A second attempt in as many months To reform the outdated Computer Misuse Act (CMA) of 1990 to Provide Legal Protections for Cyber Security Professionals and Ethical Hackers who Fear Prosecution Under the Vague of ” Pater ”has been knocked back in the house of lords by former government Chief Scientific Adviser Turned Minister for Science, Research and Innovation Patrick Valance.
Two amens proposed by Chris Holmes and Tim Clements-Jones to the data (access and use) Bill would address this by amening the cma in such a way that legitimate Cyber Pros Can Proverry Ion or prevention of crime ” Or “justified as being in the public interest”.
Despite Strong Support from other members of the house of lords, a previous attempt to introduce these amendments in December 2024 Stalled with the government arguing they were premature.
Speaking on Tuesday 28 JanuaryHolmes said: “it [the CMA] was put into statute at a time when technology looked not it did 10 or 20 years ago, Never Mind Today.
“The Computer Misuse Act Constrains The Sector from Keeping Us as Safe as it Might and Constrains Businesses in Terms of Their Growth and What they could be added to our eco Omputer misuse act when we Have the solution in our hands. “
No defense for the 'good guys'
Speaking in support in supports' amendments, merlin hey, earl of errol, said that during the cm's passage in 1990, Simlar Concerns Had Been Expressed but that the government has disasseted them.
“We We WERE Always Deeply Unhappy About It But Had to Go Along with it because we have had to have something; Otherwise, we could not do anything about hacking tools being free available, “said hey.
“We ended up with a raather odd situation where there is no definition against being a good guy. This is a very sensible amendment to clean up an anomaly that has been fitting in our law for a long time and should probally have been cleaned up a long time ago.
In his assessment, vallance – who as Chief SCINTIC Adviser Made Similar recommendations in a review on Pro-Innovation Tech Regulationwhich was accepted at the time – said that his recommendations were still in play as part of an ongoing review of the CM, but that the issues Around reforms were highly complex.
“Our engagement with stakeholders has revised different direction views, even Among Industry. While Some Industry Partners Highlight… That The Computer Misecus Act May Prevent Legitimate Public Interest Activity, others have coursions about the unintended consequaneces. Law enforcement has considerable concerns that allows unauthorized access to systems under the pretext of identifying vulnerabilites clock be exploited by cyber criminals, ”SAID VALLANCELS.
“Without Robust Safeguards and Oversight, this amendment could significantly Hinder Investigations and Place a Burden on Law Enforcement Partners to Estables Whtherres to Estabile a Person A Persons WERESONS WERESNES WERESNErs.
“The Introduction of these Specific Amendments Blads Unintensive Pose More Risk to the UK's Cyber Security, Not Least By Inadverted A LoopHole for Cyber Crimenels a prosecution. “
Vallance said that the government would continue to work bot with industry, law enforcement and the national cyber Security Center (NCSC), and that an update would be provided “Ins due courses”.
Andrew Jones, Strategy Director at the Cyber Scheme And spekesperson for the Cyberup Campaign – Whoan Arguing for Reform For Years – Said: “What we appreciate the government's Efforts to ensure it handles updating the computers act correct TUNTY to Protect our Cyber Security Professionals and Strengthen The UK's Defense has been Missed.
“The Computer Misuse Act is a relaic of the 20th century, inadverted Critical Research Conducted by UK Cyber Security Professionals to Support National Cyber Defense Operations, Agency and Critical National Infrastructure operators. This leaves the uk increasingly vulnerable to sophisticated and disruptive cyber threats. As the US and Eu Move to Safeguard Ethical Cyber Security Work as a Cornerstone of National Resilience, The UK Cannot Aford to Lag Behind.
“Urgent Action is Needed. The Statutory Defense Proposed – Drafted in Consultation with Industry and Legal Experts – Offers a Practical, Proportion and Robust Solution That Would Protect Tegitimate Profession Mg Intent on a Responsible Future for Ai, Strenghen Uk Cyber Defense and Reinforce its place as a Cyber Security Leader.
“We remine full prepared to work with the government to help implement this Necessary Change in the future, as soon as it is ready to act.”