In this article, Jagriti Bharti of Amity Law School Lucknow discusses the legality of White Hat hacking in India.

Hacking

Hacking is a term used for the process of identifying the weaknesses or vulnerabilities in a computer system or networking sites (including private networks) in order to gain access and control to those computer security system and network.

Hacker

In simple terms, a hacker is a person who does hacking. To get it better, hackers are highly skilled and intelligent computer professionals who have vast knowledge and expertise about the technicalities of a computer system. They are the programmers who are skilled in computer operating system and machine codes.

Whenever we read or hear the word “hacker”, we frame a picture of criminal in our mind. Our perception about hackers is of a bad guy. Hackers are not criminals, rather they are the person who performs ethical work by helping others with their skills. A person who breaches the security or steals information from others computer is termed as “crackers” and not “hackers”. There are mainly three types of hacker:

• Black Hat Hacker: Hackers who hack to make personal gains by either maliciously accessing the data of other computer system or stealing it are black hat hackers. They can even prevent authorised users from accessing the system.
• White Hat Hacker: They identify the vulnerabilities of a computer system and disclose it to the person concerned in order to protect them from black hat hackers. They use their skills is a constructive manner.
• Grey Hat Hacker: This kind of hackers have enough computer skill that enable them to hack a system and locate the security threat present in the network security system. Like white hat hackers, they notify the threat to the admin of the network system.

White Hat Hackers

The term “White hat” comes from the old Hollywood movies who used to show “good guy” of the movie wearing white cowboy hats. These hackers are the skilled computer professionals who hack their own computer system in order to find vulnerabilities present in their network security system and make it hack proof. They are just opposite to the black hat hackers. They are “ethical hackers”, experts in computer security system who use their abilities for legal purposes and benefit the society through their work. They use their knowledge and skill to improve the security of a computer system before malicious hackers can discover those weaknesses and exploit them.

Legality of White Hat Hacking in India

Work of white hat hackers is generally ethical and positive. They help companies, organisations, government to protect documents and data of strategic importance. Unlike “hacking”. “Ethical hacking” is legal in India. “Hacking” can be justified as an offence in India under following provisions of law:

Constitutional liability

The expanded ambit of Article 21 of the Indian constitution provides Right to Privacy to its citizens. Hacking into someone’s property or stealing their work is a violation of their Right to Privacy guaranteed to them by the constitution.

Criminal liability

• Section 441 of IPC: Criminal Trespass

A person enters into the property of another without his permission with the intention to annoy that person in enjoying his property is said to have committed criminal trespass and will be liable for punishment under this section. “Websites” have their basis in the real property and hence this section applies to it also. So, if a person accesses the website illegally i.e. without the permission of the owner, this will be the case of trespass and he will be guilty under this section.

• Mens Rea

An act to be categorised as crime needs to be committed with malicious intention. No person can be convicted of any offence unless it is proved that he had intentionally committed that offence. Hackers access others computers with the intention to make personal gains and this shows that their intention is malicious. As there act is backed with their intention, they are guilty of hacking.

There are various other sections of IPC which deal with different types of cyber crimes such as;

Cyber frauds (Section 420), email spoofing (Section 463), sending defamatory messages by email (Section 499) etc.

Tortious liability

Whoever dishonestly or fraudulently does any act mentioned in Section 43 of the Information

Technology Act^[1] shall be liable to imprisonment for term which may extend to three years or fine up to Rs. 5 lakhs or both.

From the provisions mentioned above, it is clear that “hacking” is a crime in India. “Ethical hackers” has neither intention to steal nor destroy the data of other’s computer and that is the reason why ethical hacking is legal in India.

The legality of white hat hacking doesn’t make it a wide field to pursue a career in it as it is still not very popular in India. The scope of this kind of hacking is very limited. According to the results of a survey^[2] conducted by a student of NLU (Jodhpur), it was found that only 5% of the total people surveyed were able to tell the meaning of the “hacking” correctly and the majority of them had the same perception of considering it as a crime.

Need of White Hat Hackers in India

Before discussing the need of white hat hackers in India, let’s first discuss a leading case on cyber crime:

Wanna Cry Ransomware

There are many types of malware that affect the computer, either by stealing the information from the computer or by deleting the information present in the computer. Ransomware is those kinds of malware which prevent the users from accessing their own computer. It usually locks up the computer system, encrypts the data present in it and prevents other software and applications from running.

Wanna Cry Ransomware (or 2.0 bug) was a type of ransomware which demanded 300$ to be paid in Bitcoins to unlock the files of the affected computers. It was more dangerous than other ransomware because of it had the ability to spread itself across an organisation network exploiting vulnerabilities in windows computer which were patched by Microsoft in March 2017. According to “Malware Tech”, a tracker developed by a security researcher, over 200,000 systems were affected in the Wanna Cry attack. India was among the worst affected countries from the Wanna Cry ransomware attack. This threat was due to the extreme digitalization in India but without proper security. The slowdown of Wanna Cry happened soon after “Malware Tech” accidentally developed a kill switch to halt down the ransomware attack.

Wanna Cry was one of the largest ever cyber attack which affected thousands of computers around 104 countries including India. This occurred due to the weak security system or vulnerabilities present in the network system. At this point of time, it was necessary that some actions should be taken by Indian cyber experts in order to put a halt to the disastrous effect of the Wanna Cry attack though it was done by Malware Tech of British cyber experts. Had India employed enough white hat hackers, the attack would not have occurred or the effect of the ransomware destruction must have either been reduced or eradicated quickly.

In recent times, the Indian government has focused more on training youths about the security system. Many institutes have also taken initiative to set up various programmes on security system so that persons who are interested in cyber security can have a platform for their educating themselves. Due to increased digitalization in the country, much more job aspects for white hat hackers have been opened by the government as well as private organisations than earlier but yet there is a long way to go.

^[1] 43. Penalty and compensation for damage to computer, computer system, etc.

^[2] http://www.legalservicesindia.com/articles/cyhac.htm