The government would be to begin work on reforming the 31-year old Computer Misuse Act (CMA) of 1990, and has set out plans to establish a consultation to collect input and guidance from stakeholders afterwards in 2021.
Speaking at the National Cyber Security Centre’s (NCSC’s) continuing CyberUK 2021 virtual event, dwelling secretary Priti Patel reported that the CMA had demonstrated a powerful piece of legislation to tackle unauthorised access to computer systems, and had been upgraded quite a few times to take account of technological changes, such as the expansion in cyber and cyber-enabled offense.
“As part of ensuring that we have the right tools and mechanisms to detect, disrupt and deter our adversaries, I believe now is the right time to undertake a formal review of the Computer Misuse Act,” explained Patel.
“Today, I’m announcing we will be launching a call for information on the Act this year. I urge you all to provide your open and honest views on ensuring that our legislation and powers, continue to meet the challenges posed by threats in cyber space.”
For a time, campaigners have been clamouring for CMA reforms to be introduced, saying that as the law currently stands it technically dangers criminalising legitimate cyber security professionals going about their day-to-day tasks. This is because it makes it an offence to access or modify data on a computer without authorisation.
A January 2020 report from the Criminal Law Reform Now Network (CLRNN) called on the authorities to change the law. The report urged the government to bring in measures to tailor existing offences in line with the UK’s international obligations and contemporary legal systems, such as corporate offences; new public interest defences and protections for moral journalists and hackers that remain consistent with overlapping offences covered by the Data Protection Act of 2018; fresh guidance for prosecutors, including the prosecution of young defendants, and much more transparency around the use of the Prevent programme; along with new sentencing guidelines.
Speaking at the moment, CLRNN co-director John Child, a senior lecturer in criminal law, said:”The legal case for reform of the Computer Misuse Act 1990 is overwhelming. Experts from academia, legal practice and industry have collaborated to identify the best route to ensure proper penalties are enforced to enable prosecution of hackers and companies that benefit from their activities, while permitting responsible cyber security experts to do their job without fear of prosecution.”
A further study produced by that the CyberUp effort , which also wants the CMA rewritten for the 2020s, found 80percent of cyber security pros operating from the UK feared accidentally running afoul of the law.
MP Ruth Edwards, a former cyber safety lead at techUK, said:”The Computer Misuse Act, though world-leading at the time of its introduction, was put on the statute book when 0.5% of the population used the internet. The digital world has changed beyond recognition, and this survey clearly shows that it is time for the Computer Misuse Act to adapt.
“Our reliance on safe and resilient digital technologies has never been greater. If ever there was going to be a time to prioritise the rapid modernisation of our cyber legislation, and examine the Computer Misuse Act, it is now,” she said.
In her speech, the home secretary had high praise for the work of the UK’s cyber security professionals, stating:”The attempts of the NCSC and the work that you do to protect our nation from the cyber area are simply outstanding.
“These attempts may not always be front page news, but in my role, I know what you do here is at the