Ivan Bartolo / LinkedIn

BITS Ltd Managing Director Ivan Bartolo on Wednesday urged authorities to introduce a “safe harbour” framework to protect researchers from legal action when they report a system vulnerability in good faith.

He was commenting following the news on Wednesday that four computer science students – Giorgio Grigolo, Michael Debono, Luke Bjorn Scerri and Luke Collins – were arrested, strip-searched, and had their machines confiscated by the police after informing student app FreeHour about a security flaw that left its users’ data unprotected. The students claimed that through the vulnerability, private data could have been leaked, yet instead they opted to email the company to inform them about it in October 2022. They gave the company a three-month deadline to fix the vulnerability should it not want the information to become public, and also requested a “bug bounty”.

However, the students are now under criminal investigation in a case that could see them imprisoned for up to four years and fined €23,293. On the other hand, FreeHour has since argued that it was legally obliged to report the incident to the Cyber Crime Unit within the Malta Police Force and the Information and Data Protection Commissioner under GDPR law.

“Our intent – and this is very genuine – was to cover us legally. We would be breaking the law if we did not report. Our intent was never to get these students in trouble or go after them,” FreeHour Founder and CEO Zach Ciappara said.

Mr Bartolo, who is also a National Party Member of Parliament, remarked that cybersecurity is “one of the hottest topics, and Malta has also experienced some high-profile cyber security incidents over the past months”.

“Ethical hackers, also known as white-hat security researchers, play a crucial role in the cybersecurity ecosystem,” he said.

He explained that “in contrast with bad actors and criminals who exploit vulnerabilities for malicious purposes, ethical hackers use their knowledge and skills to identify vulnerabilities in computer systems and networks with the sole goal of improving security”.

“If currently our laws are not flexible enough to make this distinction, we need to act now and introduce a ‘safe harbour’ framework which would provide protection from legal action when a researcher identifies a vulnerability and reports it in good faith to the responsible organisation,” Mr Bartolo outlined.

He said that security researchers have “always feared” that they could face legal repercussions just for being “good Samaritans”, yet he noted that they now know it is a “concrete reality”.

“Retaining top students in Malta is already a challenging task, and with the growing threat of cybersecurity incidents, it has become even more critical to cultivate a skilled workforce capable of safeguarding our digital infrastructure,” he remarked.

He concluded by saying: “It is imperative that we create a system that encourages and develops a talented pool of cybersecurity professionals who can effectively protect our digital assets.”

Mr Bartolo has over 25 years of experience in the ICT industry, and in 2000 he set up 6PM, an established IT and software solution group that employed over 150 technology consultants in Malta, England, Ireland, and North Macedonia. The company has since been acquired by Idox plc and is listed on the London Stock Exchange.

Featured Image:

BITS Ltd Managing Director Ivan Bartolo / LinkedIn


Nasser Al Awadhi / Dubai Holding

Nasser Al Awadhi named new Malta Properties Company Director and Chairman

26 September 2023
by Fabrizio Tabone

Sayed Mohamed Mohamed Noor Sharaf has resigned from the two positions with immediate effect.

‘Enhancing Malta’s productivity and competitiveness should be the top priority for economic policy’

26 September 2023
by Fabrizio Tabone

The Malta Chamber’s President and CEO penned a joint statement in the organisation’s Pre-Budget Document 2024, stating that Malta needs ...

Lecturer Patrick DeBattista on fulfilling his ‘rock star’ dream by teaching and training others

26 September 2023
by Fabrizio Tabone

When he was younger, the Lecturer wanted to become a rock star, yet education and corporate jobs got in the ...

‘I went in as a girl, I returned as a woman’: Nadia Pace on being given first major opportunity 20 years ago

26 September 2023
by Fabrizio Tabone

She joined Perideo S.A. Group as a Research and Development Executive in 2003, laying the foundations for a highly successful ...

Close Bitnami banner