Campaigners have written to the UK Home Secretary, Priti Patel, welcoming the announced review into the Computer Misuse Act (CMA) and requesting a meeting with her to discuss reform proposals.
The CyberUp Campaign and techUK penned the letter following a joint briefing call on Tuesday May 25 among industry representatives about the review, which Patel first announced in a speech during the CYBERUK 2021 virtual event last month. In her talk, she explained this is part of the UK government’s efforts to ensure law enforcement agencies are equipped with “the right tools and mechanisms to detect, disrupt, and deter our adversaries.”
The government has now opened a call for evidence from across the cybersecurity industry, which closes on June 8, 2021. This is requesting insights into the legislation, including whether current “protections in the CMA for legitimate cybersecurity activity provide adequate cover.”
Welcoming this development, the letter informed the Home Secretary that the CyberUp Campaign and techUK “share the desire to see a legal framework in the UK that is best able to assist UK law enforcement in defending the UK from an ever-evolving array of cyber threats, and that supports a thriving and internationally competitive UK cybersecurity industry.”
Many in the industry have long called for the act to be updated, observing that the cyber and technology landscape has changed substantially since it was first enacted in 1990.
In June 2020, a group of cybersecurity organizations coordinated by the CyberUp Campaign wrote an open letter to the UK Prime Minister Boris Johnson, emphasizing the need for the CMA to be updated. This letter stated: “In 1990, when the CMA became law, only 0.5% of the UK population used the internet, and the concept of cybersecurity and threat intelligence research did not yet exist. Now, 30 years on, the CMA is the central regime governing cybercrime in the UK despite being originally designed to protect telephone exchanges. This means that the CMA inadvertently criminalizes a large proportion of modern cyber-defense practices.”
Commenting on the latest developments, Ollie Whitehouse, CTO of NCC Group and spokesperson for the CyberUp Campaign said: “The goverment consultation represents a once-in-a-generation opportunity for the cyber sector to have our say on the badly out of date Computer Misuse Act, which has been around since the inception of the sector and increasingly acts as a barrier.”
Matt Evans, director at techUK, added: “Through the formal review of the Computer Misuse Act 1990, there is a real opportunity for the UK to future-proof key cybersecurity legislation, allowing industry and law enforcement to better work together to protect citizens and businesses alike.
“This is likely the start of a longer process and techUK will look to ensure that industry plays its role in exploring the potential options and challenges around reform, with a string view that through working towards sensible reforms that can also contribute to the UK’s international competitiveness and leadership in the cyber domain.
"techUK looks forward to engaging with the government throughout the review process on behalf of industry and additionally urges its relevant members to directly input into the Home Office.”