This article has been written by Kezia Shaji, pursuing the Diploma in Cyber Law, FinTech Regulations and Technology Contracts from LawSikho. The article has been edited by Zigishu Singh (Associate, LawSikho).
We live in the world of the internet. In the post-modern society where computers are a necessity, the world feels crippled without the existence of the internet. With more personal and sensitive data of citizens up on the internet, there is an increased demand for cyber security which consists of penetrating the system and testing its cyber security defence against potential threats. This system of penetration testing is well known as hacking. Historically, hackers have been put across as evil guys and the same has been further confirmed by the number of movies and television series which portray the same. While hacking in general is to crack the password and get into the system to check for any security threat within the system, hacking has received a lot of negative attention over the years. A lot of this is primarily because a lot of hackers use their skills for malicious purposes and leak sensitive information which costs the organizations millions in costs and damage control every year.
Who is a hacker?
The term ‘hacker’ was first used by tech journalist Steven Levy in 1984 through his book called ‘Hackers: Heroes of the Computer Revolution. A hacker is an individual who is highly skilled and creative in terms of being able to solve computer-related technical issues. While hackers could also include someone, who utilizes their skills to gain unauthorized access to someone else’s system to commit a crime. The definition of who a hacker is has changed radically over the decades. Hence, the term ‘hacker’ has had a divisive meaning. While some look at them with admiration because of their skills, another group of people looks at them as anti-social elements who use their skills to carry forward an unethical act. The term ‘hacker’ was first used in the 1960s to describe someone with high technical capabilities and a really good understanding of computers and networking. Although hacking is so well received by today’s world that today many top universities now provide specialized courses on hacking, the majority of the hackers are self-taught.
History of hacking
The term hacking did not originate from computers. The first computer hackers came into existence in the 1960s. During those times computers were used in temperature-controlled rooms and it was really expensive to run a computer and not everyone had access to a computer. A group of students from MIT was desperate to learn how computers worked. So, they created programming shortcuts and called them ‘hacks’. They were used to complete all the computing tasks quickly. Some of these hacks created by the students were better than the original programs. By the 1970s the world was equipped to welcome hackers. While hacking gained recognition, hackers made some serious money and were in demand, the first mainstream hacking was done by a Vietnamese person named John Draper where he found a way to make free phone calls. In the 1980s hacking reached heights of its popularity. For the first time in 1981, personal computers were introduced by IBM which led to a drastic increase in the usage of computers worldwide, especially in the US market. The personal computers were equipped with memory storage and a Central Processing Unit along with other inbuilt software.
How does hacking work?
Hackers are well versed with technical issues and they use the same skills to test or exploit cybersecurity systems. They acquire coding skills to understand how technology functions. Ethical hackers use their skills to test the security systems in the cyber world and check for possible vulnerabilities. They then determine the security drawbacks and advise where governments and other organizations should work to boost their security strategies to keep any threat factors away. Hacking, therefore, is today considered a profession with a lot of potentials. While professionals who carry forward their work ethically are an asset there are instances where hackers steal sensitive information and financial information thereby disrupting and causing serious havoc. They even impersonate others to gain confidential information. They may also use their technical skills to install dangerous malware or to steal and destroy the data thereby compromising the cyber security of the organization leading to serious disruptions in the services provided by the organizations.
Law and hacking
Hacking is not a new concept or a crime that has arisen overnight. Most countries do have penal provisions to regulate and address hacking or provide for appropriate punishments. The last few years have witnessed a lot of convictions for crimes related to hacking. There are also instances where hackers have caused massive damage yet are let out scot-free despite their identities not being secret. While most countries including India have penal provisions where hacking is held as a criminal offence, hacking done for ethical purposes is barely addressed in the law. Nor does ethical hacking have any rich jurisprudence. The huge increase in cases involving cyber-attacks has led to a need for a comprehensive legal framework providing a holistic approach towards ethical hacking. When a hacker hacks into someone’s system with the prior permission of the owner and does so with good intent to check for the weaknesses in the cyber security of the system, then such a kind of hacking is ethical in nature and should not have any legal consequences. However, if the hacking goes beyond the permissible limits then it should be considered a criminal act. Under the Information Technology Act, Section 43 and 66 define hacking and provide for a punishment of imprisonment up to 3 years or a fine of up to five lakh rupees. However, given the evolving nature of crime and increasing use of technology, India needs a more stringent legal framework regulating cyber-attacks including hacking.
Is ethical hacking a crime in India?
Hacking contravenes the underlying principles of the Indian legal system. Ethical hacking can be understood as the process of hacking a system with the permission of the owner of the system or software for ethical purposes. This could include breaking into a system to check its working efficiency, security level and identify the weaknesses in the software. Ethical hackers are also known as ‘white hat hackers. In ethical hacking, there is no criminal intent present. Under the Indian laws, to hold one accountable for a crime, there needs to be a criminal activity tagged along with a guilty mind or a wrongful intention. Additionally, the Indian laws do not make a mention of ethical hacking therefore the concept enjoys a neutral status. However, from a constitutional perspective, Article 21 of the Indian constitution provides one with a right to privacy which is being infringed when one hacks a system. However, if done with the consent of the owner, then one can’t be held liable. The upcoming Personal Data Protection Bill will also redefine the ambit of this profession cum crime and provide adequate remedies for citizens.
Hackers : heroes or a menace
Hacking should ideally be used to benefit the digital landscape. Initially, hackers were neither destructive nor doing the world a great favour. Steven Levy terming hackers as heroes were considered a bold move against what his publisher advised him. In his book, he goes on to say that they are adventurers and risk-taking artists. Even within the computing society, being called a ‘hacker’ was not looked at as a matter of pride. Even today the majority of the people look down on hackers as a menace or an anti-social element trying to extort or damage the interests of the citizens and the society. Hackers can be of great help even to the government. A good hacker helps in identifying the flaws with the software. They are a necessary component of cyber security. They can help solve some serious security issues than what a security solution could ever do. Some governments and national intelligence agencies take the help of hackers to try to break into enemy nations’ security systems to leak various defence and other sensitive information.
There is no doubt that the internet has undergone an astonishing change and undisputed growth. Yet without it being regulated, it could create a menace causing more destruction than benefit. With the internet being easily available to anyone and the increased usage of unsecured systems, hacking looks like a guest who is here to stay. Increased cyber-crimes are a reality of the 21st century. Hackers are often portrayed negatively while some of them help society by preventing anti-social elements disrupt services. Further, another group of hackers who have the same set of knowledge use their skills to cause destruction. One cannot generalize hackers as ‘bad’ or ‘good’. It is the ethos they carry with them which determines whether they serve as a vigilante or a spy. It would do a favour to the planet if all the hackers supporting the cybercriminals would come out of their dark paradise and contribute towards helping an already existing community to make the world of cyberspace safe and secure for all of us.
Students of Lawsikho courses regularly produce writing assignments and work on practical exercises as a part of their coursework and develop themselves in real-life practical skills.
LawSikho has created a telegram group for exchanging legal knowledge, referrals, and various opportunities. You can click on this link and join: