Local law enforcement officers have long faced various restrictions when investigating crimes, and their pleas have finally been heard.
UK lawmakers are actively discussing the need to update the law on cybercrime, the current version of which now makes it difficult to effectively deal with hackers and other cyber attackers. This opinion was expressed by experts during yesterday's parliamentary hearing on the national security strategy.
The Computer Misuse Act of 1990 prohibits unauthorized access to computer systems and data, as well as their damage or destruction. However, this law does not recognize data theft as a criminal offense, said Graham Biggar, director general of the National Crime Agency of Great Britain.
"At this time, data theft is not a crime, or at least not a crime in the sense that we can effectively use it. It is also not a crime to illegally handle stolen property, if it is data. These are serious obstacles for us to investigate and stop crimes, " Biggar said.
The Speaker also called for expanding the powers of the British authorities to prosecute foreign cybercriminals. Under current law, jurisdiction is limited to UK citizens or those who use UK infrastructure. As an example of this limitation, Biggar cited recent sanctions against seven Russians accused of developing and managing the TrickBot malware.
"At this time, we cannot issue arrest warrants against violators who are located abroad, are not British citizens and did not use the British infrastructure in their attacks," Biggar said, clearly implying that sanctions against such cyber attackers alone are not enough.
Amendments to the law would allow the National Crime Agency and other British federal agencies to obtain criminal warrants for criminals who would be included in the Interpol list of wanted persons and could be extradited to the UK for trial.
Cybersecurity experts, in turn, insist on changes in this law to exclude vulnerability detection and penetration testing from the list of criminal offenses, based on the law prohibiting unauthorized access to computer systems.
Although the British Ministry of Defense confirmed back in 2020 that it would not prosecute researchers who comply with its disclosure policy, specialists would be more satisfied if it was written directly into the law.
UK lawmakers are actively discussing the need to update the law on cybercrime, the current version of which now makes it difficult to effectively deal with hackers and other cyber attackers. This opinion was expressed by experts during yesterday's parliamentary hearing on the national security strategy.
The Computer Misuse Act of 1990 prohibits unauthorized access to computer systems and data, as well as their damage or destruction. However, this law does not recognize data theft as a criminal offense, said Graham Biggar, director general of the National Crime Agency of Great Britain.
"At this time, data theft is not a crime, or at least not a crime in the sense that we can effectively use it. It is also not a crime to illegally handle stolen property, if it is data. These are serious obstacles for us to investigate and stop crimes, " Biggar said.
The Speaker also called for expanding the powers of the British authorities to prosecute foreign cybercriminals. Under current law, jurisdiction is limited to UK citizens or those who use UK infrastructure. As an example of this limitation, Biggar cited recent sanctions against seven Russians accused of developing and managing the TrickBot malware.
"At this time, we cannot issue arrest warrants against violators who are located abroad, are not British citizens and did not use the British infrastructure in their attacks," Biggar said, clearly implying that sanctions against such cyber attackers alone are not enough.
Amendments to the law would allow the National Crime Agency and other British federal agencies to obtain criminal warrants for criminals who would be included in the Interpol list of wanted persons and could be extradited to the UK for trial.
Cybersecurity experts, in turn, insist on changes in this law to exclude vulnerability detection and penetration testing from the list of criminal offenses, based on the law prohibiting unauthorized access to computer systems.
Although the British Ministry of Defense confirmed back in 2020 that it would not prosecute researchers who comply with its disclosure policy, specialists would be more satisfied if it was written directly into the law.
