Indian Kanoon - Search engine for Indian Law

60. On the point of checksum information and hash value which remained wanting for the experts of IITs, Mr. Khare has referred to certain literature in that regard. According to Mr. Khare, hash value is a digital finger print provided to decode encrypted data. It is a digital key to unlock a data which is provided in encrypted form but it depends uopn which kind of data is supplied. If the data has been created and downloaded from the main source server then it creates a hash value so that the data integrity may be verified at a later stage by applying the same. For a set of data, a particular hash value is provided and any modification of data would change the hash value but this would arise only in the event secured data is provided with a hash value. Mr. Ashok Khare, learned Senior Advocate has relied upon the work and literature namely digital fingerprint for investigation and cases involving electronic evidence by the Ovie Carroll and a treatise in the name of Electronic Evidence, old edition by Steaphon Mezon and Denial Sen which refers to hash value as a kind of digital fingerprint which is required to be put to forensic examination for the reason that a professional understands what the tool to be used to unlock the device perform the relevant task and also manner and method in which a computer device is required to be examined forensically so as to return a finding as to data integrity. Since the result processing data was there provided by the Aptech to the U.P. Jal Nigam which in turn was forwarded to the Professors for verification and examination, then in that event, if the checksum information and the hash value is lacking, the proper course would have been for the Corporation to have asked for it from the Aptech itself or to have brought the Aptech in touch with the Professors of IITs. Still further as Mr. Khare argues, once the data was seized from the local environment of the Aptech Limited then best course was to provide the Professors access to this data but the Corporation having not done so, committed manifest illegality and in such circumstances a mere expressed opinion by the Professors of the IITs for want of requisite material cannot be itself a ground to annul the entire selection and appointments made.

97. Mr. Goyal submitted that data retention policy much talked about, if ran contrary to the agreements recorded between Corporation and M/s Aptech Ltd., it were the agreements to prevail. Mr. Goyal submitted that Institutes of technology were in these circumstances left with no other alternative in the face of the fact that original data was deleted from the primary source cloud server, but to express their inability to give certificate of authenticity to the data supplied by the agency. According to Mr Goyal, in these circumstances, no definite opinion could have been forward by Institutes of technology as to the correctness of answer sheets not being manipulated and the truthfulness data of result processing not being tempered with. He has placed much emphasis upon the checksum information and 'hash value' digital fingerprints as key to unlock/ access original data and since M/s Aptech Limited failed to provide checksum information and and requisite hash value of the data, no tracking could be made to verify the correctness of candidates' response data to questions, recorded by it. Mr Goyal submitted that it was duty of the service provider to have provided the relevant checksum information and hash value. For the absence of checksum information as to the original response data of the candidate in the examination hall, and in the absence of hash value, it was impossible to verify the records and still further, it became difficult to know as to whether the data provided was the modified one or copy of original one.

98. Mr. Goyal submitted that 'hash value' created once the data is transmitted from original server to a secondary server by the original service provided and this hash value continues to remain constant to decode the original data provided in an encrypted form. Any attempt to have access to the data without information about the 'hash value', would certainly corrupt the original data and any fresh 'hash value' means data is already modified. The hash value is a digital signature put to a data to access it. Mr Goyal submitted that service provider since did not provide the 'hash value', it remained illusive data as to its authenticity and integrity upon transfer to a local environment device. A data Security is always marked by digital fingerprint of the digital signature, as was done by CFSL, Hyderabad consolidating the data retrieved from the original hard disks into a DVD marked as"CAH - 75-2018 - DVD,"

101. Elaborating further the definition of 'hash value', Mr Goyal submitted that hash value or checksum information is provided to decode the data contained in the hard disk or such other device. He has referred to a famous treatise, namely, Electronic Evidence: Disclosure, Discovery & Admissibility, First Edition by Stephen Mason, in which vide paragraph of 3.16, the details are given for preserving digital data evidence. The relevant paragraph runs as under:

"3.16 Validating digital evidence Digital evidence in particular needs to be validated if it is to have any probative value. A digital evidence specialist will invariably copy the contents of a number of disks or storage devices, in both criminal and civil matters. To prove the digital evidence has not been altered, it is necessary to put in place checks and balances to prove the duplicate evidence in digital format has not been altered since it was copied. An electronic fingerprint is used to prove the integrity of data at the time the evidence was collected. The electronic fingerprint uses a cryptographic technique that is capable of being associated with a single file, a floppy disk or the entire contents of a hard drive. As digital evidence is copied, a digital evidence specialist will use software tools that are relevant to the task. program that causes a checksum operation, called a 'hash function' to be applied to the file or disk that is being copied. The result of applying a hash function to digital data is called a hash value. The hash value has been calculated against the content of the data. This is a one-way function, containing the mathematical equivalent of a secret trapdoor. For the purposes of understanding the concept,, this algorithm is easy to compute in one direction and difficult to compute in the opposite direction, unless you know the secret. The hash function is used to verify that a file, or the copy of a file, has not changed. If the file has been altered in any way, the hash value will not be the same and the investigator will be alerted to the discrepancy. A digital signature can also be used in this way, by combining the hash value against some additional information, such as the time."