Hacker States
Authors: Luca Follis & Adam Fish
Publisher: Massachusetts Institute of Technology Press, 2020. 264 pages
Reviewer: Sara Schoonmaker ǀ November 2021
In this intriguing, well researched book, Luca Follis and Adam Fish (2020) explore hacking as a diverse set of practices that disrupt established ways of operating with digital technologies. They acknowledge the wide range of possible forms of hacking, while focusing on the work of hackers who “break into software systems” (, p.7). They examine hacking as “an object, problem and resource of governance” (, p.180) in the U.S. and internationally. For example, in arenas ranging from the military to national security and law enforcement, U.S. government actors recruited and integrated hackers into state institutions. These hired privateers viewed themselves as “ethical hackers,” since they worked to defend the interests of dominant institutions against hackers and hacktivists who sought to break into their computer systems. In a similar vein, government actors who hired these privateers viewed hacking as an essential governance tool of what Follis and Fish call the hacker state. The hacker state is a complex social structure that integrates diverse kinds of highly skilled workers, from hackers and programmers to private security contractors and military personnel. Hacker states require sophisticated technological infrastructures rooted in software code, computer hardware and servers, internet exchange points, and thousands of miles of cables to carry communications over land and under the sea. They are organized through diverse bureaucratic structures such as cyber command centers and computer emergency response teams.
The authors develop a compelling theoretical framework of what they call “boundary work to describe this strategic redrawing of boundaries and borders within state domains and between the state and society. Boundary work brings certain practices and processes closer to state forms while selectively keeping others at arm’s length” (p. 33). In the process of boundary work, states of diverse types and sizes employ hackers. Democratic and authoritarian states alike engage with corporations as well as public actors to find the hacking skills that they need.
Follis and Fish explore different aspects of boundary work throughout the book. For example, in chapter two, they offer an overview of hacking as both an object and a problem of governance, highlighting hacking as a state resource. They examine key cases of state hacking in China and Russia. In the Chinese case, state hacking was designed to defend Chinese interests by targeting private businesses as well as foreign governments. These Chinese hacking strategies were extensions of its domestic programs for surveillance and cybersecurity. In contrast, Russia took a more aggressive approach to state hacking. It employed a model of hybrid warfare that mixed cyberattacks with conventional military operations in actions targeting former satellites like Estonia, Georgia, and Ukraine.
The integration of hacking into state structures and practices poses critical challenges for democracy in what Follis and Fish call “high breach” societies. In such societies, citizens’ data is routinely collected and stored in a complex of computer networks and data bases, including social media platforms. As we increasingly rely on these networks for communication, we live with the ongoing possibility of having our data collected by corporations and governments. Democratic legislatures that might regulate these communications networks operate at a much slower pace than the spread of online messages. The lengthy time required for democratic deliberations makes it difficult to shape these communications processes.
Follis and Fish insightfully analyze the implications of these conditions for democracy, exploring the ways that Russian hacking impacted the 2016 U.S. presidential election. They develop a nuanced argument about the complex social and political conditions that allowed the Russian campaign to be successful. They contend that “hacking on the Russian scale overwhelms democratic processes and those certainties on which governance and its obedience are premised” (p. 94). The Russian campaign prevailed because it combined multiple vectors, sequencing data dumps both in terms of timing and scale. It subverted public trust in the democratic process through an extensive procedure of released documents, emails and ads aimed at the electoral systems in at least eighteen different states. It employed sophisticated algorithms to target users on major platforms like Facebook, Instagram, Twitter and Google. Moreover, many people were receptive to the Russian leaks because they already had doubts about the trustworthiness of both the government and the media. Thus, Russian hacking was effective partly because it occurred in the context of transparency activism in the previous decade. Activists such as Chelsea Manning, Edward Snowden, LuizSec and Anonymous had exposed key ways that the U.S. government had been spying on its citizens. Surveillance had become normalized, through daily stories based on leaked information about government policies, elected officials, and other public figures.
In the conclusion of the book, Follis and Fish chart possible future trajectories for high breach societies, in the context of the workings of hacker states. They posit that there “will likely be less privacy and security, as well as more surveillance, intrusions, exfiltrations, and hacked institutions ahead of us” (p. 204). They emphasize the chilling effects of these trends on social life, undermining civil liberties like the right to privacy. They call for strategies to “think seriously about…how to narrow the gap between our rapid adoption of new technologies and our slow and imperfect understanding of how these technologies are reshaping the human condition” (p. 205). The authors thus raise central concerns of our contemporary times; however, they leave the reader with little sense of how to respond to these pressing questions.
To address this gap, the authors might consider how advocates for privacy, net neutrality and free software are working to develop alternatives to the pervasive problems of surveillance and other threats to digital civil liberties. Such an analysis would promote a stronger understanding of the effects of digital technologies and the myriad ways that we might resist and transform those effects. It would illuminate possibilities for individuals and communities to frame creative responses to the ubiquitous threats to privacy and security that Follis and Fish delineate so effectively. For example, since 1990, the Electronic Frontier Foundation (EFF) has organized to defend digital civil liberties by litigating key cases that influence policy and the law on privacy and free expression on the Internet. On their website, they promote public education about privacy by offering a wide range of strategies for citizens to defend themselves against surveillance. These include simple steps like turning off location tracking on digital devices to minimize the data being tracked. Rather than taking the most convenient approach and agreeing to let apps routinely access their location data, users can pay closer attention to tracking. In a similar vein, EFF recommends reviewing contacts and privacy settings on social media, to ensure that users know and trust all of their contacts. This grassroots approach to privacy protection involves organizing older children, parents and other concerned citizens to have conversations and develop collective strategies for privacy protection. Since so much data are shared, individual approaches to privacy protection are ineffective. For instance, if one person seeks to protect their privacy by turning off location tracking on their phone, their location may still become public if a friend shares a photo taken with them on social media.
Such public education efforts are part of a broader process of resistance to the dominant capitalist system based on profit and proprietary control. Indeed, diverse global communities of resistance organize, fight and sometimes flourish internationally. Since the 1970s, proponents of the digital commons have struggled to forge political, technological and economic conditions for all participants to access, use, modify and share software, the internet, and other scientific, educational and cultural resources. Thousands of developers contributed code to free software projects like the LibreOffice office suite and the Drupal web content management system. They built free software communities where participants from the global North and South collaborated on common projects. Free culture advocates from around the world contributed to the Creative Commons, where writers, musicians and other cultural creators could access a range of licenses that allowed them to choose whether and how they would give others the rights to access and share their work. According to the Creative Commons website, there were over 2 billion works licensed under Creative Commons in 2020.)
These global communities of resistance are creating the digital commons as an alternative to the dominant capitalist system. This system is driven by a logic of maximizing profits, often by collecting and selling access to user data to third parties. The digital commons exists alongside this dominant system, in the diverse software programs, websites, and online community projects that are accessible to all. In fact, many of us participate in the digital commons without being aware of it, simply when we surf the Internet. As we navigate our relationships with digital technologies and omnipresent processes of corporate and government surveillance, we can choose to engage more consciously with the digital commons. We can employ resources from projects like EFF and Creative Commons to educate ourselves about ways to protect the privacy of individuals and communities. We can use free software alternatives to proprietary systems. These include free software office suites like LibreOffice; privacy-oriented search engines like Duck Duck Go; and free software web browsers like Tor and Firefox. We can get involved politically by supporting organizing campaigns and government legislation to promote net neutrality and civil liberties like the right to privacy. We can encourage others to participate, contributing to public education efforts by engaging in conversations about these important issues. In that process, we can raise awareness about the many possibilities for resistance against the growing power of hacker states in high breach societies.
Sara Schoonmaker is a Professor of Sociology at the University of Redlands