Momentum proposes legal reform to protect ethical hackers

Momentum has proposed a legal reform which protects ethical hackers following legal proceedings against three students and a lecturer.

“We believe the current legal framework is fundamentally flawed and urgently requires modernisation to protect ethical cybersecurity practices,” party secretary general Mark Camilleri Gambin said on Thursday.

The statement comes after three students and a lecturer were charged with hacking Malta’s largest student app, FreeHour, more than two years after they reported security vulnerabilities to the company.

Camilleri Gambin expressed concern regarding the ongoing proceedings, condemning the response.

“Ethical hacking plays a vital role in safeguarding our digital infrastructure. These individuals acted in the public interest, potentially preventing a significant data breach that could have harmed countless users,” he said.

Momentum said individuals who responsibly disclose security vulnerabilities should be protected, not prosecuted.

“Companies should be encouraged to work with ethical hackers to improve their cybersecurity,” Camilleri Gambin said.

The party called for the dismissal of all charges, a review and reform of Malta’s cybersecurity laws, and the implementation of guidelines and best practices for companies to establish bug bounty programs and encourage responsible vulnerability disclosure.

“Ethical bounty hunting is an industry-wide normal practice, with educational institutions like the University of Malta and MCAST already offering cybersecurity courses that specifically teach ethical hacking principles. Prosecuting those who act in good faith sends a dangerous message and discourages responsible vulnerability disclosure,” he said.