fbpx
Wednesday, December 18, 2024
Linux and Devops

Computer Misuse Act reform gains traction in Parliament

by Wire Tech

Computer Misuse Act reform gains traction in Parliament

An amendment to the proposed Data (Access and Use) Bill that will right a 35 year-old wrong and protect security professionals from criminalisation is to be debated at Westminster

Cross-party parliamentarians will next week debate proposals that aim to fix a “glaring flaw” in the Computer Misuse Act of 1990 (CMA) as momentum gathers behind the need to reform the nearly 35 year-old law.

An amendment to the proposed Data (Access and Use) Bill, led by Conservative peer Lord Holmes and Liberal Democrat peer Lord Clement-Jones, that will override outdated aspects of the CMA that inadvertently criminalise good faith, legitimate security activities, will now be debated in Committee on Wednesday 18 December.

Created largely in response to a famous incident in which professional hackers and technology journalists broke into British Telecom’s Prestel system in the mid-80s, the CMA received Royal Assent in June 1990, barely two months after Tim Berners-Lee and CERN made the world wide web publicly available for the first time.

Trending
What You Need To Know About Switching To A Corporate LMS For Employee Training

Although it has been frequently amended over the years to reflect the changing world of technology, the CMA still vaguely defines the offence of “unauthorised access to a computer”, which opponents have long argued inadvertently criminalises cyber security threat researchers and incident responders and forces ethical hackers to work with one hand tied behind their back out of fear of prosecution.

According to the CyberUp campaign, which has been pushing for reform for years, the CMA could be costing the UK economy up to £3.5bn.

“The UK’s outdated cyber laws are preventing our cyber security professionals from defending organisations effectively,” Rob Dartnall, SecAlliance CEO, Crest UK chair, and CyberUp representative, told Computer Weekly.

“In no other sector do security professionals face risks of breaking the law for simply doing their jobs. Campaign research shows that nearly two-thirds of cyber professionals say the CMA hinders their ability to safeguard the UK – an untenable situation as cyber threats grow.”

Holmes and Clement-Jones’ amendment proposes a statutory defence for researchers who can demonstrate either a reasonable belief that the IT system owner would have consented to their work, or that the activity was strictly necessary for the detection of cyber crime.

This will give British cyber pros similar protections to those already in force in other European countries such as Belgium, Germany, France, Malta and the Netherlands, all of which have either recently updated their legal frameworks to address professional hacking, or already had more appropriate legal regimes.

Dartnall said that change was vital to fostering a safe environment for researchers and allowing them to play a more effective role in safeguarding digital systems and data in the UK – a need urgently highlighted by the National Cyber Security Centre (NCSC) in its recent Annual Review.

“We are delighted to see an amendment tabled that could bring the Computer Misuse Act into the 21st century by introducing a statutory defence. Updating this Act would represent a landmark moment for UK cyber security legislation, which is outdated when compared to the cyber threat landscape we face,” he said.

“The last two years have seen unprecedented levels of critical vulnerabilities, ransomware breaches and third party system breaches, all of which have had a massive effect on people’s data privacy and the UK’s economy.

“By introducing a statutory defence, the UK could protect legitimate cyber security professionals, strengthen its cyber defences, and reinforce its place as a cyber security leader. It is time we updated the law to fit with the digital age,” added Dartnall. “With support from across parliament, we believe this amendment could be a catalyst for a change that would better protect the country.”

Timeline: Computer Misuse Act reform

  • January 2020: Group of campaigners says the Computer Misuse Act 1990 risks criminalising cyber security professionals and needs reforming.
  • June 2020: The CyberUp coalition writes to Boris Johnson to urge him to reform the UK’s 30 year-old cyber crime laws.
  • November 2020: CyberUp, a group of campaigners who want to reform the Computer Misuse Act, finds 80% of security professionals are concerned that they may be prosecuted just for doing their jobs.
  • May 2021: Home secretary Priti Patel announces plans to explore reforming the Computer Misuse Act as calls mount for the 31-year-old law to be updated to reflect the changed online world.
  • June 2022: A cross-party group in the House of Lords has proposed an amendment to the Product Security and Telecommunications Infrastructure Bill that would address concerns about security researchers or ethical hackers being prosecuted in the course of their work.
  • August 2022: A study produced by the CyberUp Campaign reveals broad alignment among security professionals on questions around the Computer Misuse Act, which it hopes will give confidence to policymakers as they explore its reform.
  • September 2022: The CyberUp coalition, a campaign to reform the Computer Misuse Act, has called on Liz Truss to push ahead with needed changes to protect cyber professionals from potential prosecution.
  • January 2023: Cyber accreditation association Crest International lends its support to the CyberUp Campaign for reform to the Computer Misuse Act 1990.
  • February 2023: Westminster has opened a new consultation on proposed reforms to the Computer Misuse Act 1990, but campaigners who want the law changed to protect cyber professionals have been left disappointed.
  • March 2023: The deadline for submissions to the government’s consultation on reform of the Computer Misuse Act is fast approaching, and cyber professionals need to make their voices heard, says Bugcrowd’s ethical hackers.
  • November 2023: A group of activists who want to reform the UK’s computer misuse laws to protect bona fide cyber professionals from prosecution have been left disappointed by a lack of legislative progress.
  • July 2024: In the Cyber Security and Resilience Bill introduced in the King’s Speech, the UK’s new government pledges to give regulators more teeth to ensure compliance with security best practice and to mandate incident reporting.
  • July 2024: The CyberUp Campaign for reform of the 1990 Computer Misuse Act launches an industry survey inviting cyber experts to share their views on how the outdated law hinders legitimate work.

Originally published at ECT News

You may also like

Using AI to build stronger client relationships in 2025

Driving government efficiency through better software and IT managment

Private vs public AI: Which should your business use in 2025?

Top 10 business applications stories of 2024

The Security Interviews: Stephen McDermid, Okta

Decoding the end of the decade: What CISOs should watch out for

Leave a Comment

Save my name, email, and website in this browser for the next time I comment.

Unlock the Power of Technology with Tech-Wire: The Ultimate Resource for Computing, Cybersecurity, and Mobile Technology Insights

  • Mumbai, India
  • Email: info@tech-wire.in

Recent Posts

Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware
The new Nvidia App is probably hurting your PC gaming...
Go Green: L&D Lessons From The Grinch

Userful Links

Our Policies

POPULAR CATEGORIES

Copyright @2023 All Right Reserved 

Facebook Twitter Instagram Linkedin Rss
@2021 - All Right Reserved. Designed and Developed by PenciDesign