HACKTIVISM

Submitted by

Avani Sharma

Batch 2018-23

Division C

PRN 18010224128

Of Symbiosis Law School, NOIDA

Symbiosis International (Deemed University), PUNE

In

February, 2022
INTRODUCTION

With the growing online presence of people around the globe, the risk of cyber-crime is ever
growing. One of the most interestingly controversial cyber crimes is hacktivism. Hacktivism
is the use of hacking and related techniques to promote a political and social agenda. 1 The
aim is to promote human rights, and freedom of speech and information by hacking
governments and corporations to raise public awareness about issues and disrupting the
activities of the government.

To many, the word ‘hacktivism’ is synonymous to the famous group ‘Anonymous’ of the
early 2010s. Though it was believed that the group has discontinued, some of the members of
Anonymous were seen back in action during the protests of ‘Black Lives Matter’. The group
had hacked the app that the Dallas police department was using to register complaints against
the protestors and flooded it with nonsense traffic.2

In India, the hacktivists are not quite active; however in 2015, an incident, which was later
highly celebrated, was noticed. Some of the Indian hackers joined Anonymous against the
huge online presence of the terrorist group – ISIS. This movement was popularly known as
#OpISIS.3 Recently, in August 2021, two days before the Independence Day, Madhya
Pradesh Cyber Cell surfaced the news of potential cyber attacks by Pakistani’s hackers to
flash their national flag on websites on August 15, 2021.4

Hacktivism has received mixed views. While some argue that it is a form of freedom of
speech and expression, others argue that means used by hacktivists are unethical and
therefore, illegal.

In light of the above, it becomes essential to analyse the laws that exist in India against
hacktivism. In addition, I will compare the laws of India with that of the United States to
analyse how prepared India is for the so-called hacktivist attacks.
1
Black, P., 2021. Hacktivism: A Social Cause or a Cyber Crime. Nord VPN. Available at:
https://nordvpn.com/blog/hacktivism-and-law/ [Accessed February 1, 2022].
2
Anon, 2021. New Generation of Angry and Youthful Hackers the 'hacktivism' wave, adding to Cyber Security
Woes. The Economic Times. Available at: https://economictimes.indiatimes.com/magazines/panache/new-
generation-of-angry-youthful-hackers-join-the-hacktivism-wave-adding-to-cyber-security-woes/articleshow/
81707844.cms?from=mdr [Accessed February 1, 2022].
3
S, S., 2015. Indian hackers, Anonymous and #OpISIS: The grey area of online vigilantism. Scroll.in. Available
at: https://scroll.in/article/772356/indian-hackers-anonymous-and-opisis-the-grey-area-of-online-vigilantism
[Accessed February 2, 2022].
4
Naveen, P., 2021. Madhya Pradesh cyber cops warn media with intelligence against Pakistani 'Hacktivists'.
The Times of India. Available at: https://timesofindia.indiatimes.com/india/madhya-pradesh-cyber-cops-warn-
media-with-intelligence-against-pakistani-hacktivists/articleshow/85307541.cms [Accessed February 1, 2022].
RESEARCH METHODOLOGY

Secondary sources were used for this project.

RESEARCH QUESTION

Through the course of this project, I aim to answer the following questions:

How efficient are the laws of India and the United States in criminalising hacktivism?

LAWS IN INDIA

Cases of hacktivism will be governed by laws on hacking, that are as follows:

Section 43 of Information Technology Act, 2000 (“Act”)

This section imposes a civil liability on the wrong-doer for data theft. Data is an integral part
of every company and organisation, especially governments. Thus, data security is vital.
Section 43 is one such provision that aims to combat breach of data privacy.

Under clause (b) of this section, any person who accesses the computer of any person without
permission, downloads or copies the data will be liable for data theft. Introducing virus or any
other computer will also attract penalty under section 43(c).

Moreover, under other clauses of this section, if any person deletes, alters, or steals any
information without the permission of the authorised person, then such person will have to
compensate to the affected person.

Section 66 of the Act

Any person who does any of the acts mentioned is Section 43 of the Act will be imprisoned
for a maximum period of three or will be fined or both.

Moreover, with the growing digital age, social media is being used by many to voice their
opinions. While the Indian users are not behind in reaping the benefits of the same, social
media has been hijacked by nefarious entities that use it to carry out illegal and unethical
agenda. In order to counter this misuse, the Indian government introduced the Information
Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (“Rules,
2021”).
Hacktivists also use social media to propagate their ideologies for a social cause. For
instance, in 2015, the Anonymous disrupted 4,000 Twitter accounts of ISIS 5 to hamper its
online presence and to minimise their influence. They also use social media to leak
confidential information that are incriminating against public figures and organisations.

Rule 3 of the Rules, 2021

According to Rule 3(b), the users are prohibited to post information that they do not have any
right over; violates any law which is in force; and threatens the integrity, sovereignty,
security of India, and friendly relations of India with foreign States. Under Section 3(c), the
intermediary has the right to terminate access in case of violation of clauses in Rule (b).
According to the proviso to Rule 3(1)(d) information which incites violence, threatens
security, integrity, etc. would have to be removed by the intermediary within thirty-six hours
from receipt of the court order or the government notification for the same.

This means any content that the hacktivists post on social media will come under the scrutiny
of the Rules, 2021, and any content inconsistent with the Rules, 2021 will be taken down.

LAWS IN THE UNITED STATES

One of the primary federal laws that criminalise hacktivism is the Computer Fraud and Abuse
Act (“CFAA”), also known as anti-hacking law. CFAA criminalises activities such as
stealing information to help foreign countries and sensitive financial information, and
accessing government computers without authority. CFAA also criminalises the means that
are used by hacktivist such as an intentional access to one’s computer without authorisation
to cause damage, loss, etc. The victim is empowered to sue the hacker for economic loss.

The second legislation that punishes hacktivists is the Wiretap Act. Under Wiretap Act, any
person who incepts or procures another person to intercept from any device and discloses any
oral, electronic, or written communication will be punished.

Stored Communications Act (SCA) prohibits a person to intentionally access a “facility”

through which electronic communication is provided, prevents access, and deletes or alters
such communication. SCA specifically talks about electronic communication.

5
Fowler, K., 2017. An Overview of Data Breaches. Science Direct. Available at:
https://www.sciencedirect.com/topics/computer-science/hacktivist [Accessed February 1, 2022].
ANALYSIS AND CONCLUSION

There are two extreme sides to the debate around hacktivism - one that says that since there is
no intention to harm or have a financial gain, criminalising hacktivism curtails free speech,
and the other extreme believes that an illegal act cannot be done under the umbrella of
freedom of free speech and more transparent political system.

While I understand the stance of the people who lie in the former category of argument, one
cannot undermine the importance of the fact that hacktivism poses a great threat to privacy,
whatever the intentions may be. One cannot defy the laws of the land in the interest of
society. Hacking the Twitter accounts of the ISIS terrorist group is just one instance. It must
be understood that the hackers gained access to personal information through an unauthorised
and illegal means. There have also been instances in the past where the accounts of innocent
people were mistakenly hacked after wrongly identifying them as extremist. While I strongly
believe that justifying hacktivism is not acceptable, the fact that hacktivists are people whose
voices are not heard cannot be ignored. For instance, in the case of hacktivism of ‘Black
Lives Matter protest’, the voices of the Blacks were being suppressed. Police cases were
being lodged against them. The only alternative left was to control the registration of police
complaints. Similarly, in the hacktivism of ISIS Twitter account, hacking the said Twitter
account seemed like a legitimate action to stop ISIS from spreading its propaganda and
influencing people. Therefore, a balance needs to be struck.

Both India and the United States have laws to protect the victims and punish the hackers. The
liability is both criminal and civil in the two jurisdictions. The discretion given to the Courts
to decide the quantum of penalty and compensation in both India and the United States help
strike a balance between the two extreme sides of the argument.