News

Government looking to boost powers of Computer Misuse Act

Proposed new powers include the ability for law enforcement agencies to seize IP addresses and domains.
Proposed new powers include the ability for law enforcement agencies to seize IP addresses and domains. Proposed new powers include the ability for law enforcement agencies to seize IP addresses and domains.

The Government is considering giving new powers to law enforcement agencies to seize IP addresses and web domains being used by criminals to carry out offences online.

As part of a review of the Computer Misuse Act (CMA), the Government said it would now seek views on the proposed new power and several others designed to tackle online harms.

In a written statement to Parliament published on Tuesday, security minister Tom Tugendhat said a formal consultation would also consider the development of a power that would require the preservation of computer data ahead of its seizure by law enforcement agencies, to prevent it being deleted.

“While requests from law enforcement agencies for preservation are generally met, the UK does not have an explicit power to require such preservation, and having such a power would make the legal position clear,” Mr Tugendhat said in the statement.

A further power that would enable action to be taken against a person possessing or using data obtained by another person in an illegal way is also being considered.

Mr Tugendhat said that while the CMA already covers unauthorised access to a computer, “the unauthorised taking or copying of data is not covered by the Theft Act so it is difficult to take action in these cases”.

He said issues around the levels of sentencing, statutory defences to CMA offences, issues around the ability to report vulnerabilities and whether the UK has sufficient legislation to cover “extra-territorial threats” were raised during the Government’s initial call for information and would now be considered further.

Tom Tugendhat
Tom Tugendhat Security minister Tom Tugendhat (PA

“As part of our work to improve the cybersecurity of the UK, we will work with a wide range of stakeholders with a policy interest in these areas, to ensure that any proposals that we take forward will deliver enhanced protection of the UK in cyberspace,” Mr Tugendhat said.

“It is essential that the UK has the right legislative framework to allow us to tackle the harms posed to our citizens, businesses and government services online.

“As part of this, we initiated a review of the CMA, and following a Call for Information on the CMA, we have been considering the proposals made in response.

“A number of proposals were put forward, both for changes to the Act itself, and for additional powers to allow law enforcement agencies to more effectively tackle the offences covered by the Act.”