Is the Computer Misuse Act fit for purpose?
The Computer Misuse Act 1990 (CMA) is a product of its time: before the World Wide Web as we know it, when Mark Zuckerberg was only six, and neither Amazon nor Google existed. What also didn’t exist was any meaningful cybersecurity industry. The pace of technological change, especially when it comes to networking and the online world, has been beyond anything lawmakers of the time could have imagined. Which begs the question of whether a 30-year-old legal framework, despite some amendments over the years, is still fit for purpose. By effectively criminalising the tools and techniques used by many cybersecurity professionals, could the CMA even be doing more harm than good?
The slow arm of the law
The CMA states it is an “Act to make provision for securing computer material against unauthorised access or modification; and for connected purposes”. It’s both very broad in definition and hasn’t kept pace with technological change. The CyberUp Campaign claims the legislative framework it provides “runs counter to the UK’s stated policy objective to promote public-private partnership to combat cybercrime,” and leaves the cybersecurity industry “unable to deploy its full capabilities in the pursuit of national security”.
The UK government itself appears to have acknowledged that the CMA is ripe for reform. In early 2021, the Home Office conducted a “Call for Information” to clarify whether the Act
You’re reading a preview, subscribe to read more.
Start your free 30 days