CNET también está disponible en español.

Ir a español

Don't show this again


Mahalo: Our hacker employee is no threat to your privacy

Jason Calacanis discovers a felon on his payroll, but doesn't fire him.

Mahalo CEO Jason Calacanis sent an e-mail Thursday to his followers (also posted on his blog, and worth a read) disclosing that his company mistakenly hired a man convicted of computer crimes but who hasn't yet served his sentence. To retell Calacanis' story with a critical slant, his employee was caught (unusual for hackers) after launching a botnet attack that didn't work. And then he lied--or omitted the telling--about his conviction when he was interviewing at Mahalo.

Instead of firing him outright, Calacanis decided to keep him employed until his prison sentence begins on June 1.

Of course, we are all flawed, we make lots of mistakes in life, and we owe each other every kindness. It's possible that Mahalo's errant hire made one bonehead hacking move and saw the error of his ways, and he'll never do it again--although news reports of his crimes paint a much uglier picture. But it's what Calacanis believes. He says he knows the man, and I admire him for standing up for him, and keeping him employed when the easy thing, for a dozen reasons, would be to fire him.

But that doesn't mean I trust the company Mahalo more now. In fact, knowing that there's a lying, somewhat inept hacker working on Mahalo makes me wonder what personal data at Mahalo could be exposed. Calacanis takes pains in his letter to say that the employee's work is "well-supervised" and limited to simply Mahalo question-and-answer data. However, Mahalo does transact financial business, both with users (they can buy Mahalo Dollars), and of course with advertisers. How walled-off is that transaction data? How good are the employee's watchers? Who's the hacker in this equation, anyhow?

I do not believe in a zero tolerance policy for minor crimes, but my argument with this action is about economics and trust, not morals or ethics or laws. Mahalo, which recently had to lay off staffers to make sure it could weather the recession, is now spending extra supervisory energy watching this hopefully rehabilitated presumably former hacker work on its systems. Although in this particular case one may say that Calacanis is doing one man a kindness and spreading magnanimity and good karma around, one also has to ask: can Mahalo customers trust a business that keeps hackers employed? Can any online business, for that matter, afford to keep a convicted hacker on the payroll?