A Special Central Bureau of Investigation (CBI) Court in Delhi on Monday held that an accused could not be forced to provide passwords for his electronic gadgets including his computer or mobile which are seized in during the investigation.
The court noted that the same may amount to compelling the accused to give self-incriminating testimony which ultimately violates his rights and protection guaranteed under Article 20(3) of the Indian Constitution.
However, Justice Naresh Kumar Laka made it clear that investigation officers were within their right to access such information with the help of experts.
While dismissing the petition filed by CBI, the Court noted, “Accused cannot be compelled to give such information and in this regard, he is protected by Article 20(3) of the Constitution of India as well as Section 161(2) of the Code of Criminal Procedure (CrPC). However, the IO is within his right to access the data of the computer system and its soft-wares which were seized from the accused with the help of specialised agency or person at the risk of accused for loss of data, if any.”
As per Article 20(3), no person accused of any offence shall be compelled to be a witness against himself, whereas Section 161 (2) of CrPC reads, “Such person (an accused or a witness) shall be bound to answer truly all questions, other than questions the answers to which would have a tendency to expose him to a criminal charge or to a penalty or forfeiture.”
The Court was of the opinion that Section 102 (power of police officer to seize certain property) and Section 161 (examination of witnesses by police) of CrPC read with Section 91 (summons to produce document or other thing) CrPC or such provisions that relate to “investigation” as given in Criminal Procedure Code.
The Court noted, “However, the said provisions like any other statutory legislation or delegated laws/rules are always subject to Constitutional law especially the Fundamental Rights as given, inter alia, in Article 20(3) of the Constitution of India which gives protection to the persons who are accused of committing criminal offences to maintain silence when they are compelled to give self-incriminating testimony.”
Referring to the Supreme Court’s decision in State of Bombay v. Kathi Kalu Oghad, the court considered it in the category of “testimonial fact”. In the Court’s view, eliciting the password of a computer system from an accused for accessing data was not akin to carrying out a comparison or identification.
The Court noted, “The fact of first category may be based on oral or written statement of an accused but they can still be compelled for the purpose of identification or comparison with facts and materials which are already in the possession of the investigating agency. The Article 20(3) can be invoked when the statements are likely to lead to incrimination by themselves or “furnish a link in the chain of evidence” needed to do so but not for comparision/identification with other evidence.”
“In the case of Narco Analysis/Lie Detection Test, the Hon’ble Supreme Court of India has held that such procedure involves personal knowledge of the accused, therefore, this cannot be done without his consent. Same logic applies to an password which is sought in this case as it also involves import of personal knowledge,” it added.
The Court held that the same will also apply to drawing of a pattern as a security feature on a mobile phone or other electronic device, since the same requires the application of mind and personal knowledge.
In the Karnataka High Court’s decision in Virendra Khanna v. State of Karnataka, it was held that biometrics and password are one and the same. However, the recent enactment of the Criminal Procedure (Identification) Act, 2022 called for a different approach toward the biometrics and password of the accused.
The Court stated that though the legislature did not include the words “password” and/or user ID in the definition of “measurement” or anywhere else in the 2022 Act, powers have been given to the police and the Magistrate to direct an accused to provide his biometrics as mentioned in the definition of “measurement”.
It added, “In other words, said biometrics can be taken from an accused and used for opening of mobile phone/computer system/email/software applications, etc. by the police agency, wherever such need arises for a fair investigation.”
The bench also referred to the US law where evidence obtained through illegal means cannot be relied in a court of law based on the doctrine of ‘fruit of the poisoned tree’. However, in India, if evidence is obtained through illegal means or by not following the procedure of law, it can still be used in certain circumstances.
The bench went on to add, “Therefore, there is a risk of the Constitutional Right under Article 20(3) of the Constitution of India being jeopardised if such request of the IO to compel an accused to provide his password is allowed because once his data is accessed/opened by IO and if it reveals something incriminating, it may be read against the accused.”