Updated 5:23pm with PN statement

New party Momentum on Thursday called on the authorities to drop the charges against three students and a lecturer who are being charged with hacking Malta’s largest student app FreeHour.

The party also called for a reform of Malta's cybersecurity laws to protect ethical hacking.

The three students and a lecturer were charged more than two years after they reported security vulnerabilities to FreeHour.

Students Michael Debono, 22, Giorgio Grigolo, 21 and Luke Bjorn Scerri, 23, face charges of gaining unauthorised access to the application. Grigolo is also charged with making a change to the app, although he then reversed the application to its previous state.

Lecturer Mark Joseph Vella, 45, is charged with being an accomplice to these crimes, as he proofread an email the students sent to FreeHour, informing them of the vulnerabilities they found in their app.

All four are pleading not guilty.

On Thursday, Momentum general secretary Mark Camilleri Gambin said the current legal framework was fundamentally flawed and urgently required modernisation to protect ethical cybersecurity practices.

The charged individuals had acted in good faith, but rather than acknowledging their contribution and addressing the security flaws, FreeHour had pursued legal action, he added.

"Ethical hacking plays a vital role in safeguarding our digital infrastructure. These individuals acted in the public interest, potentially preventing a significant data breach that could have harmed countless users," he said.

The party believes the current laws fail to distinguish between malicious cyberattacks and ethical security research. Individuals who responsibly disclose security vulnerabilities should be protected and not prosecuted, while companies should be encouraged to work with ethical hackers to improve their cybersecurity, according to Momentum.

"Momentum therefore calls for the dismissal of all charges against the students and their lecturer and a review and reform of Malta's cybersecurity laws to create a clear legal framework that protects ethical hacking."

The party also called for the implementation of guidelines and best practices for companies to establish bug bounty programs and encourage responsible vulnerability disclosure.

"We believe that fostering a culture of collaboration between companies and ethical hackers is essential for strengthening Malta's cybersecurity posture."

'Students did what they were meant to'

In a statement on Thursday afternoon, the Opposition Nationalist Party joined Momentum's call for legislative reform, saying Malta still "lacks up-to-date legislation for today's realities".

The PN said the government had "dragged its feet" on changes to the law proposed by PN when the case first emerged.

"If the Government wants to be taken seriously on cybersecurity and genuinely considers education, students, and teachers a priority, it must immediately ensure that the laws in this field protect well-intentioned citizens rather than putting innocent people at risk of imprisonment", the party said. 

"We demand that the Government stop failing its citizens and immediately reform the laws that are clearly punishing innocent people."

It stressed the students and their lecturer were "simply doing what they were supposed to do" by exposing vulnerabilities in the Freehour application. 

Sign up to our free newsletters

Get the best updates straight to your inbox:
Please select at least one mailing list.

You can unsubscribe at any time by clicking the link in the footer of our emails. We use Mailchimp as our marketing platform. By subscribing, you acknowledge that your information will be transferred to Mailchimp for processing.