- Security TWENTY
- Women in Security
A proposed review of the 30-year law that governs ‘cyber-dependent crime’ has been welcomed. The Home Office has sent out a ‘call for information’ on the Computer Misuse Act 1990 (CMA), that’s open to June 8.
Speaking at the CYBERUK 2021 conference, Home Secretary Priti Patel said: “The Computer Misuse Act has proved to be an effective piece of legislation to tackle unauthorised access to computer systems, and it has been updated a number of times to take account of the changes we now face…As part of ensuring that we have the right tools and mechanisms to detect, disrupt, and deter our adversaries, I believe now is the right time to undertake a formal review of the Computer Misuse Act. And today, I am announcing that we will be launching a call for information on the Act this year. I urge you all to provide your open and honest views to ensure our legislation and powers continue to meet the challenges posed by threats in cyber space.”
Ed Parsons, Executive VP of consulting at cyber firm F-Secure says: “I would welcome an official review of the Computer Misuse Act and encourage the Home Secretary to consider the proposed reforms set out in the Criminal Law Reform Now Network’s report last year. The review should consider broadly how to combat cybercrime including helping UK cyber security companies to defend people and organizations and address the industry skills shortage.”
Visit the Home Office website for the consultation. The document asks, if law enforcement agencies have the necessary powers to investigate and act against those attacking computer systems, and whether the legislation is fit for use given the technological advances since 1990.
As the CLRNN report points out, cybercrime includes criminal activity on networks including the Internet where, perhaps, ‘computer crime’ was limited to activities within computers. The report goes into shortcomings in the Act in terms of offences, defences, sentencing and prosecutorial guidance. As the CLRNN said, while computer misuse cases number in the millions, the UK’s conviction rate remains extremely low. Only about two per cent of CMA offences result in a police investigation, let alone going any further towards any sanction. Technically, you may break the CMA if you check for contact details on a lost mobile phone that has fallen into your possession.
As featured in the May print edition of Professional Security magazine, the CyberUp Campaign is pushing for reform of the 1990 Act, that the campaigners regard as outdated. Visit https://www.cyberupcampaign.com/. Campaigners argue that the Act prevents cyber security researchers from carrying out so much of the vital vulnerability and threat intelligence research that, if undertaken, would contribute fully and significantly to UK cyber resilience. The law criminalises unauthorised access to computer systems, without any means to consider individuals’ motives, or recognise circumstances where such access might be deemed legitimate; such as penetration testing with permission. CyberUp and the trade association techUK found that most cyber professionals (80 per cent) worry about breaking the law in the process of defending against cyber attacks.
Matt Evans, Director, Markets, techUK said: “techUK looks forward to engaging with Government throughout the review process on behalf of industry. Through working towards sensible reforms we can ensure that law enforcement and the UK’s flourishing cyber security sector are able to put their best forward protecting citizens and organisations alike.”