The Computer Misuse Act (1990) is 30 years old and was already out of date before it even got started. It came into effect in the UK during 1990 and just one year later the world wide web was released to the public; the rules of engagement were set before anyone even had a chance to work out this new and sweeping technological epoch being born. The CMA looks at unauthorised access or abuse to computer systems, long before everyone had a computer in their school let alone at home or in their pocket. Microsoft had just introduced the world to graphical interfaces and Word and Excel. It would be 6 years before VPN's were even invented, 10 years before Google was launched and an incredible 14 years before Facebook. The CMA was too much too soon.
The very basis of the CMA is broken at worst and flawed at best. Technology back in 1990 was limited to modems hooked into telephone lines and speeds of a heady 14.4kilobits per second. The Cold War was just coming to an end, the Channel Tunnel between France and England had just been completed and Timothy Dalton was still James Bond.
A lot of things happened in 1990 and so the sweeping CMA is just a small dot in the history books of the world at that time, but the reaching effects can touch anyone even today in ways that would be unfathomable to those that penned the Act 30 years ago. It is written in a way that if you were to take the absolute letter of the legislation to heart, even the fundamental aspect of Googling an answer should require pre-authorisation to attempt. This, among many other reasons, shows that the very basis of the act is broken at worst and flawed at best. The relevance of the CMA now is a bit like space exploration being determined by the Victorians' understanding of flight.
Beyond this basic lack of understanding of the changing world, the Act does not reflect even basic definitions used today: the computer is no longer a single entity sitting within a large beige box under a desk, it's inherent in every aspect of life, from the mobile phone to the doorbell. Definitions of data, use and even programmes or apps are woefully missing.
The CMA should be reformed to show clarity over disparity. The word 'hacking' has been subject to misunderstanding and misuse over the years in mainstream media. It is therefore important that any reform of the CMA reflects the clear boundaries between criminal and ethical/legal hacking. The CMA needs to be reformed to reflect the world not only as it is 30 years after the fact but to protect both entrepreneurs and security professionals whilst helping to convict the true criminals abusing the systems we rely on as a society. The CMA should be reformed to show clarity over disparity.
That is why we have joined the CyberUp campaign. Find out more about CyberUp and join the fight for reform by visiting the campaign website.
Keep up to date with what others are doing via the CyberUpCampaign twitter profile.