Sunday, September 13, 2020

Cyber Security Threats in Online Schooling or Colleging

 Cyber Security Threats in Online Schooling and Colleging

With all the talk about washing hands, students need to also think about how to practise good cyber hygiene using encryption, VPNs, software updates and password management. Software that takes over a device can expose the user to spyware, malware or data exfiltration that can compromise health and personal information, or academic research and intellectual property in a competitive field.

With more teachers and students online, particularly if they’re doing it from less controlled environments outside of the school, the attack surface of the school community is increased, Schools and Universities tend to be quite careful about doing intrusion detection, and putting up fairly sophisticated access controls.

Threat from Zoom Video meetings

Video-teleconferencing platform Zoom has security and privacy issues, prompting Indian Government and later even New York’s Department of Education to ban its use as a digital classroom, Singapore banned teachers from using Zoom after hackers crashed sessions, sharing obscene images and making lewd comments. Yes but in India schools and colleges which charge their student's considerable fees yet use free Zoom and bring the whole family of a student at Privacy risk.

Hijacking control of Zoom calls, also called “Zoom-bombing,” In Chandigarh, when a science teacher was about to begin a lecture on the reproductive system for her Class X students over video conferencing app Zoom. The teacher had recently learned how to use the app from her son. After about 45 students had joined the session, the teacher locked the conference room and stepped out to do a final audio and video test on her son’s computer. While she was away, a pornographic movie began playing on the screen from a student’s screen. It took almost five minutes for the teacher to realize what was happening and rush back to end the session. The victim girl from whose screen the movie was shared has been traumatized due to repeated questioning by school authorities and classmates and is reluctant to rejoin the school after the lockdown ends, just imagine the trauma.

The pandemic era is creating an apparent gold mine for cyber spies, according to an April report co-authored by researchers Bill Marczak and John Scott-Railton, based at The Citizen Lab research centre at the University of Toronto. The researchers found vulnerabilities with Zoom’s encryption and “waiting room” feature, which it had raised with the company.

    Screengrab of Zoom encryption in The Citizen Lab's April report. Photo via

What Can be done more

It’s often not the technology that fails. It’s teachers and students behaving in ways that put educational institutions at risk by not using a complex password or showing reluctance to using multifactor authentication, These are the kinds of simple behaviours that we emphasize but often aren’t followed across school systems, where sometimes convenience wins over cybersecurity hygiene.

That’s why educating teachers and students is so important, especially with looming budget cuts that may affect spending on security improvements such as firewall upgrades and higher-level endpoint protection,  But that training needs to be ongoing and should include everyone in an educational institution. cyber awareness training can cover basics like creating strong passwords, social engineering, social media behaviour and about phishing attacks.

Not just one session at the start of the school or college year, I mean ongoing messaging throughout the year that makes cyber safety a part of the school culture and is embedded in how we teach and how we learn, The key learning piece is that you can’t treat cybersecurity as a one-and-done. It’s not a checklist that you go through, because the next day, the entire environment has changed.

Tuesday, September 8, 2020

Types of digital wallet frauds

Digital Wallets unawareness and greed  have created an enabling environment for fraud, the explosion of smartphones with internet and multiple modes of payment through apps. While there is enough protection built into UPI and card payments, fraudsters use various tricks to get users to part with critical information. 

Methods used by tricksters range from payment requests made on the Unified Payments Interface (UPI) to sharing of QR codes on WhatsApp. Here are some common ones doing the rounds.

1.  Pre approved link fraud
Fraudsters misuse the request feature on UPI by sending fake payment requests with messages like ‘Enter your UPI PIN to receive money, “Payment successful receive Rs. xxx” etc. You need to enter PIN only for sending money.
Do not: 'Pay' or enter your UPI pin to receive money.
2. QR Code Fraud
Fraudsters share a QR code over WhatsApp asking for the code to be scanned to receive money in their account. This QR code, a feature in some UPI apps, is in fact a collect request and scanning and entering your PIN is acceding to their request. Again you need to scan QR only to make payments.
Do not: Share card number, expiry date, PIN, OTP etc. with anyone.
3. Remote Desktop sharing app fraud
Fraudsters ask users to install screen-sharing apps such as Screenshare, Anydesk, Teamviewer and use them to get access to bank credentials. These apps are not malware, but they do grant access of your mobile data to the third party.
Do not: Download third-party apps such as Screenshare, Anydesk, Teamviewer to enable/receive payments.
4. Impersonation Fraud
Fraudsters track complaints in social media and share fake contacts or impersonate bankers or RBI officials in response to a post and ask for confidential information which no banker is supposed to ask for.
Do not: Search for helpline numbers on Google, Facebook, Twitter. Instead, check the official website.
5. Sim swap fraud
Fraudsters manage to get a duplicate SIM which provides them access to one-time passwords. They do this by pretending to be from a mobile company and asking you to forward an SMS containing the SIM card number to activate the duplicate SIM.
Do not: Respond to texts, emails from unknown addresses to click on links.

Wednesday, August 12, 2020

Strategic Cybersecurity Thinking

Strategic Cybersecurity Thinking

The ability to come up with effective plans in line with an organization's objectives within a particular cybersecurity situation. Strategic thinking helps cybersecurity managers review policy issues, perform long term planning, set goals and determine priorities, and identify potential risks and opportunities.

Clearly, there needs to be a clear strategy as to what needs to be done with respect to security. Such a strategy should determine the policies and procedures. However in practice rarely a strategy for security is created. Most emphasis is placed on policies, implementation of which is generally relegated to the lowest levels. Rather it is assumed that most people will follow the policy that is created. 

A strategic cybersecurity programme does not begin with tools and tactics, but with an articulation of one or more programme goals. Sun Tzu once said in The Art of War: “If you know the enemy and know yourself, you need not fear the result of a hundred battles.” Essentially this means that before you start with strategic planning you have to know what you are and what you are not because the way you operate can either make or break a successful execution. First, the strategy-minded CISO gets executive buy-in to those goals. To that end, the CISO must incorporate all levels of strategic thought, starting with the board and CEO – everyone must feel ownership and participation. 

The smart CISO recognises that security is a journey, not a destination, and that relationship building requires an ability to translate between technical and non-technical vocabularies. The CISO ensures that the programme goals accurately govern the objectives of the enterprise’s digital security programme. In our scenario, the CISO, board, and CEO all agree that, with respect to intellectual property, trade secrets, and sensitive data, the new policy goal is to minimise loss due to intrusion. 

This statement implies that everyone understands that stopping all adversaries and all attacks is simply not possible, especially when dealing with nation-state actors and some advanced criminal groups. The primary objective of this exercise is to achieve consensus on a simply stated, non-technical programme goal. No in-depth technical discussion is needed to achieve consensus, although the CISO must ensure that all goals, policies, and strategies are technically feasible. With a mandate in hand, the CISO can confidently work with his or her security team to plan the necessary operations and campaigns and, if necessary, acquire new tools and tactics to facilitate them. Together, they decide to implement a network security monitoring (NSM) operation, defined as the collection and escalation of indications and warnings to detect and respond to intruders. 

The security team begins the long-term, strategic process of hunting for hostile cyberattack campaigns, encompassing both known and unknown intrusion patterns. The CISO, board, and CEO all agree that a second programme goal is a rapid detection, response, and containment of cyber threats. This goal helps to ensure that when intruders breach the perimeter defences, the game is far from over. 

Defenders can still win, so long as they contain the threat before the attacker can accomplish his or her ultimate mission. Therefore, the security team will develop strategies to identify compromises quickly, determine their nature, give them some level of attribution, and above all develop a plan to stop the attacker from accomplishing his or her mission. At the tactical level of individual engagements with the adversary – the equivalent of battles in war – the security team will have myriad decisions to make, including whether to dislodge the intruder immediately or whether to watch the intruder for a time in order to collect valuable intelligence.

Some tactics govern how specific tools or techniques can be used, such as when Star Trek personnel switch their hand phasers between ‘stun’ and ‘kill’. As always, the adversary gets a say in what happens, but from the enterprise’s point of view, programme goals, policies, and guidelines should be written to govern this entire process.

Saturday, August 1, 2020

Legal Framework for e-pharmacy in India

E-pharmacy or Online Medical Shop : Legal Framework in India

In India, 50-plus e-pharmacies including Medlife, 1MG, NetMeds, PharmEasy and others continue to do online sale-purchase of drugs, medicines, etc. even today. Because they have physical medical stores that are licensed to sell drugs.

In India, the legal and regulatory provisions for manufacture and sale of medicines are covered under the Drugs and Cosmetics Act, 1940 (D&C Act), Drugs and Cosmetics Rules, 1945 (D&C Rule), Pharmacy Act, 1948, The Information Technology Act, 2000 (IT Act,2000)., Indian Medical Act, 1956 and Code of Ethics Regulations, 2002, Narcotic Drug and Psychotropic Substances Act, 1985 and Drugs and Magic Remedies (Objectionable Advertisement) Act, 1954. Consumer Protection (E-Commerce) Rules, 2020

However, these donot define the regulations for online sale and monitoring of pharmaceutical medicines clearly. Accordingly, various stakeholders approached the government which then constituted an expert committee under the chairmanship of Maharashtra’s ex-Food and Drug Commissioner Dr. Harshdeep Kamble in the 2015, to assess the possibility of online pharmacy sector in India. After continued discussions and various deliberations, the Ministry of Health and Family Welfare vide its notification G.S.R. 817 (E) dated August 28, 2018 came out with a draft to amend the Drugs and Cosmetics Rules, 1945 (“Rules”).

The Draft Rules include certain provisions added Part VIB for sale of drug by e-pharmacy. Under the draft rules, the term ‘e-pharmacy’ has been introduced to define it as the business of distribution or sale, stock, exhibit or offer for sale of drugs through a web portal or any other electronic mode. Further, the terms ‘e-pharmacy portal’ and ‘sale by way of e-pharmacy’ has been suitably defined.

In addition, provisions for application for registration and its validity; conditions for registration imposed on the e-pharmacy like location, disclosure of information, procedure for distribution and sale etc. were provided. Certain restrictions are imposed on the e-pharmacy which include the prohibition of advertisement any drugs on radio, television, internet, print or any other media for any purpose; and restriction on dealing in narcotic and psychotropic drugs as defined under the Narcotic Drugs and Psychotropic Substances Act, 1985, tranquilizers and the drugs specified in the Schedule X of the Rules.

Additionally, monitoring of e-pharmacy, complaint redressal mechanism has been introduced which provides the rights to file a complaint to the state drugs controller (the “Drugs Controller”) for any suspicion of supply of non-standard quality, adulterated or misbranded drugs through the e-pharmacy besides the Consumer Protection Act, 1986. However, the Draft Rules are still pending for approval.

Delhi and Madras High Court orders

Pursuant to issuance of the Draft Rules, various petitions were filed in Delhi and Madras High Court(s) seeking a ban on all e-pharmacy operations, due to public safety.

Later, the Madras High Court pronounced a decision for temporarily banning the online sale of drug and also directed the government to notify the regulations by January 31, 2019 on a petition filed by Tamil Nadu Chemists and Druggists Association,which was later extended by July 31, 2019.

Further, in an official letter dated November 28, 2019, the Drugs Controller General of India (DCGI) issued a notification to all drug Controllers to enforce an order given by Delhi High Court in December 2018 in the case of Zaheer Ahmed v.Union of India which prohibited the online sales of medicines without a valid license. The order was given in response to a public interest litigation (PIL) filed by Delhi-based dermatologist Dr. Zaheer Ahmed who submitted that in absence of monitoring, online sale of medicines would be a risk to patients and doctors.

The said letter is the latest progress about development of e-pharmacy policy and regulation in India, which seems to be reconfirming the existing position of the scenario that online sale should not be done by the pharmacies not having valid license for the same.

The Drug Controller General of India (DGCI) had formed a panel to look into the issue of online drug sales and even suggested the licensing of pharmacies three years ago. As per the draft guidelines which have yet to become law, e-pharmacies will need to register with the DCGI for a fee of Rs 50,000, which will be valid for three years.

In these rules, there are several stringent clauses that prevent e-pharmacies from selling narcotic drugs, tranquillisers, and Schedule X drugs. They also cannot advertise any drugs on their portals. Periodic inspections and stringent penalties for violators are prescribed. Basically, the e-pharmacy draft rules will provide sector-specific e-commerce regulations so as to harmonise existing laws/ guidelines which is similar to FSSAI guidelines for e-commerce food operators, etc. All are waiting for these rules to be notified.

Under the new Consumer Protection (E-Commerce) Rules, 2020, e-tailers have to compulsorily display details about return, refund, exchange, warranty and guarantee, delivery and shipment, modes of payment, and grievance redressal mechanism as well as the ‘country of origin’. Any e-commerce marketplace provider, whether local- or foreign-owned, cannot generate more than 25 percent of its total sales from a single vendor. 

Companies are also not allowed to “manipulate the price" of goods and services offered on their platforms to make “unreasonable profit", discriminate between consumers or make any arbitrary classification of consumers affecting their rights under the Act.

Tuesday, July 21, 2020

Jurisdiction of Courts under The IT Act,2000 : Case Law

Jurisdiction of Courts in India under The IT Act,2000

A Division Bench of the Allahabad High Court had occasion to deal with the statutory framework pertaining to data breaches in a proceeding for quashing of FIR. In Amit Kumar Jaduan v State of UP and others [MANU/UP/3289/2018] the court examined Sections 43, 47 and 66 of the Act. Some of the important observations of the court are summarised hereunder:

  • The act of default must have been committed without the permission of the person who is owner or a person-in-charge of the computer, computer system or computer network.

  • The act of the defendant must have caused some damage or loss to the person so affected.

  • The difference between Section 43 and 66 is that the pre-requisite of the latter is the existence of mens rea, while under Section 43 of the Act, it is whether the Act committed is without the permission of the owner or person who is in charge of the computer, computer network, or computer system

  • Simultaneous actions can be maintained under Section 43 (civil) and Section 66 (criminal) as there is no provision which bars the same.

  • While the jurisdiction of civil courts is barred for offences related to Section 43 and there is a special court in the form of an adjudicating authority under the Act to try offences under Chapter IX of the Act, there is no special court created for offences prescribed under chapter XI which consists of Sections 65 to 74 related to offences. Regular criminal courts (JMFC in non metropolitan region and MM Courts in metropolitan cities) will have the jurisdiction depending on their power to adjudicate depending upon the quantum of punishment prescribed in the Code of Criminal Procedure.

    Civil Proceedings instituted will go before an adjudicating officer (Section 46) He is the Principal IT Secratary of the State. Appeals from a decision of the adjudicating officer will go to the TDSAT (Section 57) at Delhi. Appeals from the decision of the TDSAT will go to the High Court (Section 62).

    To conclude lemme sum it up by an real life case example Which I handled.

    SVC Bank Limited a 2nd largest and oldest cooperative bank came to me with a Data Theft Case by a ex employee in connivance with some current employees.

    Criminal & Civil action which I took in Person : I & my team drafted and Liason with police to file an FIR (criminal) under S43(a),S43(b) read with S(66) of The IT Act,2000 and S408, S109 with S34 of the IPC . Then filed a civil suit for damages and compensation under S43(a) & S43(b) along with Injunction application to stop further spread of stolen data in the original side of Bombay High Court .( it was not filed with adjudication officer as the loss was more than ₹ 5 crores i.e. around 20 Cr. So if the place of crime is in Mumbai, Chennai, Kolkata  and Delhi the respective HC will have the jurisdiction or else it is the Civil Judge Senior Division CJSD in non metropolitan areas where the jurisdiction lies).I got the injunction against the accused and the Criminal trial is going on in the JMFC .

    Advocate (Dr.) Prashant Mali, PhD International Cyber Law & Cyber Warfare 

Sunday, July 19, 2020

Consumer Protection Act,2019: What’s New? What it Lacks?

The Consumer Protection Act, 2019 today becomes a Law in India: Whats New?

Why New Law was needed ?
New modes of business like telemarketing, direct selling, multilevel marketing, e-commerce etc which were not envisaged thirty years before and now had made consumers more vulnerable to unfair trade practices. Earlier, direct selling and multilevel marketing were regulated through guidelines issued by state governments and the consumer affairs ministry. This new Consumer Protection Act brings these activities in its fold. Besides expanding the scope of grievances that consumers can complain against, the new framework also gives the regulator suo moto powers. The 1986 Act had a three-tier structure that could be utilised by an aggrieved consumer for adjudicating any complaint. However, it did not provide for a regulator who could initiate or intervene on a preventive basis. For instance, direct product recalls or withdrawal of services which are dangerous or unsafe, directing discontinuation of unfair practices or reimbursement of the price of recalled goods and services to the consumers.

Definition of consumer: A consumer is defined as a person who buys any good or avails a service for a consideration.  It does not include a person who obtains a good for resale or a good or service for commercial purpose.  It covers transactions through all modes including offline, and online through electronic means, teleshopping, multi-level marketing or direct selling.

Rights of consumers: Six consumer rights have been defined in the Bill, including the right to: (i) be protected against marketing of goods and services which are hazardous to life and property; (ii) be informed of the quality, quantity, potency, purity, standard and price of goods or services; (iii) be assured of access to a variety of goods or services at competitive prices; and (iv) seek redressal against unfair or restrictive trade practices.

Central Consumer Protection Authority: The central government will set up a Central Consumer Protection Authority (CCPA) to promote, protect and enforce the rights of consumers.  It will regulate matters related to violation of consumer rights, unfair trade practices, and misleading advertisements.  The CCPA will have an investigation wing, headed by a Director-General, which may conduct inquiry or investigation into such violations.

CCPA will carry out the following functions, including: (i) inquiring into violations of consumer rights, investigating and launching prosecution at the appropriate forum; (ii) passing orders to recall goods or withdraw services that are hazardous, reimbursement of the price paid, and discontinuation of the unfair trade practices, as defined in the Bill; (iii) issuing directions to the concerned trader/ manufacturer/ endorser/ advertiser/ publisher to either discontinue a false or misleading advertisement, or modify it; (iv) imposing penalties, and; (v) issuing safety notices to consumers against unsafe goods and services.

Penalties for misleading advertisement: The CCPA may impose a penalty on a manufacturer or an endorser of up to Rs 10 lakh and imprisonment for up to two years for a false or misleading advertisement.  In case of a subsequent offence, the fine may extend to Rs 50 lakh and imprisonment of up to five years.

CCPA can also prohibit the endorser of a misleading advertisement from endorsing that particular product or service for a period of up to one year. For every subsequent offence, the period of prohibition may extend to three years.  However, there are certain exceptions when an endorser will not be held liable for such a penalty.

Consumer Disputes Redressal Commission: Consumer Disputes Redressal Commissions (CDRCs) will be set up at the district, state, and national levels.  A consumer can file a complaint with CDRCs in relation to: (i) unfair or restrictive trade practices; (ii) defective goods or services; (iii) overcharging or deceptive charging; and (iv) the offering of goods or services for sale which may be hazardous to life and safety.  Complaints against an unfair contract can be filed with only the State and National   Appeals from a District CDRC will be heard by the State CDRC.  Appeals from the State CDRC will be heard by the National CDRC.  Final appeal will lie before the Supreme Court.

Jurisdiction of CDRCs: The District CDRC will entertain complaints where value of goods and services does not exceed Rs one crore.  The State CDRC will entertain complaints when the value is more than Rs one crore but does not exceed Rs 10 crore.  Complaints with value of goods and services over Rs 10 crore will be entertained by the National CDRC.

Product liability: Product liability means the liability of a product manufacturer, service provider, or seller to compensate a consumer for any harm or injury caused by a defective good or deficient service.  To claim compensation, a consumer has to prove any one of the conditions for defect or deficiency, as given in the Bill. A product liability action will lie against the manufacturer if its product has manufacturing or design defects or if it deviates from manufacturing specifications or express warranties.

What the law lacks ?

Independence of these quasi-judicial bodies:

The Act empowers the central government to appoint, remove and prescribe conditions of service for members of the District, State, and National Consumer Disputes Redressal Commissions. The Act leaves the composition of the Commissions to the central government. This could affect the independence of these quasi-judicial bodies.


The Act delegates the power of deciding the qualifications of the Commission’s President and members to the central government. It is in contrast to the 1986 Act which specifies the minimum qualification of the members.

Unfair trade by rivals and penalizing misleading celebrity endorsement:

It does not include unfair trade practices by rival companies, which may negatively affect the sale of products.
The Act also hints at imposing penalties upon any celebrities who endorse misleading products and the extent of liability of advertisers or endorsers and celebrity rights and protection. The Act falls short on the extent of liability on stakeholders in such cases.

Suggestion for further Improvement
Ecommerce companies' first level grievance handling could be via ODR Online Dispute Resolution on their own platform in compliance with ecommerce rules and this law. 
Ecommerce company registration numbers with the consumer commission to know how they treat their consumers by numbering them based on cases handled and resolved.

Tuesday, July 14, 2020

Section 65B Certificate under Evidence Act is Compulsory for Admission of Electronic evidence : Case Law

Certificate Under Section 65B(4) Evidence Act Is Compulsory for Admissibility of Electronic Evidence: Three Judge Bench of SC - 14 July 2020

Case Law : Arjun Panditrao Khotkar v. Kailash Kushanrao Gorantyal, 2020 SCC OnLine SC 571  , decided on 14.07.2020

The Indian Supreme Court has held in the above case that the certificate required under Section 65B(4) is a condition precedent to the admissibility of evidence by way of an electronic record. The bench headed by Justice RF Nariman further held that, in a fact-circumstance where the requisite certificate has been applied for from the person or the authority concerned, and the person or authority either refuses to give such certificate or does not reply to such demand, the party asking for such certificate can apply to the Court for its production under the provisions aforementioned of the Evidence Act, CPC or CrPC.

The bench has also clarified that the required certificate under Section 65B(4) is unnecessary if the original document itself is produced. The court said that the judgment in Anvar P.V. v. P.K. Basheer & Ors. (2014) 10 SCC 473 need not be revisited, subject to the above clarifications.

"Is requirement of certificate U/s 65-B(4) Evidence Act mandatory for production of electronic evidence?" before the three judge bench of SC

Earlier, a two-Judge Bench of Justices Ashok Bhushan and Navin Sinha had referred the question in view of the conflict between Shafhi Mohammad Vs. The State Of Himachal Pradesh SLP (Crl.)No.2302 of 2017 and Anvar P.V. v. P.K. Basheer and Others, (2014) 10 SCC 473. It was held in Shafhi Mohammad vs. State of Himachal Pradesh that, a party who is not in possession of a device from which the electronic document is produced, cannot be required to produce a certificate under Section 65B (4) of the Evidence Act. In that case, the bench was considering the issue of whether videography of the scene of crime or scene of recovery during the investigation should be necessary to inspire confidence in the evidence collected. In Anvar P.V. vs. P.K. Basheer , it was observed that an electronic record by way of secondary evidence shall not be admitted in evidence unless the requirements under Section 65B are satisfied. Thus, in the case of CD, VCD, chip, etc., the same shall be accompanied by the certificate in terms of Section 65-B obtained at the time of taking the document, without which, the secondary evidence pertaining to that electronic record, is inadmissible.


Application Can Be Made To Court When Requisite Person Refuses To Issue Such Certificate

The court observed that the major premise of Shafhi Mohammad (supra) that such certificate cannot be secured by persons who are not in possession of an electronic device is wholly incorrect. An application can always be made to a Judge for the production of such a certificate from the requisite person under Section 65B(4) in cases in which such person.

In a fact-circumstance where the requisite certificate has been applied for from the person or the authority concerned, and the person or authority either refuses to give such certificate or does not reply to such demand, the party asking for such certificate can apply to the Court for its production under the provisions aforementioned of the Evidence Act, CPC or CrPC. Once such application is made to the Court, and the Court then orders or directs that the requisite certificate be produced by a person to whom it sends a summons to produce such certificate, the party asking for the certificate has done all that he can possibly do to obtain the requisite certificate.

In Anvar P.V. (supra), it was observed that such a certificate must accompany the electronic record when the same is produced in evidence. In this regard, the Court clarified thus:

"We may only add that this is so in cases where such certificate could be procured by the person seeking to rely upon an electronic record. However, in cases where either a defective certificate is given, or in cases where such certificate has been demanded and is not given by the concerned person, the Judge conducting the trial must summon the person/persons referred to in Section 65B(4) of the Evidence Act, and require that such certificate be given by such person/persons. This, the trial Judge ought to do when the electronic record is produced in evidence before him without the requisite certificate in the circumstances aforementioned. This is, of course, subject to discretion being exercised in civil cases in accordance with law, and in accordance with the requirements of justice on the facts of each case. When it comes to criminal trials, it is important to keep in mind the general principle that the accused must be supplied all documents that the prosecution seeks to rely upon before commencement of the trial, under the relevant sections of the CrPC. "

 Sec. 65B(4) of the Evidence Act of furnishing certificate is to be applied when such electronic evidence is produced by a person who is in a position to produce such certificate being in control of the said device and not of the opposite party. In a case where electronic evidence is produced by a party who is not in possession of a device, the party asking for such a certificate can apply to the Court for its production under the provisions aforementioned of the Evidence Act, CPC or CrPC.

Conclusion : Section 65B(4) stands compulsory for admission of Electronic evidence 

Navy man in Jail for 2 years for Child Pornography, cyber crime in India

Navy man gets 2 years Jail for Child Pornography, cyber crime in India : Cyber crime conviction By Prashant Mali In the case of D...