Lord joins campaign urging UK government to reform ye olde Computer Misuse Act

A Conservative peer has joined calls to reform the Computer Misuse Act (CMA) days after the government declared that infosec and "cyber power" are the key to British foreign and industrial policy for the 2020s.

Lord Holmes of Richmond told The Register he wants to support British infosec companies, which he said were "held back for want of a few strokes of the legislative pen" in reforming the CMA.

"Over the next few weeks, I intend to be having conversations and meetings, both with colleagues, and indeed, with Home Office ministers to really understand what the level ground that we're all standing on is, where their issues are, and how we can work together to move this forward," said the House of Lords backbencher.

In an article he published yesterday, the peer urged Boris Johnson's government to "put rocket boosters underneath our already successful cyber security sector", writing: "The CyberUp Campaign estimate[s] that a reformed CMA could bring in more than £1.6bn in additional revenue, and lead to 6,400 jobs being added. These would be high skilled, well paid jobs, and would attract talent from around the world to the UK, allowing us to truly become an international hub for cyber resilience and skills."

CyberUp is the name of a campaign led by NCC Group, along with fellow leading lights of the UK infosec sector including Nettitude, Context, and Orpheus Cyber among others. It aims to rewrite the CMA to remove the threat of criminal prosecution from threat intelligence researchers.

Currently, section 1 of the CMA criminalises any "unauthorised access" to a computer. There is no public interest defence, so accessing a ransomware criminal's systems to identify a potential decryptor as part of incident response, for example, is illegal in the UK – unless the criminals politely give you permission to do that thing. "Unauthorised" can mean as little as using a default username and password from the public domain to log into a device, a point lost on many people.

About 80 per cent of UK infosec professionals fear falling foul of the three-decade-old act, which was originally enacted after the infamous Prestel hack on Prince Philip's email inbox. ®