“If currently our laws are not flexible enough to make this distinction, we need to act now and introduce a ‘safe harbour’ framework which would provide protection from legal action when a researcher identifies a vulnerability and reports it in good faith to the responsible organisation.”

“Security researchers have always feared that they could face legal repercussions just for being ‘good samaritans’. They now know it is a concrete reality.”

Warning that this case will do nothing to help Malta retain the talents of IT professionals, Bartolo said it is imperative to create a system that encourages and develops a talented pool of cybersecurity professionals who can effectively protect digital assets.

The four computer science students – Giorgio Grigolo, Michael Debono, Luke Bjorn Scerri and Luke Collins – were arrested last November after informing the student platform FreeHour that they had found a security flaw in its backend which, if exploited, could have compromised the private data of student data. They gave FreeHour a three-month deadline to secure a vulnerability and requested a “bug bounty” as a reward for identifying the flaw.

FreeHour CEO Zach Ciappara said that while their developers fixed the security flaw within 24 hours, the company also reported the email to the police after receiving advice that they were legally responsible to do so. The police strip-searched the youths and seized their electronic equipment but haven’t prosecuted them.

Ciappara said he hopes the youths aren’t charged, stating his belief that their actions weren’t malicious and thanking them for bringing the security flaw to FreeHour’s attention.

Do you agree that our laws need to become more flexible to accommodate technological advances?