File Copyright Online - File mutual Divorce in Delhi - Online Legal Advice - Lawyers in India

Legal Aspects Of Ethical Hacking

Internet and computer networks are the most widely used in the current era of technology worldwide. Usage of internet particularly, use of social media has crossed about 200 millions in India. Internet, which was ordinarily invented for the purpose of sharing research from one computer to another, is currently used to store and carry huge array of information either through emails or E-commerce transactions, etc.

As the interaction on the virtual arena increases with technological advancements, information/ vital data of individuals have become vulnerable to attacks. Any offender on the cyberspace can today easily get unauthorised access to an individualís information through hacking his or her profile, database, and any other source where information is generally stored. The current paper focuses on the basics of Ethical Hacking and the legal aspects of it.

Introduction
Finding vulnerabilities in a network in order to enter and extract from such a system ownerís data in an unauthorized manner is what is referred to as hacking. Such information is subsequently used for illegal activities which cause losses to the victim. Again, if one is caught into such malicious cyber practices, there is imposed punishment and faces other severe consequences. The various types of hacking include:

  • Website Hacking (non-permitted intrusion to victimís server and such other associated software)
  • Network Hacking (unauthorised access to a personís network system to hamper it through Netstat, Ping, etc.)
  • Computer Hacking (getting unauthorised/ illegal access to a personís computer system for obtaining Computer ID and Password in order to satisfy the mal intents)
  • Email Hacking (entering into someoneís email account with the malicious intent of using it for sending spam links)
  • Password Hacking (password recovery from already stored data or such data that are transmitted through computer networks) [i]


Hacking as a term was first coined in as late as the 1960s in the Massachusetts Institute of Technology and the word has since then till date has undergone massive evolutions into the disciplines that are abided by the computer fraternity. [ii]

The various types of Hackers include:

  • Cyber Security Hacker or White Hat Hackers

    These are generally hackers who have authorized access to test bugs within a network or a website and in case any gets detected the same is reported to the owner of the network. The work of such hackers is to gather all possible information regarding the network from the owners themselves.
  • Black Hat Hackers or Crackers

    These hackers steal data by unethically getting inside a website and even manipulate such data causing immense harm and losses to the victim. Such also leads to adverse consequences.
  • Grey Hat Hackers

    These are usually a mix of both hackers and crackers. Such hackers are often seen as working for the common good and might in some cases violate the laws to gain data access. [iii]


However, such intrusion with a personís permission makes the entire process legal. There are often specialists appointed in the computer field for hacking their own computer networks in order to look for possible vulnerabilities and weaknesses. Such precautions are taken to protect vital information and credentials from such a person who intends to cause unwanted loss. [iv]

Thus, people who intrude into someoneís system without malicious intention and with proper permission are referred to as Ethical hackers and the process they have undertaken is what is referred to as Ethical Hacking.

Potential threats and data breaches and other vulnerabilities are identified through bypassing system security by a cybersecurity engineer in Ethical Hacking. It is a planned and legally approved process opposite to the hacking which is conducted with ill-intent.[v] Ethical Hacking is carried to detect various attacks and threats to the network which includes; Injection Attacks, Breach of authentication protocols, Changes in security settings, remote access attacks or even exposure of sensitive data.

The fact that ethical hacking is actually ethical rather say, is legal has caught a lot of debates. Hacking, when the term was first coined, was not to be done as a criminal activity. However, the same has gained a bad name over time. Hacking thus can also be ethical and legal. Some forms of hacking do not constitute criminal activity. Say, for example, any data or potential information gathered during the first stage of hacking is not illegal for the same can be used even for research purpose. Again, since ethical hacking is authorized and is done with prior permissions, it is legal.[vi]

Legal Aspects Of Ethical Hacking

Cybercrime today has threatened the entire world with data breach, online frauds and other security related issue. A vast array of legislation has been brought to action to protect the rights of the netizens and their dealings over the virtual space. Such laws are to be kept in mind by an ethical hacker in order to enter into a system or network with bona fide intent.

In the era of Internet and Information Technology, when India adopted the E-Commerce model law inspired by the United Nations Commission on International Trade Law, the Information Technology Act came into effect in the year 2000. The act came into force with the object to provide legality to electronic data exchange and such other e-transactions (particularly E-Commerce). [vii]

S. 84 of the Information Technology Act, 2000 provides for the safeguard that is given to the government or any other person appointed by the government to undertake hacking activities in good faith. For such ethical hackers, it is a must to abide by the said Act of 2000 and such other rules, regulations and bylaws associated with the information Technology Laws.[viii]

Again if we look at S. 43 of the IT Act, 2000, we find that in case a person tends to damage, modify, destroy or extract any information that can be harmful if used in an ill-manner by entering into the computer or network of any person without prior permission of such person would be liable to be penalised for any damage caused. However, in case there is permission obtained, there lies no liability. [ix] And s. 43 A of the same Act in case an ethical hacker or any person having authorised access to vital information shall be penalized in case he is not successful in protecting such data/information.[x]

The provision stated under S. 66 of the Information Technology Act, 2000 includes fraud and dishonest people indulging in acts mentioned as offences above under the provision of S. 43 of the said Act to be punished with 3 years of imprisonment.[xi]

The term Government Agency as under S. 70 A and B, in order to appoint cybersecurity experts for Critical Information Infrastructure Protection and other cyber-terrorist attacks (as under S. 66 F) means and includes Army, CBI, Ministry of Communication and Information Technology, Intelligence Bureau and other law enforcement bodies.[xii]

In India, the Information Technology Law puts into question and penalizes people hacking through a network or computer system without proper permission/authorisation. However, the obvious flaw is that the law only provides safeguards ethical hacking only if he is appointed by the government and not those others who have authorised access to hacking but are not government-appointed [as mentioned under S. 84]. [xiii]

With the growing use of internet in every walk of life and the resultant increase in vulnerability of vital data of individuals stored virtually, it becomes indispensable to also appoint and protect the ethical hackers working in the private sphere to detect such vulnerabilities and in turn protect against cyber attacks and cyber-terrorism.

Conclusion
To conclude with, we looked into what is hacking, types of hacking as well as hackers, basics of Ethical Hacking and laws associated with Ethical Hacking. There are major drawbacks faced by the legislations in India with regard to Hacking. The Indian Penal Code fails to describe the intentions of a hacker.

Again, the Criminal Procedural Code in India lacks appropriate provisions for investigation by a police officer in aid with ethical hackers, in order to gain e-evidences intruding into delicate data/information. Proper comprehensive laws are to be framed and enforces in this regard. Also, to a certain extent, the white hat hackers are often confused with the black hats, which should be avoided and the former must be given adequate, appropriate identity.

End-Notes:

  1. Paul, What is Ethical Hacking? An Introduction to Ethical Hacking Available at: https://www.edureka.co/blog/what-is-ethical-hacking/#What-is-Ethical-Hacking [Accessed on 25th July, 2020]
  2. Simplilearn, What is Ethical Hacking: Introduction to Ethical Hacking; Available at: https://www.simplilearn.com/tutorials/cyber-security-tutorial/what-is-ethical-hacking [Accessed on 25th July, 2020]
  3. GeeksforGeeks, Introduction To Ethical Hacking; Available at: https://www.geeksforgeeks.org/introduction-to-ethical-hacking/#:~:text=Ethical%20hacking%20is%20to%20scan,reports%20them%20to%20the%20organization. [Accessed on 25th July, 2020]
  4. Paul, What is Ethical Hacking? An Introduction to Ethical Hacking Available at: https://www.edureka.co/blog/what-is-ethical-hacking/#What-is-Ethical-Hacking [Accessed on 25th July, 2020]
  5. Simplilearn, What is Ethical Hacking: Introduction to Ethical Hacking; Available at: https://www.simplilearn.com/tutorials/cyber-security-tutorial/what-is-ethical-hacking [Accessed on 25th July, 2020]
  6. OMOYIOLA Bayo Olushola, The Legality of Ethical Hacking; Available at: http://www.iosrjournals.org/iosr-jce/papers/Vol20-issue1/Version-1/I2001016163.pdf [Accessed on 26th July, 2020]
  7. Daisy Roy, Laws You Need to Know as an Ethical Hacker; Available at: https://blog.ipleaders.in/laws-need-know-ethical-hacker/ [Accessed on 26th July, 2020]
  8. Section 84 of the Information Technology Act, 2000; Available at: https://indiankanoon.org/doc/543216/ [Accessed on 26th July, 2020]
  9. Section 43: Penalty and Compensation for damage to computer, computer system, etc; Available at: https://www.itlaw.in/section-43-penalty-and-compensation-for-damage-to-computer-computer-system-etc/ [Accessed on 26th July, 2020]
  10. S.S. Rana & Co. Advocates, India: Information Technology (Reasonable Security Practices And Procedures And Sensitive Personal Data Or Information) Rules, 2011; Available at: https://www.mondaq.com/india/data-protection/626190/information-technology-reasonable-security-practices-and-procedures-and-sensitive-personal-data-or-information-rules-2011 [Accessed on 26th July, 2020]
  11. Section 66 in The Information Technology Act, 2000; Available at: https://indiankanoon.org/doc/326206/ [Accessed on 26th July, 2020]
  12. Section 70 in The Information Technology Act, 2000; Available at: https://indiankanoon.org/doc/1680277/ [Accessed on 26th July, 2020]
  13. Daisy Roy, Laws You Need to Know as an Ethical Hacker; Available at: https://blog.ipleaders.in/laws-need-know-ethical-hacker/ [Accessed on 26th July, 2020]

Law Article in India

Ask A Lawyers

You May Like

Legal Question & Answers



Lawyers in India - Search By City

Copyright Filing
Online Copyright Registration


LawArticles

Section 482 CrPc - Quashing Of FIR: Guid...

Titile

The Inherent power under Section 482 in The Code Of Criminal Procedure, 1973 (37th Chapter of th...

How To File For Mutual Divorce In Delhi

Titile

How To File For Mutual Divorce In Delhi Mutual Consent Divorce is the Simplest Way to Obtain a D...

Whether Caveat Application is legally pe...

Titile

Whether in a criminal proceeding a Caveat Application is legally permissible to be filed as pro...

The Factories Act,1948

Titile

There has been rise of large scale factory/ industry in India in the later half of nineteenth ce...

Constitution of India-Freedom of speech ...

Titile

Explain The Right To Freedom of Speech and Expression Under The Article 19 With The Help of Dec...

Copyright: An important element of Intel...

Titile

The Intellectual Property Rights (IPR) has its own economic value when it puts into any market ...

Lawyers Registration
Lawyers Membership - Get Clients Online


File caveat In Supreme Court Instantly