Ethical hacking is not a criminal activity. Legally accepted hacking is not a crime. Some form of hacking is not necessarily a crime. For instance, intelligence gathering which is the first sage of hacking is not necessarily a crime. The reason is that the information collected in the process, which could have been used for research purposes, rather than for malicious purposes. In the case of ethical hacking, it is authorized and is now legally accepted. Unlike malicious hacking like unauthorized access, unauthorised privilege escalation and unauthorized penetration testing. In the era of computers, our life oscillates between cyber threats and cybersecurity. Hacking is the sour reality in this era where an unauthorized person enters into a computer or a network by using his / her computer knowledge and skills. This was done to cause a wrongful loss to other people who indulges in such an activity is called a hacker or black hat hacker. As we know that, a diamond cuts a diamond, in this same method ethical hacking is a pre-emptive action for hacking and the person, who performs the same, and so-known as the Ethical Hacker. Theoretically, they both are the same because of the underlying principle in both is to intrude upon the computer data of another but the difference lies in the intention and the permission granted. There are two kinds of hackers – 1. Black Hat Hackers 2. White Hat Hackers In simple layman language, Black Hat Hackers intrude with bad intention and without permission whereas White Hat Hackers work with authorization and good intention. In one hand, the hacker modifies or they alter the computer software and hardware to achieve the goal, which they consider to be against creator’s original objective, and then, on the other hand, ethical hacking is the act of locating weaknesses and the vulnerabilities of a computer. And, those, information systems by duplicating the intent and actions of malicious hackers.
• CONCEPTUAL UNDERSTANDING
Before going into the legality of ethical hacking, we have to keep in mind that both hacking and ethical hacking are two different hackings. Hacking is a wrongful act under the Indian legal system. Although ethical hacking is not so prevalent in India, yet it is still an evolving profession in this field. In fact, India is such a country that emerged its self as the third most vulnerable country in terms of risk of cyber threats, such as malware, spam, and ransomware, in the year 2017, moving up to a place over the previous year. Computer crime is a crime, also known as cybercrime. This portrays the criminal activity that has computers or networks as a tool, target or place of activity. A computer could be the subject of a crime when it is stolen or damaged. It could also be at the site of a crime or the instrument of a crime. Cybercrimes make the use of networks but Computer crimes may or may not make use of those networks. These computer crimes include the traditional crimes that carried out with the utilization of a computer and new computer crimes that has evolved because of new computer technologies and the growth of the internet. Cyber-attacks could be hard to stop. These activities include the spread of malware and viruses on the internet. – Now in Indian Perspective Although Indian laws do not specifically deal with ethical hacking, yet hacking is indeed a punishable offence in India. This act of Hacking contravenes the underlying principles of India in this legal system. The subject of ethical hacking that has not yet dealt with explicitly in Indian laws; therefore, it enjoyed neutral status under the Indian legal system.
• Information Technology Act, 2000
Information technology (IT) Act, 2000 is one of the most important need in the Indian legal system and which became a landmark in the cyber law arena. If we see the provisions of IT act cautiously, we can deduce that it covers almost all the wrongs that emerge from hacking because hacking is such offence, which is very wide and covers many other offences. – Chapter XI Section 66 of the IT Act, 2000 that particularly deals with the act of hacking. Section 66(1), which defines a hack as, any person, dishonestly or fraudulently, does any act referred to in Section 43 called as hacking, and in Section 66(2), it prescribes the punishment for the same. Hacking is a punishable offence in India with the imprisonment up to 3 years, or with a fine up to two lakh rupees, or with both. – Chapter IX Section 43 of IT act, 2000 prescribes a penalty for the damage caused to computer or computer system. This is a common thing that happens whenever a computer system is hacked. Black Hats Hackers damage the system that they hack and then they steal the information. – Chapter XI Section 65 of this act makes tampering with the computer source documents an offence. Section 72 of the same chapter makes the breach of confidentiality and privacy, a punishable offence. This is the most common aftermath of hacking.
• Constitutional Argument
As per constitutional principles hacking interferes with Article 21 which deals with the Right to life and personal liberty which, also includes right to live with dignity. Moreover, this act of hacking also infringes the right to privacy of an individual, which is now a Fundamental Right. By intruding upon the system, black hats invade the private information of a person or the organization whereas ethical hacking ensures that such things do not happen. Thus, ethical hacking is legal, as it does not go on against the constitutional parameters.
• Civil Law
Under civil law, trespass means entering the property of another without the permission of the owner. This is also a part of the Law of Torts, which is an uncodified law and based on the case laws. Although the law of torts only covers the tangible property. Therefore, this will neither be applicable to hacking nor is it applicable to ethical hacking. In continuation of the same, ethical hacking does not invoke any liability, because this was done with the permission of the owner so the question of it being a civil wrong can never arise. All the above-mentioned provisions mandatories the need of mala fide i.e. the intention to cause harm which is absent in ethical hacking.
• Basic Requirement for An Ethical Hacker
The very first requirement for becoming an Ethical Hacker is the strong foundation in Computer Science or Information Technology through which people opt B.Tech or B.Sc. In addition, they taking specialized courses in Internet Security. Knowledge of the programming languages like C, C++, Python, Ruby etc. is prerequisite for this profession. Good understanding of operating systems like Windows, Linux and Firefox etc. is also an important part of the ethical hacking profession. The vital point to note that the courses are the availability of the certificate. Without any valid certificate, a person cannot become an ethical hacker, because legality is the important principle of this profession.
• Ethical Hacking as a Profession
Cyber Security and Networking are booming Industries of the world today. Every country in the world seeks efficient utilization of the Internet. Companies use the Internet to run them and manage their activities. Internet utilization has eased the work of such entities but at the same time, it also poses a threat to them. Therefore, ethical hacking is all together is a new profession in itself and its now growing day by day. The dream of the digitized country further strengthens the need for ethical hacking in India as it seeks the utmost utilization of the Internet. We first need to understand the point that cyber-security is the process and not a product and there is no server or cyber system, which is beyond hacking. Nowadays, everything on the internet can be hacked depends upon the skill and their expertise of the hacker and the efforts they give for this work. The White Hats Hackers work with the government and the private firms to test their networks for the vulnerabilities, loopholes, and the bugs to stop an actual Black Hat Hacking from encroaching upon the network. • Ethical Hacking as a profession can be of two types:- 1. Ethical Hackers are hired by companies to hack their own respective company. In this new era of information, the most dangerous things is the information itself. It is in your favour as long as you possess it but as soon as it escapes and reaches to wrong hands, it overshadows any other most dangerous things. In such a scenario, the big companies face the biggest cybersecurity threats from their competitors. They always use to live under the threat of their system being hacked. All that information pertaining to their business are being stored on the server which if hacked can ruin; the business Ethical hackers are euphemistically called cybersecurity experts. The profession of Ethical hacking is not only limited to IT companies but for other companies as well. 2. When Ethical hackers are hired by Government as cybersecurity experts Government of India does not offer any sort Job of the ethical hacker in any of its departments. In various government departments, cybersecurity experts are being employed for cyber-related work. Also various government agencies and wings of the military and law enforcement, defence organizations, forensic laboratories, detective companies, and investigative services need these kind of ethical hackers for their work. Investigative agencies like the Central Bureau of Investigation (CBI), the National Security Agency (NSA) and the Federal Bureau of Information (FBI) employ cybersecurity experts but do not divulge their information in public.
The act of ethical hacking is not defined under any of the Indian law. The legality can only be gained after having a conceptual understanding of the laws that govern this hacking system. Ethical hacking lacks men’s rea, which is an important reason to take any action, an illegal act. After seeing all these possibilities for ethical hacking with parameters of both the civil law and the criminal law, this can be concluded that ethical is legal hacking in India. And in world parameters: – In conclusion, ethical hacking is not a criminal activity and should not be considered as such. While it is true that malicious hacking is computer crime and criminal activity, ethical hacking is never a crime. Ethical hacking is in line with industry regulation and organizational IT policies. Malicious hacking should be prevented while ethical hacking, which promotes research, innovation, and technological breakthroughs, should be encouraged and allowed.