In an affidavit submitted in the Supreme Court on September 5, Maharashtra police claims to have found evidence for a Maoist conspiracy in documents purportedly recovered from computers, laptops, pen drives and memory cards seized from activists arrested in the Bhima Koregaon case.

The joint commissioner of police in Pune, Shivaji Bodakhe, told Scroll.in on Thursday that several of these documents are letters that the activists exchanged with members of the outlawed Communist Party of India (Maoist). While some were sent on password protected pen drives through couriers, other were exchanged over riseup.net, an encrypted email service, Bodakhe said.

Encrypted email services allows users to maintain anonymity on the internet by bypassing Internet Protocol addresses. An IP address is a unique numerical label assigned to each device connected to a computer network that uses the Internet Protocol for communication.

To establish that the activists took part in a conspiracy, mere recovery of the letters from their devices is not enough. The police will also have to prove that an exchange took place between the conspirators. But the absence of an IP address on riseup.net makes it harder to prove the authenticity of such virtual communication, cyber security experts and lawyers said.

“This case will definitely be a challenge when it comes to the court,” said Pavan Duggal, a lawyer who specialises in cyber laws. “To connect the dots and establish a case, the IP address is a must for the police to have.”

Earlier, Bodakhe had told The Indian Express that the activists had exchanged emails over “rise.in” which, he said, was “a dark-net based site used like a mail service”. The dark net is a part of the world wide web that requires special software to access. There is no email service called “rise.in”. Later, assistant commissioner of police Shivaji Pawar, who is the investigating officer in the case, said Bodakhe had been misquoted.

So far, Pune police have conducted three sets of raids on activists in a case that began as an investigation into caste violence in Bhima Koregaon village near Pune on January 1, but has now metamorphosed into a probe in an alleged Maoist plot to assassinate Prime Minister Narendra Modi and overthrow the Indian government. Ten activists have been arrested in the case in two rounds. Surendra Gadling, Shoma Sen and Mahesh Raut in Nagpur; Sudhir Dhawale in Mumbai and Rona Wilson were arrested in Delhi on June 6. This was followed up on August 28 by the arrest of Vernon Gonsalves and Arun Ferreira in Mumbai, Varavara Rao in Hyderabad, Sudha Bharadwaj in Faridabad and Gautam Navlakha in Delhi.

Three days after the second round of arrests, the additional general of Maharashtra police, Parambir Singh, read out some letters in a press conference, which he claimed had been recovered from the devices of the activists, who he alleged were Maoists. Not only did the letters reveal their names, but also operational and funding details. Ajai Sahni, the executive director of the Institute for Conflict Management, said such candour is uncharacteristic of the Maoists who are obsessed with secrecy. The letters bore “the hallmarks of mischievous fabrication,” he added.

Questions have also been raised about the integrity of the seizures made at the homes of the activists, since the police took along witnesses from Pune for the raids. This violates the law which says witnesses must be family members or residents of the same locality.

Tracking data

Despite the criticism of the police claims, police officers investigating the case maintain the evidence is credible.

“The devices have been sent for forensic examination and cloned images of the content are being examined by the investigators who have also roped in cyber security experts,” said Bodakhe. “At this stage, I can tell you the investigators came to know about riseup.net while interrogating Rona Wilson.” He added that even forensic examination of the devices has suggested that riseup.net had been used to exchange the letters.

Riseup.net was launched by a group of activists in the United States in 1999. It came into prominence during the disclosures made by Edward Snowden, a former employee with the Central Intelligence Agency in USA, who later turned out to be a whistleblower.

Run by volunteers, the privacy policy of riseup.net states they do not retain IP addresses and browser fingerprints. But they retain registration information of users for four months and email transit logs for a day. The data is stored in an encrypted format but they do not share it with anyone.

Scroll.in sent a questionnaire to riseup.net on September 6, asking whether Maharashtra police had sought information from them and what they have shared, if any. They are yet to respond.

Proving legality

Last week, public prosecutor Ujjwala Prakash read out parts of the emails in Pune sessions court, but did not formally submit them. In the court, the emails will have to pass the test of legality, both in terms of how they were retrieved, as well as proving the contents and substantiating the allegations the police have made, said Tara Narula, a Delhi-based lawyer.

“Any document submitted as evidence must ultimately meet two conditions: admissibility and proof,” she said. “Firstly, an affidavit under Section 65B of the Evidence Act will have to accompany the document stating how, from what device, and by whom the document was recovered. The device will have to be preserved and may be subjected to forensic examination also.”

Section 65B of the Evidence Act imposes certain conditions for electronic records to be “admissible”. First, the agencies will have to prove that the records submitted were produced by the particular device during the relevant period in which the record is alleged to have been created. Proof is also needed to establish that the person accused was using the computer during the relevant time on a regular basis and was in lawful control of the device.

Then, the contents of the document will have to be proven, Narula said. “The state will also have to conclusively prove the allegation and establish who the creator of the document is, that the document was shared by the creator and received by a co-accused. The intention behind and meaning of the document will come into play, and the State will have to argue its place in the larger conspiracy.”

At every stage, different objections can be raised regarding the document and by no means can it be called credible evidence against anyone at this stage, Narula added.

Cyber experts said meeting these conditions could be a challenge. “The reason is that such anonymous service providers maintain no records which the security agencies can access,” said Kislay Chaudhary, a cyber security consultant to several government agencies.

But the police has ways of getting around this, he said. First, it can get records if any of the email exchanges have taken place outside an encrypted network – for instance, if information was exchanged between the riseup.in server and another server which may belong to any other company providing similar services like Yahoo or Google, for which the IP addresses can be traced. If that fails, Chaudhary added, the electronic device recovered by the police could be sent for a forensic examination to check all activity logs and session history.

The Pune police claims to have done this. “We have incriminating evidence which we can share with the court,” said Bodakhe, “but what can we do if IP addresses and other details are not shared by such email service providers?”