Law Audience Journal (e-ISSN: 2581-6705)

Click here to download the full paper (PDF)

Authored By: Helan Jesus Mary L, LL.M, Pursuing PH.D, Assistant Professor of Law, The Central Law College, Salem,

Click here for Copyright Policy.

Click here for Disclaimer.

ABSTRACT:

The exponential growth of digital technologies has led to an unprecedented increase in the generation and reliance on electronic records in legal proceedings. From emails and CCTV footage to social media messages and cloud-based data, electronic evidence now plays a pivotal role in both civil and criminal litigation. As courts increasingly depend on such records to determine facts, ensuring their authenticity, reliability, and admissibility has become a pressing legal necessity. Among the most critical tools for verifying the integrity of digital evidence is the use of hash values unique cryptographic signatures generated by algorithms such as SHA-256 or MD5, which serve as digital fingerprints of electronic files. A match in hash values ensures that a file has not been tampered with, making it a cornerstone in digital forensics. Despite its global recognition, India’s legal framework namely, the Information Technology Act, 2000 and the Bharatiya Sakshya Adhiniyam, 2023 remains silent on essential aspects such as defining who qualifies as an “electronic expert,” laying down technical standards for hash value generation, and establishing a uniform certificate process for the admissibility of electronic evidence. Unlike jurisdictions such as the United States and the United Kingdom, India lacks statutory clarity on qualifications, roles, and accountability mechanisms for digital forensic experts. This paper critically examines the legal and procedural lacunae in India regarding the certification and admissibility of electronic records using hash values. It explores comparative practices in other jurisdictions and reviews landmark Indian judgments where hash verification played a role in evidentiary evaluation.

Keywords: Digital Evidence, Hash Value, Bharatiya Sakshya Adhiniyam 2023, Electronic Record.

I. INTRODUCTION:

The rapid digitalization of personal, commercial, and governmental interactions has increased the reliance on electronic evidence in judicial proceedings. This article critically examines the crucial role of hash values in authenticating digital evidence within the Indian legal framework, particularly under the newly enacted Bharatiya Sakshya Adhiniyam (BSA), 2023. Drawing parallels from the Federal Rules of Evidence (FRE) in the United States, especially Rules 902(13) and 902(14), the article explores the necessity of robust and standardized digital authentication protocols in India. It argues for statutory recognition of hash-based verification mechanisms and proposes necessary amendments or judicial interpretations to bridge the current evidentiary gaps. Before the introduction of secure digital verification methods, authenticating electronic evidence posed numerous challenges in courts, particularly when the adversarial party questioned its credibility. Screenshots, PDFs, and digital photographs could easily be manipulated, and without proper tools like hash verification, courts relied heavily on oral testimony and expert witnesses to establish genuineness. With the BSA 2023 replacing the Indian Evidence Act of 1872, a modern legal framework now governs the admissibility of electronic records in India. While the Act acknowledges electronic records, it does not provide comprehensive procedural clarity regarding the role of technological tools like hash functions. This article advocates the inclusion and mandatory use of cryptographic hash values in verifying the authenticity and integrity of digital evidence, akin to practices under U.S. law.

II. LEGAL DEFINITIONS RELATING TO ELECTRONIC EVIDENCE:

This section discusses various definitions relevant to the topic of this paper, providing a foundational understanding for the content that follows.

II.I INFORMATION TECHNOLOGY ACT 2000:

II.I.I ELECTRONIC RECORD:

“Electronic record”[1] means data, record or data generated, image or sound stored, received or sent in an electronic form or microfilm or computer-generated micro fiche.”

Electronic records are treated the same as other types of records. In simple terms, an electronic record is any information created or received on a computer during the start, progress, or end of a task by a person or organization. The Hon’ble Supreme Court has consistently affirmed the importance of electronic evidence in criminal trials. In Tomaso Bruno & Anr. vs. State of U.P.[2], the Court emphasized that non-production of electronic evidence such as CCTV footage or mobile data amounts to withholding the best evidence. Similarly, in Mohd. Ajmal Amir Kasab vs. State of Maharashtra[3], internet transaction transcripts were key in proving the accused’s guilt. In State (NCT of Delhi) vs. Navjot Sandhu @ Afsan Guru[4], phone call transcripts linked terrorists to the masterminds.

These cases highlight the critical evidentiary role that electronic records now play in contemporary legal proceedings.

II.I.II COMPUTER[5]:

means any electronic, magnetic, optical or other high-speed data processing device or system which performs logical, arithmetic, and memory functions by manipulations of electronic, magnetic or optical impulses, and includes all input, output, processing, storage, computer software or communication facilities which are connected or related to the computer in a computer system or computer network.

II.I.III COMPUTER NETWORK[6]:

means the inter-connection of one or more computers or computer systems or communication device through,

• the use of satellite, microwave, terrestrial line, wire, wireless or other communication media; and
• terminals or a complex consisting of two or more interconnected computers or communication device whether or not the inter-connection is continuously maintained.

II.I.IV COMPUTER RESOURCE[7]:

Means computer, computer system, computer network, data, computer data base or software.

II.I.V COMPUTER SYSTEM[8]:

Means a device or collection of devices, including input and output support devices and excluding calculators which are not programmable and capable of being used in conjunction with external files, which contain computer programmes, electronic instructions, input data and output data, that performs logic, arithmetic, data storage and retrieval, communication control and other functions. The broader term encompasses computers, systems, networks, data, and software. While these definitions establish the legal basis for recognizing and processing electronic and digital evidence, they fall short of identifying the human expertise required to validate such records.

II.I.VI “DATA”[9]:

Means a representation of information, knowledge, facts, concepts or instructions which are being prepared or have been prepared in a formalised manner, and is intended to be processed, is being processed or has been processed in a computer system or computer network, and may be in any form (including computer printouts magnetic or optical storage media, punched cards, punched tapes) or stored internally in the memory of the computer.” This definition is technologically neutral, covering both the process and the medium—whether the data is currently being processed, has already been processed, or is intended to be processed. It includes various forms of data storage such as computer printouts, magnetic or optical storage devices, punched cards or tapes, and even data stored internally in computer memory. This broad interpretation ensures that both active and stored electronic information fall within the scope of legal protection under the Act. As per the Proviso to Section 79A of the IT Act, 2000,[10] “electronic form evidence” includes any probative information stored or transmitted electronically, such as computer records, digital audio/video, mobile phone data, and faxes.

II.II BHARATIYA SAKSHYA ADHINIYAM, 2023 (BSA):

II.II.I “EVIDENCE”[11]:

Includes all statements including statements given electronically which the Court permits or requires to be made before it by witnesses in relation to matters of fact under inquiry and such statements are called oral evidence; and all documents including electronic or digital records produced for the inspection of the Court and such documents are called documentary evidence.

Previously, the Indian Evidence Act, 1872 defined oral evidence as statements permitted or required to be made before the court by witnesses. However, it did not expressly include electronically recorded or transmitted statements within its scope. In contrast, Section 2(e) of the Bharatiya Sakshya Adhiniyam, 2023 brings a significant change by explicitly defining oral evidence to include not only statements made in person but also those given electronically. This marks a progressive shift by formally recognizing electronic modes of testimony, such as video conferencing or virtual hearings, as valid forms of oral evidence, which were previously not codified under the 1872 Act.

II.II.II “DOCUMENTS”:

Both electronic and digital records are included under the definition of “documents”[12] in and are admissible as evidence. P. Gopalkrishnan vs. State of Kerala,[13] The video footage/clipping contained in such memory card/pen drive being an electronic record as envisaged by Section 2(1)(t) of the 2000 Act, is a “document” and cannot be regarded as a material object.

II.II.III OPINIONS OF EXPERTS[14]:

When the Court has to form an opinion upon a point of foreign law or of science or art, or any other field, or as to identity of handwriting or finger impressions, the opinions upon that point of persons especially skilled in such foreign law, science or art, or any other field, or in questions as to identity of handwriting or finger impressions are relevant facts and such persons are called experts. When in a proceeding, the court has to form an opinion on any matter relating to any information transmitted or stored in any computer resource or any other electronic or digital form, the opinion of the Examiner of Electronic Evidence referred to in section 79A of the Information Technology Act, 2000, is a relevant fact. And also, in explanation describes, for the purposes of this sub-section, an Examiner of Electronic Evidence shall be an expert.[15] Merely labelling someone as an “expert” without defined parameters risks inconsistency and weakens the reliability of electronic evidence in judicial proceedings. A uniform, transparent framework is essential for upholding both technical accuracy and judicial fairness.

III. HASH VALUE CALCULATION AND ITS ROLE IN ELECTRONIC EVIDENCE AUTHENTICATION:

One of the most critical components in verifying the authenticity and integrity of electronic and digital records is the use of hash values. A hash value is a fixed-length string of characters generated by a mathematical algorithm from a file’s contents. Even a minor change in the file will result in a completely different hash output, making it an indispensable tool in forensic validation of electronic evidence. Hash functions like MD5, SHA-1, and SHA-256 are commonly used in courts to demonstrate that digital records have not been altered from the time of acquisition to the time of presentation in court. This ensures chain of custody, which is crucial for admissibility under Section 63 of the Bharatiya Sakshya Adhiniyam, 2023. Hash values prove the originality and reliability of electronic records. When hash values are recorded in the Part A and Part B certificates (as per the Schedule under BSA), they act as a digital fingerprint demonstrating that the document presented in court is the exact same file that was originally retrieved.

The case K. Narashimman vs. State is directly relevant to the theme of this paper as it highlights the critical evidentiary role of hash values in authenticating digital evidence. The petitioner questioned the integrity of an audio recording submitted without a hash value under the Section 65B certificate, raising concerns of potential tampering. The Madras High Court acknowledged the importance of hash value comparison between the original recording device and the submitted copy, and allowed forensic examination to verify integrity. This case underscores the urgent need for statutory recognition and mandatory use of hash values under the Bharatiya Sakshya Adhiniyam, 2023, to ensure the reliability and admissibility of electronic records in Indian courts[16]. 

IV. WHAT IS A HASH VALUE AND WHY IT MATTERS:

A hash value is a fixed-length alphanumeric string generated through a mathematical function applied to a file. Any modification in the original file, no matter how minor, will result in a completely different hash value, making it a reliable tool for digital fingerprinting. This principle is central to digital forensics worldwide.

Hash values ensure:

1. Data integrity – any change in a file alters the hash.
2. Authenticity – identical hash values confirm the evidence is unchanged.
3. Tamper detection – even a minor alteration reflects in the hash.
4. Secure comparison – large files can be quickly and reliably compared.
5. Hash Values in U.S. Law: A Reference for Indian Context

The U.S. FRE Amendments 902(13) and 902(14) introduced a landmark shift by enabling certification of machine-generated records and hash-authenticated copies of data without in-court testimony. These amendments recognize hash values as reliable indicators of the originality and integrity of digital evidence. The Standing Committee on Federal Rules noted: “Today, data copied from electronic devices, storage media, and electronic files are ordinarily authenticated by ‘hash value’… Identical hash values for the original and copy reliably attest to the fact that they are exact duplicates.” 

V. BHARATIYA SAKSHYA ADHINIYAM, 2023: POSITION ON ELECTRONIC EVIDENCE:

Section 2(1)(d) and BSA 2023 acknowledge electronic records as admissible evidence. However, the statute lacks specific procedures or standards for digital integrity checks like hashing. There is no reference to hash values, digital signatures, or standardized forensic processes. The BSA largely inherits the structure of Section 65B of the repealed Evidence Act, continuing the requirement of a certificate to accompany electronic records. However, the language remains vague on the technical standards to be adopted, leading to inconsistent interpretations by courts. 

VI. CHALLENGES IN THE INDIAN LEGAL LANDSCAPE:

• No statutory reference to hash functions or algorithms.
• No guidance on handling collisions or pre-image attacks.
• Courts often lack technical expertise to evaluate digital authenticity.
• Absence of standardized certification procedures like FRE 902(13)/(14).
• Widespread use of uncertified online tools for hashing, which may not meet legal thresholds.

VII. PROPOSED LEGAL REFORMS AND INTERPRETATIVE AIDS:

• Insert a new provision (e.g., Section 65C) in the BSA mandating the use of certified hash algorithms (SHA-256 or higher) for verifying and producing digital evidence.
• Define the qualifications of a “digital expert” authorized to certify the process.
• Prescribe procedural standards for hash validation—e.g., at collection, transfer, and presentation stages.
• Incorporate guidance through judicial training and standardized templates for hash certificates.
• Clarify through judicial precedents that absence of a hash verification or digital signature may impair admissibility or evidentiary value.

VIII. CONCLUSION:

 With the BSA 2023 signalling India’s transition into a technologically updated evidentiary regime, it is imperative to standardize digital authentication procedures. Cryptographic hash values must be statutorily recognized as a primary tool for ensuring the integrity and admissibility of electronic evidence. Drawing on the FRE model, India must develop its own codified framework to authenticate digital records securely, efficiently, and in a manner defensible in court. 

Cite this article as:

Helan Jesus Mary L, “Ensuring Evidentiary Integrity: The Legal Significance of Hash Values under the BSA, 2023” Vol.6 & Issue 1, Law Audience Journal (e-ISSN: 2581-6705), Pages 390 to 399 (20^th July 2025), available at https://www.lawaudience.com/ensuring-evidentiary-integrity-the-legal-significance-of-hash-values-under-the-bsa-2023/.

Reference:

1. com / 29 September 2024, (July 2,2025, 10 am) Sections 61, 62, and 63 of the Bharatiya Sakshya Adhiniyam (BSA): Admissibility of electronic records https://legallyin.com/category/concept/.
2. Peter Callaghan, Why Hash Values Are Crucial in Digital Evidence Authentication (July 2,2025, 11 am) https://share.google/jJ8rf1lp9yPn0toMr.
3. Hash Values- the DNA of Digital EvidenceHash Values- the DNA of Digital Evidence https://share.google/ZWed0LdFKwP35Ud5H.
4. Vikrant Rana, Nihit Nagpal, Savvy Evidence System: Step by Step Guide to Extract Hash Function Value from Electronic Evidence, (July 5,2025, 11 am) https://share.google/XHdxwaHkdPT0ZaR8F.
5. India kanoon, https://indiankanoon.org/doc/16512112/.

Footnotes:

[1] The Information Technology Act, 2000 Sec 2 (1) (t).

[2] 2015 Cri. L.J. 1690

[3] 2012 9 SCC 1.

[4] 2005 11 SCC 600.

[5] Sec 2 (1) (i) Information Technology Act, 2000.

[6] Sec 2 (1) (j) Information Technology Act, 2000.

[7] Sec 2 (1) (k) Information Technology Act, 2000.

[8] Sec 2 (1) (l) Information Technology Act, 2000.

[9] Sec 2 (1) (o) of the Information Technology Act.

[10] Sec 79A of IT Act 2000, The Central Government may, for the purposes of providing expert opinion on electronic form evidence before any court or other authority specify, by notification in the Official Gazette, any Department, body or agency of the Central Government or a State Government as an Examiner of Electronic Evidence.

[11] sec 2(e) of Bharatiya Sakshya Adhiniyam, 2023.

[12] Sec 2(d) of the Bharatiya Sakshya Adhiniyam, 2023

[13] 2019 SCC On Line SC 1532 

[14] Sec 39 (1) of Bharatiya Shakshya Adhiniyam 2023

[15] Sec 39 (2) Bharatiya Shakshya Adhiniyam 2023

[16] K. Narashimman v. State Represented by Its, Crl.O.P. No. of 2023, Madras HC, Dec. 6, 2023.