Ivan Bartolo / LinkedIn

BITS Ltd Managing Director Ivan Bartolo on Wednesday urged authorities to introduce a “safe harbour” framework to protect researchers from legal action when they report a system vulnerability in good faith.

He was commenting following the news on Wednesday that four computer science students – Giorgio Grigolo, Michael Debono, Luke Bjorn Scerri and Luke Collins – were arrested, strip-searched, and had their machines confiscated by the police after informing student app FreeHour about a security flaw that left its users’ data unprotected. The students claimed that through the vulnerability, private data could have been leaked, yet instead they opted to email the company to inform them about it in October 2022. They gave the company a three-month deadline to fix the vulnerability should it not want the information to become public, and also requested a “bug bounty”.

However, the students are now under criminal investigation in a case that could see them imprisoned for up to four years and fined €23,293. On the other hand, FreeHour has since argued that it was legally obliged to report the incident to the Cyber Crime Unit within the Malta Police Force and the Information and Data Protection Commissioner under GDPR law.

“Our intent – and this is very genuine – was to cover us legally. We would be breaking the law if we did not report. Our intent was never to get these students in trouble or go after them,” FreeHour Founder and CEO Zach Ciappara said.

Mr Bartolo, who is also a National Party Member of Parliament, remarked that cybersecurity is “one of the hottest topics, and Malta has also experienced some high-profile cyber security incidents over the past months”.

“Ethical hackers, also known as white-hat security researchers, play a crucial role in the cybersecurity ecosystem,” he said.

He explained that “in contrast with bad actors and criminals who exploit vulnerabilities for malicious purposes, ethical hackers use their knowledge and skills to identify vulnerabilities in computer systems and networks with the sole goal of improving security”.

“If currently our laws are not flexible enough to make this distinction, we need to act now and introduce a ‘safe harbour’ framework which would provide protection from legal action when a researcher identifies a vulnerability and reports it in good faith to the responsible organisation,” Mr Bartolo outlined.

He said that security researchers have “always feared” that they could face legal repercussions just for being “good Samaritans”, yet he noted that they now know it is a “concrete reality”.

“Retaining top students in Malta is already a challenging task, and with the growing threat of cybersecurity incidents, it has become even more critical to cultivate a skilled workforce capable of safeguarding our digital infrastructure,” he remarked.

He concluded by saying: “It is imperative that we create a system that encourages and develops a talented pool of cybersecurity professionals who can effectively protect our digital assets.”

Mr Bartolo has over 25 years of experience in the ICT industry, and in 2000 he set up 6PM, an established IT and software solution group that employed over 150 technology consultants in Malta, England, Ireland, and North Macedonia. The company has since been acquired by Idox plc and is listed on the London Stock Exchange.

Featured Image:

BITS Ltd Managing Director Ivan Bartolo / LinkedIn

Related

St Paul's Bay

Soaring demand for property in St Paul’s Bay not likely to be replicated elsewhere – RE/MAX CCO

18 April 2024
by Fabrizio Tabone

He says RE/MAX has called for clarification on NSO data, given that in statistics, Buġibba, Burmarrad, Qawra, and Xemxija are ...

HSBC Bank Malta Chairman John Bonello to step down

18 April 2024
by Fabrizio Tabone

He was appointed Chairman back in 2019, succeeding Sonny Portelli.

Final months of 2023 ‘catapulted’ Calamatta Cuschieri Moneybase to record figures – Co-CEOs

18 April 2024
by Fabrizio Tabone

2023 was a record year for the group, registering €14.6 million in revenue and €2.5 million in pre-tax profit.

Farsons Group celebrates Chairman Louis A. Farrugia’s 50 years at the company

18 April 2024
by Fabrizio Tabone

Louis A. Farrugia first joined Farsons Group in 1974, and since then has paved the way for the group’s growth ...

Close Bitnami banner
Bitnami