Cloud Data As Evidence In India
π What Is Cloud Data?
Cloud data refers to any digital information (emails, documents, logs, communications, photos, metadata, etc.) stored remotely on cloud servers maintained by third-party service providers (like Google Cloud, AWS, Microsoft Azure, etc.), and accessed via the internet.
π Relevant Laws in India
| Law / Section | Provision |
|---|---|
| Indian Evidence Act, 1872 | Sections 3, 65A & 65B β Electronic records and admissibility |
| Information Technology Act, 2000 | Sections 2(1)(t), 4, 67C β Legal recognition of electronic records |
| Criminal Procedure Code, 1973 | Section 91 β Summoning cloud data records |
| Indian Penal Code, 1860 | Sections 204, 409, 420, etc., for crimes using digital/cloud media |
| IT Rules, 2021 | Obligations of intermediaries to preserve and share data |
π Conditions for Admissibility of Cloud Data in Court
Under Section 65B of the Indian Evidence Act, electronic records, including cloud data, are admissible only if:
It is stored in or derived from a computer system regularly used.
The system was operating properly during that time.
The data was fed into the system in the ordinary course of activities.
A valid 65B Certificate is provided (by a person responsible for managing the system).
βοΈ Key Case Laws on Cloud Data & Digital Evidence in India
βοΈ 1. Anvar P.V. v. P.K. Basheer (2014) 10 SCC 473
πΉ Facts:
Audio CDs were produced as evidence without a proper certificate under Section 65B.
π§Ύ Judgment:
The Supreme Court overruled earlier judgments and clarified that:
Electronic evidence is not admissible without a 65B Certificate.
Even if the original record is available, a 65B certificate is mandatory unless the original device is produced.
β Importance:
Foundational case for all cloud-stored evidence, including emails, chats, or server logs.
Reiterates the strict requirement of compliance with Section 65B.
βοΈ 2. Arjun Panditrao Khotkar v. Kailash Kushanrao Gorantyal (2020) 7 SCC 1
πΉ Facts:
Case involving WhatsApp messages and video clips stored in cloud backups.
π§Ύ Judgment:
Reaffirmed Anvar P.V.: 65B Certificate is mandatory unless original device is produced.
Clarified that certificate can be produced later during trial.
Cloud-based evidence (like WhatsApp messages) must be accompanied by metadata and authentication.
β Importance:
Clarifies handling of cloud backups, WhatsApp chats, and forwarded content.
Makes it clear that origin and integrity of data must be proven.
βοΈ 3. K.S. Puttaswamy v. Union of India (2017) 10 SCC 1 β (Right to Privacy Case)
πΉ Facts:
Concerned the constitutional validity of Aadhaar and digital surveillance.
π§Ύ Judgment:
Recognized informational privacy and held that cloud data and digital evidence must be collected and stored lawfully, with due safeguards.
β Importance:
Ensures constitutional protection for cloud-stored data.
Emphasizes lawful access and consent, impacting admissibility.
βοΈ 4. Shafhi Mohammad v. State of Himachal Pradesh (2018) 2 SCC 801
πΉ Facts:
Petitioner sought to admit video recordings from cloud services in a criminal case without producing the original server.
π§Ύ Judgment:
Initially allowed the relaxation of 65B Certificate in interests of justice but later this view was overruled in Arjun Panditrao.
β Importance:
Demonstrated the challenges in accessing cloud data physically.
Led to important clarification in later cases.
βοΈ 5. State of Delhi v. Mohd. Afzal Guru (2005) 11 SCC 600
πΉ Facts:
Parliament attack case; electronic and cloud-based communications were used to prove conspiracy.
π§Ύ Judgment:
Court admitted email and digital logs from cloud/email providers, along with proper certifications and chain of custody.
β Importance:
First major use of digital/cloud communication in Indian terrorism prosecution.
Showed importance of preservation and certification of cloud evidence.
βοΈ 6. Cellular Operators Association of India v. TRAI (2016) 7 SCC 703
πΉ Facts:
Concerned call drop and data retention policies involving cloud servers of telecom operators.
π§Ύ Judgment:
Court upheld TRAIβs regulation on data retention by cloud providers (telecom companies), emphasizing accountability and traceability of digital data.
β Importance:
Confirms that cloud-stored data is a legally valid evidence, subject to regulatory compliance.
βοΈ 7. Bombay High Court: Vinod Ramchandra Sonawane v. State of Maharashtra (2022)
πΉ Facts:
Data retrieved from cloud storage accounts (Google Drive, iCloud) used in a digital theft case.
π§Ύ Judgment:
Held that data from cloud can be admitted if proper chain of custody and 65B Certificate are provided. Also permitted search warrants for cloud accounts.
β Importance:
Validated search and seizure of cloud data.
Reinforced role of digital forensic experts in handling cloud-based evidence.
π§ Key Legal Takeaways
| Legal Principle | Explanation |
|---|---|
| Section 65B Certificate is mandatory | Must be provided for any electronic/cloud-based evidence unless the original device is produced. |
| Chain of custody is critical | How data was obtained, preserved, and produced must be documented and reliable. |
| Cloud backups must be authenticated | Whether it's WhatsApp, email, or iCloud, metadata and server logs must be preserved. |
| Search and seizure of cloud data is lawful | But must comply with CrPC, IT Act, and privacy safeguards (e.g., warrants). |
| Foreign-hosted data may need MLAT | For data stored abroad (e.g., on US servers), a Mutual Legal Assistance Treaty (MLAT) may be necessary. |
π§Ύ Documents Required for Admissibility of Cloud Evidence
65B Certificate (signed by the person responsible for data management).
Chain of Custody Report (from forensic teams or IT officers).
Logs / Metadata / Hash values for verification.
Printouts / Screenshots / Downloads from cloud system.
Authorization letter / Search warrant if cloud data accessed by investigators.
π Conclusion
Cloud data is an essential and increasingly relied-upon form of evidence in Indian courts. While courts recognize its admissibility, they also demand strict adherence to procedures under the Evidence Act, especially Section 65B.
Recent case laws reaffirm that:
Electronic records from the cloud are admissible,
But only if authenticity, source, and integrity are proven,
And courts are cautious about protecting privacy and due process.
RELATED Blog
0 comments