Outdated laws put UK's cybersecurity at risk: Report

Britain's anti-hacking laws are outdated and placing the country's cybersecurity at risk, according to a new report released on Jan. 22.

The Computer Misuse Act 1990 is now 30 years old and must be updated, according to the Criminal Law Reform Now Network (CLRNN), a group of academics from Birmingham and Cambridge universities that specializes in legal reform projects.

CLRNN said current cybercrime laws are "preventing cybersecurity professionals from carrying out threat intelligence research against cybercriminals and geopolitical threat actors," which is "leaving the U.K.'s critical national infrastructure at increased risk."

The law is meant to criminalize cyberattacks such as malware and denial of service attacks as well as illegally gathering information or extorting businesses and private individuals.

As it stands, however, the law also exposes journalists, academics and cybersecurity professionals to the risk of prosecution for researching cyber threats in the public interest.

The report called for an updated legal framework that was "fit for purpose - allowing ethically motivated cyber defenders, security researchers and journalists to pursue their work with greater legal certainty while improving the ability of the state to identify, prosecute and punish those acting against the public interest."

"The Computer Misuse Act is crying out for reform. It needs to be future- and technology-proofed to ensure it can meet the challenges of protecting the embedded internet-based culture we all live in and depend on," said Simon McKay, a lawyer, CLRNN member and project lead on the report.

Dr. John Child, a criminal law lecturer at Birmingham University and co-director of CLRNN, supported McKay's assessment.

...