Consultation commenced on efficacy of Computer Misuse Act

Credit: Thomas Schanz/CC BY-SA 3.0

The government is to examine whether the UK’s 30-year-old cybercrime laws remain fit for purpose.

This country’s primary piece of legislation for prosecuting cyberattacks remains the Computer Misuse Act (CMA) of 1990. In a call-for-information document to kick off a consultation process, the Home Office said that the act “has proved to be a far-sighted piece of legislation, which law enforcement are still able to use to prosecute cyber-dependent related crime, despite its age”.

Cyber-dependent crime is the term used by authorities to describe offences that have, effectively, only come to exist in the internet age, such as hacking and malware attacks. 

Also part of the cybercrime field – although not in the scope of the consultation, and generally prosecuted via laws other than the CMA – is cyber-enabled crime. This term describes so-called traditional offences, such as theft or fraud, that are now often committed online.

Related content

• ‘Policing is not set up for a world in which so much crime is committed online’
• Survey reveals increase in cybercrime concerns during lockdown
• All police forces create cybercrime units

The Home Office said: “Our intention with this call for information is to identify whether there is activity causing harm in the area covered by the act that is not adequately covered by the offences. This includes whether law enforcement agencies have the necessary powers to investigate and take action against those attacking computer systems, and whether the legislation is fit for use following the technological advances since the CMA was introduced. In addition, we would welcome any other suggestions on how the response to cyber-dependent crime could be strengthened within the legislative context.”

The CMA has been updated and amended at various points in its three-decade lifespan, most recently in 2015. The government said that all changes to date have been “relatively limited”, and it now wishes to consider whether more substantial reforms are required.

Launched this week and running until 8 June, the consultation is seeking input from academics, law-enforcement professionals, and industry representatives from the cybersecurity sphere and across the wider private sector.

Areas in which feedback is being sought include the codification of offences, legal protections, the powers available to the police and other agencies, and the punishment of offenders. Government also wishing to consider issues of jurisdiction, as well as the overall context of cybercrime law and how the UK compares to international counterparts. 

“We welcome suggestions on all of these, and also an indication of the benefits and risks that would accrue from any changes,” the call for information said.