Property

Your phone, laptops, servers and cloud assets are things you suppose to be your property. This is a dangerous and essentially wrong supposition.

Changes are afoot. The Property (Digital Assets etc) Act 2025 has received Royal Assent and will change cyber law significantly.

Meanwhile our idea of computers as property which may be "Trespassed" (intruded upon) is still anchored in the 1990 Computer Misuse Act (CMA): despite its original hasty implementation, Michael Colvin's "provision for securing computer material against unauthorised access" (and subsequent amendments) has served well, but never adequately protected computer systems qua property.

Despite well-meant attempts at legislation, cyber-law has never come close to meeting the reasonable moral expectations of ordinary day-to-day computer users, which is now all of us, whether as private citizens or businesses. Computer instrusion is commonplace and data leaks an everyday occurance.

The United Kingdom is a vassal dependent on US Big Tech. The security of systems we use therefore rests mainly on contract law with complex jurisdiction. More significantly, most end-users have no effective legal capacity, which is to say nobody really understands digital technology or the implications of their choices;

This educational gap became a chasm, and then an all round threat to the security and prosperity of all;

• most people do not read license agreements
  • they frequently lack opportunity
  • there are no real signatories ("shrink-wrap EULA")
  • agreements are covertly implied
• licenses are open ended and subject to rapid change
• terms are obscure, ill-defined or later re-defined
• terms are grossly unfair, slippery or simply deceptive

Practically this means that most intrusion, access, copying, processing and selling of your data is notionally "legal", occurring under extremely thin interpretations of "authorisation" and "consent".

Moreover, since victims are unaware of or do not understand the wrongs committed against them, legal challenge is rare and difficult. This means if you buy certain hardware, install software apps, or use certain cloud services, you are effectively being hacked from the get-go. In security engineering we call this Vendor Malware and say that victims are "compromised out of the box".

For some nefarious businesses, taking your data is the point of their operation and any ostensible product or service offered is simply a loss-leader or cover.

For many and complex reasons (money and corruption) governments are very reluctant to challenge this status-quo.

You are therefore required to effect cyber security in conditions of radical mistrust of mainstream vendors.

Nobody tells you this because public loss of trust in digital technologies is both politically and economically undesirable. The widespread insecurity of mainstream products may rightly be considered a "conspiracy" of sorts.