Ethical hacking of computer systems or networks done with the permission of its owner does not attract any liability under the IT Act, Parliament was informed on Friday.
The Minister of State for Electronics and Information Technology in response to a question on the guidelines for ethical hacking shared that liability for compensation and punishment under provisions of the IT Act arises if anyone gains access to a computer system without the permission of its owner.
“Any act, including an act of ethical hacking, undertaken with the permission/ consent of its owner does not attract liability under the said or other provisions of the Act,” Chandrasekhar said.
He said that Section 43 of the Information Technology Act, 2000, provides that if any person, without the permission of the owner or other person in charge of a computer, computer system or computer network, among other things, accesses or damages or disrupts such computer etc., he shall be liable to pay damages by way of compensation to the person affected.
“Section 66 of the said Act provides punishment for any person dishonestly or fraudulently doing any act referred to in section 43,” the minister said.
He also said that Section 72 provides punishment for any person who has secured access to any electronic record etc. in pursuance of powers conferred under the Act or rules or regulations made there under disclosing the same without the consent of the person concerned to any other person.
“It may be seen that liability for compensation or punishment under the said provisions arises only if the acts referred to therein are done without permission or consent,” Chandrasekhar said.