Port scanning is used by mostly network and system administrators.port scan has many legitimate uses including network inventory and the verification of the security of a network. Port scanning can, however, also be used to compromise security. exploits rely upon port scans to find open ports and send specific data patterns in an attempt to trigger a condition known as a buffer overflow.
Country specific provisions in IT laws for open and decentralized architecture of the Internet, lawmakers have struggled since its creation to define legal boundaries that permit effective prosecution of cyber criminal Network scanning: Although network scanning in legal but since its first step used by hackers boundary is blurred and there are implications for misuse. Also
German penal code :
The simple reason is that it is very difficult to establish the intent, failing which the provision will be available for misuse(by both parties ethical as well unethical person (it’s like whoever puts better legal argument). Just like 498 A of the Indian Penal Code relieves many but if you know of the current scenario, you know how brutally it has been misused in recent times.
Here are laws country wise with some case study how prosecution happened.
we had discussion about whether any law exist to prohibit scanning? here is list.
In December 1999, Scott Moulton was arrested by the FBI and accused of attempted computer trespassing under Georgia’s Computer Systems Protection Act and Computer Fraud and Abuse Act of America. At this time, his IT service company had an ongoing contract with Cherokee County of Georgia to maintain and upgrade the 911 center security. He performed several port scans on Cherokee County servers to check their security and eventually port scanned a web server monitored by another IT company, provoking a tiff which ended up in a tribunal. He was acquitted in 2000, the judge ruling there was no damage impairing the integrity and availability of the network
2. In 2006, the UK Parliament
had voted an amendment to the Computer Misuse Act 1990 that proves guilty a person under cirtain conditon..its very blurred so can be misused or helpful prosecuting even when evidence is less.
German penal code Strafgesetzbuch § 202 a,b,c has also a similar law
4. EU also has similar law.
5. India has similar law.
At present the IT Act does provide penal provisions for hacking which is a matured and compounded form of port scanning as I have discussed earlier. Section 66 of the IT Act reads out :
66. (1) Whoever with the intent to cause or knowing that he is likely to cause wrongful loss or damage to the public or any person destroys or deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injurious by any means, commits hacking.
(2) Whoever commits hacking shall be punished with imprisonment up to three years, or with fine which may extend upto two lakh rupees, or with both.
Therefore the main elements of hacking is :
A) Intentional act
B) Wrongful loss to other
C) Alter/ delete/ destroy, diminish value of the data or utility.
The simple reason for misuse is that it is very difficult to establish the intent, failing which the provision will be available for misuse. Just like 498 A of the Indian Penal Code relieves many but if you know of the current scenario, you know how brutally it has been misused in recent times. Also there are cases where it use is justified.