of such
evidence in court, availability of specialized forces taking into account the technical nature of crime and
evidence, the extent of search warrant, etc.
In India, the Information Technology Act, 2000 addresses the procedure to be followed in
cybercrime investigations, and states that the provisions of the Code of Criminal Procedure, 1973, shall
be followed in respect of entry, search and arrest made under the Act.10 India has taken the initiative
to counter the challenge of cybercrime investigation by setting up a Cybercrime Investigation Cell in
Mumbai in 2000.
However, the field of cyber forensics is very nascent in India.11 India is not even a signatory to the
Cybercrime Convention, which renders the investigative processes that take place with respect to
cybercrime, unclear and ambiguous. A lot is left to the discretion of the investigative agencies. The
paper delves into the question whether the existing legal framework in India is sufficient to govern
cybercrime investigations.
II. JURISDICTIONAL ISSUES
Jurisdiction is one of the most preliminary questions that are raised in the court of law. The
development of cyberspace has also affected the concepts of territorial sovereignty, non-interference,
and relations among nations.12 The case of cybercrimes is complex in terms of jurisdiction as the victim
and the perpetrator may be situated in different jurisdictions, the server may be in a different
jurisdiction, the state where the perpetrator is located might not even recognize that act as a crime etc.
Thus, it is possible for a criminal in one country to perpetrate a crime against a person in another
country, all the while using servers located in a third country.13

Page: 65

The traditional principles of sovereignty however are greatly challenged by the nature of
cybercrimes, thus, jurisdictional and choice-of-law questions cannot be aptly solved by the ‘settled
principles’ and ‘traditional legal tools’ developed for analogous problems in real space.14
Thus, in case of cybercrimes, impact is made on multiple jurisdictions at a time and various states
can claim jurisdiction to try the offence. However, another pertinent question that is raised in the case
of cyber crimes is that if one country tries the offender, other countries would not be able to provide
remedy to their citizens.15
There are various instances where the courts have dealt with similar questions like in R. v. Governor
of Brixton Prison, ex p Levin16 , where there was massive fund transfer from the accounts of the
customers to the perpetrators accounts in Citibank and one of the issues involved was whether the
criminal act occurred in St. Petersburg, Russia, where the keys were pressed instigating the crime, or
in Parsippany, US, where the changes in data occurred in the Citibank computers. It was held by the
court that the crime occurred in the US on the basis of the communication link established between
Levin and the Citibank computer meant that Levin's keystrokes were actually occurring on the Citibank
computer.17 This decision even went for an appeal to the House of Lords, where it was upheld.18
In another case where the act of gambling was legal in the state from which the online gambling
site was maintained, and the online gaming company was brought under the jurisdiction of New York
court and was prosecuted there on the basis that it has an office in New York.19
In the famous Yahoo! case20 , where a French Court issued orders against Yahoo! to take down
certain contents that were available in France, Yahoo! challenged this order on grounds of lack of
jurisdiction. However, the US Courts held that French Courts had jurisdiction in this matter going by
the ‘minimum contact rule’.
The Cybercrime Convention under Article 22(d) purports active nationality principle for determining
jurisdiction in cases of cyber crimes, however
 SCC Online Web Edition, Copyright © 2020
Page 3 Wednesday, December 09, 2020
Printed For: Chirag Agrawal, SCC Online MyLOFT Remote Access
SCC Online Web Edition: http://www.scconline.com

-----------------------------------------------------------------------------------------------------------------------------------------------------------
-
Page: 66

it also leaves the principle for the determination of jurisdiction at the discretion of each state.

The approach followed in England for determining jurisdiction is where the ‘last act took place in
England or a substantial part of the crime was committed here’21 . Computer Justice Act, 1993, Part I
provides for jurisdiction on the basis of a ‘relevant event’.22 Thus, a court can seize jurisdiction if any
‘relevant event’ occurs in England and Wales even though all other such events may have occurred
abroad.23
In the USA, the PATRIOT Act, 2001 amended the Computer Fraud and Abuse Act to extend the
concept of a ‘protected computer’ to include ‘a computer located outside the United States that is used
in a manner that affects interstate or foreign commerce or communication of the United States’.24 Thus,
even in US there is provision for extra-territorial jurisdiction in cases of cybercrimes, if the crime affects
the state in the manner provided above.
For the purpose of cybercrime investigations, agencies often have to obtain access to data held on
systems located in foreign jurisdictions.25 Such instances are only addressed to in very few
instruments26 and legislations like in UK27 . Even though the Convention on Cybercrime talks about
investigation and surveillance and interception, but in international perspective it only contains vague
terms like ‘mutual cooperation’. Thus, cumulatively there is no special agreement between all countries
regarding distinct jurisdiction for cyber-crimes, traditional jurisdictional standards have to be resorted
to in order to resolve all Internet disputes.28
India also has a legislation that deals with the issue of cybercrime jurisdiction, i.e. Information
Technology Act, 2000 under sections 1 and 75.

Page: 67

Under the act, a person of any nationality can be booked if the crime is affecting a computer or
computer system in India. However, the problems arise in the practical scenario when the evidence is
to be obtained from systems that are present in other jurisdictions, as the evidence stored in
computers is easy to impede. The process to be undertaken is as provided under sections 166A and
166B, and 188 of Cr.P.C, which is a cumbersome process and delays the investigation proceedings
usually leading to destruction of evidence.29

Moreover, India is neither a signatory to the Cybercrime Convention, thus, it can not rightfully claim
the ‘mutual cooperation’ as provided under the provision of the Convention, nor does India have any
reciprocal arrangements with other states concerning cybercrime jurisdiction.
The example of ICANN30 can be cited as a successful attempt to answer jurisdictional issues in
domain name cases, however, the individuals have to accept the policy of ICANN to avail worldwide
protection to their domain names.
Thus, the need of the hour is to establish an international arrangement to deal with jurisdictional
issues of cybercrimes. Moreover, at the national level, the extra-territorial operation of cyber laws need
to gain strength31 , and India also needs to enter into reciprocal arrangements with nations with respect
to cybercrimes.
III. SURVEILLANCE AND INTERCEPTION VERSUS PRIVACY
Intrusive surveillance and interception of communications are a major component in the
investigation of cybercrimes.32 On the other hand, the power of surveillance and interception by law
enforcement agencies is an exception to right to privacy.33 The right to privacy is a basic human right
that is guaranteed in major international instruments34 , and various nations have also recognized this
right either expressly through a legislation e.g.

Page: 68

Canada, New Zealand etc.; or implicitly through court decisions, e.g. in U.S.35 .

In India the method of interception was followed in compliance with the Indian Telegraph Act,
188536 , under which authority was given to wiretap communications. Further the Indian Telegraph
Rules, 195137 laid down the procedure to be followed for interception and surveillance. The question of
 SCC Online Web Edition, Copyright © 2020
Page 4 Wednesday, December 09, 2020
Printed For: Chirag Agrawal, SCC Online MyLOFT Remote Access
SCC Online Web Edition: http://www.scconline.com

-----------------------------------------------------------------------------------------------------------------------------------------------------------
-
breach of privacy arose in terms of these provisions in front of the Supreme Court, and the Court in its
judgment38 laid down certain guidelines to be followed while tapping by authorities and the tapping
could only be done by the State and not private bodies.
With the increasing popularity of the Internet and the increasing rates of cybercrimes, law
enforcement agencies have turned their attention to internet-communication interception and
surveillance as a means of investigation of cybercrimes. The Information Technology Act, 2000 provides
for interception of any information transmitted through a computer resource, and requires that users
disclose encryption keys or face a jail sentence extending up to seven years.39 The Act authorizes the
Certifying Authorities to direct interception of any information transmitted through a computer resource
if it is satisfied that it is necessary or expedient to do so in the interests of sovereignty or integrity of
India, the security of the State, friendly relations with foreign states, public order, or for preventing
incitement to the commission of any cognizable offence.
The Information Technology (Amendment) Act, 2008, gave power to the government to intercept
any computer resource (mobile phones, computers, other communication devices), for the investigation
of ‘any offence’. Thus through this amendment, the government was given unlimited powers of
interception.40 The procedure to be followed during interception is laid down under the IT Procedure
and Safeguards for Interception, Monitoring, and Decryption of Information Rules, 200941 .
The Telegraph Act created two levels of circumstances that must be met before the interception of
communications can take place; first, a public emergency must be in force or in the interest of public
interest or safety; secondly, if the former is satisfied, interception may take place if it is found to be in
the interests of the sovereignty and integrity of India, the security

Page: 69

of the State, friendly relations with foreign States or public order, or for preventing incitement to the
commission of an offence. The Information Technology Act on the other hand, expands these powers by
removing the condition of ‘public emergency, public interest, public safety’ and allowing for
interception to additionally take place for the investigation of any offence. Thus, all emails and
messages are open to the surveillance of the government. However, it would not be wrong to suggest
that in absence of any regulations governing the implementation of section 69, the provision can be
well abused by the regulating powers.42

In UK, a reasonable standards which are to be met before commencement of any interception are
determined through internationally recognized standards like International User Requirements for the
Lawful Interception of Communications43 and standards developed by European Telecommunications
Standards Institute44 . US also recognizes similar standards through its legislations like CALEA45 . The
problem in India is that there is no standard set for the initiation of an interception, and this lead to a
power to the authority to act arbitrarily. With this, the privacy of individuals is seriously under threat,
which by way of court decisions has been included under Article 21 as an integral part of the Right to
Life and Liberty46 .
There is a recently introduced Central Monitoring System (CMS) in India47 , where the agencies use
keyword-based search to locate suspicious activities, which leaves millions of internet users in India
vulnerable to surveillance by authorities. Under CMS, one government official will authorise interception
and this will be reviewed and executed by other fellow officers in different agencies — but all within the
government.48 The Internet activities of India's roughly 160 million users are already being subjected
to wide-ranging surveillance and monitoring, much of which is in violation

Page: 70

of the government's own rules and notifications for ensuring “privacy of communications”.49

At a time when concerns are being raised even in the UN General Assembly, where a consensus
resolution strongly backing the right to privacy, calling on all countries take measures to end activities
that violate this fundamental “tenet of a democratic society” was passed, India needs to take concrete
steps ensuring privacy of computer communications.50 The monitoring of communications through
computer systems by investigative agencies, which is more or less unregulated, raises a huge area of
concern, and needs to be regulated.
IV. SEARCH AND SEIZURE ISSUES
 SCC Online Web Edition, Copyright © 2020
Page 5 Wednesday, December 09, 2020
Printed For: Chirag Agrawal, SCC Online MyLOFT Remote Access
SCC Online Web Edition: http://www.scconline.com

-----------------------------------------------------------------------------------------------------------------------------------------------------------
-
Search and seizure constitutes a major part of crime investigation, in terms of information collection
and gathering of evidence. The collection search and seizure of evidence in cases of cybercrimes is a
little technical because there is involvement of electronic data. Moreover, it further involves storing of
digital data.
A. Search Warrants
Search warrants are essential to conduct search and seizure operations.51 Investigating officers must
obtain a warrant to search a cyber location and seize digital evidence.52 In India, a search warrant is
issued under section 93 of Cr.P.C., which lays down that a Disrict Magistrate or a Chief Judicial
Magistrate on reasonable grounds as provided under the provision, issue search warrant, specifying the
place or document to be searched.
There is no particular system or specific guidance for issuing cyber search warrant, a conventional
search warrant may be obtained by a police officer to search for digital evidence. Thus, like a
conventional search warrant, a cyber search warrant may be issued on the following grounds : First,
that the Court has reason to believe that a person to whom summons have been issued would not
present the document; Secondly, where it is not known in whose possession the document or evidence
is; Thirdly, where the

Page: 71

Court deems it appropriate to issue a search warrant for the purpose of any inquiry, trial or other
proceeding.53

It is mandatory for a Magistrate issuing a search warrant to prescribe the offence and the scope of
the search warrant, this is also known as the principle of specificity54 .55 In cybercrime searches,
particularity is more complicated and problematic; particularly in relation to the scope of data to be
searched.56 Investigators encounter incriminating data intermingled with thousands of files with no
connection to the investigation and which cannot practicably be separated at the site of the search.
This poses a great problem as computers store huge amount of information, and the evidence required
is just like a needle hidden in a haystack57 , thus, any justification for search may justify an invasive
look through computer files containing private information, or privileged files like lawyers files etc.
Such an incident took place in the U.S., where warrant was issued to find evidence of identity theft,
and multiple media devices and computers were retrieved during the search. The investigator while
searching for malicious files also ran a search for pornographic files on the media devices and
computers and found child pornography on the accused persons computer. The person was now also
charged with offence of possession of child pornography. However, the court in this case held that the
search conducted using the forensic tools of child pornography on the computer systems was out of the
scope of the search warrant.58
A solution to this problem can be that the investigators must focus on the scope of the original
search warrant and if any other malicious matter is discovered during the search, which is not covered
under the original search warrant, ask for a secondary warrant. Additionally, in case where the
investigating officer finds something incriminating, which is out of the scope of the warrant, he must
be in a position to prove that this was found during the routine procedures.59
Under the Cr.P.C., there is also a Deputy Superintendent of Police, or any other officer authorized by
the Central Government, may also search and arrest without a warrant.60 This section is generally used
to target users of

Page: 72

cybercafés.61 This is another instance where the discretionary powers given to the investigative
agencies are misused.

B. Encryption
Encryption is the science of converting readable data into an unintelligible form, or turning plain text
into cipher text, that cannot be read or understood by unauthorised persons, to protect the
confidentiality, privacy and to prove integrity.62 On one hand, it can be legitimately used to protect the
fundamental human rights of both privacy and freedom of speech and to provide integrity,
authentication, and confidentiality to electronic transactions.63 On the other hand, even when the data
 SCC Online Web Edition, Copyright © 2020
Page 6 Wednesday, December 09, 2020
Printed For: Chirag Agrawal, SCC Online MyLOFT Remote Access
SCC Online Web Edition: http://www.scconline.com

-----------------------------------------------------------------------------------------------------------------------------------------------------------
-
or device has been lawfully seized by the investigative agencies, a lot of times the agencies face the
problem that the data is protected by password or cryptography, which renders the data inaccessible.
Thus, law enforcement officers investigating cybercrime often encounter an encrypted crime scene,
which hinders the investigation process and criminal prosecution.64
In the case of the notorious hacker Kevin Mitnick, when he was arrested and his computer systems
were seized, a lot of data in them was encrypted and the police could never access them.65 This
problem has been recognized and addressed by various jurisdictions. The UK law recognizes few modes
of obtaining such protected information in intelligible form like, requiring the person himself to provide
the protected data in intelligible form66 or to provide his private key if special circumstances arise67 . In
the US, the question of obtaining the key from a suspect had always been a contentious issue, as these
raised issues of self-incrimination etc.68 Finally, Title 18 of the USA Code and the PATRIOT Act, gave no
power to law enforcement agencies to obtain the encryption keys from a person on this very ground.69
However, section 404 of the Domestic Security Enhancement Act, 2003 imposes penalties on those
who knowingly and wilfully use encryption during commission of, or attempt to commit a federal
felony.

Page: 73

In India, there is no clarity on this issue apart from the power given to the Controller or Certifying
Authority to ask any person to furnish any information.70 Thus, the authorities have the power to issue
directions to any person to render technical assistance or to extend any other facilities for the purpose
of decrypting an encrypted file.71 However, there is a conflict with the right against self incrimination72 ,
but considering the special nature of cybercrimes, the mandatory duty imposed on the holder of data
does not seem to be unfair.
Law enforcement officers should be provided with the necessary power and defined procedure to
deal with encrypted crime scenes.73
C. Other Issues
Apart from these, the investigative agencies while conducting searches also must keep in mind that
the electronic data is very sensitive, thus, it must be handled carefully and preferably in presence of an
expert. Moreover, regard should be given to the storing, and preserving of data. The data must remain
confidential and the chain of custody must also be kept in mind.74
V. ELECTRONIC EVIDENCE ISSUES
Evidence is the means through which guilt or innocence is proven during trial. There is a peculiar
problem that is faced by law enforcement agencies in the collection of electronic evidence, that is,
electronic communications potentially relevant to a criminal act may include gigabytes of photographs,
videos, emails, chat logs and system data. Locating relevant information within this data can be
extremely time-consuming.75 Evidence continuity is typically a question of fact and the chain-of-
custody process is the mechanism applied for maintaining and documenting the chronological history
of the evidence as it moves from one place to another.76 Thus, while collecting digital evidence certain
guidelines have been issued by the International Association of Computer Investigative Specialists,
namely77 :
1. Forensically sterile examination media must be used.

Page: 74

2. The examination must maintain the integrity of the original media.

3. Printouts, copies of data and exhibits resulting from the examination must be properly marked,
controlled and transmitted.
Moreover, considering the temporary nature of electronic evidence and the fact that it can be very
easily modified78 , the admissibility of electronic evidence has always remained a contentious issue.
The United States has made the position clear on digital evidence recently, where the Supreme
Court laid down certain criteria to ascertain which digital evidence would be admissible.79
In India, electronic evidences had the stature of documents and were treated as secondary
 SCC Online Web Edition, Copyright © 2020
Page 7 Wednesday, December 09, 2020
Printed For: Chirag Agrawal, SCC Online MyLOFT Remote Access
SCC Online Web Edition: http://www.scconline.com

-----------------------------------------------------------------------------------------------------------------------------------------------------------
-
evidences. The authenticity of the electronic evidences, were to be certified by a competent authority.80
This procedure met the conditions of both sections 63 and 65 of the Evidence Act. In this manner,
Indian courts simply adapted a law drafted over one century earlier in Victorian England. However, the
coming of the amendments in the Information Technology Act, 2000 and the Evidence Act, 1872, has
granted more significance and relevance to electronic records as evidences. For admissibility of
electronic records, specific criteria have been made in the Evidence Act to satisfy the prime condition of
authenticity and reliability of the evidence.81 Sections 65A and 65B were added to the Evidence Act.
Section 65B details this special procedure for adducing electronic records in evidence. It gives
recognition to information printed on paper or stored in CD, or similar device.82 Sub-section (4) of
section 65B of the Evidence Act lists additional non-technical qualifying conditions to establish the
authenticity of electronic evidence. This provision requires the production of a certificate by a senior
person who was responsible for the computer on which the electronic record was created, or is stored.
The certificate must uniquely identify the original electronic record, describe the manner of its creation,
describe the device that created it, and certify compliance with the technological conditions of sub-
section (2) of section 65B. Recently, the Supreme Court of India has given out a ruling83 defining the
scope of section 65B, where the court has laid down that section 65B is a special provision and is
different from section 63 and 65 in respect of secondary evidence.

Page: 75

VI. COMPUTER FORENSICS

Digital forensics is the branch of forensic science concerned with the recovery and investigation of
material found in digital and computer systems. To discover such traces digital forensics expertstake
advantage of the tendency of computers to store, log and record details of almost every action that
they, and hence their users, perform.84
There is a huge backlog in the development of this field in India. Though there is the establishment
of the Cyber Crime Investigation Cell, which has jurisdiction all over India, National Police Academy has
prepared a handbook on procedures to handle digital evidence, and the establishment of the Indian
Computer Emergency Response Team85 , the growth of systematic approach to cyber forensics is still
missing. The instances have been seen where there have been huge blunders on part of cyber forensics
like in the IPL Match Fixing case etc.
India needs a policy to promote skill development in digital forensics keeping in mind the rising
number of cybercrimes every day.
VII. CONCLUSION
According to Justice Yatindra Singh “regulating cyber space is daunting task of corpus juries of any
country. Computer, internet and cyber-space-together known as Information Technology has posed
new problems in jurisprudence. I have shown inadequacy of law while dealing with the information
technology, changes induced by the information technology in the way we live, perceive and do
business”.86 The existing laws were designed, having geographical location, tangible medium and
physical environment in view. These laws are not suited to faceless, borderless and paperless
cyberspace.87 A Cyber penal code should be enacted which incorporates all these offences and an
international treaty on cyber crime should be made and should be signed by the entire nations of the
world in order to tackle the menace of cyber crime.
Thus, the evolution of the internet into something that is ubiquitous, has necessitated the need for
review of already existing Criminal Procedure Code, as well as the training of skilled personnel to take
up cybercrime

Page: 76

investigation. The task of skill development has been listed as one of the main objectives of the
National Cyber Security Policy, 201388 .

There is also a need to raise awareness about the seriousness of cybercrimes, so as to increase the
reporting these crimes.
The National Cyber Security Policy, 2013 addresses the issue of building effective law enforcement
 SCC Online Web Edition, Copyright © 2020
Page 8 Wednesday, December 09, 2020
Printed For: Chirag Agrawal, SCC Online MyLOFT Remote Access
SCC Online Web Edition: http://www.scconline.com

-----------------------------------------------------------------------------------------------------------------------------------------------------------
-
capabilities. However, the implementation of the same needs to keep pace with the growing rate of the
development of the Internet.
———
*
5th year Student, Amity Law School, Delhi.
1 (New York University Press, 2007).
2 (5th Edn., Springfield, IL, 1980).

3 Sameer Hinduja, Computer Crime Investigations in the United States : Leveraging Knowledge from the Past to Address the Future 1
(2007).
4
Minny Narang and Gunjan Jain, Cyber Crimes : Problems of Investigation and Solution, 3 (2013).
5
(Charles River Media Inc., 2002).
6
Vineet Gill, 97% cyber crime cases in city go unreported : Cops, 30-10-2010, (28-10-2014, 10 : 04 a.m.),
<http : //timesofindia.indiatimes.com/city/gurgaon/97-cyber-crime-cases-in-city-go-unreported-Cops/articleshow/6838031.cms>.
7
Symantec, 2012 Norton Cybercrime Report, (28-10-2014, 10 : 05 a.m.), <http : //now-
static.norton.com/now/en/pu/images/Promotions/2012/cybercrimeReport/2012_Norton_Cybercrime_Report_Master_FINAL_050912.pdf>.
8
22 (Nova Publishers, 2003).
9
(Kamal Law House, 2009).
10
Information Technology Act, 2000, S. 80.
11
239 (Select Publisher, 2001).
12
Prof. Atmaram Fakirba Shelke, Jurisdictional Issues in Cyberspace and Its Implications, 1 134, 135 (2012).
13
(2nd Edn., Academic Press, San Diego, 2000).
14 99 (1st Edn., ICFAI University Press, Hyderabad, 2007).
15
Prof. Atmaram Fakirba Shelke, Jurisdictional Issues in Cyberspace and Its Implications, 1 134, 138 (2012).
16
1997 QB 65 : (1996) 3 WLR 657 : (1996) 4 All ER 350.
17
Id. at 363a.
18
R. v. Governor of Brixton Prison, ex p Levin, 1997 AC 741 : (1997) 3 WLR 117 : (1997) 3 All ER 289.
19
People of New York v. World Interactive Gaming Corpn., 714 NYS 2d 844.
20
Yahoo! Inc. v. La Ligue Contra Le Racisme et L'Antisemitisme, 145 F Supp 2d 1168 (N.D. Cal. 2001).
21
R. v. Smith (Wallace Duncan) (No. 4), 2004 QB 1418 : (2004) 3 WLR 229 (CA).
22 Computer Justice Act, 1993, S. 2(3).
23
303 (Oxford University Press, New York, 2007).
24
18 USC S. 1030(e)(2)(B).
25
Supra note 23, at 310.
26
Convention on Cybercrime, Budapest, November 2001, Articles 18-21; G8 Principles on Transborder Access to Stored Computer
Data, adopted in Moscow, 1999, (15-10-2014)
<http : //www.coe.int/t/dghl/cooperation/economiccrime/cybercrime/Documents/Points%20of%20Contact/24%208%20Principles%
20on%20Transborder%20Access%20to%20Stored%20Computer%20Data_en.pdf>; European Commission, “Proposal for a Council
Framework Decision on the European Warrant for obtaining objects, documents and data for use in proceedings in criminal matters”,
COM (2003) 688 final, November 2003, Article 21.
27
Regulation of Investigatory Powers Act, 2000, S. 27(3) and Intelligence Services Act, 1994 S. 7.
28 Justice Surya Kant, “Cyberspace and Jurisdictional Concerns”, Uttarakhand Judicial and Legal Review, p. 14, at p. 16.
29
Minny Narang & Gunjan Jain, supra note 4, at 74.
30
Internet Corporation for Assigned Names and Numbers, a non-profit corporation, established in 1998, that is responsible and
manages internet domain names at an international level, and also resolves issues of cybersquatting, and domain name ownership.
31
Ashwani Kumar Bansal, Reviewing Information Technology Legislation in India, 1 JOLTI 1, 19 (2010).
32 (Hart Publishing, Oregon, 2013).
33
Lekshmi G.R., Electronic Surveillance-A Tool for Invasion of Privacy, 32, 224, 224, (2008).
 SCC Online Web Edition, Copyright © 2020
Page 9 Wednesday, December 09, 2020
Printed For: Chirag Agrawal, SCC Online MyLOFT Remote Access
SCC Online Web Edition: http://www.scconline.com

-----------------------------------------------------------------------------------------------------------------------------------------------------------
-
34European Convention on Human Rights, Article 8; International Covenant on Civil and Political Rights, 1966, Article 17; Universal
Declaration of Human Rights, Article 12.
35 Munn v. Illinois, 24 L Ed 77 : 94 US 113 (1876).
36
Indian Telegraph Act, 1885, S. 5(2).
37 Indian Telegraph Rules, 1951, Rule 419.
38
People's Union for Civil Liberties (PUCL) v. Union of India, (1997) 1 SCC 301.
39
Information Technology Act, 2000, S. 69.
40
226 (1st Ed., Nabhi Publication, New Delhi, 2010).
41
IT Procedure and Safeguards for Interception, Monitoring, and Decryption of Information Rules, 2009, (25 Oct, 2014),
http : //cca.gov.in/cca/sites/default/files/files/gsr780.pdf.
42
Lekshmi G.R., supra note 33, at 235.
43
The International User Requirements were adopted by Member States of the European Union in the Council Resolution of January
1995, and have subsequently been adopted by the Governments of the USA, Canada, Australia and New Zealand.
44
European Telecommunications Standards Institute, Telecommunications Security; Lawful Interception; Handover Interface for the
Lawful Interception of Telecommunications Traffic, 2001.
45
Communications Assistance for Law Enforcement Act, Pub. L. No. 103-414, 108 Stat. 4279 (Oct. 25, 1994), codified at 47 U.S.C.
§§1001-10.
46
Kharak Singh v. State of U.P., AIR 1963 SC 1295; R. Rajagopal v. State of T.N., (1994) 6 SCC 632.
47
Phil Muncaster, India Introduces Central Monitoring System, May 8, 2013, (October 26, 2014),
<http : //www.theregister.co.uk/2013/05/08/india_privacy_woes_central_monitoringsystem>.
48
Shalini Singh, Lethal Surveillance v. Privacy, June 22, 2013, (October 26, 2014), <http : //www.thehindu.com/opinion/lead/lethal-
surveillance-versus-privacy/article4837932.ece>.
49
Shalini Singh, Government Violates Privacy Safeguards to Secretly Monitor Internet Traffic, September 9, 2013, (October 26,
2014), <http : //www.thehindu.com/news/national/govt-violates-privacy-safeguards-to-secretly-monitor-internet-
traffic/article5107682.ece>.
50
United Nations General Assembly The Right to Privacy in Digital Age, (November, 2013), UN Doc A/C.3/68/L.45/Rev.1.
51
Supra note 11, at 173.
52
Alaeldin Mansour Safauq Maghaireh, Jordanian cybercrime investigations : a comparative analysis of search for and seizure of
digital evidence, (2009) (October 26, 2014), <http : //ro.uow.edu.au/theses/3402>.
53 Code of Criminal Procedure 1973, (CrPC), S. 93.
54
Amy Evans and Martin F. Murphy, The Fourth Amendment in Digital Age : Some Basics on Computer Searches, 20, 1, 4 (2003).
55
Code of Criminal Procedure, S. 93(2).
56
Alaeldin Mansour Safauq Maghaireh, supra note 52, at 170.
57
238 (New York University Press, 2006).
58
United States v. Schlingloff, 2012 US Dist. LEXIS 157272 (CD III 24-10-2012); United States v. Carey, 172 F 3d 1268.
59
259 (2nd Edn., Pearson, 2012).
60 Code of Criminal Procedure, S. 80.

61 Lekshmi G.R., supra note 33, at 234.

62
3 (Chapman and Hall, 2003).
63
Simon A. Price, Understanding Contemporary Cryptography and its Wider Impact upon the General Law, 13 International Review of
Law Computers 95, 95(1999).
64
26 (Cambridge University Press, 2004).
65 US DOJ Press Release, 9-8-1999, (28-10-2014) <http : //www.ee.iastate.edu/˜nsfweb/miller_modules/hazards/hack_mitnick.html>.
66 Regulation of Investigatory Powers Act, 2000, (RIPA), S. 49(2)(d).

67 RIPA, Sections 50(3)(c ), 51.

68 Amitai Etzioni, Implications of Select New Technologies for Individual Rights and Public Safety, 15, 258, 258 (2002).
69
Supra note 64, at 67.
 SCC Online Web Edition, Copyright © 2020
Page 10 Wednesday, December 09, 2020
Printed For: Chirag Agrawal, SCC Online MyLOFT Remote Access
SCC Online Web Edition: http://www.scconline.com

-----------------------------------------------------------------------------------------------------------------------------------------------------------
-

70
Information Technology Act, 2000, S. 69.
71
Supra note 9, at 273.
72 Constitution of India, Article 20(3).

73
Alaeldin Mansour Safauq Maghaireh, supra note 52, at 169.
74 Supra note 40, at 237; R.K. Tewari, supra note 11, at 198.
75 UN Office on Drugs and Crimes, Comprehensive Study on Cybercrime 158 United Nations, Feb 2013, (28-10-2014),
<http : //www.unodc.org/documents/organized-crime/UNODC_CCPCJ_EG.4_2013/CYBERCRIME_STUDY_210213.pdf>.
76
Supra note 13.
77
(Laxmi Publications, 2007).
78
United States v. Whitaker, 127 F 3d 595, 602 (7th Cir 1997).
79
Lorraine v. Markel American Insurance Co., 241 FRD 534 (D. Md. 2007).
80
Bhairav Acharya, Anvar v. Basheer and the New (Old) Law of Electronic Evidence, <http : //cis-india.org/internet-
governance/blog/anvar-v-basheer-new-old-law-of-electronic-evidence>, (28-10-2014).
81
156 (Sweet and Maxwell, 2011).
82
(McGraw Hill, 2008).
83
Anvar P.V. v. P.K. Basheer, (2014) 10 SCC 473.
84
UN Office on Drugs and Crimes, Comprehensive Study on Cybercrime, 159 United Nations, Feb. 2013, (28-10-2014),
<http : //www.unodc.org/documents/organized-crime/UNODC_CCPCJ_EG.4_2013/CYBERCRIME_STUDY_210213.pdf>. Supra note 13.

85
Supra note 9, at 256.
86
(5th Edn., Universal Law Publication, 2012).
87 Minny Narang and Gunjan Jain, supra note 4.

88
Ministry of Communication and Information Technology, National Cyber Security Policy, 2013, File No. 2(35)/2011-CERT-In (29-10-
2014), <http : //deity.gov.in/sites/upload_files/dit/files/National%20Cyber%20Security%20Policy%20(1).pdf>.
Disclaimer: While every effort is made to avoid any mistake or omission, this casenote/ headnote/ judgment/ act/ rule/ regulation/ circular/ notification is being circulated on
the condition and understanding that the publisher would not be liable in any manner by reason of any mistake or omission or for any action taken or omitted to be taken or
advice rendered or accepted on the basis of this casenote/ headnote/ judgment/ act/ rule/ regulation/ circular/ notification. All disputes will be subject exclusively to
jurisdiction of courts, tribunals and forums at Lucknow only. The authenticity of this text must be verified from the original source.