Generally hacking has always been associated with negative connotations but actually ethical hackers are those computer programmers who use their skills in a constructive manner to help the government authorities or organizations to protect and prevent any damage to the network security. In fact ethical hackers are the one who keep the cyber criminals (also known as crackers) at bay. In today’s world when technology is growing at a rocket’s speed and with it the cyber-crimes as well. In order to keep check on the cyber-crimes the role of ethical hackers has acquired a profound importance.
There are three categories in which hackers can be divided:
- White hats: they are the security professionals who uses their skills to strengthen the network and secure it from bad guys. Generally called as ethical hackers.
- Black hats: they are the malicious hackers or crackers who use their skills for malicious purposes. They are the one from whom the white hackers provide protection.
- Grey hats: they become white hats or black hats according to the situations. They are generally self-proclaimed ethical hacker.
Role of Ethics in Hacking
Ethics play an important role in differentiating computer crimes from innocent activities. Hackers should always act in a professional way to differentiate themselves from the cyber criminals. Some may even say that how can hacking be ethical? But hacking becomes ethical in a sense that as long as it enable organizations computer systems impenetrable by the crackers who steal unauthorized data for their own benefit. Thus exposing the vulnerabilities and giving chance to enhance the network system. But the issue of ethics is very dicey. There is no so called tradition of hacking ethics or a code of honor. This vacuum create external forces to determine as to how to respond when an ethical dilemmas arises. So the wheels of justice can turn differently for different people. It can reward or punish for the hacking efforts. Apparently arbitrary range of outcomes depends somewhat on the law, but it relies even more on different interpretations of ethical principles. These interpretations, in turn, hinge on various beliefs as to where to place the onus for the discovery and reporting of security flaws.
Placing the liability is the most complex task here because according to accountability principle a manufacturer is held accountable for the quality of the product but this principle can’t be applied here as software’s cannot be inherently dangerous so it is not possible to test all of the different ways that a program can operate with thousands of other software products. Thus, it is illogical to hold derelict software manufacturers liable in the same way we hold derelict automobile manufacturers liable. In this sector competition is fierce so the pressure to launch is high which create conflict with the software testing process.
Evolution of Ethical Hacking
The ethics of hacking developed over a long period of time. In its early days of development a well-known manifestos “ethics” prompted the individual right to experience pure, uninhibited hacking freedom. Naturally, “freedom” meant different things to different hackers, and whatever the hackers assumed as appropriate they did it accordingly. Sometimes, this freedom took the form of illegal activities. Fortunately, slowly these hacking ethics or should we say the lack of it began to change, and today the stage is set for hackers to assert their rights of self-regulation. Hackers have to some extend embraced this opportunity to establish guidelines surrounding their most often than not controversial hacking activities. Recent evidence suggests that hackers are beginning to take an interest in the manner in which they are portrayed in the media, and are striving to gain recognition for their contributions in the world of computing. Predictably, however, hackers’ efforts to attain a respectable standing in the community have been an uphill battle. Nevertheless, hackers have begun to organize and call attention to their accomplishments, thereby ushering their hacking activities into the mainstream by organizing conferences etc.
Early attempt to provide an ethic code was made by Levy who repeatedly argues that a “hacker ethic” is responsible for finding and promoting the best and most efficient code for computer programs. He then promotes the somewhat anarchic “Hacker’s Code of Ethics,” and contends that access to systems should be “unlimited and total. But encourages hackers to disregard established rules and laws. The ethical discussion advanced little after 1980’s, as hackers continued to assert their rights to unbridled system access. The Hacker Manifesto, written by a well-known hacker who goes by the alias “The Mentor,” is a short essay that, like Levy’s Code, is cited frequently on the Internet. The Manifesto mimics Levy’s Hacker’s Code of Ethics, in that it makes no excuses, sets no boundaries. The new hacker policies provide a structured guidance and offer a reasonable dialogue between the parties involved. Discussions surrounding the continued development of a genuine hackers’ ethic are in full stride.
Why Ethical Hacking is Legal?
To resolve this issue of network security government and business houses started following the approach where they test their security by have computer security personal to break into their computer system. Here these professions intrude into the system just in a way a cracker would do but don’t damage the system or steal any information instead they report back about the loopholes and vulnerabilities of the existing system. So ethical hacking is legal as it is performed with the permission of the owner to discover vulnerabilities of the system and suggest ways to improve it. It is part of an information risk management program that allows security improvement. There many certified courses also taught by various institution on ethical hacking.
As computers has become a new tool to conduct business as well as crime, so the two worlds of information technology and legal system have had to approach each other independently and need to meet at a point called cyber law. The Information and Technology Act, 2000 (IT Act) covers all types of cyber-crime committed in the country including hacking which is provided under section 43 and 66. But in 2008 the word” hacker” was removed as ethical hacking is considered legal. Now every government body, private information security organizations, law enforcement professionals are constantly updating law and technologies to counter each new and emerging form of contract. Section 43A of the IT Act deals with the civil liability of cyber offenders. The section deals with the compensation that should be made for failure of protection of the date. Penal liability of cracking arises when the intention or the liability of the cracker to harm the system or steal any important information gets established. If the cracker only trespasses the system without any intention to harm, it only remains a form of civil liability under section 43A. The criminal trespass can also result in other penal activities punishable under Indian Penal Code like cyber theft that can be punishable under section 378 of Indian Penal Code.
Ethical hacking is legal and there is no controversy around it but it is very difficult to teach ethical hacking as a course because nobody can be so sure about the students intention with which they are studying the course and their purpose only will differentiate them from the cyber criminals.
Technological advancement is essential for human development but it should be a regulated one otherwise in no time will become a curse. Ethical hacking is a relative issue and staying inside the lines will depend upon the individual’s interpretation thus regulation of it becomes highly complex. There needs to be more awareness in the country regarding hacking and cracking. The laws made by the government are stringent but lack a bit of enforceability and awareness in the society. Most of the minor cases of hacking go unnoticed because people abstain from filing cases for petty crimes even when there is harsh punishment for it. Also, it is very difficult to track a virtual hacker due to lack equipment. Since hacking can happen anywhere in the world, it gets tough for the police to trace him and punish him in another country. The punishment can also be a bit harsher to prevent people from indulging in such acts.
References and Citations
- Danish Jamil and Muhammad Numan Ali Khan,” Is Ethical Hacking Ethical?”, International Journal of Engineering Science and Technology (IJEST) Vol. 3 No. 5 May 2011 pp 3758.
- Gabriella Coleman and Alex Golub,” Hacker practice: Moral genres and the cultural articulation of liberalism”, Anthropological Theory 2008 8 pp. 255.
- Tom Forester I and Perry Morrison,” Computer Ethics: Cautionary Tales and Ethical Dilemmas in Computing”, Spring Issue, Volume 4 1991pp 193.
- Ryan, Patrick S.,” War, Peace, or Stalemate: Wargames, Wardialing, Wardriving, and the Emerging Market for Hacker Ethics”. Virginia Journal of Law & Technology, Vol. 9, No. 7, Summer 2004.
- Amit Nair,” Be the one: The great ethical hacking guide”, R & D, available at: http://bedaone.blogspot.in/p/chapter-1-introduction-to-ethical.html.
- Michael E. Whitman, Herbert J. Mattord, Readings & Cases in Information Security: Law & Ethics, course technology Cengage learning, 2011(ed).
Kritika Jain, Legal Intern at Legal Desire