As cybersecurity pros scramble to respond to one mega-breach after another, industry forums are full of opinions, proposals and pitches for new products and services. But ask whether young hackers who run afoul of the law for the first time should get a break from legal consequences, and an uncomfortable silence may follow.

While some industry leaders may privately agree that young offenders deserve a second chance, few are willing to publicly challenge the overall push for prosecution lest they be seen as tolerating illegal acts that, whatever the motivation, can create havoc for business and government. While initiatives such as the U.S. Cyber Challenge (USCC) seek to draw young IT enthusiasts into information security careers, the teenage temptation to show off or respond to a dare are seemingly inevitable.

“Kids need to be able to screw up,” says a Silicon Valley cybersecurity scientist who asked not be named because of the sensitive nature of the topic. “They're under this enormous pressure to perform, in a society that sometimes seems like it's looking for ways to reject them.”

As a society, he adds, we really don't know how to deal with all the hacking that's going on. “Everybody's getting hit – and the only thing scarier than an expensive problem is a problem that no amount of money seems to solve. The kids sometimes get punished just because they're the few who you can actually catch.”

But just who qualifies as a kid and a hacker is itself disputed. The most high-profile prosecution of a young person under the federal Computer Fraud and Abuse Act (CFAA) was that of Aaron Swartz, the pioneering internet technologist who took his own life in 2013 at age 26 while facing trial on felony charges. Swartz was charged after being caught two years earlier downloading data from the JSTOR academic journal database at the Massachusetts Institute of Technology in order to distribute the materials free of charge. Unlike a teenage vandal who violates the law by rogue penetration testing operation, Swartz, by then a Silicon Valley veteran and an activist for internet privacy and the democratic sharing of information, was making a political statement.