Outdated laws put UK's cybersecurity at risk: report

By Karim El-Bar

LONDON (AA) – Britain’s anti-hacking laws are outdated and placing the country’s cybersecurity at risk, according to a new report released Wednesday.

The Computer Misuse Act 1990 is now 30 years old and must be updated, according to the Criminal Law Reform Now Network (CLRNN), a group of academics from Birmingham and Cambridge universities that specializes in legal reform projects.

CLRNN said current cybercrime laws are “preventing cybersecurity professionals from carrying out threat intelligence research against cybercriminals and geopolitical threat actors,” which is “leaving the U.K.'s critical national infrastructure at increased risk.”

The law is meant to criminalize cyberattacks such as malware and denial of service attacks as well as illegally gathering information or extorting businesses and private individuals.

As it stands, however, the law also exposes journalists, academics and cybersecurity professionals to the risk of prosecution for researching cyber threats in the public interest.

The report called for an updated legal framework that was “fit for purpose – allowing ethically motivated cyber defenders, security researchers and journalists to pursue their work with greater legal certainty while improving the ability of the state to identify, prosecute and punish those acting against the public interest.”

“The Computer Misuse Act is crying out for reform. It needs to be future- and technology-proofed to ensure it can meet the challenges of protecting the embedded internet-based culture we all live in and depend on,” said Simon McKay, a lawyer, CLRNN member and project lead on the report.

Dr. John Child, a criminal law lecturer at Birmingham University and co-director of CLRNN, supported McKay’s assessment.

“The legal case for reform of the Computer Misuse Act 1990 is overwhelming. Experts from academia, legal practice and industry have collaborated to identify the best route to ensure proper penalties are enforced to enable prosecution of hackers and companies who benefit from their activities whilst permitting responsible cyber security experts to do their job without fear of prosecution.”

Ollie Whitehouse of the NCC Group, a cyber security company, said: “This report shines a welcome light on the U.K.’s outdated cybersecurity crime laws, which leave the cyber industry tackling one of the biggest threats facing our national security within a regime drawn up 30 years ago – when less than 0.5% of the world’s population had access to the internet.”

“The government needs to take urgent action by updating and upgrading the Computer Misuse Act so our nation’s cyber defenders no longer have to act with one hand tied behind their backs, paralyzed by the fear of being prosecuted for doing their jobs.”