A coalition of leading cybersecurity experts, organisations, lawyers and academics have sent an open letter to Prime Minister Boris Johnson urging him to reform the UK’s cybercrime legislation, warning that it makes it harder for professionals to defend against cyber threats.

The letter, seen by Verdict, was sent 30 years to the day of the Computer Misuse Act becoming law. It has been signed by cybersecurity organisations that include F-Secure, Digital Shadows and CREST. Leading cybersecurity experts, including Trend Micro’s Rik Ferguson and McAfee’s Raj Samani, are also among the 20 signatories.

They highlight that when the Computer Misuse Act came into force in 1990, “only 0.5 per cent of the UK population used the internet, and the concept of cybersecurity and threat intelligence research did not yet exist”.

It goes on to say that the outdated law “inadvertently criminalises a large proportion of modern cyber defence practices”.

It specifically identifies section 1 of the Computer Misuse Act, which has a blanket ban on the unauthorised access to any program or data held in any computer.

The signatories argue that this hinders the ability of cybersecurity professionals to scan the computers of compromised victims and those belonging to criminals as part of defensive activities.

“In these cases, criminals are obviously very unlikely to explicitly authorise such access,” the letter states.

“With less threat intelligence research being carried out, the UK’s critical national infrastructure is left at an increased risk of cyberattacks from criminals and state actors.”

The letter points to the US and France as examples of countries with “far more permissive regimes”.

It also suggests that updating the Computer Misuse Act in line with these countries could make the UK’s cybersecurity sector more competitive, resulting in more high-skilled jobs.

“The government has committed to investing in the UK’s digital and technology credentials and, as we move beyond the pandemic, we are calling on the government to make putting in place a new cybercrime regime part of this commitment,” the letter said.

“This will give our cyber defenders the tools they need to keep Britain safe.”


Read more: Australia cyberattacks: “Concerning but not unexpected”