News this week that four students had been arrested and were being accused of computer misuse in connection with a security vulnerability in the popular student application FreeHour caused quite an uproar, particularly among younger demographics.

Four students, Giorgio Grigolo, Michael Debono, Luke Bjorn Scerri and Luke Collins, were scanning through the software of the app when they noticed that there was a flaw in the system that could be abused by malicious hackers, the Times of Malta reported earlier this week. They emailed their findings to FreeHour CEO Zach Ciappara and saying that they are eligible for a "bug bounty" for spotting the weakness, as is industry practice, and also informed him that they will go public with this information if this weakness is not patched within three months.

However the students were instead arrested, strip-searched and had their computer equipment seized by the police, after Ciappara contacted the Information and Data Protection Commissioner (IDPC) and informed them about this breach, it was reported.

The equipment has remained in the hands of the police for almost six months, while the students are facing up to four years in prison and a maximum fine of €23,293.

The case has exposed a couple of things which should warrant mentioning, chief amongst those being the treatment that the students were given by the police.

This matter serves as yet another piece of evidence that the police feel emboldened to act strong with the weak.

It is beyond excessive to strip search four young students who are being accused of computer misuse (not drug trafficking or something like that for crying out loud) and a borderline intimidation tactic.

Was it really necessary to put them through that? The KSU has expressed concern at seeing “the efforts of four students result in their arrest" and it is frustrated to see "a set of outdated laws be misapplied in such a situation, coupled with the overly swift action taken by the Police."

The argument regarding the law either being outdated or misapplied is one that should be looked into. Does it make any differentiation between hacking with malicious intent, or informing companies about their vulnerabilities? Should it?

As to whether the youths broke any laws or not, that would be for the courts to decide should the authorities decide to prosecute, although if their intentions were genuine, then that should be a serious consideration.

Another point that should be made is the swiftness by which the police initially acted in this case. There have been other instances where police waited for magisterial inquiries to be called before acting, or certain instances where it does not seem as though the police acted at all despite the big scandals that emerge in the media.

One would hope the police will act just as swiftly in major scandals involving bigger fish also.