Almost three years ago, in the wee hours of the 6th of June, 2018, Rona Wilson & Surendra Gadling, along with three other human rights activists, were booked and arrested under the provisions of the Unlawful Activities (Prevention) Act, 1967, or UAPA, as we colloquially call it. The grounds of arrest were pretty straightforward – sharing of controversial pamphlets & delivering hate speeches with respect to the Bhima-Koregaon/Elgar Parishad incident which took place in the January of 2018; which in the eyes of many deemed to carry the potential of incitement against public safety & security. So far, so good.
Surprisingly, there was an abrupt switch in the nodal investigating authority in the case. In the January of 2020, the inquiry was abruptly and astonishingly transferred from the hands of the Pune Police to a central agency, the National Investigation Authority (“NIA”). Incidentally, three months before this shift of authority from the Pune Police to the NIA, there was a repositioning of the power axis in Maharashtra, with a new State Government of the Shiv Sena-Nationalist Congress Party-Indian National Congress alliance coming to power. But, I desist from any further politicking beyond this point – this piece isn’t about that.
This leitmotif of this piece is about making sense and bringing clarity in the bewildering series of events that follow in the course of the Pune Police-NIA investigation; and, especially in the light of Project Pegasus and the concerns of Big-Brother surveillance, this piece underscores the underlying message that there is always a price someone else has to pay for the blatant indifference of another – a stirring saga of how the silence of the society comes at an extortionate cost. And, more often than not, such cost is paid in the currency of a loss of accountability, or the due process of Law.
JUSTICE? EQUITY? GOOD CONSCIENCE? WHERE?
A newly published cyber-forensic report by the U.S.-based Arsenal Consulting alleges that the computer resource of one of the accused, Surendra Gadling, was hacked into way before his arrest, and that evidence was fabricated and manufactured after such hacking, which led to his arrest finally in 2018.
In the past, Arsenal Consulting had carried out a similar study on the hard disks that belonged to Rona Wilson, and the findings had posed some serious questions on the veracity and the credibility of the evidence that was found in Wilson’s computer.
Now, the importance of these recent developments stems from the fact that the case of Bhima Koregaon is dependent entirely on “specific information” that the police supposedly found on Wilson’s and Gadling’s laptops – making this case probably the very first of its kind where the entirety of the Prosecution’s case relies on electronic evidence.
Such specific information, mostly in the form of letters, cannot be authenticated or verified by orthodox or conventional means – hence, since these letters are in an electronic format, their validity & genuineness require offbeat & unconventional mechanisms of authentication. Therefore, digital documents carry with them the need for a forensic investigation in accordance with applicable laws & regulations – which ordinarily physical or hard format documents don’t (since they can be validated by comparatively undemanding procedures such as ‘handwriting inspection’, ‘signature authentication’ or ‘fingerprint recognition.)
From a jurisdictionally comparative perspective, the legal systems of several Nations have scrapped such laws & legislations which depend entirely on adducing electronic documents as the only evidence that can be admissible in criminal matters. The reason behind such scrapping is the high risk-potential that electronic evidence carries of being manipulated, distorted, or fabricated by any person who has a rudimentary understanding of coding and who can somehow get remote access to a computer resource. After all, there is a glaring difference between the meteoric expansion of Technology and the snail-pace catching of the Law to such augmentation. And, India stands no exception to such a mismatch.
Coming back, what Arsenal’s discovery showcases is that the letters placed into the computer systems of the accused, especially of Wilson & Gadling, was done using the ‘NetWire’ spyware.
From a legal standpoint, the provisions of Section 65B of the Indian Evidence Act, 1872 (“Evidence Act”) mandate that prior to taking into consideration or admission any design or description of electronic evidence, a complete and comprehensive forensic scrutiny must be undertaken to identify and weed out any malicious software component (like, malware, spyware, virus, etc.) from the computer resource – and only after such auditing and elimination are undertaken, will the said electronic evidence be deemed to be legally admissible as a piece of evidence.
Nonetheless, and quite ironically, in the Bhima-Koregaon case, the aforementioned provision was turned a blind eye to. Baffling as it is, the charge sheet issued in the matter reveals that there has absolutely been no attempt which has been made to eliminate malware from the computer resources which have been seized – and the law enforcement agencies did not even justify their stand either on why there was such a blatant disregard to the conditional necessities of Section 65B of the Evidence Act when this particular question arose in the Court.
The Rule of Law specifies that every accused charged with misfeasance is legally empowered to be informed of the reasons for such a charge being levied against him/her and to be provided with a copy of all the shreds of evidence adduced, which led to the framing of such charges – the very mise en scene of Section 207 of Code of Criminal Procedure, 1973 (“Criminal Procedure Code”). Hence, in the ordinary course of Law, an accused could not have been continually detained without the grounds of such detaining and the allied evidence being brought to his/her notice – and, this is perhaps what makes the entire Bhima-Koregaon case so extraordinarily baffling, as the entirety of the integrity that law enforcement agencies ought to carry in their actions and operations, has gone for a dismal toss!
Back in 2018, the hard disks that were seized by the police from its raids on the residences of the activists served to be the entire premise on which the Prosecution built its legal case. Every hard-disk drive, just like any other electronic storage device, has a specific code associated with it, which distinguishes it from other such storage devices. Interestingly, this code, which runs into 16 figures, can be altered with the minutest modification in the computer resource the hard disk is a part of – and for this very reason, it is imperative that once a hard disk or any other storage device is seized by a law enforcement agency, the 16-figure code should be recorded post-haste and the owner of such a device is furnished with a copy of the same. Such recording of the code and the notification of the same to the owner is of high importance owing to the fact that in case there happens to be any alteration or modification in the confiscated device after the same is seized – then, such a change in the code would not place an onus or liability on the shoulders of the owner, but on the agency which confiscated it in the first place, thereby ensuring a proper system of checks-and-balances in place.
And, woe be on us and on this legal system, for it took a good two long-drawn-out years for the incarcerated in the Bhima-Koregaon case to come into possession of mirror-or clone-copies of such hard disks. What is even more upsetting is that the Pune Police, although partnered with a celebrated cohort of forensic analysts, still did not draw an account of or notify the accused of the 16-figure code embedded in the seized storage devices.
THE ARSENAL REPORTING: THE OPENING OF THE PANDORRA’S BOX
The Report of Arsenal Consulting speaks of a barrage of unauthorized and unethical control, via the NetWire spyware, of Surendra Gadling’s computer resource from February 29, 2016, to October 22, 2017 – all in all, 20 whole months in which the hacker had a free-pass to document and collect data from the said computer-system.
In addition to the collection of data, several folders and sub-folders were artificially inserted in Gadling’s system – and such folders and sub-folders were camouflaged so secretively and concealed so deep into the system that it would have been near-impossible for any layman to realize that such documents exist in the first place. To add on, the Report states that several of these folders & sub-folders were never even visited by the accused.
Please read concluding on thedailyguardian.com
The contentious documents which have been the root of this high-octane matter are inter alia certain correspondence on the lines of launching an assassination attempt at the Hon’ble Prime Minister, and on the acquirement of weaponry for the purposes detrimental to the public order & national security of the country.
So, how does the NetWire function?
Let me draw a parallel here to help explain better what the NetWire spyware is, and what its modus operandum looks like. Remote access software programs, like ‘AnyDesk’, have garnered quite the popularity in the post-pandemic way of operating; especially, in the professional-front – basically, via remote access software applications, one user can permit or take permission from another user to gain access of the latter’s computer-system.
NetWire functions quite similarly to such remote access applications, albeit with one small catch – consent of another user is not a condition precedent in the manner in which this spyware takes access of the computer system of the said user. The spyware takes a clandestine entrance to the computer system and hands the access to such system to the attacker, with the user having no wind of such cyber-sabotage happening, at all!
Spywares like the NetWire come under the umbrella bracket of ‘Remote Access Trojans’ (“RAT”), wherein while a particular user would be carrying out an operation with his/her computer system, the attacker would be manipulating the same system in the background. Perhaps, this may make you ask – when a software application like ‘Any Desk’ functions in a manner that keeps the user apprised of the conduct with which the computer system is being operated, then how does NetWire manage to override this modality? The answer lies in the nuance of the operability of a RAT and in the way it takes control, which is by gaining remote access by way of command prompts and not through the employment of clearly conspicuous means like the keyboard-mouse functionality (which applications like AnyDesk exercise) – and thus, the user is almost always is in the dark of the fraudulent exploitation of the system concerned. As food for thought, although subject to further cyber-forensic scrutiny of the hard-disks and other storage devices belonging to Gadling and Wilson so seized by the Pune Police, the possibility of artificial positioning of documents in the said storage devices is glaring.
Sangrifroid: Carefree in the face of Crisis
With the news of the NetWire hitting the headlines, the floodgates for allegations and counter-allegations opened and inundated to the brim all conversations surrounding the Bhima-Koregaon case. However, in the middle of this clamorous commotion, a very particular legal question of consequential value came to the fore.
The said question revolves around whether the Report of Arsenal Consulting, which is a foreign entity, holds legal ground in a domestic Indian Court – and, if it does, then can Arsenal Consulting be considered to be an ‘Expert’ in the Indian legal framework? Let us consider this – it matters not where a particular Report emanates from, or who creates it; as long as the Report in question can be proven to be of material importance in a domestic Court of Law in India. As a matter of practice, the reports of several Indian forensic experts are premised on forensic tools procured from foreign companies & firms – notable of such foreign tools being the ‘EnCase’ software program, a design of the Canadian OpenText Corp.
Additionally, Section 45 of the Evidence Act posits the understanding that in the Indian legal jurisprudence, there lies no major demarcation between the value accorded to the expert opinions of an Indian forensic analyst and a Foreign forensic analyst. Hence, the standard of expertise is not established on the ground of residence, operation, or domicile – but, such standard hinges on the expertise and competence of the Expert in consideration. To buttress this assertion, let us take the case in point of the 2010 matter of Malay Ganguly v. Dr. Sukumar Mukherjee, wherein the Apex Court allowed the scrutiny of the expert-opinions of foreign medical specialists via the means of video-conferencing – hence, precedence, not just in Law but also in practice, lies in giving validation to the opinion of foreign-experts; which, in turn, will go a long way in guiding and preserving the ethos of Justice in the Bhima-Koregaon case. After all, even before the concerned Trial Court gets an opportunity to adjudicate on the validity of the digital evidence and of the bona fides of the Arsenal Consulting-Report – many, many years would have passed wherein the arraigned would have been left to languish in a cell of 4.5×2.7 meters in actuality, and perhaps be left trapped in a cell far more crippling in their mind.
When law enforcement agencies, like the NIA, or the Economic Offences Wing, or the Enforcement Directorate, make arrests solely on the foundational premise of digitally adduced evidence, the legal provisions governing such arrests warrant for imprisonment for seven years or more; and taking the ground reality into consideration, a ruthlessly draconian and despotic legislation like the UAPA often plays the trick to ensure that the Right to Personal Liberty under Article 21 of the Constitution, and its extension of a Right to Bail, slowly and sneakily perverse into a pipe dream – thereby, reversing the entire concept of “bail is the rule, and jail is the exception” on its head to “jail is the rule, and bail is the exception”. Hence, the first order of business should be to add safeguards and to ensure a nuanced and intricate detailing of Section 65B of the Evidence Act and the issuance of the “65B Certificate” under the said provision – thereby ensuring that unlawful arrests based exclusively on digital evidence be put a stop to.
All policies are made primarily by the Executive machinery, bolstered by the Legislative fraternity, to safeguard “public morality, public order, and national security”, with the principal considerations of securing the rights of its subjects being the sine qua non. However, the banality of the customary cogs of bureaucracy has blinded our legal representatives, our law enforcement agencies, the Courts, and our prison-set up from empathizing with the patent dereliction of the incarceration of Rona Wilson and Surendra Gadling, among so many other names and faces which have gone or will go down the annals of history as mere “case files”.
A collapsed system that asks its critics to have faith in it – this illegality, is in our name.