Internet and computer networks are the most widely used in the current era of technology worldwide. Usage of internet particularly, use of social media has crossed about 200 millions in India. Internet, which was ordinarily invented for the purpose of sharing research from one computer to another, is currently used to store and carry huge array of information either through emails or E-commerce transactions, etc.

As the interaction on the virtual arena increases with technological advancements, information/ vital data of individuals have become vulnerable to attacks. Any offender on the cyberspace can today easily get unauthorised access to an individual’s information through hacking his or her profile, database, and any other source where information is generally stored. The current paper focuses on the basics of Ethical Hacking and the legal aspects of it.

Introduction
Finding vulnerabilities in a network in order to enter and extract from such a system owner’s data in an unauthorized manner is what is referred to as hacking. Such information is subsequently used for illegal activities which cause losses to the victim. Again, if one is caught into such malicious cyber practices, there is imposed punishment and faces other severe consequences. The various types of hacking include:

• Website Hacking (non-permitted intrusion to victim’s server and such other associated software)
• Network Hacking (unauthorised access to a person’s network system to hamper it through Netstat, Ping, etc.)
• Computer Hacking (getting unauthorised/ illegal access to a person’s computer system for obtaining Computer ID and Password in order to satisfy the mal intents)
• Email Hacking (entering into someone’s email account with the malicious intent of using it for sending spam links)
• Password Hacking (password recovery from already stored data or such data that are transmitted through computer networks) [i]

Hacking as a term was first coined in as late as the 1960s in the Massachusetts Institute of Technology and the word has since then till date has undergone massive evolutions into the disciplines that are abided by the computer fraternity. [ii]

The various types of Hackers include:

• Cyber Security Hacker or White Hat Hackers

  These are generally hackers who have authorized access to test bugs within a network or a website and in case any gets detected the same is reported to the owner of the network. The work of such hackers is to gather all possible information regarding the network from the owners themselves.
   

• Black Hat Hackers or Crackers

  These hackers steal data by unethically getting inside a website and even manipulate such data causing immense harm and losses to the victim. Such also leads to adverse consequences.
   

• Grey Hat Hackers

  These are usually a mix of both hackers and crackers. Such hackers are often seen as working for the common good and might in some cases violate the laws to gain data access. [iii]

However, such intrusion with a person’s permission makes the entire process legal. There are often specialists appointed in the computer field for hacking their own computer networks in order to look for possible vulnerabilities and weaknesses. Such precautions are taken to protect vital information and credentials from such a person who intends to cause unwanted loss. [iv]

Thus, people who intrude into someone’s system without malicious intention and with proper permission are referred to as Ethical hackers and the process they have undertaken is what is referred to as Ethical Hacking.

Potential threats and data breaches and other vulnerabilities are identified through bypassing system security by a cybersecurity engineer in Ethical Hacking. It is a planned and legally approved process opposite to the hacking which is conducted with ill-intent.[v] Ethical Hacking is carried to detect various attacks and threats to the network which includes; Injection Attacks, Breach of authentication protocols, Changes in security settings, remote access attacks or even exposure of sensitive data.

The fact that ethical hacking is actually ethical rather say, is legal has caught a lot of debates. Hacking, when the term was first coined, was not to be done as a criminal activity. However, the same has gained a bad name over time. Hacking thus can also be ethical and legal. Some forms of hacking do not constitute criminal activity. Say, for example, any data or potential information gathered during the first stage of hacking is not illegal for the same can be used even for research purpose. Again, since ethical hacking is authorized and is done with prior permissions, it is legal.[vi]

Legal Aspects Of Ethical Hacking

Cybercrime today has threatened the entire world with data breach, online frauds and other security related issue. A vast array of legislation has been brought to action to protect the rights of the netizens and their dealings over the virtual space. Such laws are to be kept in mind by an ethical hacker in order to enter into a system or network with bona fide intent.

In the era of Internet and Information Technology, when India adopted the E-Commerce model law inspired by the United Nations Commission on International Trade Law, the Information Technology Act came into effect in the year 2000. The act came into force with the object to provide legality to electronic data exchange and such other e-transactions (particularly E-Commerce). [vii]

S. 84 of the Information Technology Act, 2000 provides for the safeguard that is given to the government or any other person appointed by the government to undertake hacking activities in good faith. For such ethical hackers, it is a must to abide by the said Act of 2000 and such other rules, regulations and bylaws associated with the information Technology Laws.[viii]

Again if we look at S. 43 of the IT Act, 2000, we find that in case a person tends to damage, modify, destroy or extract any information that can be harmful if used in an ill-manner by entering into the computer or network of any person without prior permission of such person would be liable to be penalised for any damage caused. However, in case there is permission obtained, there lies no liability. [ix] And s. 43 A of the same Act in case an ethical hacker or any person having authorised access to vital information shall be penalized in case he is not successful in protecting such data/information.[x]

The provision stated under S. 66 of the Information Technology Act, 2000 includes fraud and dishonest people indulging in acts mentioned as offences above under the provision of S. 43 of the said Act to be punished with 3 years of imprisonment.[xi]

The term Government Agency as under S. 70 A and B, in order to appoint cybersecurity experts for Critical Information Infrastructure Protection and other cyber-terrorist attacks (as under S. 66 F) means and includes Army, CBI, Ministry of Communication and Information Technology, Intelligence Bureau and other law enforcement bodies.[xii]

In India, the Information Technology Law puts into question and penalizes people hacking through a network or computer system without proper permission/authorisation. However, the obvious flaw is that the law only provides safeguards ethical hacking only if he is appointed by the government and not those others who have authorised access to hacking but are not government-appointed [as mentioned under S. 84]. [xiii]

With the growing use of internet in every walk of life and the resultant increase in vulnerability of vital data of individuals stored virtually, it becomes indispensable to also appoint and protect the ethical hackers working in the private sphere to detect such vulnerabilities and in turn protect against cyber attacks and cyber-terrorism.

Conclusion
To conclude with, we looked into what is hacking, types of hacking as well as hackers, basics of Ethical Hacking and laws associated with Ethical Hacking. There are major drawbacks faced by the legislations in India with regard to Hacking. The Indian Penal Code fails to describe the intentions of a hacker.

Again, the Criminal Procedural Code in India lacks appropriate provisions for investigation by a police officer in aid with ethical hackers, in order to gain e-evidences intruding into delicate data/information. Proper comprehensive laws are to be framed and enforces in this regard. Also, to a certain extent, the white hat hackers are often confused with the black hats, which should be avoided and the former must be given adequate, appropriate identity.

End-Notes:

1. Paul, What is Ethical Hacking? An Introduction to Ethical Hacking Available at: https://www.edureka.co/blog/what-is-ethical-hacking/#What-is-Ethical-Hacking [Accessed on 25th July, 2020]
2. Simplilearn, What is Ethical Hacking: Introduction to Ethical Hacking; Available at: https://www.simplilearn.com/tutorials/cyber-security-tutorial/what-is-ethical-hacking [Accessed on 25th July, 2020]
3. GeeksforGeeks, Introduction To Ethical Hacking; Available at: https://www.geeksforgeeks.org/introduction-to-ethical-hacking/#:~:text=Ethical%20hacking%20is%20to%20scan,reports%20them%20to%20the%20organization. [Accessed on 25th July, 2020]
4. Paul, What is Ethical Hacking? An Introduction to Ethical Hacking Available at: https://www.edureka.co/blog/what-is-ethical-hacking/#What-is-Ethical-Hacking [Accessed on 25th July, 2020]
5. Simplilearn, What is Ethical Hacking: Introduction to Ethical Hacking; Available at: https://www.simplilearn.com/tutorials/cyber-security-tutorial/what-is-ethical-hacking [Accessed on 25th July, 2020]
6. OMOYIOLA Bayo Olushola, The Legality of Ethical Hacking; Available at: http://www.iosrjournals.org/iosr-jce/papers/Vol20-issue1/Version-1/I2001016163.pdf [Accessed on 26th July, 2020]
7. Daisy Roy, Laws You Need to Know as an Ethical Hacker; Available at: https://blog.ipleaders.in/laws-need-know-ethical-hacker/ [Accessed on 26th July, 2020]
8. Section 84 of the Information Technology Act, 2000; Available at: https://indiankanoon.org/doc/543216/ [Accessed on 26th July, 2020]
9. Section 43: Penalty and Compensation for damage to computer, computer system, etc; Available at: https://www.itlaw.in/section-43-penalty-and-compensation-for-damage-to-computer-computer-system-etc/ [Accessed on 26th July, 2020]
10. S.S. Rana & Co. Advocates, India: Information Technology (Reasonable Security Practices And Procedures And Sensitive Personal Data Or Information) Rules, 2011; Available at: https://www.mondaq.com/india/data-protection/626190/information-technology-reasonable-security-practices-and-procedures-and-sensitive-personal-data-or-information-rules-2011 [Accessed on 26th July, 2020]
11. Section 66 in The Information Technology Act, 2000; Available at: https://indiankanoon.org/doc/326206/ [Accessed on 26th July, 2020]
12. Section 70 in The Information Technology Act, 2000; Available at: https://indiankanoon.org/doc/1680277/ [Accessed on 26th July, 2020]
13. Daisy Roy, Laws You Need to Know as an Ethical Hacker; Available at: https://blog.ipleaders.in/laws-need-know-ethical-hacker/ [Accessed on 26th July, 2020]