The Home Office has issued a call for evidence on the Computer Misuse Act 1990 (CMA). The CMA is now 30 years old, and the government says that “in general has proved to be a far-sighted piece of legislation” which law enforcement agencies are still able to use to prosecute cyber-dependent related crime. This is despite its age. There have been a number of amendments to the CMA, most recently in 2015, to ensure that UK legislation meets the requirements of the Council of Europe Convention on Cybercrime (Budapest Convention) and other relevant EU directives. However, these changes were relatively limited.
According to the National Cyber Security Strategy 2016 – 2021, there are two major categories of cybercrime. There are cyber-dependent crimes, such as hacking into computer systems, to view, steal or damage data; and cyber-enabled crimes, which include ‘traditional’ crimes such as cyber-enabled fraud and data theft. The latter category of cyber-enabled crime is not covered by the call for evidence.
The CMA is the main UK legislation relating to cyber-dependent crime. The government’s intention with the Call for Information is to identify whether there is activity causing harm in the area covered by the CMA that is not adequately covered by the offences. This includes whether law enforcement agencies have the necessary powers to investigate and take action against those attacking computer systems, and whether the legislation is fit for use following the technological advances since the CMA was introduced.
In addition, the government welcomes any other suggestions about how the response to cyber-dependent crime could be strengthened within the legislative context.
The consultation ends on 8 June 2021.