[Previous entry: "4000 Breaches!!!"] [Next entry: "UK Data Security Breach Notification law put on ice?"]

10/28/2007: "Computer Misuse Act Section 3a clarification"

The Police and Justice Bill 2006 made some ammendments to the UK's Computer Misuse Act. Specifically the new Section 3A essentially criminalised the development, ownership or distribution of hacking tools. Such tools have legitimate uses and are used and developed extensively by the IT security industry and it was fear this may lead to unwarranted prosecutions. However, on the 25th of October 2007, the Government released a reply to the report from the House of Lords Science and Technolgy Committee on Personal Internet Security. It contains clarification for Section 3A of the CMA:


"We note, but do not accept, the Committee's view that security researchers are at risk of being criminalised because of the recent amendment to the Computer Misuse Act (CMA), namely the new section 3A offence which criminalises the making, supplying or obtaining of articles for use in offences under section 1 or 3 CMA. We believe that it is right that those in the legitimate IT security sector, who make, adaptand supply tools as part of their daily work should have confidence that the new offence will be used appropriately and be assured that their practices and procedures fall within the law. The CPS is currently drafting guidance on how the new section 3A offence will be dealt with and this will be issued shortly."

When the CPS release these guidelines I'll post the details.