Bombay High Court sets aside espionage & cyber terrorism charges against Ex-BrahMos engineer; reduces life sentence to 3 years imprisonment

The Court rejected Honey-trap theory and held that the BrahMos engineer is not guilty of espionage, but liable only for negligence under Official Secrets Act

Published on By
cyber-terrorism

Disclaimer: This has been reported after the availability of the order of the Court and not on media reports so as to give an accurate report to our readers.

Bombay High Court: In an appeal filed by Ex-BrahMos engineer under Section 374 of the Criminal Procedure Code, 1973 (CrPC), challenging the trial court’s judgment dated 03-06-2024 which convicted the appellant for cyber terrorism under Section 66-F of the Information Technology Act, 2000 (IT Act) and espionage under Sections 3(1)(c), 5(1)(a),(b),(c),(d) and 5(3) of the Official Secrets Act, 1923 (Official Secrets Act), a Division bench of Anil S. Kilor* & Pravin S. Patil, JJ., upheld the conviction for 3 years of imprisonment under Section 5(1)(d) of the Official Secrets Act and set aside the conviction on all the other charges.

Factual Matrix

In the instant matter, The Anti-Terrorist Squad (ATS) received inputs that two Facebook accounts operated from Pakistan, were “in contact via Internet through these Facebook accounts with the unknown employees holding important posts in various defence establishments in India” and that sensitive defence data was leaked.

During investigation, Facebook accounts were linked to the appellant, and his personal laptop was found containing document files relating to BrahMos missiles. One of the documents, , was labelled “secret” in red colour. The initial ATS theory was “honey trapping,” as even PW-1 and PW-11 stated that the two fake accounts were created “to honey trap the officers.”

The prosecution alleged that the appellant used malware like X-trust, chat 2 hire, and Q-whisper, enabling transfer of data to foreign agents. However, the defence argued the files were part of his legitimate project work (CPHS) under his superior and that he was authorized to possess the same.

The trial court sentenced the appellant to life imprisonment for under Section 66-F of the IT Act, Rigorous Imprisonment for 14 years under Section 3(1)(c) of the Official Secrets Act, and Imprisonment for 3 years with fine under Section 5 of the Official Secrets Act.

Moot Point

  1. Whether the accused intentionally copied and communicated “secret and classified documents” in violation of the Official Secrets Act?

  2. Whether the elements of mens rea existed to sustain conviction under Section 66-F (cyber terrorism) of the IT Act?

  3. Whether the prosecution proved that the appellant exceeded authorized access to obtain documents?

Court’s Observations

The Court emphasised that Section 66F requires intent to threaten the unity, integrity, security or sovereignty of India, or “knowingly or intentionally” accessing restricted information for damaging national security. The Court further noted that Sections 3(1)(c), 5(1)(a),(b),(c), and 5(3) of the Official Secrets Act require intentional and knowing conduct, involving wilful communication to unauthorised persons or for unlawful State-prejudicial purposes.

The Court emphasised that to attract Section 66F it has to be established that “when the attempt to penetrate or access a computer resource without authorization or exceeding authorized access was made, it was done, at that relevant time, with intent to threaten the unity, integrity, security, or sovereignty of India or to strike terror in the people or any section of the people.”

The Court held that the mere presence of documents and chats cannot equate to espionage or cyber terrorism unless accompanied by mens rea. The Court stated that prosecution failed to establish appellant’s intention when such data was allegedly copied and nothing brought on record to show that the appellant intentionally, to threaten the unity, integrity, security or safety of India, committed a cyber terrorism.

The Court further held that the prosecution failed to establish beyond reasonable doubt that the appellant is guilty of the offence punishable under Sections 66F of the IT Act and Section 5(1)(a)(b)(c) and 5(3) of the Official Secrets Act.

The Court examined the alleged malware, chat2hire, X-trust, Q-whisper, etc. and found that the prosecution did not establish that any data was actually leaked, nor that the accused knowingly used malware for espionage. The Court observed that “it is found that the files are suspected to be leaked and not absolutely leaked,” therefore, mere suspicion of leak is not sufficient to convict the appellant.

The Court further noted that multiple witnesses confirmed that the appellant was working under his superior, his superior had legitimate access to the classified documents, the appellant was authorised to access his superior’s system, and no complaint was ever made by his superior. The Court noted that the possibility that appellant’s superior had given him the alleged secret documents during training for the project purpose, cannot be ruled out. Additionally, the Court noted that no entry of the usage of pen drives or external hard disks by the appellant in the past was found. Thus, the Court held that the prosecution failed to show that the appellant copied the data.

The Court relied on witnesses’ admissions that “much of the information of the missile is in the public domain and is known to the general public,” and part of the information which was allegedly found in the appellant’s laptop was already in the public domain. The Court noted that “the information alleged to be found in the laptop was not a complete classified information.” Thus, even the alleged “secret documents” weren’t wholly a secret.

The Court examined the appellant’s conduct and noted that the appellant never received any negative report with regards to his work and there was no report regarding the accused’s suspicious conduct and asserted that the same weighed against the presumption of criminal intent.

The Court further noted that the chats with “Sejal Kapoor” showed intent to pursue overseas employment, and the appellant never sent any BrahMos documents through LinkedIn or other chats. The Court emphasised that the only thing that attracts against the appellant is failure to take reasonable care and downloading the alleged malware at the instruction of Sejal Kapoor.

Court’s Decision

The Court partly allowed the appeal and held that —

  1. The prosecution failed to establish mens rea required under Section 66-F of the IT Act and Sections 3(1)(c), 5(1)(a),(b),(c), 5(3) of the Official Secrets Act.

  2. At the most, the appellant was guilty of negligence in failing to take reasonable care, attracting only Section 5(1)(d) of the Official Secrets Act.

The Court set aside the conviction under Section 66-F of the IT Act and Sections 3(1)(c), 5(1)(a),(b),(c) of the Official Secrets Act, 5(3) of the Official Secrets Act and upheld the conviction under Section 5(1)(d) of the Official Secrets Act, i.e., negligence in reasonable care of confidential data. The Court set off the appellant’s punishment under Section 428 of the Code of Criminal Procedure.

[Nishant Agrawal v. Anti Terrorist Squad, Lucknow, Criminal Appeal No. 303 of 2024, Decided on 01-12-2025]

*Judgment by Justice Anil S. Kilor

Advocates who appeared in this case:

Shri Sunil Maohar, Sr.Advocate and Shri C.B. Barve, Counsel for the Appellant

Shri S.S. Doifode, Addl. Public Prosecutor with Shri A.B.Badar, APP, Counsel for the Respondent/State

Buy Code of Criminal Procedure, 1973  HERE

Code of Criminal Procedure

Tags :
Leave a comment

Most Read

Join the discussion

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.