A Government commitment to introducing a statutory defence as part of expected reform of the outdated Computer Misuse Act 1990 (CMA) has been welcomed. During his anticipated Spring Budget Statement, the Chancellor committed to all nine recommendations made by Sir Patrick Vallance as part of his review of Digital Technology Regulation. The Review’s recommendation for cyber security was the inclusion of a statutory public interest defence in the CMA.
The review, published alongside the Budget yesterday, recommends “amending the Computer Misuse Act 1990 to include a statutory public interest defence that would provide stronger legal protections for cyber security researchers and professionals, and would have a catalytic effect on innovation in a sector with considerable growth potential.” The introduction of a statutory defence is just one of nine recommendations made in the review. During his statement to parliament yesterday, the Chancellor Jeremy Hunt said he is “accepting all nine of the digital technology recommendations made by Sir Patrick Vallance in the review I asked him to do in the Autumn Statement.”
The review also acknowledges the Home Office consultation on reform (which closes on April 6). The review references a July 2022 DCMS data breaches survey, which found that in the preceding year, 39 per cent of businesses reported a cybersecurity breach or attack, which “illustrates the gravity of the threat such attacks pose to our economic and national security.” It also highlighted other countries with more permissive regimes such as France, Israel, and the United States and stated that reform would allow “the UK’s cyber industry to compete on a level playing field.”
Ollie Whitehouse, representative of the CyberUp Campaign said: ”The introduction of a statutory public interest defence is a key part of any reform of the Computer Misuse Act. I am therefore delighted to hear the Chancellor in his Budget commit to implementing recommendations in Sir Patrick Vallance’s Digital Technology Regulation Review which include the introduction of such a defence.
“We agree that the potential benefits of reform include catalysing growth of the cyber security industry within the UK and ensuring the sector is able to compete on a level playing field internationally. Reform will enable the UK to face the cyber threats of the future. CyberUp’s coalition of parliamentary and industry supporters will continue to work with the Government during the live consultation and programme of work. We hope they will move forward quickly with proposals.”
About CyberUp
The campaign brings together parliamentarians and bodies from the cyber security industry and has the backing of the CBI and sector body techUK. The Computer Misuse Act, dating from 1990, is the foundational law that governs UK cybercrime – however, it was written when only 0.5 per cent of the UK population had access to the internet. While in many ways the Act has stood the test of time, it did not foresee the advent of a UK cyber industry and, as it is written, it often prevents UK cyber security professionals from carrying out threat intelligence research that can crucially help law enforcement prevent increasing cyberattacks. Since 2019, the CyberUp Campaign has been calling for reform of the Computer Misuse Act to include a statutory defence for good faith research, so long as safeguards are met. Visit www.cyberupcampaign.com.
