Malta launches public consultation to establish legal protections for ethical hackers

The proposal follows an incident where four computer science students were arrested for identifying a vulnerability in the FreeHour app, highlighting the need for clearer legal protections.

Flag of Malta

The Government of Malta has initiated a public consultation to establish a comprehensive legal framework for ethical hackers, also known as security researchers, who identify and disclose vulnerabilities in ICT systems to bolster cybersecurity. That initiative aims to clearly define the role of ethical hackers, ensuring that their activities are regulated and protected by law, enabling them to operate within a transparent and legitimate framework.

In addition, the Government of Malta has proposed that ICT system owners, especially those managing critical infrastructure, implement Coordinated Vulnerability Disclosure Policies (CVDP) to handle better the detection and resolution of security flaws identified by ethical hackers. Overseen by the Directorate for Critical Infrastructure Protection (CIPD), this policy comes in response to an incident where four computer science students were arrested after discovering a vulnerability in the FreeHour app.

Despite acting in good faith, the students faced legal consequences, highlighting the urgent need for clearer protections and legal guidance for ethical hackers. The proposed framework aims to formalise the process, encouraging cooperation between public and private entities and ensuring that cybersecurity research is conducted safely and responsibly.

Open to public input until 7 October 2024, the consultation is expected to lead to legislative reforms that distinguish ethical hacking from illegal activities, providing much-needed clarity for those working to enhance cybersecurity.