Home Secretary announces Computer Misuse Act Review

13 May 2021 01:50 PM

Review into 31 year old legislation to start this year.

At CyberUK the Home Secretary Priti Patel has announced that the Government will be conducting a formal review into the Computer Misuse Act.

The Government’s review will ask academia, business, law enforcement agencies, the cyber security industry, and the private sector for their views on series of questions about the act, including whether current “protections in the CMA for legitimate cyber security activity provide adequate cover”.

The CyberUp Campaign has been pushing for reform to the UK’s outdated Computer Misuse Act over the last two years. The campaign brings together a broad coalition of supporters across the UK cyber security sector and beyond. Research conducted by the campaign and techUK has found that the overwhelming majority of cyber security professionals (80 per cent) worry about breaking the law in the process of defending against cyber attacks.

Further research also found that the Computer Misuse Act is having a stifling effect on the UK cyber security industry, with 91 per cent of cyber security businesses feeling they had been put at a competitive disadvantage relative to other countries with better legal regimes. In addition, a similar number (90 per cent) indicated that a change in the law would lead to growth and productivity benefits for their organisation. When averaged across the latest figures for revenue and employment in the sector, a change in legislation would lead to an increase in revenue of £1.6 billion and 6,200 jobs.

Announcing the review at the CYBERUK 2021 conference, the Home Secretary yesterday said:

“The Computer Misuse Act has proved to be an effective piece of legislation to tackle unauthorised access to computer systems, and it has been updated a number of times to take account of the changes we now face…As part of ensuring that we have the right tools and mechanisms to detect, disrupt, and deter our adversaries, I believe now is the right time to undertake a formal review of the Computer Misuse Act. And today, I am announcing that we will be launching a call for information on the Act this year. I urge you all to provide your open and honest views to ensure our legislation and powers continue to meet the challenges posed by threats in cyber space.”

Matt Evans, Director, Markets, techUK yesterday said:

“techUK welcomes the Home Secretary’s announcement today committing to a Government review of the Computer Misuse Act 1990. Through the CyberUP Campaign, industry have been calling for reform in order to better protect the UK from cyber criminals.

“techUK looks forward to engaging with Government throughout the review process on behalf of industry. Through working towards sensible reforms we can ensure that law enforcement and the UK’s flourishing cyber security sector are able to put their best forward protecting citizens and organisations alike.”

Ollie Whitehouse, CTO of NCC Group and spokesperson for the CyberUp, yesterday commented:

“We welcome the Home Secretary’s announcement that the Government have heeded out calls for a review into the Computer Misuse Act – this is a long overdue step for a piece of legislation that simply hasn’t kept pace with changes in technology.

“This law – written in 1990 – didn’t foresee the birth of the cyber security profession, and therefore leaves ethical cyber security researchers unclear as to whether or not they will prosecuted simply for doing their jobs. The result is a freezing effect on the cyber security industry, leaving the UK less safe from cyber criminals.

“We hope the Government’s review will shine a light on these problems in short order, and will lead to sensible reforms that will keep protect the UK from an evolving landscape of cyber threats. We look forward to contributing to the review.”

Read more about the report launched by the CyberUp Campaign and techUK in November 2020; and/or download it in full.