Adam Bannister 08 February 2023 at 17:02 UTC
Updated: 09 February 2023 at 10:09 UTC
Campaigner bemoans glacial progress of review and urges government to set clear timetable
A review of the UK’s creaking cybercrime laws has been criticized for lacking “urgency” after the UK government launched a second public consultation on the issue.
The consultation is primarily seeking feedback on three proposals to emerge from an earlier call for information related to the aging Computer Misuse Act 1990 (CMA).
According to security minister Tom Tugendhat, these proposals would grant law enforcement agencies new powers to seize control of maliciously deployed domains and IP addresses, “require the preservation of computer data” while police determine the data’s relevance to an investigation, and take action against persons “possessing or using data obtained by another person through a CMA offence”.
Tugenhadt also invited comment on sentencing, extra-territorial threats, and the prospect of introducing a statutory defense for hacking undertaken for good-faith or benign rather than malicious motives.
The CyberUp campaign, which lobbies for a complete overhaul of the CMA, wants robust legal protections for responsible vulnerability research and disclosure, disseminating threat intelligence, best practice internet scanning, enumeration, use of open directory listings, and running honeypots.
The campaign, whose backers include the Confederation of Business Industry (CBI) and parliamentarians like Lord Chris Holmes, believe the lack of legal clarity for good-faith security work threatens to undermine vital intelligence-sharing between the private cybersecurity industry and law enforcement agencies.
RELATED Statutory defense for ethical hacking under UK Computer Misuse