Lords call on Government to update Computer Misuse Act through Data Bill

On Wednesday afternoon, several peers spoke in support of Lord Holmes’s amendment to the Data (Use and Access) Bill proposing to update the Computer Misuse Act with a statutory defence to allow cybersecurity professionals to defend themselves from prosecution for legitimate cyber defensive activities.

While the Government did not take up the amendment, it was clear that the number of peers speaking in support of the amendment that the issue remains at the forefront of the debate around improving UK cyber defences.

In response to the Government’s decision, Andrew Jones, Strategy Director of the Cyber Scheme and supporter of the Campaign, said:

“Whilst we are slightly disappointed by the Government’s decision not to seize this opportunity to bring the Computer Misuse Act into the 21st century, we are encouraged by their recent comments suggesting a review of the Act is being considered. Until then, the CMA will remain an outdated piece of legislation, preventing our cyber security professionals from defending organisations effectively and leaving us lagging behind peer nations, as the US and EU move to safeguard ethical cybersecurity work as a cornerstone of national resilience.

With the Chief Executive Officer of the National Cyber Security Centre (NCSC) recently acknowledging that hostile activity in UK cyberspace has increased in "frequency, sophistication and intensity", it is vital that the UK takes measures to upgrade its cyber resilience. 

The statutory defence we propose—drafted in consultation with industry and legal experts—would protect legitimate cybersecurity professionals, strengthen UK cyber defences, and reinforce its place as a cybersecurity leader. We are fully prepared to work with the Government to help implement this necessary change in the future, as soon as it is ready to act.”

The amendments (which can be viewed here and here) sought to provide legal clarity for cyber security professionals, who can currently face prosecution or civil litigation for legitimate cyber defensive activties such as threat intelligence and vulnerability research, and are operating with one hand tied behind their backs.

The campaign is incredibly grateful to the many peers who spoke up with powerful arguments in support of the amendment, including Lord Holmes, Lord Clement-Jones, Lord Bethell, Lord Arbuthnot, Lord Kirkhope and Lord Camrose, and also to Lord Vallance for his intervention reminding the Minister that his recommendation to update the CMA had been accepted by the previous government.

The Campaign will continue undeterred in its efforts to achieve this extremely important outcome for UK cyber security.