Rajasthan High Court Restrains Police Overreach in Cybercrime Probes, Cites Public Fear
Rajasthan HC Curbs Police Power in Cybercrime Cases

The Rajasthan High Court has delivered a landmark judgment aimed at curbing what it termed the "unbridled power" exercised by police forces during cybercrime investigations. In a strongly worded order, the court emphasized that the police's role is strictly limited to investigating suspected fraud or economic offences under the law, and not beyond it.

Court Observations on Police Conduct and Public Perception

Justice Ashok Kumar Jain, presiding over the case, made a striking observation about public sentiment towards law enforcement. "We are living in a country where seeing a policeman makes a citizen feel more nervous than safe. This is a hard fact that all law-abiding citizens are terrorised by the very presence of policemen," the court noted in its order. While acknowledging this might not be a generalized situation, the court maintained that "by and large, it is a hard fact" as most officers are not considered ideal by the people.

Specific Concerns in Cybercrime Investigations

The court highlighted several problematic practices in current cybercrime investigation procedures:

  • Police registering cybercrime cases without any private complainant or victim
  • Seeking information from banks, digital wallets, payment aggregators, and the National Payments Corporation of India (NPCI) without proper authorization
  • Using power against financial institutions to procure information without clear evidence of wrongdoing

"The entire investigation suggests that not a single person is named who was cheated by the petitioner accused, meaning thereby the police registered FIR and used power against banks, wallet operators, and payment aggregators to procure information," the court observed.

Comprehensive Guidelines Issued by the Court

Recognizing that some directions are necessary to protect harassment of innocent persons, the Rajasthan High Court issued a comprehensive set of guidelines for cybercrime investigations:

Investigation Protocol

  1. All cybercrime information received through victims or the National Cybercrime Reporting Portal (including helpline 1930) must be analyzed and investigated by designated, trained police officers not below the rank of ASI or Sub-Inspector
  2. The Director General of Police must ensure all personnel involved in cybercrime investigations receive proper training within six months to prevent casual prosecution of innocent individuals

Procedural Safeguards for Financial Institutions

  • Before procuring any information from banks or payment system operators, police must forward a copy to the Superintendent of Police and obtain explicit or oral approval
  • All such requests must be recorded in both the police station's daily diary and the case diary
  • Banks or payment system operators may decline requests that don't include a copy of the complaint or FIR

Account Protection Measures

The court established strict limitations on account blocking:

  • Bank accounts operated by financial entities, payment system operators, payment aggregators, or merchants cannot be blocked or put on hold by banks based on police requests regarding suspicious third-party transactions
  • This restriction doesn't apply to cases involving the CBI, ED, PMLA, or Prevention of Corruption Act investigations
  • If any bank blocks an account based on police request, the bank becomes personally liable for civil and criminal consequences including financial losses and reputational damage

Nodal Officer System

All banks and payment system operators must appoint a nodal officer available round-the-clock for police contact during emergent situations, as per guidelines from the Indian Cybercrime Coordination Centre.

Transaction-Specific Actions

  1. For unauthorized transactions, police may act immediately after informing the Superintendent of Police and intimate payment system operators to mark lien on specific amounts
  2. Police cannot request blocking or suspension of entire financial accounts of individuals or merchants
  3. For frequently misused accounts, police may request transaction history and operator details from concerned bank branches

Judicial Oversight Requirements

The court mandated that any information about blocking, holding, or marking lien on accounts must be simultaneously sent to the jurisdictional Judicial Magistrate within 24 hours. Failure to inform may render such police actions void or actionable.

Exceptions and Special Cases

The guidelines specifically exclude mule accounts operated by individuals to transfer money or crime proceeds from these protections.

Broader Implications for Police Accountability

The Rajasthan High Court's order represents a significant step toward redefining police authority in the digital age. By establishing clear boundaries for cybercrime investigations, the court aims to balance law enforcement needs with protection of individual rights and financial system integrity.

"The police are not meant to exercise any power or authority over any of the stakeholders of the ecosystem of the country, or bully either a citizen or any entity," the court remarked, reinforcing the principle that police power must be exercised within legal confines.

This judgment comes at a crucial time when digital transactions and cybercrimes are increasing exponentially across India. The guidelines provide much-needed clarity for both law enforcement agencies and financial institutions while addressing growing public concerns about police overreach in sensitive financial matters.