At the beginning of the Cold War, calling someone a Soviet spy invited violence. By the end of the Cold War, the same accusation prompted a roll of the eyes. “Spy” had become such an ill-defined, over-used term that it was nearly meaningless despite the very real activities of very real spies working on behalf of a very real foreign power bent on harming the United States. The term was devalued even as Kennedy and Khrushchev, flanked by their heads of intelligence, confronted each other in the waters off of Cuba.
Now, this history is repeating itself: The term “hacker” is losing all meaning at precisely the moment it is most critical that Americans understand cybersecurity threats. The problem is both rhetorical and political.
Politicians and activist generally don’t devalue words on purpose. Joseph McCarthy, to use a prominent example, was a sincerely rabid anti-communist. The term “communist sympathizer” meant a lot to him, but his tendency to lean on it as a rhetorical weapon against his foes so clearly produced a culture of alarmism (and anti-semitism) that the word “sympathizer” was all but eliminated from the American political vocabular when it was shown at long last that the man had no decency. McCarthy also used the term “spy” to describe those with alternative political views functioning within a democracy, notably union leaders. Again, he transformed a word he cared about into an easily dismissed rhetorical flourish.
So, before talking about how the word “hacker” is deployed, it’s worth talking about what a hacker does. Those activities encompass attacks on privacy — NSA packet injection, brute-force automated guessing of weak passwords — as well as the collection and publication of non-public documents. Julian Assange is sometimes referred to as the “Robin Hood of Hacking” despite Wikileaks never proactively breaking into any government or private systems (at least to the knowledge of the general public). And the fuzziness doesn’t end there because coders have “taken back” the word and now use it to describe mundane activities or give an air of excitement to working overtime at a “Hackathon.”
The only thing that can be said confidently about hackers is that they use computers to create, find, or destroy information. In other words, they are people who operate computers.
The broadness of that definition has real-world consequences. The so-called “DNC hack,” for instance, consisted of allegedly Russia-sponsored agents sending a “phishing” link to the Democratic big-wig John Podesta, who clicked it and unwittingly opened up a data pipeline, publicizing his views on — among other things — UFOs. When subsequent reports claimed that Russia might have also tampered with voting machines, the news cycle never really started rolling. It sounded very much like old news despite being an entirely different and, as it turned out, inaccurate accusation. Did hacking determine the result of the presidential election? Maybe yes and probably no. It’s become such a broad question its nearly impossible to answer with any certitude.
No wonder Americans don’t get riled up about cyber issues or foam at the mouth when their elected representatives demonstrate vast ignorance. When they hear about some mid-level offensive security expert talking about “hacking” national infrastructure, just how upset can we realistically expect them to be? It’s a massive, unprecedented security threat, but the details are obscured by the language, which is comically non-specific.
Remember when computer used bought anti-virus protection software suites like it was a religious obligation? Now, it’s a struggle to get that same population to so much as use a different password for their email and digital banking. Might that have something to do with the fact that the media and coding community have both spent the last several decades associating the idea of digital attack with about 14 activities no one fears? Yup. You better believe it.
And, no, this isn’t about apathy. Americans, after all, have a history of aggressive self-protection. America is a country full of handguns where, in some states, “castle doctrine” laws allow people to shoot trespassers. Why no concern for digital self-protection? Because the threat lacks immediacy. Americans struggle to care about hacking for the same reason they struggle to care about global warming; it’s a big, ill-defined issue and it doesn’t seem like there’s any way to win.
But there is. People can protect themselves from hackers. The government can protect itself from outside interference. It just has to reckon with the enemy in order to understand where vulnerabilities exist. You don’t get rid of spies by becoming neurotic. You get rid of spies by making information impossible to get. The same can be said for hackers. You believe in them, then you do something about it.
Eventually, the media and larger culture came around on the word spy, and over time its more classical, legitimate use started to reemerge — but this process took decades. With the pace of social change we see in the world today, we don’t have that kind of time. We need to get specific and start talking about phishers tomorrow.