Amendments To Computer Misuse Act Raise Security Research Concerns

By Brian Turner

At a round table debate in London, experts warned that amendments to the Computer Misuse Act could result in security researchers leaving the country. The amendments make it easier for companies to bring legal action against any security researcher who publicises vulnerabilities in hardware and software.

Malcolm Hutty, Head of Public Affairs, London Internet Exchange (Linx), warned that security researchers could be served with take-down notices from companies whose products were shown to have flaws, even if the Crown Prosecution service did not intend to prosecute.

Mr Hutty also warned that websites carrying software tools to carry out penetration testing on networks could be under threat.

The amendments to the Computer Misuse Act make it a criminal offence to “make, adapt, supply or offer to supply any article intending it to be used to commit, or to assist in the commission of, an offence under section 1 or 3 of the Act or believing that it is likely to be so used.”

The purpose of this clause is to make “hacker” tools illegal. This could result in researchers removing penetration testing tools from websites if could be proved that the tools could also be used for criminal purposes.

Many Linux distros sites contain tools such as port scanners and tcp dumps used to carry out security audits, which may have to be taken out if the laws against hacking are stringently enforced.