14 DAY TRIAL // The Computer Misuse Act (CMA) was modified on March 3, 2015, to grant intelligence and law enforcement services immunity to prosecution for hacking; the changes were passed into law and became effective a month later, without any notification or public debate.
CMA is considered a flexible piece of legislation for dealing with cybercrime in the UK and has been a source of inspiration for similar regulations in other countries.
Notification of CMA changes received a day before hearing
In May 2014, Privacy International, a London-based charity organization that investigates government surveillance and the companies enabling it, filed complaints with the Investigatory Powers Tribunal (IPT) challenging the hacking activities of the Government Communications Headquarters (GCHQ) under the provisions of the CMA.
Privacy International’s action was joined by seven other Internet and communication service providers, who deemed GCHQ’s actions unsupported by legal ground.
On Thursday, one day before a scheduled hearing, all claimants received notifications that the CMA was amended to include provisions absolving law enforcement agencies of legal consequences related to hacking.
Only a few parties were privy to the changes
“It appears no regulators, commissioners responsible for overseeing the intelligence agencies, the Information Commissioner's Office, industry, NGOs or the public were notified or consulted about the proposed legislative changes,” Privacy International said in a post on Friday.
“There was no published Privacy Impact Assessment. Only the Ministry of Justice, Crown Prosecution Service, Scotland Office, Northern Ireland Office, GCHQ, Police and National Crime Agency were consulted as stakeholders. There was no public debate,” the organization added.
The legislation was introduced on June 6, 2014, via the Serious Crime Bill and became effective on May 3, 2015. Privacy International says their claim was filed a few weeks prior to that date, suggesting a cause and effect connection between the two events.
Although the government is allowed to do this, the shroud of secrecy surrounding this action raises questions regarding the democratic path followed by lawmakers as far as the rights of certain organizations are concerned.