Podcast: Guilty Act & Guilty Mind

Written by: David Henderson on Nov 22, 2021

Computer Misuse Act

A quick synopsis of the podcast

History of the Computer Misuse Act

Anna begins by outlining how the impetus for the Computer Misuse Act (CMA) was Crown v Gold and Schifreen in the 1980’s. Robert Schifreen and Stephen Gold gained unauthorised access to BT’s Prestel interactive viewdata service.

They informed BT of the vulnerability, who in turn reported the pair to Scotland Yard. They were prosecuted under the Forgery and Counterfeiting Act 1981 which did not really fit the charges. The convictions were largely overturned for this reason, and this paved the way for the Computer Misuse Act, 1990.


Why the CMA is outdated

Simon shares how he found himself on the “sticky end” of the CMA, and how he feels strongly that security consultants should be allowed to carry out interesting research without fear of investigation (read our recent blog Freedom to Learn).

Search warrant

Simon uses OWASP Juice Box to show just how easily data can be accessed without permission.

Juice Shop

Missouri - glass houses?

Anna explains how under the CMA, even if "hackers" act responsibly once an issue is discovered and alert the authorities about a data privacy issue, they are still committing an offence.

Simon and Anna discuss that, although Missouri Governor Mike Parsons was widely ridiculed for his response to the cyber "attack", if the same incident happened in the UK, it is possible the same legal response would be produced under the CMA.

Mike Parsons

This incident raised a lot of mocking from the cyber security community .... But, actually this would be an illegal act in the UK.

Simon Whittaker, Vertical Structure

There was a report by the Criminal Law Reform Network and they say that the the CMA 1990 is crying out for reform and they're not wrong.

Anna Cartwright, Turley Legal

You can watch the chat in full here (20 mins):


Need help?

Email Us
email hidden; JavaScript is required

Or send us a quick message

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.