It’s a sensational line, but when you examine the facts and delve past the headlines, it’s not nearly as big a deal as it sounds.
In Jason’s words:
“Yesterday, I joined one of our Mahalo employees at Federal District Court as he was sentenced to 48 months in jail for crimes related to computer security.
“Before my employee John Schiefer was sentenced, a violent career criminal was facing 60 months for beating up a prison guard. I could hear John’s breathing deepening as the judge spoke–his fiancee’s leg shaking more and more as the reality of John’s situation set in. John wound up getting 48 months in prison, a number which could be reduced if he behaves himself. He goes to jail on June 1st, and maybe he’ll be out in two or three years.
Jason goes on to explain that he wasn’t aware at John Shiefer’s hire, he wasn’t aware he was accused of a crime, and probably wouldn’t have hired him. Upon finding out, he decided that he was more valuable as an employee than he was a public relations liability or security risk.
Rafe Needleman summarized the public concerns quite well on Webware today.
“[Calacanis] says he knows the man, and I admire him for standing up for him, and keeping him employed when the easy thing, for a dozen reasons, would be to fire him.”
“But that doesn’t mean I trust the company Mahalo more now. In fact, knowing that there’s a lying, somewhat inept hacker working on Mahalo makes me wonder what personal data at Mahalo could be exposed. Calacanis takes pains in his letter to say that the employee’s work is "well-supervised" and limited to simply Mahalo question and answer data. However, Mahalo does transact financial business, both with users (they can buy Mahalo Dollars), and of course with advertisers. How walled-off is that transaction data? How good are the employee’s watchers? Who’s the hacker in this equation, anyhow?
According to Rafe’s poll, opinion is pretty evenly split between those who side with Calacanis, those who don’t care, and those who now trust Mahalo less than before now that it’s public a former black-hat hacker worked for the company.
Personally, I must admit that I am someone who’s a died in the wool geek who’s strayed back and forth across the grey area of what is considered ethical in the realm of computer security (particularly in my youth). It is true what Jason says: “Almost all talented developers push the envelope when they’re young. Anyone in technology knows this dark, dirty little secret.”
As much as the 2600 set will claim that there’s a hard and fast moral compass inside every hacker, there isn’t. Morality and ethics, whether they have to do with boundaries online or offline, are passed down the same way they always have been.
What makes hacking (and other online issues affecting youth) a particularly sticky issue is that this isn’t one of those bits of morality Moses saw fit to have engraved on the two tablets – our parents and grandparents didn’t pass down to us exactly what acceptable boundaries are in online behavior. There is certainly some degree of common sense that one can apply, but the difference between what most young programmers and hackers have done compared to John Shieffer’s crimes are very minute.