‘Out of Date’ 30 year-old Cybercrime Legislation Leaves UK at Risk During Coronavirus, Professionals Warn
June 2020 by Marc Jacob
A coalition of businesses, trade bodies, lawyers and think tanks from across the cyber security industry have taken the unprecedented step of uniting to pen a letter to the Prime Minister urging him to reform the law governing cybercrime in the UK, which came into effect thirty years ago today, claiming it is now ‘unfit for purpose’.
The coalition, which includes large cyber security consultancies like NCC Group and F-Secure, industry trade body techUK, cyber security software developers McAfee and Trend Micro, international accreditation body CREST, the think tank Demos, and a number of prominent lawyers in the field, has written to the Prime Minister urging him to bring forward reforms to the Computer Misuse Act (CMA) exactly thirty years after the law gained Royal Assent.
The Computer Misuse Act (1990) was written to prevent computer hacking before the concept of cyber security existed and when use of the internet was limited to less than one per cent of the UK population. It now deters a large proportion of the research that cyber security professionals can carry out to assess and defend against emerging threats posed by organised criminals and geo-political actors.
In the UK, the public and private sectors work closely together to defend the country in cyberspace. But, with less threat intelligence research being carried out, the UK’s critical national infrastructure is left at an increased risk of cyber attack. The signatories to the letter stress the urgency of the issue, highlighting the nation’s heightened reliance on secure and resilient digital technologies, particularly in light of the coronavirus crisis. The letter points to other countries which have more permissive regimes – like France and the US – and warns of the extent to which Britain has fallen behind internationally.
The letter was coordinated by the CyberUp Campaign, a group of cyber security organisations pushing for an update of Computer Misuse Act to make it fit for the digital age. The campaigners are calling for reforms to the Computer Misuse Act which would, amongst other things, allow the law to take account of the motivations of ethical cyber security professionals, enabling them to operate free from the fear of prosecution that currently restrains them.