Ineffectiveness of act exposes UK to cyber harm

A new legal report argues that the UK’s cyber defences are being endangered by the outdated Computer Misuse Act, which prevents investigators from dealing effectively with online threats while over-punishing immature defendants.

A 144-page study by the Criminal Law Reform Now Network (CLRNN) is calling for the urgent revision of the legislation governing illegal access to computers, denial of service attacks and other digital crimes. The academic lawyers at Birmingham and Cambridge universities say that the 1990 Computer Misuse Act is ‘crying out for reform’ and must develop public interest defences for hacking.

Reforming the Computer Misuse Act pinpoints problems of enforcement and legal obstructions that expose the UK’s economy and critical infrastructure to ‘harm by cyber criminals and hostile nation states’, commenting that wide-ranging changes are needed to create a legislative regime that is ‘fit for purpose’. This will improve the ability of the state to ‘identify, prosecute and punish those acting against the public interest’.

Simon McKay, project lead for the report, said: “One of our key recommendations is that a number of [legitimate] defences need to be built into the Computer Misuse Act to allow research, and integrity testing of systems. The act does not even have any kind of defence for the way law enforcement carries out online work. They can only avoid prosecution through having a warrant and they have to stay within the confines of that.”