Compelling an Accused to Unlock their Mobile Phones: A Critique of the Kerala and Karnataka High Court Judgments

On 29th January 2022, the High Court of Kerala handed down a brief judgment, holding that the Prosecution, in criminal cases, is entitled to access the data on an accused person’s mobile phone, and that this does not violate the constitutional guarantee against self-incrimination (P. Gopalakrishnan alias Dileep v State of Kerala). In doing so, the High Court purported to rely upon a recent judgment of the Karnataka High Court in Virendra Khanna v State of Karnataka. Both Dileep and Virendra Khanna, in turn, relied upon the eleven-judge-bench judgment of the Supreme Court in State of Bombay v Kathi Kalu Oghad, and considered themselves to be bound by it.

In my respectful submission, both the Karnataka and the Kerala High Courts misread Kathi Kalu Oghad, and arrived at an incorrect conclusion (see also this detailed critique of the Karnataka High Court judgment on The Proof of Guilt Blog, which arrives at the same conclusion). In paragraph 5 of its judgment, the Kerala High Court reproduced the findings in Oghad, but did not explain how that case – which concerned the compelled taking of fingerprints and handwriting samples – was applicable to the data on an individual’s mobile phone. In a somewhat longer analysis, the Karnataka High Court noted that:

The XI Judge Bench of the Apex Court in Kathi Kalu Oghad’s case has categorically held that providing of a thumb impression or impression of the palm or foot or fingers or specimen in writing or exposing a part of the body of an accused person for the purpose of identification would not amount to testimonial compulsion. Mere providing of an access of to smartphone or e-mail account would not amount to being a witness, the information that is accessed by the Investigating officer on the smartphone and or the e-mail account being only access to the data and/or documents, it is for the Investigating officer to prove and establish the same in a Court of law by following the applicable Rules of evidence.

It is submitted that this is evidently incorrect. The fact that a particular piece of evidence has to be proved in accordance with the procedure set out in the Evidence Act is not relevant to the question of self-incrimination; if that was the case, then even direct oral self-incrimination would, paradoxically, not fall within the prohibition of Article 20(3), since even that would still have to be “proved and established” in a Court of law in accordance with the Evidence Act.

A little later in its judgment, the Karnataka High Court then went on to agree with a submission that compelling production of a password to a phone was “akin” to fingerprinting, which had been upheld in Kathi Kalu Oghad. The analogy, however, proceeds upon a fundamental misreading of Kathi Kalu Oghad. In Oghad, the reason why fingerprints and handwriting samples were held to be outside the scope of testimonial compulsion was that, in themselves, they were neutral. A fingerprint or a handwriting sample did not by itself incriminate an accused, but only when it was compared with, say, a fingerprint from the scene of the crime, or the handwriting on a forged letter. This is obviously not the case when it comes to accessing data on the phone, because it is the data itself that has the potential to incriminate the accused. Indeed, both Dileep and Virendra Khanna appear to ignore the part of Kathi Kalu Oghad where – endorsing the judgment in M.P. Sharma – it was explicitly held that documentary evidence falls within the ambit of Article 20(3). The moment we accept that documentary evidence falls within the ambit of Article 20(3), it is impossible to reconcile the compelled unlocking of mobile phones – in order to access the data therein – with the guarantee against self-incrimination. Once again, the Karnataka High Court’s argument that data on a mobile phone is akin to a murder weapon, in that by itself it does not incriminate an accused, but still have to be “proved” in a court of law would, if taken to its logical conclusion, effectively destroy Article 20(3) altogether, because every piece of evidence – including oral testimonial compulsion – needs to be “proved” in a court of law before the Prosecution can rely upon it.

The Karnataka High Court then went on to recite a parade of horribles that would follow if mobile phone data was protected: “no blood samples can be taken, no body sample for the purposes of DNA analysis could be taken, no search of a house or office could be undertaken … offences like cyber crime could not be investigated.” To start with, as I have already demonstrated above, comparing mobile phone data to blood samples is an analytical error. But perhaps what is more disquieting about this particular form of consequential analysis is how it subordinates fundamental constitutional rights to the convenience of the investigative officer. The Karnataka High Court never stopped to ask why Article 20(3) exists in the Constitution, or to consider the possibility that the whole reason why we have a guarantee against self-incrimination is because there should be some limits upon what the State can do to an individual in the name of “efficient investigation.” In the Karnataka High Court’s analysis, it is simply assumed – instead of demonstrated – that something as invasive as DNA analysis of an individual should simply be a part of routine criminal investigation; and when regard for individual rights against the overbearing power of the State is so low, it is but the smallest of steps to go from forcible DNA extraction to extracting statements through torture, and justifying it in the name of investigatory efficiency.

It is, indeed, quite evident that the Karnataka High Court was aware of the shortcomings of its analysis, because it repeatedly went from the passcode or the password to a phone not itself being a “document”, to how the data on the phone would still have to be proven under The Evidence Act – while completely ignoring the fact that the data on the phone that could be accessed as a result of having the passcode would, under any definition, fall within the ambit of Article 20(3). It was only by artificially creating this gap in chronology that the Karnataka High Court – and the Kerala High Court – could justify compelling an accused to allow access to the contents of their mobile phone to investigative agencies.

The judgments of the Karnataka and Kerala High Courts are particularly concerning, because at a time when mobile phones are becoming more and more an extension of our interior lives rather than simple accessories, criminal procedure law should be moving towards greater protection of mobile phone data rather than a position where the State has free access to it. In Selvi v State – a judgment ignored by both Courts (even though it was specifically cited before the Karnataka High Court) – the Supreme Court grasped this fundamental point when it held that one of the goals of Article 20(3) – read with Article 20(1) – was to protect an accused’s mental privacy from invasion by the State.

Lastly, it may perhaps be pointed out that the accused before the Kerala High Court was a particularly unsympathetic and unsavoury character, and the case itself was one where the accused’s lawyers – in all likelihood – were raising the Article 20(3) as a delay tactic. That may or may not be true, but it is crucial to remember that the purpose of criminal law safeguards is not to protect the “good guys”, but to protect everyone. The inevitable consequence of that is that, on occasion, the “bad guys” will also be able to take advantage of these procedural safeguards; but that is not a reason to abolish or dilute the safegards themselves.

The question of law in these cases will, of course, undoubtedly reach the Supreme Court at some point (for a deeper overview, see this blog post by Abhinav Sekhri, and this paper). It will be interesting to see how the top Court – that, with the brief exception of Selvi – has historically been hostile to Article 20(3) – will deal with the issue.