Security threats Toolkit

Story: Tsunami 'hacker' conviction worries experts

• 
• 

The situation has arisen due to the wordings of the statute. Section 1 of the Computer Misuse Act, 1990, considers an unauthorised access to a computer site as a crime if the person accessing the system “knows” that he is not authorised to access the site. The mens rea aspect has been incorporated in the form of “knowledge” aspect and that makes the concerned provision a “strict liability offence” unless the same is justified by law. For example, if an organisation or person is “legally entitled” to adopt “penetration test” as a mode of ethical hacking, then there seems to be no problem. The problem arises only when the person penetrating is not entitled to do so. In that case the provisions of section 1 apply harshly and there seems to be no justification for cursing the same. If the security aspects have to be tested or if the veracity of a site has to be checked, let the authorised person handle the same. If the person performing the penetration test is authorised, then there is no problem. If he is not, then the prosecution is the natural outcome.

Now coming to the conviction aspect, if the offender is a “first time offender” with no malicious intention (as in the present case), then the court must be liberal in his release either on probation or after due admonition. The offending act in this case is due to the language of the statute and whether a different provision must be made is a matter of policy decision by the Government that has to be decided by it in public interest. Till then the provision does not deserve to be criticised as the consequences were foreseeable.

• 
• 

• 
• 
• 

Full Talkback thread