Sun Jul 05 2020
The current iteration of the Computer Misuse Act hinders cyber security research in the UK
On the 30th anniversary of the Computer Misuse Act (C.M.A for short), the cyber security campaign group CyberUp have written an open letter to Prime Minister Boris Johnson, urging him to update the current iteration of the legislation as they feel it’s no loner fit for purpose in a fast changing, digital world.
The current version of the Computer Misuse Act was introduced back in 1990 after journalists Steve Gold and Robert Schifreen hacked into Prince Philip's Prestel account in 1985 (no comments about some things never changing!).
At the time the Judge ruled that although the defendant was guilty of hacking into the account, that act, at the time, wasn’t actually illegal.
Following the case the courts recommended to the Government of the time that the law be updated to reflect this and deter future cyber criminals.
According to their open letter sent to the P.M, CyberUps biggest problem with the current C.M.A is that any ‘unauthorised access’ to a computer, no matter what the reason, is automatically criminalised under section 1 of the legislation.
In 1990, when the CMA became law, only 0.5 per cent of the UK population used the internet, and the concept of cybersecurity and threat intelligence research did not yet exist. Now, 30 years on, the CMA is the central regime governing cybercrime in the UK despite being originally designed to protect telephone exchanges.
This means that the CMA inadvertently criminalises a large proportion of modern cyber-defence practices.
CyberUp go on to say that the C.M.A is too broad in its definitions and the cyber-security sector require additional clarity around what is legal or illegal and what should be legal or illegal.
In addition, it also hinders cyber-security research that the sector needs to perform when destruct testing methods of defence against new and emerging cyber actor threats.
Sun Jul 05 2020