A quick synopsis of the podcast

History of the Computer Misuse Act

Anna begins by outlining how the impetus for the Computer Misuse Act (CMA) was Crown v Gold and Schifreen in the 1980’s. Robert Schifreen and Stephen Gold gained unauthorised access to BT’s Prestel interactive viewdata service.

They informed BT of the vulnerability, who in turn reported the pair to Scotland Yard. They were prosecuted under the Forgery and Counterfeiting Act 1981 which did not really fit the charges. The convictions were largely overturned for this reason, and this paved the way for the Computer Misuse Act, 1990.

Why the CMA is outdated

Simon shares how he found himself on the “sticky end” of the CMA, and how he feels strongly that security consultants should be allowed to carry out interesting research without fear of investigation (read our recent blog Freedom to Learn).

Simon uses OWASP Juice Box to show just how easily data can be accessed without permission.

Missouri - glass houses?

Anna explains how under the CMA, even if "hackers" act responsibly once an issue is discovered and alert the authorities about a data privacy issue, they are still committing an offence.

Simon and Anna discuss that, although Missouri Governor Mike Parsons was widely ridiculed for his response to the cyber "attack", if the same incident happened in the UK, it is possible the same legal response would be produced under the CMA.

You can watch the chat in full here (20 mins):

Links

• Crown v Gold & Schifreen overview
• Vertical Structure blog, Freedom to Learn
• Hackerone, vulnerability coordination and bug bounty platform
• OWASP Juice Shop
• CyberChef tool from GCHQ
• The CyberUp campaign website
• Turley Legal website
• Criminal Law Reform Network report, "Reforming the Computer Misuse Act 1990".