Security News > 2022 > February > UK Computer Misuse Act reformers visit Parliament

UK Computer Misuse Act reformers visit Parliament
2022-02-25 11:15

Infosec researcher Rob Dyke, best known to Reg readers for fending off legal threats from not-for-profit open-source foundation Apperta after finding a data breach, has visited Parliament to demand Computer Misuse Act reform.

The security researcher's highly eventful attempt at vulnerability disclosure to Apperta last year resulted in him having to spend £25,000 to see off the open-source org's legal threats, though a crowdfunding campaign helped with the bulk of his legal fees.

The Cyberup campaign, the NCC Group-sponsored industry effort to reform the Computer Misuse Act, highlighted Dyke's travails and said that vulnerability disclosure policies "Have no basis in law." This, said Cyberup in a statement, meant that organisations could "On a whim decide to pursue legal proceedings against innocent cyber security professionals."

Cyberup is calling for the Computer Misuse Act to be amended and include a statutory defence "That would offer good faith cyber security researchers a legal basis to defend their actions against frivolous legal threats."

Big industry companies including F-Secure support the campaign, while smaller firms and independent researchers have expressed fears to The Register that any legal changes would benefit the big entities rather than the entire industry.

Other critics, speaking privately for fear of losing business and job opportunities in the UK's close-knit infosec industry, worry that a new legal defence might hinge on membership of some future registration scheme.


News URL

https://go.theregister.com/feed/www.theregister.com/2022/02/25/cyberup_parliament_rob_dyke/

#UK