FreeHour: Nationalist MP says ethical hackers in Malta need safe harbour law

Nationalist MP Ivan Bartolo calls for “safe harbour” framework for hackers who use their skills to expose vulnerabilities on cybersecurity

Nationalist MP Ivan Bartolo
Nationalist MP Ivan Bartolo

Nationalist MP Ivan Bartolo, the CEO of tech company 6PM, has called for laws that give “safe harbour” to ethical hackers whose skills can identify cyber-security vulnerabilities.

Four computer science students are being investigated by the police after they found and highlighted a security weakness in Malta’s largest student application, FreeHour.

Giorgio Grigolo, Michael Debono, Luke Bjorn Scerri and Luke Collins were scanning through the software of the app when they found a vulnerability they say could be exploited by malicious hackers.

They emailed their findings to FreeHour’s owner and asked for a reward – or ‘bug bounty’ – for spotting the mistake.

But, instead of a payoff, the University of Malta students were arrested, strip-searched and had their computer equipment seized.

MP Ivan Bartolo said the arrest was very worrying. “Cybersecurity is currently one of the hottest topics, and Malta has also experienced some high profile cyber security incidents over the past months... If currently our laws are not flexible enough to make this distinction, we need to act now and introduce a “safe harbour” framework which would provide protection from legal action when a researcher identifies a vulnerability and reports it in good faith to the responsible organisation.”

Ethical hackers, also known as white-hat security researchers, play a crucial role in cybersecurity, by exposing vulnerabilities in computer systems and networks to improve security, in contrast with criminals who exploit the same vulnerabilities for malicious purposes.

“Security researchers have always feared that they could face legal repercussions just for being ‘good samaritans’. They now know it is a concrete reality,” Bartolo said.

“Retaining top students in Malta is already a challenging task, and with the growing threat of cybersecurity incidents, it has become even more critical to cultivate a skilled workforce capable of safeguarding our digital infrastructure. It is imperative that we create a system that encourages and develops a talented pool of cybersecurity professionals who can effectively protect our digital assets.”