Prosecution Cannot Force an Accused To Divulge Password of His Electronic Device: CBI Court
Tushar Kohli (The Leaflet) 02 November 2022
An accused cannot be forced to reveal the password of his electronic devices after they are seized by an investigative agency, held a Special CBI Court in Delhi. The judge, Naresh Kumar Laka, stated that compelling an accused to do so goes against the protection from self-incrimination under Article 20(3).
 
In the present case, a computer was seized by the Central Bureau of Investigation (CBI) from the custody of the accused and sent to a Central Forensic Science Laboratory (CSFL). However, the data from his computer could not be obtained for want of a password.  
 
Thereafter, the agency filed an application seeking the court to direct the accused to disclose the required password.
 
The court accepted the accused’s plea that the CBI had not mentioned any specific provisions of Cr.P.C. in the present application, observing further that Criminal Courts at the District level do not have any inherent power to pass an order giving  relief to a party in the absence of application of any specific statutory provision.
 
However, it expressly allowed the Investigative Officer  “access to the data of the computer seized from the accused with the help of a specialized agency or person at the risk of accused for loss of data, if any.”
 
Right to maintain silence
 
The public prosecutor for the CBI submitted that such direction can be given to the accused as he is currently out on bail on the condition that he will cooperate in the investigation as and when required.
 
The court, however, held that the accused had a right to maintain silence as per Article 20(3) of the Constitution as well as Section 161 (2) of Cr.P.C. and, therefore, cannot be compelled to disclose his password which would tantamount giving of self-incriminating testimony.
 
The Article 20(3) states “no person accused of an offence shall be compelled to be a witness against himself“. Meanwhile, Section 161(1)&(2) prescribes that when a person is being examined by an Investigating Officer, they are bound to answer questions truly, except when it involves information “which may have a tendency to expose an accused to a criminal charge, penalty or forfeiture”.
 
Court cites Selvi, Puttaswamy judgments
 
The court also discussed what amounts to self-incriminatory testimony in light of the Supreme Court’s judgments in Selvi versus State of Karnataka (2010) and K.S. Puttaswamy versus Union of India (2017).
 
The Supreme Court in Selvi had ruled that compelling an accused to go through neuroscientific investigative techniques such as lie detector tests and narco-analysis constituted testimonial compulsion and violated their right against self-incrimination under Article 20(3), and their right to life and personal liberty under Article 21.
 
The Supreme Court had stated that for a testimony to be considered self-incriminatory, “it must be of such a character that by itself it should have the tendency of incriminating the accused, if not also of actually doing so.”
 
Citing the Selvi judgment, the CBI Court stated that considering that the forensic techniques dealt with in Selvi involved acquiring “personal knowledge” from an accused, the same logic applies to passwords sought in the present case.
 
The CBI Court had cited the Karnataka HC  in Virendra Khanna versus State of Karnataka (2021) that held that investigative agencies had the right to seek both passwords and biometrics, but noted that the High Court had either ignored or not kept in mind the observations in Selvi.
 
The court made a distinction between passwords and biometrics, keeping in view the provisions of the recent Criminal Procedure (Identification) Act, 2022. In the said Act, the word ‘measurement’ has been used for referring to various physical evidence which is generally required by the investigating agency from the accused, but it does not include passwords.
 
The accused had cited the Puttaswamy judgment to contend that the said computer system may contain private data of the accused and if revealed to the investigating agency, it may interfere with his privacy. The CBI Court did not, however, find the present application in complete violation of the judgment.
 
Relevance in the ongoing investigation against The Wire editors
 
The CBI court’s decision, though in a different case, is highly relevant in the context of the Delhi Police’s obtaining of the passwords of the electronic devices seized from The Wire’s editors, Siddharth Varadarajan, M.K.Venu, Siddharth Bhatia and deputy editor, Jahnavi Sen, apart from its product-cum-business head, Mithun Kidambi, pursuant to a Section 91 (under Cr.P.C) notice issued in relation to an FIR lodged against them by the BJP leader, Amit Malaviya. 
 
Although all the five cooperated and gave over the devices sought along with their passwords, they also placed on record their demand for the hash value of the phones, computers and iPads seized and for cloned copies of the devices seized to be kept at a neutral place.  The hash value is a unique numerical value used to ensure the integrity of a device and its data.
 
Read the order here.
 
(Tushar Kohli is a journalist based in Delhi and Mohali.)
 
Comments
77% kids signing up on social media platforms with fake date of birth
IANS 12 October 2022
More than one-third of children between age 8 and 17 are using various social media platforms after signing up with fake dates of birth and these platforms are unable to stop this practice, the UK's media watchdog Ofcom said on...
Free Helpline
Legal Credit
Feedback