Ethical hackers urged to respond to Computer Misuse Act reform proposals

/in


Ethical hackers, security researchers and consultants, and the community at large are being urged to step up and make their voices heard as the government explores a series of proposed changes to the Computer Misuse Act (CMA) of 1990.

The long-awaited consultation, which has been running since February, is seeking views on a number of legislative changes, including giving new powers to law enforcement agencies and closing existing loopholes that make it easier for malicious actors to get away with misusing purloined data.

However, when the consultation was launched, campaigners who want to see the law reformed to better protect cyber security professionals from prosecution under outdated sections of the 33-year-old CMA were left disappointed because rather than lay out concrete proposals for the community to consider, the government merely said more work was needed on this point.

Among other things, Westminster wants to consider questions such as how to safeguard the UK’s ability to act against cyber criminals if legal defences for hacking are implemented; how to ensure any defences do not provide cover for offensive actions; and what levels of training, standards and certifications need to be in place for security professionals.

Nevertheless, Casey Ellis, founder and CEO of crowdsourced security platform Bugcrowd, is calling on the community to have its say on the basis that interested parties need to contribute to ensure the government is as well-informed as possible.

“It’s still important that as many as possible individuals and organisations have their say on this,” he said. “The UK needs a revised act that not only better defines the difference between the activities of malicious attackers who have no intent to obey the law in the first place, and those who hack in good faith, discovering and disclosing vulnerabilities so they can be addressed before they are exploited.

Bugcrowd, which is contributing to the consultation through the Cybersecurity Policy Working Group (CPWG) and the Hacker Policy Coalition, said that the most significant way in which community members could help would be to comment on the potential of a statutory legal defence for hacking if…

Source…