In an era where economic crime has become intricately linked to digital footprints, Indian enforcement agencies are increasingly relying on electronic record seizures to trace money laundering, smuggling, and financial fraud.
But as the Enforcement Directorate (ED), Central Bureau of Investigation (CBI), Directorate of Revenue Intelligence (DRI), and Customs expand their reach into laptops, servers, and cloud-based data troves, a growing chorus of legal voices is demanding accountability, transparency, and respect for privacy in these operations.
The Supreme Court of India, recognizing the lack of uniform procedures, has mandated that until dedicated legislation is framed, central agencies must adhere to the CBI Manual (2020)—particularly Chapter XVI, which details protocols for the seizure of digital evidence.
Meanwhile, the recently enacted Bharatiya Nagarik Suraksha Sanhita (BNSS), 2023 has brought some structure by mandating electronic recording of all search and seizure actions through Sections 105 and 185, aiming to eliminate opaque practices.
ALSO READ: Call for Cyber Experts: Join FCRF Academy as Trainers and Course Creators
Forensic Precision and Legal Boundaries: Inside the Agencies’ Playbook
The CBI Manual outlines a forensic-first approach. At the time of seizure, investigators are required to image the digital device, create hash values, and provide a copy of these values to the owner or custodian. This cryptographic fingerprint ensures the integrity of the evidence and allows courts to verify that no tampering occurred.
Each agency brings a different investigative mandate but must now operate under shared procedural expectations:
- ED often targets money laundering and foreign exchange violations. However, following the Supreme Court’s interim order in the Santiago Martin case, the ED has been barred from accessing or copying seized device data without authorization—a significant shift in the treatment of electronic privacy during investigations.
- CBI, handling high-profile corruption and cybercrime cases, uses digital evidence extensively and follows the Manual to the letter, leveraging hashed imaging and forensic duplication to ensure admissibility in court.
- DRI focuses on trade-based money laundering and customs violations. It routinely clones digital data, maintains hash logs, and avoids retaining physical devices longer than necessary—a practice reinforced by a Delhi High Court ruling in Rakesh Kumar Gupta vs. DRI, which stated that devices should be returned promptly once relied-upon documents are extracted.
- Customs authorities are also empowered to seize electronic records, especially in IPR-related offenses and cross-border smuggling cases, under the Customs Act, 1962 and IPR (Imported Goods) Enforcement Rules, 2007.
Courts Step In: Privacy, Protocols, and the Push for Reform
The judiciary’s recent interventions have revealed systemic gaps. In Santiago Martin v. ED, the Supreme Court restricted indiscriminate data access, flagging the ED’s lack of legal justification for copying entire device contents without consent or court oversight. The ruling sent a clear message: digital liberty must not be sacrificed at the altar of investigative convenience.
Similarly, in the Delhi High Court’s directive to the DRI, the court emphasized “avoidance of unnecessary retention”of devices and ordered the agency to focus only on documents critical to the case.
These rulings reflect a growing recognition that the protection of digital privacy is now a constitutional imperative, not just a procedural formality. They also highlight the lack of standardized digital seizure protocols, which leads to inconsistencies across agencies and undermines the credibility of electronic evidence.
The Centre has been directed by the Supreme Court to frame comprehensive guidelines, which must balance investigative efficiency with civil liberties. Experts argue that without such frameworks, the admissibility of digital evidence could be challenged, weakening prosecutions in major financial and cybercrime cases.