"It's taken decades to get here. The Computer Misuse Act 1990 (CMA) was created after IT journalist Steve Gold and fellow hacker Robert Schifreen were accused of accessing the Duke of Edinburgh's BT Prestel email account. Gold and Schifreen were prosecuted under forgery and counterfeiting legislation but were freed on appeal. The government created the CMA in response - passing it in 1990 before modern cybersecurity research, ecommerce, cybercrime, vulnerability reporting, or even The Register existed."
"In December 2004, he made a donation to a site raising money for victims of the Boxing Day Tsunami. When he did not receive a thank you or confirmation page, Cuthbert carried out two tests to ensure it wasn't a scam page, setting off an "Intruder Detection System." A district judge said he found the case proved, but "with some considerable regret.""
Portugal has introduced legal protections that shield security researchers conducting vulnerability tests under defined safeguards. The change increases pressure on the UK after minister Dan Jarvis acknowledged that the 1990 Computer Misuse Act requires updating to protect cybersecurity professionals from prosecution and suggested a statutory defense for responsible vulnerability disclosure. The CMA originated after prosecutions of Steve Gold and Robert Schifreen and predates modern cybersecurity, ecommerce, and coordinated vulnerability reporting. The case of Daniel Cuthbert, convicted under the CMA for benign testing in 2004, illustrates the act's rigidity and motivates calls for narrowly scoped, proportionate safe harbors for researchers.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]