Cyber Evidence Archival Center (CEAC)
Cyber Evidence Archival Center or CEAC is a Brick and Click service for preserving electronic documentary evidence for use in legal proceedings.
The Information Technology Act-2000 (ITA-2000) applicable in India has provided legal recognition to Electronic documents. However, for an electronic document to be accepted as evidence in a court of law, there are certain formalities to be completed. Presently there is no proper mechanism available to the common man to accomplish this objective.
When this service was first introduced, the digital signature system had not been in place. Hence this service was introduced.
Subsequently when the digital signature systems became available, there were still certain issues of acceptability. For example, having a digital certificate and using it against an outgoing e-mail will not provide sufficient evidence if the addressee contends that he has not received the mail.
Any Netizen (including a business entity) who wants to use electronic documents in the form of E-Mails and Web Pages to conclude valid Digital Contracts and require the offer or acceptance documents to be preserved for future use as evidence.
The Certified E-Mail Forwarding Service is a critical service requirement for Companies who send out e-mail notices of various kinds to their customers and would like them to be available for future legal use. Online Stock brokers sending contract notes by e-mail, Banks and Financial Institutions sending default notices, Insurance Companies sending premium notices are examples of such Companies.
No. This Service is Not a Notary Service under the Notaries Act 1952. The certification process used by CEAC will follow the principles enunciated in Information Technology Act 2000
a) E-Mail sent to
i) another E-Mail or
ii) a Physical Address in India.
b) E-mail received
c) Web Page
d) Certified E-Mail Forwarding from Companies to E-mail addresses in India.
e) Any other electronic document visible through a device.
Remote Certification refers to the certification of contents of an electronic document requiring a virtual visit of a computer. Typically, when the contents are in the e-mail box or desktop of a computer the owner of which cannot physically be present along with the official of CEAC who provides the certification, an arrangement will be made for the virtual visit of the concerned electronic document under the authority of the owner of the document. There will be additional charges for such a certification.
The cost of CEAC archiving and certification depends on the size of the document in terms of number of A4 sized print outs with a minimum. The current pricing is as follows.
a) i) E-mail to E-mail (Sent) : Rs 500 per page with a minimum of Rs 5000/-
ii) E-mail to Address: Rs 500 per page with a minimum of Rs 5000/-
b) E-Mail to E-Mail ( Received) : Rs 500 per page with a minimum of Rs 5000/-
c) Web Page: Rs 500 per page with a minimum of Rs 5000/-
d) Certified E-Mail Forwarding Service is offered in the following three phases.
i) Certified Sent
ii) Certified Delivered
iii) Certified Read
The cost of this service is negotiable based on the volumes.
Cost of service does not include out of pocket expenses and remote certification costs. In the event an official of the center is required to give personal evidence the cost of travel and stay will be required to be paid.
In the event electronic content is accessible through a remote Computer, CEAC may use remote desktop sharing tools for the document observeration session prior to recording. In such cases an additional charge of RS 2000/- would be payable for the remote session.
The payment of the minimum amount of Rs 5000/- should be first paid online through Naavi’s Payment Center, using Naavi’s Payment Receipts at the time of placing the request.
In case the actual charges are higher, an invoice for the additional amount would be sent by e-mail along with the instructions for payment and it can be paid online as a secondary payment.
Payment for Certified E-mail Forwarding Services will be as per the negotiations.
All Payments are being received online through ccavenue.com’s Sub-merchant service.
Forward the Sent Mail, as an attachment, to firstname.lastname@example.org with the words “CEAC-Sent” in the subject line, indicating the registrant’s address
Forward the Received Mail, as an attachment, towith the words “CEAC-In” in the subject line, indicating the registrant’s address
Forward the Mail to be sent by E-Mail, as an attachment, to email@example.com with the words “CEAC-address” in the subject line indicting the destination postal address and registrant’s address in the body of the mail.
Forward the web page as an attachment firstname.lastname@example.org with the worlds “CEAC-web” in the subject line indicating the registrant’s address.
CEAC may confirm the document by sending confirmatory messages to the counter party of an E-Mail or by visiting the web site, take print outs and then register the contents in a “Register”. Entries will be made in writing in the register containing appropriate references to the document with a copy of the document itself being pasted to the register. Each page of the register will correspond to one page of the certificate and every page of the register will be properly accounted so that no interlineations are possible. The CEAC will also create and keep ancillary documents in the register itself time stamping the transaction based on its own confirmatory process.
CEAC wants to retain the option of rejecting documents that are indicative of any un lawful activity and to report to the law enforcement authorities in case any transaction is indicative of activities alien to the Country. This is a responsibility imposed by operation of laws of the country. Additionally, CEAC wants to confirm the documents registered as genuine by its confirmatory process which involves re-sending the e-mail for confirmation to the counter party. The privacy of the mail will be preserved subject to these conditions.
Confidential archiving means a process of archiving a document without the counter party coming to know of it. In the web page archiving, we do not propose to inform the web site owner specifically of the archival process since only publicly accessible Web pages alone are archived. The normal procedure for E-Mail archival is to send the confirmatory message to the counter party and hence the fact of archival is not confidential. This procedure has been adopted to prevent false document registration. This is required to make the communication non repudiable. CEAC therefore does not recommend confidential archival as it weakens the acceptability of the evidence. Any requests to the contrary can be addressed as a special request to email@example.com and will be dealt with appropriately.
The registrants are provided with their own copies at the time of registration and support if any may be required for issue of duplicate copies or for substantiating the evidence for a Court at the time of any arbitration or litigation. CEAC will preserve the register for a minimum of 5 years. It will also send electronic confirmation to a Court when required without further charge. In case duplicate copies of the certificates are required suitable charges will be indicated at the time of request. If personal appearance is required in a court of law, an authorized representative would be deputed subject to the reimbursement of necessary expenses.
The price for providing support services would be reasonable and commensurate with the services required as relevant at the time of availment. No figures can be quoted at present.
5 years as per present plans.
CEAC is a division of Ujvala Consultants Private Ltd, a body corporate and presently run buy Na.Vijayashankar, also called Naavi, founder of Naavi.org and other related web sites. The registered office of the Company is located in Bangalore, India. The relevant website is http://www.ujvala.com
Not at present.
Not to our knowledge in the form in which the service is being offered as a “Brick and Click Service”. Services for Archival of electronic documents through a “Vault Process” is however available outside India. They are basically meant for the back up purpose and not necessarily for Cyber Evidence purpose.
CEAC service is a hybrid service not easily classified into other known types of services. However, it falls into the category of “IT Enabled Service” which is likely to be classified as an “Intermediary” under section 2 (w) and Section 79 of Information technology Act-2000.
The CEAC service is a first of its kind service not only in India as well as world over. The legal status of the CEAC certificates has to therefore emerge out of the way the society and its various constituents including the Netizens, the Law Enforcement Machinery, The Judiciary and the Government perceive the service. At the least, it should have the status of a ” Witness of an Independent Third Party to the existence of document archived”.
No. However the prospect of its acceptance is high in view of the witness being a third party. Since there is no precedent for this service any where in the world, we need to wait for community acceptance first and then hope for judicial acceptance.
The first time a CEAC report came for Judicial review was in the case of State of Tamil Nadu Vs Suhas Katti at AMM Court Egmore, Chennai. This was a case in which the entire case hinged on a web page at yahoo groups which had been certified by CEAC. Based on the evidence presented, the Court gave a conviction in the case which was also upheld in the appeal Court. This can therefore be considered as a precedent.
For the information of the public, a copy of the judgement in the Suhas Katti case is available here.
(Original copy is available at http://www.ceac.in/suhaskatti_1.pdf and http://www.ceac.in/suhaskatti_2.pdf here for information. These are PDF files of size 9.5 MB and 6.5 MB respectively. Please right click and download if your browser gives an error ) Page 16 of the judgment makes reference to the Cyber Evidence Archival Center.
It must be remembered that CEAC only confirms the existence of electronic document in a specified form. It does not certify that the contents of the electronic documents are true. From the contents available, the Police, Lawyers or the Judiciary can arrive at their own conclusion about the content. In certain reports, some visible indications in the content which needs highlighting may be highlighted with information such as the WhoIs record or IP Address resolution etc. In such cases there would be an element of expert investigation into the parts of the content. Normally this would be done since the relevant records may be removed or become in-accessible subsequently.
a) Digital Certificates cost annual fees to maintain. The costs may vary between Rs 750 to Rs 1500 per year depending on the class of certificate.
b) Use of Digital Certificates in shared machines is open to risks of Key compromise.
c) Revocation verification systems of Digital Certificates are not reliable.
d) User is exposed to configuration risks of “Auto Sign” and “No Revocation Check” configurations which can lead to unintended use of a signature and trusting of a revoked certificates.
e) User is exposed to the risk of negligently configured passwords to protect key files or use of “Auto Complete” feature for passwords.
f) User has no easy remedy against an addressee who maintains non receipt of the mail.
CEAC certification is apparently a simple registry service. However, to make the service reliable, CEAC adopts procedures and technology processes in the back end. These have been built out of years of experience of Naavi as a Banking professional and Cyber Law specialist and backed up by the best available technology at this point of time. The technology inputs are however subject to change from time to time and are a matter of “Technical Know How”.
You can send an e-mail to firstname.lastname@example.org with subject line ceac-info for any further information.
Your comments if any can also be sent to email@example.com with the subject line ceac-comment