Digital privacy is one side of a two-sided policy coin. Virtually all attention to date has been focused on developing legal and regulatory remedies to address this pervasive public concern. But in doing so, they have devoted little attention to the flip side—namely, digital hacking. Although data systems that are thought to be secure from intrusion may be the result of random technological breakdowns or human error, there usually are far less benign explanations for major cybersecurity breaches that expose personal information on a massive scale.
This reality should make Why hackers Win by Patrick Burkart and Tom McCourt ( University of California Press, 2019) essential reading for those grappling with how best to craft a workable framework for enhancing digital privacy protection. Burkart is a professor at Texas A&M’s Department of Communication, and McCourt is a professor at Fordham University’s Department of Communication and Media Studies.
The authors describe hacking as “an interface between technical code (the structure of trusted systems), legal code (the laws that govern their access and use), and social code (their impact on society, particularly in terms of privacy and sanctioned activity). And they discount a popular but erroneous perception that hacking is an activity typically undertaken by a lone wolf operating in an offshore bedroom or basement. Rather, the authors contend that “[a]lthough hacking ostensibly undermines their own security, corporations and states paradoxically use hacking for gain. Hacking can suit a broad spectrum of purposes, including gathering intelligence, managing crises, and accumulating competitive advantage over rivals.”
They also note that while examining abuses of power through exploiting computer vulnerabilities, they did not find “master conspiracies” of surveillance and espionage, or even a systematic imposition of will, in coordinated hacking campaigns. Instead, they see “a proliferation of agents contributing to offenses and defenses played in long games and embedded in global networks.” Soberly, they assert that hacking has become “a mundane, ‘business as usual’ application of force for many enterprises.”
Their research includes notable real-world examples of hacking undertaken for strategic political and economic ends. Including the disruption of the SWIFT international payments system, the Paradise Papers (13.4 million confidential documents relating to offshore investments that were leaked to two German reporters), and the ways in which states have targeted journalists and dissidents through hacking. They also discuss “growth hacks” by companies such as Uber, News Corp., and Volkswagen, which is the rapid accumulation of user metrics to achieve short-term growth through low-cost marketing techniques. Such activities, while privacy invasive, have “increasingly become a standard business strategy.” In short, “hacking and cybersecurity reinforces and accelerates each other in social, economic and political life.”
As with those who advocate greater transparency for digital data collection, storage, and dissemination activities, the hacking universe, including cybersecurity defenses, also needs greater exposure. “The torrents of public money flowing into private security operations,” argue the authors, “should be accounted for and audited by elected representatives. Debates about the social value of these expenditures than can be raised.”
It will not be enough to explain why hackers win. Those who are developing an activist agenda for digital privacy protection must be willing to advance approaches that raise the barriers for hacking at the same time they argue for higher digital privacy protection guardrails to control the behavior of private companies.
In addition to greater transparency for digital data collection, storage, and dissemination activities, the hacking universe, including cybersecurity defenses, also needs greater exposure.
Write to us firstname.lastname@example.org