INTRODUCTION
Around the globe Internet and computer networks are the most commonly used technologies at present. The number of internet users is increasing at an unprecedented rated. The Internet, which was originally created to share research from one computer to another, is now used to store and transmit gigantic amounts of data via emails, e-commerce transactions, and other means.
Individual information has become more exposed to attacks as virtual engagement grows in tandem with technology improvements. Cybercriminals now find it easier to gain unauthorized access to an individual’s information by hacking his or her profile, database, or any other source where information is commonly maintained on the internet.
Hacking has over the time has been construed as a crime. However, if used for correct purposes, hacking can be considered ethical as well. In this article we will learn about the concept of ethical hacking and its legal position in India. Read on!
WHAT IS ETHICAL HACKING?
The term “ethical hacking” is a controversial term. Many people are unsure of its validity because the terms ethical and hacking can seem to be paradoxical in nature. Ethical hacking is referred to by words like “penetration testing, intrusion testing, and red teaming”. However, ethical hacking is a method of resistance.[1]
In Ethical hacking, a computer security specialist (ethical hacker) uncovers a system’s vulnerabilities and weaknesses with the approval of the system’s owner and is responsible for resolving the problem, before these can be exploited by any malafide action.
Ethical hacking is described as the legal access of a hacker to any organization’s online property after receiving prior permission from the organization. “Application testing, war dialing, network testing, wireless security, system hardening”, are among the many services that require ethical hacking. It is usually used to assess any organization’s security programmes. Ethical hacking significantly enhances efficiency of businesses by creating software and codes. Ethical hacking is done to improve a company’s security.[2]
TYPES OF HACKERS
Black Hat Hacker: Black Hat Hackers are interested in causing damage to computer systems and networks. They penetrate security and access the network with the intent of harming and destroying data and rendering the network inoperable. Websites are hacked, personal information is taken, and security is compromised. They breach programmes and passwords to get access to the illegal network or system. They act in ways that benefit them personally, such as making money.[3] Also, at times, these hackers indulge in hacking to access free videos, download software for free etc. for their personal gain.
White Hat Hacker: White Hat Hackers are authorized employees with good motives and a strong moral standing that work for organizations. They are the absolute opposite of black hat hackers; they have the same amount of competence as black hat hackers, but they use it responsibly and as system security specialists, giving them the title ethical hackers. They hack for the benefit of the company. They break security in order to test their own system.[4] These hackers aim to develop programs like pop up blocker, firewall, ad blocker and high security programming code.[5]
Grey Hat Hacker: Gray hat hackers are the combination of both the black & white hat hackers.. They usually look for loopholes in a system without the prior intimating the owner. If faults are detected, they contact the owner and demand a fee to resolve the problem that might arise in the network. The underlying purpose of a grey hat hacker is usually to showcase their talents and gain attention, and they consider their actions as contribution to cyber security.[6]
LEGAL POSITION
Before getting into the laws of ethical hacking, one must keep in mind that the terms hacking and ethical hacking are not interchangeable. According to the Indian legal system, hacking is a crime while ethical hacking has not been dealt with explicitly in Indian legislation. Ethical hacking is a quickly growing field but not extensively practiced in India at present.[7]
To solve the problem of network security, governments and corporations have begun to use a technique in which they have computer security specialists break into their systems to assess their security. It is a part of an information risk management programme that ensures greater security.
Ethical hacking is not a crime since it lacks mens rea, or evil intent, which a mandatory component in any crime. An ethical hacker must adhere to specific standards, such as gaining permission from the computer system’s owner, protecting the privacy of the company or individual, reporting all discovered defects, and informing the appropriate hardware and software providers of the reported weaknesses.[8]
It is lawful, so long as it is done with the consent of the owner of the particular network. Ethical hacking is being taught at various institutions. However, teaching ethical hacking as a course is challenging since no one can be certain of the students’ intentions for taking the course, and their goal is the only thing that can distinguish them from cyber criminals.
A series of legislation have been passed to protect citizens’ rights and maintain the security of their online transactions. Our legislation, such as the Information Technology Act of 2000, has implemented various regulations that ethical hackers must be aware of. The fundamental purpose of the Information Act of 2000 was to ensure the security of data available and shared via the virtual platform.
The Information and Technology Act of 2000 (IT Act) has sections 43 and 66 that cover many types of cybercrime committed in the country, including hacking. However, the term “hacker” was eliminated in 2008 because ethical hacking is now considered acceptable.
Section 43 of the Information Technology Act of 2000 deals with penalty and compensation for damage to computer system. It provides:
“If any person without permission of the owner or any other person who is incharge of a computer, computer system or computer network, or computer resource — destroys, deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means.”
Section 43A of the IT Act deals with the liability of corporate bodies. In the case that the data is not protected, the section covers the compensation that should be paid. Criminal culpability for cracking arises when the cracker’s intent or liability to harm the system or steal any important information is proved. It is primarily a civil liability under section 43A if the cracker simply violates the system without intending to cause harm. Illegal trespass can lead to further criminal behaviours punishable under the Indian Penal Code, such as computer theft, which is penalised under section 378.[9]
Any fraud or dishonest person who attempts to break the regulations set forth in Section 43 of the Information Technology Act will be condemned to three years in prison or a fine of five lakh rupees, or both, under Section 66 of the Information Technology Act of 2000. Any hacker who breaches or attempts to compromise an organization’s confidentiality and privacy will be punished under section 72 of the IT Act.
CONCLUSION
The wide expansion of the internet in every field has created a threat to data of businesses, organizations, etc. Everything on the internet can be hacked, depending on the hacker’s skills and knowledge. To prevent an actual black hat from encroaching on the network, white hats collaborate with government and commercial companies to test their networks for vulnerabilities, flaws, and insects.
[1] Lokesh Vyas, Is ethical Hacking legal in India, IPLEADER (Sept 21, 2021), https://blog.ipleaders.in/ethical-hacking/.
[2] Ibid.
[3] Bhawana Sahare, Ankit Naik, et.al., Study of Ethical Hacking, 2 IJCST 6, 7- 8, (2014).
[4] Ibid.
[5] Difference between Hacking and Ethical Hacking, EDUREKA (Sept 22, 2021), https://www.edureka.co/blog/difference-between-hacking-and-ethical-hacking/.
[6] Black hat, White hat, and Grey Hat Hackers- Definitions and Explanation, KASPERSKY (Sept 19, 2021), https://www.kaspersky.com/resource-center/definitions/hacker-hat-types.
[7] Dr. B. Mahammad Rafee & Prof. Shuaib Ahmed Shariff, Good and Bad about Ethical Hacking in Indian Perspective, 5 IJTRS 12, 15, (2020).
[8] Jas Singh, hacking Legal or Illegal? (Ethical Hackers, Hactivists,) CYBER SECURITY KINGS.COM (Sept.15, 2021), https://cybersecuritykings.com/2021/05/27/hacking-legal-or-illegal-ethical-hackers-hacktivists/.
[9] Kritika Jain, Ethical Hacking and its Legality, LEGAL DESIRE (Sept 20, 2021), https://legaldesire.com/ethical-hacking-legality/.
YLCC would like to thank Mili Kanoujiya for her valuable insights in this article.
