This article is written is by Wardah Beg, student, Faculty of Law, Aligarh Muslim University.
Introduction- The need to extract deleted data
We exchange an unbelievable amount of data every day, in the form of texts, audio clips, pictures, videos, gifs, etc on social media like WhatsApp, Facebook, Instagram and other numerous platforms. One might, after having deleted their data voluntarily or by mistake, feel the need to extract it back, for instance, to prove someone’s online misconduct in the court or for other personal reasons. Such digital and electronic evidence is admissible in the courts, and lawyers of aggrieved parties do make the most of such evidence.
Evidentiary value of chat transcripts
Chat transcripts, screenshots, etc can be used as evidence in court proceedings. A certificate, as prescribed under Section 65 B (4) of the Indian Evidence Act, 1872 is presented along with the chat transcripts, data records, pictures, etc.
Can such data be extracted
Yes, there have been cases where such data has been extracted by law enforcement agents and used in court cases. Though there is a question of how much of it can actually be retrieved by an individual seeking it for himself, or with the help of authority.
Even though Facebook tells you how once you have deleted something, it is gone forever and becomes irretrievable, it is essentially false, as the founder himself confessed. Once anything has been done on the internet, it leaves a digital footprint, and even if it may seem to have extinguished apparently, it can still, albeit with much difficulty, be retrieved.
To preemptively clear the misconception about third party softwares and apps (fonedog, fonepaw, DecipherText etc.) circling around, it is better in the interest of user’s safety that these apps are not trusted with one’s personal data. Secondly, it can lead to further irrevocable loss of data.
Extracting Deleted Data from Facebook
The first step to try if one wants to access their deleted data from Facebook, is by trying to download a copy of their data from Facebook. This includes your personal messages on Facebook, status updates, photos, etc. This can only be done if you still have an account on Facebook, and did not permanently delete it.
Facebook has not made clear what data exactly is stored and what gets deleted once a person deletes their account. According to the company, all the personal information of a person gets deleted and only log data is stored permanently, and since it is in store, it is obvious that it can be accessed, and can also be of help to a person in their case.
According to a report by The Guardian, Facebook also stores a user’s personal information like Contact details, call logs, etc. Many people have reported that the zip file of their personal data that they downloaded from Facebook contained this information. Consumers have questioned this and Facebook has been severely criticized, especially in the aftermath of the Cambridge Analytica scandal. According to the company, it stores this data to generate relevant content. For instance, address books are stored so that it can find who among one’s family and friends is on Facebook. However, it is unclear if this data can be retrieved from Facebook, even by Law Enforcement agencies, since this information is not actually ‘uploaded’ on or is relevant to Facebook. Here is a list of the data that can be downloaded as a ‘copy’ from Facebook. This includes very specific data like the places you’ve checked into, place you last logged into Facebook from, the events you attended, your likes, you religious and political views, friends you have removed, and even your facial recognition data.
Information for Law Enforcement Agencies
The aforementioned steps were for when a user of Facebook needs to extract details of his/her own account. But, depending upon the urgency and severity of the case, sometimes, the government of a country may want to extract details of a suspect.
Law Enforcement Agencies can approach Facebook in the initial stages of a criminal investigation through this portal. A one-hour access can be obtained by signing in with an official, government issued email address. Once access has been granted, the portal can be used for an hour for making preservation requests and record requests. To make such a request the official will have to submit details like Case Number, User ID/Vanity URL/Email address of the account that has to be preserved, and a PDF/JPG/PNG copy of the legal documents related to the case.
Next, the official will be required to submit what the request is being made through, for example- search warrant/court order, etc. Then, select the nature of the case, for ex. Child abuse, sexual harassment, terrorist activity, assault, theft, etc. The request can then be sent, and an official email will be received on the provided email address when the files are ready. According to Facebook, this can take at most 2-4 weeks. We will discuss emergency requests later in this write-up.
A note: It is suggested that the official makes sure that the request is spelt out in detail, because some very specific data, like metadata of a picture, that could be relevant in one’s case is not usually sent by the company unless it is specifically asked for.
Facebook has provided the following guidelines for law enforcement agents for extraction of data:
Preservation of Data
According to Facebook, they do not preserve account details or records unless it has been asked through a formal legal process. In case the authority wants Facebook to preserve data for a criminal investigation, it will preserve it for 90 days by default, but this can be extended using the law agency portal link provided above.
For an emergency request, where there is an imminent threat to someone, the official can submit the request through the same portal, specifying the severity and urgency of the situation. Moreover, according to Facebook, “In emergencies, law enforcement may submit requests without legal process. Based on the circumstances, we may voluntarily disclose information to law enforcement where we have a good faith or reason to believe that the matter involves imminent risk of serious physical injury or death”
According to Facebook, they do not accept very wide or ambiguous requests, so it is advised to specify exactly what is being asked for.
Facebook does not provide testimony support. But, a certificate can be acquired by submitting the request through the portal.
It may charge a certain sum per request. These fees can be waived by Facebook in case of emergency requests, or requests where there is a case of harm caused to a child etc.
Request by post
In case such a request has to be made through post, here is the official postal address for doing so, though it may take a longer time to receive data through post:
1 Hacker Way Menlo Park
Extracting Deleted Data from WhatsApp:
- The first method a user can try to retrieve lost or deleted data, is through restoring data that is automatically stored on drive. This is only uploaded if the user had selected the option to backup to drive automatically or had manually backed up. Usually, WhatsApp backs up data by default every night at 2 a.m.
- When that method does not work, you can try connecting your phone to a PC and following these steps:
- Open the disk of your Android and go to Whatsapp> Media
- Here, you will find your images, audios and videos
- Or, a user can request their own account information from WhatsApp, by following these steps:
- Open Whatsapp. Go to Settings > Account > Request Info
- Click on Request Report.
- The request will be sent to Whatsapp and you will receive a file with details associated to your account.
This is why it is easier for police and law enforcement agencies to access user data when they physically possess the suspect’s mobile phone. As in the case of Facebook, WhatsApp records can also be retrieved by law enforcement agencies by contacting the company. Here is the portal. The rules and process is similar, too, as the company is owned by Facebook.
Posting a request will take time, therefore it is recommended to reach out through the portal. In any case, the postal address is:
1601 Willow Road
Menlo Park, California 94025
United States of America
The data that is given by the company, in contrast with Facebook, is way less. Whatsapp is known only to have shared metadata with police officials, like what numbers has a person been in contact with, and for what duration, IP addresses etc. The details, on the whole, around what exactly WhatsApp can and does share with legal authorities are not clearly specified anywhere.
Another loophole that can be used by an aggrieved party is that of Whatsapp’s policy of sharing user’s data with Facebook, since WhatsApp does share some of user’s important data with Facebook, it definitely must lie in Facebook’s possession. But this can only help when a user is on both the platforms.
According to WhatsApp spokesperson Carl Hoog, who visited India in 2017, the contents of Whatsapp messages are not accessible by anyone except the sender and the receiver, due to WhatsApp’s end-to-end encryption. Nevertheless, the metadata provided by the company could prove extremely useful in some cases. It has reportedly helped the the US Government reveal a cocaine and methamphetamine racket, and also helped reveal an ISIS affiliated terrorist in the US.
Cyber forensic tech and data retrieval
According to Nikhil Khandekar and Sachin Sathe, founders of a firm named Prevoyance Forensic Technologies, deleted data from nearly all popular social media platforms can actually be retrieved, as long as it is not overwritten They claim that they can restore this data, and though this may be encrypted data, they have special softwares to decrypt it. The firm has helped police departments and agencies in Nagpur solve cases relating to theft, etc. They have also helped private persons find missing persons, lost devices, etc.
Authorities to approach
According to Facebook’s Government Requests Report, the Government of India is the second country after the United States to make the most requests for reports and account details. Even in the first half of 2017, it made 9,853 requests to Facebook for data, and upto 6,324 times in the first half of 2016.
As mentioned above, in the cases of Facebook and WhatsApp, the same will work for other social media platforms. It is suggested that a user takes initial possible steps themselves to retrieve their own data, because the legal pathway to it is long and tedious. In case the matter is urgent, it is suggested that an application be filed to the court requesting the court and the concerned police officer or other officials from any other investigative agency to to order the concerned social media company to produce the needful records.
Extracting data from Internet Service Providers (ISPs)
Legal extraction of IP addresses and other information relating to an IP address, such as timestamps, textual data, pictures, videos, etc. is retrievable through one’s ISP. An IP address is a set of four numbers (generally), that is assigned to every device that signs up internet services. Internet Service Providers have a log of all the activities of an IP user that subscribed to him.
An IP address contains the following data:
-who is the owner and operator of the network address,
-what is the associated domain name/ computer name,
-email addresses, etc.
The Indian Police has tracked down criminals using this method to extract information relating to an IP Address. For instance, in 2011 the Cyber Crime Investigation Cell (CCIC) of Mumbai police was able to trace a runaway boy after tracing the boy’s online activity. They traced the IP address from where he had uploaded a status and tracked the boy’s location down. There have been various such cases where investigation departments of the police have been able to find missing persons and criminals.
Registered companies in India apply for ISP licenses in India. The Licensor, as in the case of UASL licenses, is the Government of India.
- According to Clause 30.1 of the license, the Government has the right to inspect all the sites used by an IP user. The company is required to provide the necessary facilities for doing so.
- Under Clause 34.8, the ISPs are required to maintain logs of all the data of all the users connected and all the services they use, for example, mailing services. All of this data should be accessible by the Telecom Authority in real time.
- According to Clause 34.12 the ISPs shall make a database of all its users and their data with a password controlled access that is available for authorized agencies to access at all times.
- Clause 34.22 makes it mandatory for the ISP to provide any required information of the subscriber to the government at any instant.
- Such data is required to be stored by the ISP for a mandatory period of 1 year, and can be disposed of, after that, unless the Government asks for it to be preserved.
- The current geographical location of the subscriber is to be provided to the government whenever asked for.
Provisions in IT Act
- Section 69 of the IT Act provides the government with power to issue directions for interception, monitoring or decryption of information through a computer resource.
- Section 69 B of the Act contains provisions as to how this can be done. According to Section 69 B (1) the Central Government has the power to authorize any agency to collect data from any computer source, by carrying a notice out in the Official Gazette of India.
ISP Data extraction by Police
Section 91 of the CrPC empower the courts or any officer in charge of a police station to ask anybody for any document or any other ‘thing’, or summon any person with such a document or thing in the court. Therefore, data extraction through IP address is a great way of tracking a person’s online activity and make the criminal investigation easier.
An aggrieved individual or group can also file an application to the court where their case is already being heard, for extraction of IP data. The application will move in this direction.
You > Court > Police > Internet Service Provider (ISP)
In case of any additional information, clarifications or corrections, drop me a mail on [email protected]