6th March 2025
Momentum calls for legal reform following Ethical Hacker prosecution
Momentum General Secretary Mark Camilleri Gambin today expressed deep concern regarding the ongoing legal proceedings against three students and their lecturer who identified and reported critical security vulnerabilities in the FreeHour app.
Camilleri Gambin stated: We believe the current legal framework is fundamentally flawed and urgently requires modernisation to protect ethical cybersecurity practices.
The facts of the case are clear:
In October 2022, these individuals, acting in good faith, discovered security flaws that could have exposed sensitive user data.
Instead of exploiting these vulnerabilities, they responsibly disclosed their findings to FreeHour.
Rather than acknowledging their contribution and addressing the security flaws, FreeHour pursued legal action, resulting in the arrest and prosecution of these individuals.
The students and lecturer now face criminal charges, including unauthorized access to computer data.
Momentum strongly condemns this response. Ethical hacking plays a vital role in safeguarding our digital infrastructure. These individuals acted in the public interest, potentially preventing a significant data breach that could have harmed countless users.
Momentum asserts that:
- The current laws fail to distinguish between malicious cyberattacks and ethical security research.
- Individuals who responsibly disclose security vulnerabilities should be protected, not prosecuted.
- Companies should be encouraged to work with ethical hackers to improve their cybersecurity.
Therefore, Momentum calls for:
- The dismissal of all charges against the students and their lecturer.
- A review and reform of Malta’s cybersecurity laws to create a clear legal framework that protects ethical hacking.
- The implementation of guidelines and best practices for companies to establish bug bounty programs and encourage responsible vulnerability disclosure.
We believe that fostering a culture of collaboration between companies and ethical hackers is essential for strengthening Malta’s cybersecurity posture.
Camilleri Gambin concluded ”Ethical bounty hunting is an industry-wide normal practice, with educational institutions like the University of Malta and MCAST already offering cybersecurity courses that specifically teach ethical hacking principles. Prosecuting those who act in good faith sends a dangerous message and discourages responsible vulnerability disclosure.
Momentum is committed to working with all stakeholders to ensure that Malta’s laws reflect the realities of the digital age and prioritise the protection of its citizens”.
(Photo credit: TimesOfMalta)
