Friday, August 17, 2012

Mechanisms and suggestions for Section 114A of Evidence Act 1950

Now that you are aware of the problems of section 114A of Evidence Act 1950, especially the fact that it can unjustly inflicting hardship and constraint on innocent people.

The provision of presumption of fact in publication is devastating towards justice, as it assumes the person has committed the crime unless proven otherwise. The accused may not have sufficient knowledge to even defend himself.

This will open up further loophole for people with ill intent to make up evidence or contrive events so as to incriminate a person falsely.

Let us have a look at the mechanisms on the Internet where this could happen:

Mechanisms
1) Spoofing Attack
A spoofing attack is a situation where one person or program successfully masquerades as another by falsifying data and thereby gaining an illegitimate advantage. It is also known as man in the middle attack.

Technical Verdict: The weaknesses of the server in Company B is opening up possibility for C to pretend to be B and inflicting damage on A and B. Both A and B may or may not be able to know the existence of C (man in the middle) unless a robust network security is implemented.

Legal Verdict (sec 114A): B is guilty despite being the victim of attack by C. As B is not able to prove the existence of C, B assumes all liability.

Steve's comment: Technical vulnerability = liability? I am speechless.

My suggestion will be to set up an independent commission to review the incident. If the independent commission affirms that it is the system's vulnerability that allows crime to be committed, then B should be given waiver without being called for defence.

2) Identity Theft

Another possible problem is that a person who has knowledge of identity of a person uses legitimate information from that person to register for a network service for malicious purposes.

Technical Verdict: Unless a reliable security token (biometric, thumbprint) is used to authenticate the person, there is no way we can be sure whether the person is whom he claimed to be over the Internet.

Legal Verdict (sec 114A): The person is found guilty as all evidence points to the person. The person has no way to refute the claim of prosection if he has insufficient technical knowledge.

Steve's comment: Technically we may not be able to pinpoint the culprit without authentication, but since the burden of proof is on the victim, the victim will lose most of the time. This is not an exam for technical knowledge.

Many Internet content and service providers such as facebook, yahoo etc in fact does not perform identity authentication on the subscribers. The subscribers in fact can use photos or data belonging to any person to register for an account. This will create more problems and to identify the curlprit beyond reasonable doubt will be difficult unless we do a network tracing. The person needs to be caught red-handed, similar to the handling of such cases of Internet pedophile in overseas.

As a conclusion, clause (2) and (3) of section 114A, Evidence Act 1950 involves computers and network and hence it requires experts to determine whether there is any prima facie in the case. This cannot be left alone to the judiaciary as they do not have sufficient domain knowledge to make a judgement. An independent commission (with experts in computer and network security) should be formed to review every case and refer to the judiaciary only for those cases that are substantiated.

Context

The context using presumption was wrong in the first place. It should be substituted with more suitable words such as "suspected" because the person may be innocent.

If that is the case, the whole clause will become:

114A. Examination of fact in publication

(1) A person whose name, photograph or pseudonym appears on any publication depicting himself as the owner, host, administrator, editor or sub-editor, or who in any manner facilitates to publish or re-publish the publication is suspected to have published or re-published the contents of the publication upon examination and determination by an independent commission, are required to enter defence.

(2) A person who is registered with a network service provider as a subscriber of a network service on which any publication originates from is suspected to be the person who published or re-published the publication, upon examination and determination by an independent commission, are required to enter defence.
(3) Any person who has in his custody or control any computer on which any publication originates
from is suspected to have published or re-published the content of the publication, upon examination and determination by an independent commission, are required to enter defence.

No comments:

Post a Comment