Can Indian cops seize someone’s phone anytime they want? Yes, but they must create hash
The recent high-profile cases involving Bollywood celebrities, with the latest being the case of Aryan Khan, is putting focus on how cops can seize and search personal devices like smartphones and laptops. The questions have also come up because in almost all these cases chats, from WhatsApp and otherwise, have leaked in public after the phones were seized from the accused.
Unlike a document like a bank statement, which contains specific as well as limited information, a phone is personal. It is also malleable, data can be written or deleted from it. So, how do cops go about seizing and handling a smartphone?
As far as law is concerned, Indian cops seem to have almost unchecked power to demand that the accused, or anyone else who they are dealing with, hand over a phone or laptop. This they can do in the interest of investigation. However, because phones are so personal, now there seems to be a pushback. There is a petition pending in the Supreme Court, seeking formulation of new guidelines on when cops can demand and seize a phone and in what way they can check it.
The hash must be generated
Currently, the only check and balance on the power of police to seize and search a phone has been provided by the requirement of hash. No, we are not talking of drugs. Hash, as geeks will tell you, is a string of numbers that accurately and uniquely represents some data. It is generated using cryptographic tools. And it is used in the forensics industry as well as computer and phone industry for a number of reasons.
One of the key uses of hash (#) is for checking the authenticity of data. As many geeks, and particularly those who have ever downloaded an operating system image, know that hash can be used to match the copies of data files. The way it works is like this (just example):
— A photo of red roses is put through a hash generator > the hash that is generated is: 12345
— Now, someone takes this photo and in Photoshop changes its colour to a slightly deeper shade of red > the hash generated now will be 12347.
Essentially, even if to your eyes it looks that both photos of the rose are the same, the hash value shows that data has changed.
This functionality of hash and the way it can indicate changes in data is used by cops and courts. It is used to ensure that there is no tampering with data collected from a phone or a laptop.
So ideally, when police seize a phone or a laptop, they are supposed to clone all the data in it and then generate a hash. This hash, and cloned data, then becomes the evidence that police can use in their investigation. The initial hash provides the guarantee the cloned data is not tempered with and that nothing is deleted from it or added to it.
The reality is different
However, because there are no specific guidelines and because the way our police work the reality may not match the norm. For example, on Thursday social media sites were full of a video clip from Hyderabad in which cops could be seen stopping people on the road and asking them to hand over their phones. The cops were then searching chats and messages in these phones for the word “ganja”, on the road itself. There was no hashing of phones that cops were checking.
It is also likely to be similar in most instances. When it comes to looking into someone’s phone, cops mostly just ask the person to unlock the phone and hand it over. There is no forensics involved, at least not initially, and there is no hash created unless the phone or the laptop has been formally seized.
* This article was originally published here
Comments
Post a Comment