Legislative reform is a journey and the road we’re travelling on is paved with obstacles.
NCC Group embarked on the quest to reform the UK’s Computer Misuse Act 1990 in 2018. We were driven by the very real barriers the Act’s provisions presented to the work of our threat intelligence teams.Forcing them to act with one hand tied behind their backs so as not to break the law had commercial implications, but also prevented us from being the most effective private sector partners to the UK’s law enforcement and national cyber security agencies in their fight against cyber crime.
Making the case to political decision-makers, our concerns were generally regarded sympathetically: thank you to the political and industry stakeholders willing to engage in discussion and dialogue.
Nevertheless, at the time, the UK Government’s nearly sole focus on Brexit negotiations meant that there was little parliamentary time available for anything else that wasn’t deemed an absolute and immediate priority.
The launch of Sir Craig Mackey’s Serious and Organised Crime Review in October 2019, and the universal commitment to prioritisaton and investment in the fight against cyber crimein the December 2019 General Election manifestos, alongside a stable majority government looked like fertile ground for reiterating the case for reforming the 30-year old piece of legislation..
While there is a way to go yet to achieve the ultimate objective of reforming the Computer Misuse Act to give cyber security and threat intelligence researchers the legal certainty to carry out their work without fear of prosecution, formally passing over the baton of campaigning to the CyberUp Campaign is as good an opportunity as any to reflect on the milestone achievements over the last years and months:
- Our first expert roundtable, held at the Supreme Court, bringing together academic, legal and industry experts, demonstrated the widespread consensus of the Computer Misuse Act’s shortcomings and the need for a phased approach to ensure the law remained fit for purpose for the realities of the 21st century and the modern cyber defensive industry that has evolved over the last 30 years. A second industry briefing concluded that the breadth, ambiguity and lack of clarity of the Act’s provisions acted as a barrier to a range of activities, including intelligence gathering and threat assessments, and highlighted that updating the legislation would support government objectives of prosperity, safety and security.
- A tweet by Daniel Cuthbert, who was “regrettably” convicted under the Computer Misuse Act in 2005, served as a timely reminder that a better drafted, more appropriate law would safeguard individuals from prosecution for doing their jobs in good faith.
- Leading industry representatives coming together to pen a joint open letter to the Conservative Party’s leadership contenders to unleash the potential of the UK cyber security industry showed the industry’s willingness to work together to make the case for reform.
- The parliamentary launch of the Criminal Law Reform Now Network’s 140+ in-depth report on reform recommendations for the Computer Misuse Act, widely praised for its sensible approach and suggestions, offered an independent blueprint for a modern framework to promote the UK’s cyber resilience.
- And finally, the formal launch of the CyberUp Campaign this week visibly shows the momentum behind the calls for Computer Misuse Act reform now. While NCC Group remains a core supporter of the Campaign, it is unbelievably reassuring to see the level of support galvanising behind it and the inroads that have been made.
As the CyberUp campaign builds on the progress to date, picks up the momentum and presses the case on behalf of the UK’s cyber defenders, now is not the time to let up. With the digital resilience of the UK and its frontline institutions more important than ever, now truly is the time to CyberUp.