Security professionals warn UK government over outdated cybercrime legislation

The UK's Computer Misuse Act came into effect 30 years ago, but security professionals are warning that it is no longer fit for purpose and may even be hindering their efforts.

A coalition of businesses, trade bodies, lawyers and think tanks from across the cybersecurity industry have today taken the unprecedented step of uniting to write a letter to the prime minister urging him to reform the law.

The coalition includes large cyber security consultancies like NCC Group and F-secure, industry trade body techUK, cybersecurity software developers McAfee and Trend Micro, international accreditation body CREST, the think tank Demos, and a number of prominent lawyers in the field.

The Computer Misuse Act (1990) was written to prevent computer hacking before the concept of cyber security existed and when use of the internet was limited to less than one per cent of the UK population. Now, however, it hinders a large proportion of the research that cyber security professionals can carry out to assess and defend against emerging threats posed by organised criminals and geo-political actors.

The letter has been coordinated by the CyberUp Campaign, a group of cyber security organisations pushing for an update of Computer Misuse Act to make it fit for the digital age. The campaigners are calling for reforms to the Computer Misuse Act which would, amongst other things, allow the law to take account of the motivations of ethical cyber security professionals, enabling them to operate free from the fear of prosecution that currently restrains them.

"The Computer Misuse Act in its current form doesn't provide any real effective defences or legal certainty to security professionals and particularly incident responders, intelligence professionals and cybersecurity researchers," says Ed Parsons, managing director of F-Secure Consulting. "It doesn't necessarily give us legal certainty in the form of defences. I think what we've seen in the UK is that the Computer Misuse Act hasn't been particularly good at targeting offenders or disrupting trafficking, it has been used as a bit of a club, and the risk there is that you're actually punishing the wrong kind of people when it isn’t necessarily the best thing for them or for society."

You can find out more at the CyberUp Campaign website.

Image Credit: Duc Dao / Shutterstock