1. What Metadata Means in Threatening Messages

In threatening communications, metadata may include:

• Sender IP address (identifies network source)
• Device IMEI/MAC address
• WhatsApp/Telegram account registration logs
• Email headers (routing path, server logs)
• Timestamp consistency (server vs device time)
• Location data (GPS, cell tower triangulation)
• Message edit/delete logs

Courts treat metadata as supporting evidence, not standalone proof unless properly certified.

2. Legal Requirement: Authentication of Metadata

To be admissible in India, metadata must satisfy:

(A) Section 65B Certificate Requirement

Electronic records (including metadata extracted from servers/devices) must be accompanied by a Section 65B(4) certificate, certifying:

• Device integrity
• Method of extraction
• Non-tampering assurance
• Identity of certifying person

Without it, even accurate metadata may be rejected.

(B) Chain of Custody

Authorities must show:

• How data was collected
• Who accessed it
• Whether it remained unaltered

(C) Forensic Verification

Cyber forensic labs verify:

• Server logs authenticity
• Hash values (SHA/MD5 integrity checks)
• IP trace validity

3. Key Judicial Principles and Case Laws (India)

1. Anvar P.V. v. P.K. Basheer (2014) 10 SCC 473

The Supreme Court held that electronic records must comply with Section 65B certification for admissibility.

👉 Impact:
Metadata from messages (like WhatsApp logs or email headers) cannot be admitted without certification.

2. Arjun Panditrao Khotkar v. Kailash Kushanrao Gorantyal (2020) 7 SCC 1

The Court reaffirmed that:

• Section 65B certificate is mandatory
• Even metadata extracted from servers is inadmissible without compliance

👉 Importance:
This case directly affects IP logs, call detail records, and message metadata authentication.

3. State (NCT of Delhi) v. Navjot Sandhu (2005) 11 SCC 600

In the Parliament attack case:

• Call records and electronic data were admitted without strict certification

👉 Later effect:
This liberal approach was overruled, but it remains important historically for understanding evolving metadata standards.

4. Tomaso Bruno v. State of U.P. (2015) 7 SCC 178

The Supreme Court emphasized:

• Electronic evidence is crucial in modern investigation
• Failure to produce electronic records can lead to adverse inference

👉 Relevance:
Metadata such as CCTV logs or mobile tracking data becomes vital in threatening-message cases.

5. P. Gopalkrishnan v. State of Kerala (2019) 5 SCC 163

The Court held:

• Accused has a right to access electronic records
• Metadata and digital originals must be fairly examined

👉 Significance:
Ensures fairness in challenging metadata authenticity in threatening message cases.

6. Shafi Mohammad v. State of Himachal Pradesh (2018) 5 SCC 311

The Court relaxed strict compliance in limited circumstances where:

• Original device is not in possession of party
• But authenticity is otherwise established

👉 Relevance:
Useful in cyber threat cases where metadata is held by service providers (e.g., WhatsApp servers).

7. Mohd. Afzal v. State (2003) (Parliament Attack Trial Court View)

Court accepted:

• Computer-generated records if reliability is established

👉 Importance:
Early recognition that digital logs and metadata can prove conspiracy or threats.

8. State of Maharashtra v. Dr. Praful B. Desai (2003) 4 SCC 601

Though focused on video conferencing, the Court held:

• Electronic means are valid in judicial process if authenticity is maintained

👉 Relevance:
Supports modern acceptance of metadata-based electronic proof systems.

4. How Courts Treat Metadata in Threatening Messages

In cases involving threats (e.g., WhatsApp threats, email intimidation, social media threats), courts generally follow this approach:

Step 1: Primary Electronic Message

• Screenshot / export chat / email body

Step 2: Metadata Extraction

• IP logs, device info, server records

Step 3: Authentication

• Section 65B certificate
• Cyber forensic report

Step 4: Corroboration

• Witness statement
• Device seizure
• Telecom/ISP records

👉 Courts rarely rely on metadata alone unless it is strongly corroborated.

5. Practical Legal Issues in Metadata Authentication

(A) Fake or manipulated screenshots

Metadata is used to detect editing or fabrication.

(B) Cloud-based messaging apps

Data often resides outside India → reliance on service provider logs.

(C) Encryption (WhatsApp, Signal)

Limits access to message content; metadata becomes more important.

(D) Time manipulation

Device clock changes can distort timestamps → forensic correction required.

6. Conclusion

Metadata authentication in threatening messages plays a critical evidentiary role, but Indian courts treat it as supporting digital evidence, not standalone proof. Its admissibility depends heavily on:

• Section 65B compliance
• Forensic verification
• Chain of custody integrity
• Judicial precedents such as Anvar P.V., Arjun Panditrao, and Tomaso Bruno

In essence, metadata strengthens the credibility of threatening messages but does not replace the legal requirement of proper electronic evidence certification.