Campaigners urge Johnson to reform Computer Misuse Act to make it fit for modern digital era
The law currently hinders cyber security research in Britain, campaigners argue in an open letter to the PM
On the 30th anniversary of the Computer Misuse Act (CMA), the members of CyberUp Campaign have written a letter to Prime Minister Boris Johnson, urging him to revise the elderly act to make its fit for the digital age.
CyberUp, which was founded last year, is a coalition of cyber security companies including Orpheus Cyber, NCC Group, Nettitude and Context Information Security.
Signatories to the letter include several prominent names, including Julian David, CEO, techUK; RaJ Samani, McAfee Fellow/Chief Scientist, McAfee; Rik Ferguson, Vice President Security Research; international accreditation body CREST and others.
The UK's CMA came into effect in 1990 after journalists Steve Gold (one of SC's founders) and Robert Schifreen hacked into Prince Philip's Prestel account in 1985. In that case, the judge ruled that the accused persons were guilty, but they can't be punished because they had not violated any existing law. The court then advised the government to bring a new law to deter the hackers.
According to CyberUp Campaign, the main issue with the current CMA is that it criminalises any "unauthorised access" to a computer, under Section 1 of the law, and therefore it is no longer fit to defend the state of cyber security in the country.
"In 1990, when the CMA became law, only 0.5 per cent of the UK population used the internet, and the concept of cybersecurity and threat intelligence research did not yet exist," the letter to the Prime Minister reads.
"Now, 30 years on, the CMA is the central regime governing cybercrime in the UK despite being originally designed to protect telephone exchanges. This means that the CMA inadvertently criminalises a large proportion of modern cyber-defence practices."
According to CyberUp, the CMA's broad wordings don't clearly define what is legal and what is illegal in the fast-moving world of information security. Moreover, in its current form, the law is hindering a large proportion of the cyber security research that professionals need to conduct to defend against evolving threats from state-sponsored threat actors or organised criminals.
CyberUp also argues that far more permissive regimes exist in other countries, such as the US and France, providing legal certainty to cyber security researchers while retaining the ability to punish the cyber criminals who try to abuse the system.
The campaign group warns that further delay in CMA reform could see "the UK lose out on as many as 4,000 additional high-skilled jobs by 2023."
More on Threats and Risks
'Ripple20' security vulnerabilities in TCP/IP software library impact millions of connected devices
Nineteen bugs have been discovered so far in Treck software affecting connected printers, insulin pumps, smart home devices, power-grid equipment, industrial-control gears, routers, communications equipment commercial aircraft and data centre devices...
One in three Britons targeted by scammers since the start of coronavirus crisis, Citizens Advice reveals
Legal charity has seen a 19 per cent spike in the number of visitors coming to its website in recent months looking for advice from experts
Earth Empusa threat group distributing Android 'ActionSpy' spyware to target minority group in Tibet and Turkey
ActionSpy supports numerous modules which enable hackers to collect confidential information from compromised devices, including device IMEI, user phone number and contacts
Gamaredon group using new tools to target Microsoft Outlook and Office, researchers warn
And they are making no efforts to stay under the radar
SGAxe and CrossTalk flaws in Intel CPUs could enable attackers to steal data, researchers say
SGX hardware encryption technology was launched in 2015 with the Skylake microarchitecture
