Bhuvana Marni
Published on: November 03, 2022 at 22:38 IST
In light of the protection provided by Article 20(3) of the Constitution, a Special Central Bureau of Investigation (CBI) Court in Delhi recently ruled that an accused cannot be compelled to provide the investigating agency with the password to his electronic device.
However, Special Judge Naresh Kumar Laka made it clear that the investigating officer had every right to acquire such information with the help of professionals.
In the order, it was underlined that the CBI’s request for the relevant information was dismissed.
“Accused cannot be compelled to give such information and in this regard he is protected by Article 20(3) of the Constitution of India as well as Section 161(2) of the Code of Criminal Procedure (CrPC).”
“However, the IO is within his right to access the data of the computer system and its soft-wares which were seized from the accused with the help of specialized agency or person at the risk of accused for loss of data, if any.”
Article 20(3) of the Constitution provides that no person accused of any offence shall be compelled to be a witness against himself, whereas Section 161 (2) of CrPC reads,
“Such person (an accused or a witness) shall be bound to answer truly all questions, other than questions the answers to which would have a tendency to expose him to a criminal charge or to a penalty or forfeiture.”
The “interesting topic” the Court was debating concerned the investigating agency’s right to seek the passwords for both the computer system and the Tally software that had been taken from the accused.
Even though the CBI did not specify a specific provision of the CrPC as the reason for which it was seeking the accused for the password, the Court stated that it was a settled principle of law that a plea should not be dismissed out of hand in the absence of a specific clause or even when the wrong provision of the law was cited.
“However, the said provisions like any other statutory legislation or delegated laws/rules are always subject to Constitutional law especially the Fundamental Rights as given, inter alia, in Article 20(3) of the Constitution of India which gives protection to the persons who are accused of committing criminal offences to maintain silence when they are compelled to give self-incriminating testimony,” the Court held.
The Court cited a number of Supreme Court judgments before coming to the conclusion that the information the accused was trying to disclose required the application of mental faculties or memory and was solely dependent on personal mental effort or knowledge.
Therefore, as stated in the Supreme Court’s ruling in State of Bombay vs. Kathi Kalu Oghad, the information required fell within the category of “testimonial fact.”
In that decision, the Supreme Court established the criteria for determining whether data or evidence falls under the heading of “testimonial fact.”
According to the Court, asking an accused person for a computer system password to access data was not the same as performing a comparison or identification. Thus,
“The fact of the first category may be based on the oral or written statement of an accused but they can still be compelled for the purpose of identification or comparison with facts and materials which are already in the possession of the investigating agency.”
“Article 20(3) can be invoked when the statements are likely to lead to incrimination by themselves or “furnish a link in the chain of evidence” needed to do so but not for comparison/identification with other evidence.”
It added, “In the case of Narco Analysis/Lie Detection Test, the Hon’ble Supreme Court of India has held that such procedure involves personal knowledge of the accused, therefore, this cannot be done without his consent. The same logic applies to a password which is sought in this case as it also involves the import of personal knowledge…”
The Court decided that the same rule also applies to sketching a pattern as a security feature on a mobile phone or other electronic devices since doing so involves the use of one’s personal knowledge and mental energy.
Although the Karnataka High Court ruled in Virendra Khanna vs. State of Karnataka that a password and biometrics are the same, the court stated that the recent enactment of the Criminal Procedure (Identification) Act, 2022 required a different approach to be used for the accused’s password and biometrics.
The Court noted that despite the fact that the legislator left the words “password” and/or “user ID” in the definition of “measurement” and anywhere else in the 2022 Act, the police and the Magistrate still have the power to order an accused person to provide his biometrics as specified in the definition of “measurement,”.
“In other words, said biometrics can be taken from an accused and used for the opening of mobile phone/computer system/email/software applications, etc. by the police agency, wherever the such need arises for a fair investigation…”
It’s interesting that the Court cited US law, according to which evidence collected illegally cannot be relied upon in a court of law under the “fruit of the poisoned tree” theory.
However, it noted that in India, even if evidence was obtained by the use of illegal methods or by ignoring established procedures of law, it might still be utilized under certain conditions.
“Therefore, there is a risk of the Constitutional Right under Article 20(3) of the Constitution of India being jeopardized if the such request of the IO to compel an accused to provide his password is allowed because once his data is accessed/opened by IO and if it reveals something incriminating, it may be read against the accused,” it added.
Case Title: CBI vs. Mahesh Kumar Sharma & Ors.