What is ethical hacking?
At first instance, the literal meaning of ‘ethical’ and ‘hacking’ seem to be quite contradictory in themselves. Where ethical stands for something involving morals and values safeguarding the sanctity of a particular thing, hacking holds a rather negative connotation as it is the technique of deriving unauthorized information which is illegal; as per the Information Technology Act, 2000 (IT Act). These hackers, also known as black hat hackers, are evils of the virtual world, hacking into an entity for personal gains. But on considering these two terms together, ethical hacking is a technique of hacking which is not illegal, but rather ethical. In layman terms, rather than the questionable manner of stealthily deriving and misusing information by intruding into personal spaces and violating privacy, ethical hacking is a shift from this general notion of hacking and is used by professionals to make the system more safe and secure. An ethical hacker is a person who instead of destroying the security of the system, takes care of the security and ensures safety of the system from the view point of the hacker. These ethical hackers are also known as white hat hackers who ensure the security of an organization’s information systems. If hacking is offensive, ethical hacking is defensive in nature. Though all the tools, tricks and techniques used in this regard are similar to those used in hacking, but it is done with the consent of the target, and thus the term “ethical hacking”.
The dicey situation of India’s virtual world
With the rapid growth of cyber-attacks, especially data theft and ransom-ware, cyber security has swiftly emerged as a new profession. In fact, cyber security is one of the highly paid carrier options for tech savvy individuals. But no matter the number of legislations enacted in India, on comparing India to other nations, it is certainly a very nascent country. Where India stands second in terms of the number of targeted cyber-attacks as per a cyber security firm Symantec, ethical hacking as a profession is not yet evolved fully to combat these cyber risks. Section 84 of the IT Act draws a thin line between a black hat hacker and a white hat hacker. It declares that the protection granted to the government, the controller or any person acting on account of them to act in good faith. An ethical hacker is bound to act in furtherance of the IT Act or any rule or regulation or order if he is named by the government or a controller. Further it is implied in Section 43 of the IT Act that since an ethical hacker has access to an information with the permission of the owner of such information and is acting in good faith, he would not be liable for any damages. But this power is not absolute and Section 43A puts restrictions to prevent the abuse of this power. This section says that if such person i.e the ethical hacker fails to protect the data he is responsible for, or mishandles it, he will be made liable for compensation.
Recently the government has also realized the need of the hour and is creating jobs in this field including in e-governance, e-learning, DRDO, CERT-IN, as forensic experts, specialised pen-tester, cyber security architect, database administrator etc. The administration offices like CBI, Army and law implementation bodies, Intelligence Bureau, Ministry of Communication and Information Technology under the Information Technology Act can shape government organization underneath area 70A and Section 70B for the Critical Information Infrastructure Protection can improve the cybersecurity specialists to shield itself from digital fear based oppression as set down in segment 66F of the Information Technology Act where it has been referenced without approval or surpasses approved access.
Need of the hour
Though there are laws, they haven’t gone through the harsh test of time and are not equipped with measures to deal with the developments in cyber threats. Moreover, the subject of ethical hacking has not been explicitly dealt with in Indian laws. This is implied in Section 84 of the IT Act which is constructive in punishing a hacker who does not have proper authorization but it does not specifically preserve ethical hackers unless he is employed by the government. This gray area should not be overlooked as the role of ethical hackers is quite essential to protect people against cyber terrorism and cyber-attacks.
As, India stands on a slippery ground when it comes to data protection and cyber safety, it is a dire need of the hour to encourage the blooming of ethical hacking on a faster pace to prevent cyber-attacks and introduce stringent laws in this regard. Now that privacy is recognized as a Fundamental right after the Puttaswamy Judgement, framing of a proper legislation is of vital essence to prevent hacking and any other cyber threats. As we all know that a lack of legislation always raises eyebrows, one such legislation in this field defining the scope of work, roles and responsibilities of both parties; ethical hacker and the one who’s data is being protected from hackers, need to be passed. Further, a proper legislation will not only create an ecosystem giving impetus to ethical hacking, it will also provide a strong legal framework to govern ethical hacking, effectively preventing and combating the loss of private and personal information.
 2017 10 SCC 1.