UK finally vows to look at 35-year-old Computer Misuse Act

Portugal has become the latest country to carve out protections for researchers under its cybersecurity law.

The move increases pressure on the UK after a government minister admitted last week that the 35-year-old Computer Misuse Act needed updating to protect cybersecurity pros from prosecution.

Security minister Dan Jarvis told a Financial Times conference that the government had "heard the criticisms" and was looking to create a "statutory defense" for researchers to spot and share vulnerabilities if they met certain safeguards.

It's taken decades to get here. The Computer Misuse Act 1990 (CMA) was created after IT journalist Steve Gold and fellow hacker Robert Schifreen were accused of accessing the Duke of Edinburgh's BT Prestel email account.

Gold and Schifreen were prosecuted under forgery and counterfeiting legislation but were freed on appeal. The government created the CMA in response – passing it in 1990 before modern cybersecurity research, ecommerce, cybercrime ...