Security News > 2021 > November > CyberUp presents four principles to keep security researchers out of jail for good-faith probing
Campaigners want a new code of practice alongside a proposed public interest defence for the Computer Misuse Act 1990, in the hope it will protect infosec pros from false threats of prosecution.
In a published paper, CyberUp said it wants judges "To 'have regard to' Home Office or Department for Digital, Culture, Media and Sport guidance on applying a statutory defence that would, ideally, be based on the framework we propose."
CyberUp wants the Home Office, "Owners" of the CMA, to table a Parliamentary amendment to the act which would do two things: insert a public interest defence into the CMA and create a binding guidance document issued by the Home Office.
She said: "The risk of any list of exemptions being unduly limited, or quickly out of date, is significant. The key difference that a defence will make is that those unfairly caught by the current CMA offences have the opportunity to justify their actions and have them deemed defensible, which is something that simply does not exist at present as any act of unauthorised access is criminal without any regard for the circumstances under which it occurred."
The Criminal Law Reform Now Network said in its 2020 report about CMA reform that current conversations around the law are hampered by a lack of useful information about prosecutions as well as "Under enforcement", noting that recommendations for reform should be set.... If CyberUp's proposals become a binding statutory guidance document they'll be an arguable point outside the courtroom as well as in front of a judge, providing a bit of clarity to companies and individual security researchers alike.
None of CyberUp's proposals directly affect civil law, meaning a civil suit in the county or High Court for damages after a breach wouldn't be stopped by a new CMA defence.
News URL
Related news
- Researchers Uncover Major Security Vulnerabilities in Industrial MMS Protocol Libraries (source)
- WeChat devs introduced security flaws when they modded TLS, say researchers (source)
- Researchers Discover Severe Security Flaws in Major E2EE Cloud Storage Providers (source)
- Apple Opens PCC Source Code for Researchers to Identify Bugs in Cloud AI Security (source)
- Germany drafts law to protect researchers who find security flaws (source)