Insights Home Office launches Call for Information on Computer Misuse Act 1990

As the Home Office explains, the Computer Misuse Act 1990 (CMA) is now 30 years old. In general, it has proved to be a far-sighted piece of legislation which law enforcement are still able to use to prosecute cyber-dependant related crime, despite its age. There have been a number of amendments to the Act, most recently in 2015, to ensure that UK legislation meets the requirements of the Council of Europe Convention on Cybercrime (Budapest Convention) and other relevant EU Directives. However, these changes were relatively limited.

As set out in The National Cyber Security Strategy 2016 – 2021 (NCSS), there are two major categories of cybercrime: (i) cyber-dependent crimes, such as hacking into computer systems to view, steal or damage data; and (ii) cyber-enabled crimes, which include “traditional” crimes, such as cyber-enabled fraud and data theft.

The 1990 Act is the main UK legislation relating to cyber-dependent crime. The Government’s intention with the Call for Information is to identify whether there is activity causing harm in the area covered by the Act that is not adequately covered by the offences. This includes whether law enforcement agencies have the necessary powers to investigate and take action against those attacking computer systems, and whether the legislation is fit for use following the technological advances since the 1990 Act was introduced. In addition, the Home Office would welcome any other suggestions on how the response to cyber-dependent crime could be strengthened within the legislative context. The Call for Information does not cover cyber-enabled crime.

The Call for Information closes on 8 June 2021. To access the consultation, click here.