Introduction:
In the current era of advanced technology, the internet plays a vital role in our lives. Internet, which was ordinarily invented for military purposes, is now used in every aspect of our lives where it is to communicate information or to store huge databases. More than 4.5 billion people use the internet making nearly 60 percent of the world population online.[1] With so much traffic on the internet, it makes the internet prone to hacking, data breaches, and cybercrimes.
Hacking is an intrusion in the computer system with the bad intention to cause damage to the system for one’s gain and the person who performs hacking is known as a hacker, black hat hacker, or crackers. Just like everything, hacking also has two sides to it. Another side is ethical hacking, where hackers penetrate a system with authorization to evaluate the flaws and vulnerabilities of the system and find the remedy for it. Although theoretically, both are the same as both intrude the system but the difference lies between permission and intention.
Meaning of Ethical Hacking
“Ethical hacking (also known as pen testing or penetration testing) is a term that covers the intruding practices aiming to discover any threats and significant cybersecurity vulnerabilities that can be found and exploited by an ill-intended attacker. Such vulnerabilities can cost organizations their valuable data, hard-earned image, or even billions of dollars. That is why ethical hackers exist. They try to find weak spots and issues of an organization’s security system before ill-intended hackers do”[2]
Ethical hackers are recruited by the companies to hack the company’s system and to find any flaws by which a hacker could create damage so that the company can take proper cautions and cover the cracks in the system.
Ethical hacker or white hat hackers intrudes into a system with permission and good intention whereas black hat hackers work without any authorization and with malice. Hacking is offensive whereas Ethical hacking is defensive.
History of Ethical Hacking
The term ‘Ethical hacking’ was first utilized by IBM Vice President John Patrick, in 1995 but the idea of ethical hacking has been around for a longer period of time.
Strangely, the history of ethical hacking is the history of hacking. The current depiction of hackers is as of cybercriminals and thieves but it didn’t always have a negative connotation. The term ‘hacker’ surfaced in the 1960s at the esteemed Massachusetts Institute of Technology (MIT). Throughout that time, the term hacking was used by engineering students that indicated finding different loopholes and faults in the system to optimize it and make it work more efficiently. Thereby, the word hacking was used for finding remedies of the faults in a system and the idea of ethical hacker predates the one of criminal hacker.
First official ethical hacks were conducted by the US Military to evaluate faults in their operating systems.
Legality of Ethical Hacking in India
Before we dive into the legality of Ethical hacking, one should bear in mind that hacking and ethical hacking are two different concepts. Hacking is a punishable offense under the Indian legal system where there are no definite laws dealing directly with ethical hacking. It has neutral status under the Indian Criminal device.
Constitutional Reasoning
As per constitutional regulations, hacking hinders Article 21 which says about the right to life and personal liberty which incorporate the right to live with dignity. Moreover, hacking also violates the Right of Privacy, which is a fundamental right of a person. By penetrating into a system, black hat hackers violate a person’s right of privacy, and ethical hacker help to make sure it never happens. Therefore ethical hacking stands on constitutional parameter truly.
Not a Crime
Two elements that are prerequisite for the charter of a criminal offense are:
- mens rea- bad intention
- actus reus- bodily act
In ethical hacking, the primary element that is mens rea is missing therefore it is not a crime. Furthermore, moral hacking is practiced with the intention to intercept hacking, therefore it is required.
Trespass
Two elements of trespass are:
- Trespass to the person
- Trespass to property
Trespass is an offense in both the branches of law that is criminal law and civil law. For this article, trespass to property is the only part of relevance. The term trespass is defined as an unsanctioned intrusion upon the property of another without the permission of the owner but in ethical hacking, one intrudes in a system with the permission of the owner therefore wrong trespass can only attributed to hacking and not moral hacking.
Civil Law
Under civil law, entering the property of another without the authorization of the owner is called trespass. It is a segment of the law of Torts which is an uncodified law and it is based on case legal guidelines. The law of torts covers tangible property, so it will not apply to hacking or on ethical hacking. Although, ethical hacking doesn’t evoke any liability as it is done with the permission of the owner.
Criminal Law
Under Indian Criminal law, trespass is explained with a wide scope under section 441 of the Indian Penal Code (IPC), 1860. In a nutshell, it defines trespass as entering a property of another with the intention to cause damage or to intimidate the owner of the respective property.
Trespass is wrong against two types of property:
- Tangible Property
- Intangible Property
Hacking is considered as trespass to a computer system which is an intangible property. In today times, software, websites, computer systems are all interpreted as property. Therefore any unauthorized intrusion in a website or software with malice can come under the spectrum of criminal trespass.
Thereby, ethical hacking is legal as it does have all prerequisites absent such as bad intention or the intention to intimidate.
Information Technology Act, 2000
Information technology Act, 2000 is a pivotal moment for the legal system of India and a milestone for the cyber law arena. The IT act covers all the offenses that emerge from hacking has it has a wide scope and consists of many crimes example, hacking is used in extortion of money or to leak private information from a system.
Chapter XI Section 66 of IT Act, 2000 deals with the act of hacking, and section 66(1) defines hack as any person that does any act dishonestly or fraudulently mentioned in Section 43 is called hacking and Section 66(2) states the punishment for Hacking. It is a punishable offense in India with imprisonment up to 3 years or a fine up to two lakh rupees, or both.
Chapter XI Section 43 of the IT Act, 2000 states the penalty for damage of computer system as hackers damage the system while hacking and stealing the information.
Chapter XI Section 65of IT Act, 2000 prescribes that tampering with computer source documents is an offense and Section 72 of the same chapter states that breach of confidentiality and privacy is a punishable offense.
The above-mentioned provision has the compulsory need of bad intention to cause harm which is absent in Ethical hacking
Section 84 of the Information Technology Act, 2000 deals with the safeguard that is given to the government or any other person appointed by the government to undertake hacking activities in good faith. For such ethical hackers, it is a compulsion to abide by the said Act of 2000
Examples of Ethical Hacking
There have been many instances where White hackers have found vulnerabilities in a computer system and have remedied it before giving a chance to black hackers to exploit those vulnerabilities.
In 2018, an India state-run health portal that allowed its users to book an appointment at a government hospital had some exposed parts on their website, which meant information of nearly 2 million users could have been leaked. Avinash Jain, Security Researcher discovered this vulnerability and then patched the flaw in the portal and made it safe to use. If in place of him, a black hat hacker would have found those faults, information of every user of that portal would have been in compromise.[3]
But there are times when we not as lucky and hackers exploit the bugs of a website and steal information for their own gains for example In 2018, the Singapore government had a high-profile breach that ended up exposing the health information of 1.5 million people. The UK’s public healthcare provider the National Health Service (NHS) had a data breach that affected more than 150,000 patients. [4]
Current need for Ethical Hacking
India has emerged as the third most vulnerable country in 2017 in terms of cyber threats such as spam, malware, viruses, according to a report security solutions provider Symantec.[5] It would be wrong of us to ignore the need and importance of ethical hacking in our legal system after understanding these figures. Ethical hacking is a legal way to intrude into a system and optimize its security. This will not only be helpful in the protection of confidential data but also in the decrease of cybercrime. White hat hackers can block the invasion of black hat hackers and ensure safety.
With so much engagement on the internet, the rate of cybercrime has been on a never-ending upward curve, and because of this; it is a necessity for ethical hacking to evolve as a profession. There are some colleges that guide people with an interest in hacking to pursue their careers in ethical hacking such as the Institute of Information Security, Mumbai, Chandigarh, Ethical Hacking Training Institute, New Delhi etc, but it is still a long way to go.
It is important for us to recognize ethical hacking legally as well as professionally for declination in cybercrimes and optimization of ethical hacking.
As compared to other countries around the world, India is still lagging behind in ethical hacking as we don’t have protective laws for ethical hackers. Japan has provided an identification code for the safety ethical hackers because they understand that the advancement of technology is on an upward curve which will lead to more cybercrime and it is very important for the system to differentiate between hackers and ethical hackers if they want to curb the increase in the rate of cybercrimes.
Conclusion
Ethical hacking is not defined in the Indian legal system. Ethical hacking lacks bad intentions which is the main reason for it to not be an illegal act. After evaluating ethical hacking with the parameters of both criminal and civil law, we can conclude that ethical hacking is not an illegal act in India.
India is in the need to make laws that protect ethical hackers and Ethical hacking should be given more exposure professionally, as it will help us to curb the increasing rate of cybercrime.
References:
[1] Simon Kemp, Digital 2020: 3.8 billion people use social media; Available at https://wearesocial.com/blog/2020/01/digital-2020-3-8-billion-people-use-social-media, Visited on 14/9/20, 5:00 pm
[2] What is ethical hacking; Available at https://blog.logsign.com/what-is-ethical-hacking , Visited on 17/9/20, 2:00 pm
[3] Nilesh Christopher, Ethical hacking: The challenges facing India; Available at https://www.bbc.com/news/world-asia-india-50583733, Visited on 15/09/20, at 3:00 pm
[4] Ibid. 3
[5] Yuthika Bhargava, India third most vulnerable country to cyber threats; Available at https://www.thehindu.com/news/national/india-third-most-vulnerable-country-to-cyber-threats/article23437238.ece, Visited on 15/09/20 at 4:00 pm
0 Comments