Manual acknowledges tax sleuths’ shortcomings on digital caches

Weaknesses could keep tax officials locked out of incriminating data stored in computers and mobile phones


India’s tax to GDP ratio was around 10% in 2012, about half that of China’s, according to World Bank data. Photo: AFP
India’s tax to GDP ratio was around 10% in 2012, about half that of China’s, according to World Bank data. Photo: AFP

Mumbai: Digital caches remain a black box for India’s taxmen conducting search-and-seizure operations in the absence of standards and training, acknowledges a recent government manual, which outlines ways to handle such information.

The weaknesses could keep tax officials locked out of incriminating data stored in computers and mobile phones or generate evidence which doesn’t stand the test of law.

On 31 October, Central Board of Direct Taxes (CBDT) issued a manual titled Digital Evidence Investigation Manual, outlining how tax officials should conduct searches and seizures of digital evidences, and the legal framework for acquiring digital evidence during a tax raid. Mint has reviewed a copy of the manual.

The guidelines come four years after the CBDT formed a committee to set norms for handling and using digital evidence in tax investigations. The manual includes new forms such as a digital evidence collection form, chain of custody form and mobile device collection form to be included in the panchnama in a search process. A panchnama is a document evidencing the search on premises in the presence of two witnesses.

In July, Union finance minister Arun Jaitley had said at a meeting of the directors-general of income tax (investigation and intelligence and criminal investigation) and chief commissioners of income tax that the department needed state-of-the-art technological skills in analysing digital evidence.

A senior tax official said the new CBDT guidelines were in line with the centre’s stance.

“While some I-T offices have started using digital evidence for investigation, a large part of the department is yet to use it. This manual will sensitize officers and guide them to identify and acquire incriminating digital evidence during searches,” he said.

According to the manual, the I-T department currently uses CD writers and pen drives to copy data from the original hard disk. But “...copying is done with Windows utilities and without any forensic software”. Such methods, the manual acknowledges, are “forensically unsound” and can compromise data integrity and authenticity, which can lead to the seizures being challenged later. It could also lead to loss of “valuable data” sometimes.

However, data seizure can be a complex affair, as the manual suggests.

For instance, there could be so-called logic bombs embedded in some systems, which are software codes programmed to destroy data if the system is not shut down or started with a particular set of keystrokes. Logic bombs are often deployed to prevent data from falling into the wrong hands, and unsuspecting sleuths may unintentionally destroy the very data they are trying to uncover.

Moreover, if live or active systems are made to shut down when the search or survey team enters the premises, the live data in systems, mainly the RAM (random access memory) may be lost. “Such data are most vital in some cases because RAM may contain recently used passwords, details used in Internet transactions, etc.,” the manual notes.

Also, in a case where the system has passwords, shutting it down would create problems in opening the same later without the passwords and cracking it is a time-consuming process, says the manual. “Lack of knowledge on some new server architecture such as RAID (redundant array of independent discs), where normal cloning process doesn’t work”, is another challenge, it says.

According to Pawan Duggal, cyberlaw expert and Supreme Court advocate, government departments are ill-equipped.

“In today’s context, the government departments in India lack capacity in terms of their sensitization of the digital format. Consequently, we find that the kind of cutting-edge developments that should be taking place in forensics are not taking place,” he said.

There is also an urgent need for officers to be trained in gathering cyber evidence, not only to unearth black money and spot tax avoidance, but also boost tax revenues. India’s tax to GDP ratio was around 10% in 2012, about half that of China’s, according to World Bank data.

The tax department has taken a few steps to gather digital evidence, as per the CBDT manual.

In 2013, for instance, the department uncovered un- accounted money worth over Rs.5,400 crore in at least 10 cases of tax evasion with the help of cyber forensics experts—this, apart from “detection of the offshore trading and holding of foreign bank accounts” of a Rajkot-based bullion trader whose name has now been submitted to the special investigation team (SIT) probing cases of black money stashed abroad and the Supreme Court.

But the manual did not name the bullion dealer, but gave the details of probe as a case study in gathering digital evidence.

In May 2013, the tax authority searched the bullion dealer and used cloning and imaging to recover three deleted documents from his computer hard disk containing details of trading on the metals web platform of Standard Bank, London; a handwritten and signed direction by the dealer transferring money from an account with National Bank of Ras Al Khaimah, Dubai, to another account with Standard Bank; and a copy of his margin money call statement.

This August, information received by the tax authority under the double taxation avoidance agreement (DTAA) from tax authorities of the UK, the UAE and Singapore confirmed that the bullion dealer had stashed “huge unaccounted foreign income from assessment year 2008-09 onwards”, the manual added.

The timing of the manual release is also relevant, as the Supreme Court (SC) recently laid down the law pertaining to submission of electronic evidence in courts, said Duggal. The SC has made it mandatory to follow section 65B, included in the amended Evidence Act, that requires the person in charge of the duplication of digital data to give the court a certificate that the data is authentic to the best of his or her knowledge and there has been no tampering, alteration or manipulations.

“In case you are not able to provide the same, your entire electronic evidence will be disregarded and will not be taken into account for any legal purposes, which means for anything and everything, you will have to now get certifications under the law,” added Duggal.

He added, though, that “it will be interesting to see how the said manual and the practices detailed thereunder are appropriately followed by the ministry of finance, government of India and its relevant officers in day-to-day functions”.

More From Livemint