As the Delhi Police raided the homes of several journalists on Tuesday in connection with an investigation into the funding of news website Newsclick, it confiscated electronic devices such as mobile phones, laptops and hard drives.

The seizure of electronic devices is a controversial part of evidence gathering during cases seen as politically-driven in India. Confiscating electronic devices is not categorically illegal. Moreover, Indian law does not provide journalists the immunity against forcible disclosure of their communications.

However, allegations have been made that the police regularly overreach their powers in search and seizures. Allegations of impropriety range from not following documentation rules at the time of the seizure to incriminating data being planted on devices in order to frame the accused.

What do the rules say?

Chapter VII of the Code of Criminal Procedure lays down that a sanction from the court, in the form of a warrant, is required for conducting searches. Section 165 of the CrPC allows an exception when an immediate search is necessary, but even in such cases, the police need to provide the reasons for conducting the search.

Friends and relatives of at least two journalists who were raided on Monday told Scroll that no such procedure was followed during the searches.

In the specific context of seizing electronic devices, the Information Technology Act mandates that a hash value of the confiscated items must be taken. Hash value is the digital equivalent of a fingerprint and it changes if contents in the device are tinkered with after seizure. The police are bound to generate hash values of the seized devices, record them in the seizure memo and provide a copy of it, if the person being raided demands it.

Scroll can confirm that this was not done in the case of the two journalists raided on Tuesday. Another journalist was not even provided with a seizure memo, which enlists the items confiscated, a witness present during the raids told Scroll.

Fabrication of evidence in Bhima Koregaon case

However, even more serious allegations were raised with the Bhima Koregaon case in which several activists and writers were charged with making inflammatory speeches at a conclave in Pune in December 2017. In the two charge sheets filed, the police accused the activists of having “active links” with the banned Communist Party of India (Maoist), waging war against India and plotting to kill Narendra Modi.

Even as the trial into these charges is yet to begin, a series of investigative reports by American digital forensics firm Arsenal Consulting has shown that key evidence cited in the chargesheet of the case had actually been planted on the devices seized from three of the activists – Rona Wilson, Surendra Gadling and Stan Swamy.

(From left to right) Activists Stan Swamy, Surendra Gadling and Rona Wilson. (Photo courtesy: Facebook, Wikimedia Commons)

In its first report published in February 2021, Arsenal Consulting found that an unidentified hacker used malware to deposit at least 10 letters in Wilson’s laptop which were cited by the Pune Police as primary evidence in the Bhima Koregaon case. In a follow up report in April 2021, the forensics firm said that the hacker had planted 22 incriminating files in the laptop.

In July that year, Arsenal Consulting found evidence that malware identical to the one that attacked Wilson, communicated with the same server, to hack into Gadling’s computer. In the last report of the series, published in December 2022, the American firm said that a hacker had placed dozens of files in a hidden folder in Swamy’s computer. This was nearly a year-and-a-half after the 84-year-old tribal rights activist died at a Mumbai hospital. He was denied bail even as he suffered from multiple ailments, including Parkinson’s disease and had contracted the coronavirus infection while in jail.

In all three alleged instances of hacking, the attacker had infected the devices with a malware called NetWire that could upload and download documents from a target’s computer and also access emails as well as passwords, Arsenal Consulting said. The hacker used the malware to plant the incriminating documents over a period of two to five years. Later, these very documents were used as evidence by the police.

A separate report, jointly published by the Amnesty International and Toronto-based digital activist group Citizens Lab, had found in June 2020 that nine other human rights activists had also been exposed to the NetWire malware. Eight of these nine activists were lawyers or close aides of those arrested in the Bhima Koregaon case.

In June 2022, another American cybersecurity company SentinelOne had claimed that Pune Police planted fake evidence on the electronic devices owned by Wilson and two other activists accused in the Bhima Koregaon case – Varavara Rao and Hany Babu.

The researchers claimed that the email accounts of Wilson, Rao and Babu, which had been compromised in 2018 and 2019, were linked to a recovery email address and phone number. The recovery email had the name of the Pune Police official. This email address allowed the police official to regain access to the accounts of the activists if they changed their passwords, the researchers at SentinelOne claimed.

What courts have done against the allegations

Following the report on malware attack on his computer, Wilson had filed a petition in February 2021, seeking probe by a Special Investigation Team. The plea has not yet been taken up for hearing.

Legal experts say that the Indian law places stringent restrictions on powers of accused persons to introduce new material in trials, thus making it difficult for accused to argue that evidence has been planted on their seized devices. Moreover, the Unlawful Activities Prevention Act makes it even more difficult to rely upon such materials to grant bail to accused persons, lawyer Abhinav Sekhri wrote on news website Article 14.

Even if the courts take up Wilson’s plea, for instance, the authorities could well stonewall the process. As recently as last month, the National Investigation Agency was yet to file an affidavit affirming that it had provided cloned copies of all electronic devices seized to the persons accused in the Bhima Koregaon case.

In a separate case in November, the Supreme Court had to impose a fine of Rs 25,000 on the Centre for not replying to a plea seeking directions to the police and investigating agencies to specify guidelines on seizure, examination and preservation of digital and electronic devices and their contents.

Of the 16 persons arrested in the Bhima Koregaon case, 10 continue to be in jail. Swamy died in 2021 while in custody. Five persons – Rao, Sudha Bharadwaj, Arun Ferreira, Vernon Gonsalves and Anand Teltumbde – are on bail, while one more – Gautam Navlakha – is under house arrest.