Computer Misuse Act to be reviewed

CyberUK 21 Priti Patel has promised a government review of the UK's ourdated Computer Misuse Act "this year" as well as condemning companies that buy off ransomware criminals.

The Home Secretary pledged the legal review in a speech at the CyberUK conference this afternoon, organised by the National Cyber Security Centre (NCSC).

"As part of ensuring that we have the right tools and mechanisms to detect, disrupt and deter our adversaries, I believe now is the right time to undertake a formal review of the Computer Misuse Act," said Patel.

Passed in 1990, the Computer Misuse Act (CMA) was last majorly amended in 2008, lengthening prison sentences available and clearly criminalising DDoS attacks, something that was felt by government to be unclear at the time.

"Today (10th May) I am announcing we are launching a call for information on the Act this year," continued Patel. "I urge you all to provide your open and honest views on ensuring that our legislation and powers continue to meet the challenges posed by threats to cyberspace."

Patel's promise represents victory for the CyberUp campaign, which has leaned on government over the past couple of years to amend the CMA and bring it up to date for the modern era.

"The review should consider broadly how to combat cybercrime including helping UK cyber security companies to defend people and organisations and address the industry skills shortage."

Everyone's afraid of breaching it when doing their jobs - even the police

The Law Commission, a government law reform body, published a report on search warrants in October 2020 that highlighted police fears about breaching the CMA while investigating online crimes. That report [PDF] recommended reform of the act for three reasons:

The first reason accords with the observation made by the Law Society and which we have endorsed elsewhere: it would be beneficial to both the individual subject to a warrant and investigators, to have clarity on the powers available and the extent of them.

The second reason is that the limits on the use of the power could then be made explicit in its statutory formulation.

A third and more specific reason is that without lawful authority, an investigator may be committing an offence under the Computer Misuse Act 1990 by searching an electronic device.

Patel also pledged to tackle "online child sexual abuse", revealing that 800 arrests had taken place in the last year for this despicable crime alone.

Ransomware is bad and you shouldn't give in to criminals

The Home Secretary also delivered a direct attack on companies that pay off ransomware criminals in the hope of decrypting their data and preventing publication of trade secrets, staffers' personal data and more.

"Government has a strong position against paying ransoms to criminals, including when targeted by ransomware," said Patel today.


Paying a ransom in response to ransomware does not guarantee a successful outcome. You will not protect networks from future attacks, nor will it prevent the possibility of future data loss. In fact paying a ransom is likely to encourage further criminality.

Patel's condemnation comes shortly after the multinational Ransomware Taskforce, a public-private offshoot of the US-based Institute for Security and Technology, pointed out in a report [PDF] that ransom funds "may be used for the proliferation of weapons of mass destruction, human trafficking, and other virulent global criminal activity". Yet the taskforce notably stopped short of recommending a global ban on ransom payments.

The topic is a hot one: many businesses, fearful of regulatory action and negative publicity, quietly pay up and hope nobody notices – as well as praying that the crime don't come back for a second bite of the cherry.

It always a good idea to keep your laptop updated with the lastest patches to reduce the risk of breaches.

Image by Photo by Kaitlyn Baker on Unsplash

Owner of, technical specialist who has a passion for the environment and loves his tech.