Legitimate cybersecurity activities under a reformed UK Computer Misuse Act (CMA) 1990

The CyberUp Campaign has set out an expert consensus report of cyber activities that should be considered legitimate under the UK CMA 1990, to improve the UK cybersecurity sector.

The report established that activities such as proportionate threat intelligence, responsible vulnerability, research and disclosure, active scanning, remunerations, use of open directory listings, identifications, and honeypots should be considered legitimate. The CyberUp stated that this consensus should work as a guiding tool for courts to adjudicate which behaviours and acts should continue to be criminalised.