{"id":607578,"date":"2023-02-13T07:49:03","date_gmt":"2023-02-13T13:49:03","guid":{"rendered":"https:\/\/news.sellorbuyhomefast.com\/index.php\/2023\/02\/13\/campaigners-lament-lack-of-movement-on-computer-misuse-act-reform\/"},"modified":"2023-02-13T07:49:03","modified_gmt":"2023-02-13T13:49:03","slug":"campaigners-lament-lack-of-movement-on-computer-misuse-act-reform","status":"publish","type":"post","link":"https:\/\/newsycanuse.com\/index.php\/2023\/02\/13\/campaigners-lament-lack-of-movement-on-computer-misuse-act-reform\/","title":{"rendered":"Campaigners lament lack of movement on Computer Misuse Act reform"},"content":{"rendered":"<div id=\"content-header\">\n<h2>Westminster has opened a new consultation on proposed reforms to the Computer Misuse Act of 1990, but campaigners who want the law changed to protect cyber professionals have been left disappointed<\/h2>\n<\/div>\n<div id=\"content-center\">\n<ul>\n<li><i data-icon=\"1\"><\/i><\/li>\n<li><i data-icon=\"2\"><\/i><\/li>\n<\/ul>\n<div id=\"contributors-block\">\n<p><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/computerweekly\/Alex-Scroxton-CW-Contributor-2022.jpg\" alt=\"Alex Scroxton\">\n\t\t\t\t\t<\/p>\n<p><span>By<\/span><\/p>\n<ul>\n<li>\n\t\t\t\t\t<a href=\"https:\/\/www.techtarget.com\/contributor\/Alex-Scroxton\">Alex Scroxton,<\/a><br \/>\n\t\t\t\t\t\t<span>Security Editor<\/span>\n\t\t\t\t\t\t<\/li>\n<\/ul>\n<p>\n\tPublished: <span>08 Feb 2023 12:38<\/span>\n<\/p>\n<\/div>\n<section id=\"content-body\">\n<p>The government has finally published its long-awaited response to its review of the <a href=\"https:\/\/www.legislation.gov.uk\/ukpga\/1990\/18\/contents\">Computer Misuse Act (CMA) of 1990<\/a> and opened a new consultation on proposed legislative changes, but has disappointed campaigners who want to see the law reformed <a href=\"https:\/\/www.computerweekly.com\/opinion\/Professionals-need-protection-from-the-Computer-Misuse-Act\">to protect cyber security professionals<\/a> from potential prosecution.<\/p>\n<p>The CMA was introduced before the development of the cyber security industry, and, as it stands, criminalises the act of unauthorised access to a computer, which cyber professionals fear puts them at risk of falling foul of the law <a href=\"https:\/\/www.computerweekly.com\/news\/252492416\/Security-pros-fear-prosecution-under-outdated-UK-laws\">simply for doing their jobs<\/a>.<\/p>\n<p><a href=\"https:\/\/www.gov.uk\/government\/consultations\/review-of-the-computer-misuse-act-1990\/review-of-the-computer-misuse-act-1990-consultation-and-response-to-call-for-information-accessible\">In its response<\/a>, the government said this problem was one of the main issues raised during the review of the CMA, and that while it had \u201ccarefully considered\u201d proposals to introduce statutory defences for various hacking practices, further work is required to consider options, and the risks and benefits associated with doing so.<\/p>\n<p><a href=\"https:\/\/www.cyberupcampaign.com\/\">CyberUp<\/a> campaign spokesman Ollie Whitehouse said: \u201cMore than 21 months since the government announced its review of the Computer Misuse Act, this is a response that is light on delivery. Cyber crime is endemic across the UK. We need urgency and pace \u2013 not for these issues to be kicked into the long grass.<\/p>\n<p>\u201cWe welcome that the government has acknowledged that there is a problem with legitimate cyber security activity being constrained by the UK\u2019s outdated cyber laws; <a href=\"https:\/\/www.computerweekly.com\/news\/252523826\/Report-reveals-consensus-around-Computer-Misuse-Act-reform\">66% of respondents to its consultation agreed on this point<\/a>. And yet [the] announcement lacks concrete action, leaving the UK way behind other nations.\u201d<\/p>\n<p>Whitehouse said the campaigners understood the complexity of the issue and agreed that reforms need careful consideration, but lamented the lack of progress <a href=\"https:\/\/www.computerweekly.com\/news\/252500572\/Government-to-reform-Computer-Misuse-Act\">since the government put the issue on the table nearly two years ago<\/a>.<\/p>\n<p>\u201cWe simply cannot wait another two years for reform \u2013 it is too important for the UK\u2019s enhanced protection in cyber space, not to mention its future prosperity,\u201d he said.<\/p>\n<p>\u201cIt is essential that the government lay out a clear timetable and plan for the next steps, to ensure there are no more delays. CyberUp \u2013 with our coalition of parliamentary and industry supporters \u2013 has been an important part of the debate over the last four years, and we will continue to work with the government to get this right.\u201d<\/p>\n<p>Issues the government wants to consider further before introducing reforms to the law include safeguarding the UK\u2019s ability to act against cyber criminals and other threat actors, and ensuring that any defences do not provide cover for offensive actions.<\/p>\n<p>It also wants more time to consider the benefits that introducing defences could provide, acknowledging that a strong cyber security ecosystem is important to the overall resilience of the UK.<\/p>\n<p>The government now wants to consider whether and what defences \u2013 including potentially non-legislative solutions \u2013 should be introduced in the context of how cyber pros can be supported and developed, considering what activity that may conflict with the CMA is legitimate for cyber pros to undertake, and what standards and training may need to be in place to guarantee they are qualified to do so. This work will be taken forward as part of Westminster\u2019s wider work to improve the UK\u2019s national cyber security posture.<\/p>\n<section data-menu-title=\"Wider consultation\">\n<h3><i data-icon=\"1\"><\/i>Wider consultation<\/h3>\n<p>The wider consultation \u2013 which will run until April 2023 \u2013 will seek views on a number of proposed legislative changes to the CMA that the government believes it may be appropriate to make.<\/p>\n<p>The first of these changes would see UK law enforcement agencies receive powers to take down and seize domain names and IP addresses being used by cyber criminals and threat actors \u2013 something that is done on a voluntary basis today by groups such as Action Fraud and the National Cyber Security Centre (NCSC).<\/p>\n<p>The government believes formalising these arrangements would put UK agencies on a more equal footing with international partners, and enable better cooperation with foreign agencies such as the FBI in the US.<\/p>\n<p>The second proposed change is to give the UK\u2019s law enforcement agencies, as well as His Majesty\u2019s Revenue and Customs (HMRC), the power to require the preservation of existing data by a data owner to prevent it from being deleted.<\/p>\n<p>Currently, UK agencies can only request data to be preserved on a voluntary basis, an arrangement that works well enough in most circumstances, but the government says it sees benefits in formalising this, particularly given the growing number of legal cases that require electronic evidence.<\/p>\n<p>The new powers would not give law enforcement the ability to seize data, rather to allow it to assess if the data is relevant to an investigation. They would also cover requests from overseas agencies.<\/p>\n<p>The third and final proposed change is to create a new offence of possessing or using illegally obtained data. The CMA covers unauthorised access to data, but not its removal or copying, and creating a new offence would seal off a loophole which makes it difficult to take action against someone possessing or using data obtained through a CMA offence, for example where the person who now possesses the data did not actually commit the CMA offence.<\/p>\n<p>The government is concerned it is not possible to charge that person with theft or handling stolen property because theft is defined as \u201cpermanently depriving\u201d the original owner of their property, whereas most instances of data theft involve copying it.<\/p>\n<p>The consultation will also consider two other areas where the CMA may usefully be reformed. The first of these areas is the consideration of firming up extra-territorial provisions in the CMA to establish clearer jurisdiction when offences don\u2019t necessarily take place in England and Wales.<\/p>\n<p>The government hopes this could eliminate some grey areas, as well as potentially giving the justice system the ability to prosecute for all aspects of cyber criminal activity in the UK rather than restricting prosecution to activity where a \u201csignificant link\u201d can be proved. This could be important where an individual is located in a jurisdiction, such as Russia, that won\u2019t investigate or prosecute.<\/p>\n<p>The other area under consideration is the possibility of revising sentencing guidelines for cyber criminal activity as some stakeholders had suggested that the maximum existing penalties \u2013 up to 12 months in prison on a summary conviction, two years on indictment, or a fine or both \u2013 under the CMA were not necessarily much of a deterrent, and the courts are not currently issuing maximum sentences.<\/p>\n<p>The government also wants to address issues such as distinguishing genuine criminality from script kiddies messing around, and the frequent occurrence of neurodiverse offenders, which introduces questions of vulnerability and safeguarding, and proportionate sentencing.<\/p>\n<p>\u201cCyber crime threatens our citizens, businesses and government. State actors and criminals, at all levels of complexity and with varying intent are targeting homes and businesses across the UK,\u201d wrote security minister Tom Tugendhat in a foreword to the consultation announcement.<\/p>\n<p>\u201cThese are complex issues, and therefore the Home Office will lead a programme to bring stakeholders together to identify how these issues should be addressed to ensure that the UK\u2019s cyber security can counter the risks posed by state threats and criminals.\u201d<\/p>\n<\/section>\n<\/section>\n<section id=\"DigDeeperSplash\">\n<h4>\n\t\t\t<i data-icon=\"m\"><\/i>Read more on Hackers and cybercrime prevention<\/h4>\n<ul>\n<li><a id=\"DigDeeperItem-1\" href=\"https:\/\/www.computerweekly.com\/news\/252529245\/Crest-throws-support-behind-CyberUp-CMA-reform-campaign\"><br \/>\n\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/visuals\/German\/article\/ethics-morals-4-adobe_searchsitetablet_520X173.jpg\" srcset=\"https:\/\/cdn.ttgtmedia.com\/visuals\/German\/article\/ethics-morals-4-adobe_searchsitetablet_520X173.jpg 960w,https:\/\/cdn.ttgtmedia.com\/visuals\/German\/article\/ethics-morals-4-adobe.jpg 1280w\" alt ><\/p>\n<h5>Crest throws support behind CyberUp CMA reform campaign<\/h5>\n<div>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/computerweekly\/Alex-Scroxton-CW-Contributor-2022.jpg\" alt=\"AlexScroxton\">\n\t\t\t\t\t\t\t\t\t<\/p>\n<p><span>By: <span>Alex\u00a0Scroxton<\/span><\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/div>\n<p>\t\t\t\t<\/a><\/li>\n<li><a id=\"DigDeeperItem-2\" href=\"https:\/\/www.computerweekly.com\/news\/252527437\/New-gold-standard-to-protect-good-faith-hackers\"><br \/>\n\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/visuals\/German\/article\/ethical-hacker-adobe_searchsitetablet_520X173.jpg\" srcset=\"https:\/\/cdn.ttgtmedia.com\/visuals\/German\/article\/ethical-hacker-adobe_searchsitetablet_520X173.jpg 960w,https:\/\/cdn.ttgtmedia.com\/visuals\/German\/article\/ethical-hacker-adobe.jpg 1280w\" alt ><\/p>\n<h5>New gold standard to protect good faith hackers<\/h5>\n<div>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/computerweekly\/Alex-Scroxton-CW-Contributor-2022.jpg\" alt=\"AlexScroxton\">\n\t\t\t\t\t\t\t\t\t<\/p>\n<p><span>By: <span>Alex\u00a0Scroxton<\/span><\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/div>\n<p>\t\t\t\t<\/a><\/li>\n<li><a id=\"DigDeeperItem-3\" href=\"https:\/\/www.computerweekly.com\/news\/252525373\/Most-hackers-exfiltrate-data-within-five-hours-of-gaining-access\"><br \/>\n\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/visuals\/German\/article\/ethical-hacker-adobe_searchsitetablet_520X173.jpg\" srcset=\"https:\/\/cdn.ttgtmedia.com\/visuals\/German\/article\/ethical-hacker-adobe_searchsitetablet_520X173.jpg 960w,https:\/\/cdn.ttgtmedia.com\/visuals\/German\/article\/ethical-hacker-adobe.jpg 1280w\" alt ><\/p>\n<h5>Most hackers exfiltrate data within five hours of gaining access<\/h5>\n<div>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/computerweekly\/Sebastian-Klovig-Skelton-CW-contributor.jpg\" alt=\"SebastianKlovig Skelton\">\n\t\t\t\t\t\t\t\t\t<\/p>\n<p><span>By: <span>Sebastian\u00a0Klovig Skelton<\/span><\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/div>\n<p>\t\t\t\t<\/a><\/li>\n<li><a id=\"DigDeeperItem-4\" href=\"https:\/\/www.computerweekly.com\/news\/252524993\/EU-Cyber-Resilience-Act-sets-global-standard-for-connected-products\"><br \/>\n\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/visuals\/ComputerWeekly\/Hero Images\/EU-flag-european-union-adobe_searchsitetablet_520X173.jpg\" srcset=\"https:\/\/cdn.ttgtmedia.com\/visuals\/ComputerWeekly\/Hero%20Images\/EU-flag-european-union-adobe_searchsitetablet_520X173.jpg 960w,https:\/\/cdn.ttgtmedia.com\/visuals\/ComputerWeekly\/Hero%20Images\/EU-flag-european-union-adobe.jpg 1280w\" alt ><\/p>\n<h5>EU Cyber Resilience Act sets global standard for connected products<\/h5>\n<div>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/computerweekly\/Alex-Scroxton-CW-Contributor-2022.jpg\" alt=\"AlexScroxton\">\n\t\t\t\t\t\t\t\t\t<\/p>\n<p><span>By: <span>Alex\u00a0Scroxton<\/span><\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/div>\n<p>\t\t\t\t<\/a><\/li>\n<\/ul>\n<\/section>\n<\/div>\n<p><a href=\"https:\/\/www.computerweekly.com\/news\/365530632\/Campaigners-lament-lack-of-movement-on-Computer-Misuse-Act-reform\" class=\"button purchase\" rel=\"nofollow noopener\" target=\"_blank\">Read More<\/a><br \/>\n Diego Badon<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Westminster has opened a new consultation on proposed reforms to the Computer Misuse Act of 1990, but campaigners who want the law changed to protect cyber professionals have been left disappointed By Alex Scroxton, Security Editor Published: 08 Feb 2023 12:38 The government has finally published its long-awaited response to its review of the Computer<\/p>\n","protected":false},"author":1,"featured_media":607579,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[22491,102500,46],"tags":[],"class_list":["post-607578","post","type-post","status-publish","format-standard","has-post-thumbnail","category-campaigners","category-lament","category-technology"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/607578","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/comments?post=607578"}],"version-history":[{"count":0,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/607578\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media\/607579"}],"wp:attachment":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media?parent=607578"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/categories?post=607578"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/tags?post=607578"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}