You can infiltrate. But can you exfiltrate? That thought’s been on my mind for a couple of days. I keep hearing the word, and I just don’t like it.
As a natural descriptivist, I don’t know if I’ll ever say that something ‘isn’t a word.’ But, on the other hand, I’m willing to recommend that you shouldn’t use a word simply because it exists. There has to be a better reason. Some words are ambiguous, unnecessary, confusing, too obscure, or just plain inelegant or ugly. In those cases, it’s often wise to steer clear.
Why does exfiltrate interest me today? It’s a frequency issue: I’ve heard it used more in the past three days than in the past three years.
You’d be pretty hard pressed not to have seen or heard some news coverage about the Flame virus this past week. It’s the latest development in the ongoing saga of computer viruses that’s been underway since the late 1980s. (Technically, Flame might not be a virus, and is more accurately and generically labelled malware, but I’m not discussing the distinction today.)
In case you haven’t heard about Flame, here’s a very brief summary: Flame has been discovered on a number of computer systems (primarily in the Middle East); it’s capable of collecting a great deal of information (files, screenshots, network traffic, etc.) from compromised systems and transmitting it to others; it can even collect Skype and Bluetooth data; its origin is unknown, but there’s been much speculation; and it’s especially noteworthy for having existed in the wild undetected for at least two full years (possibly as many as five) — a remarkable achievement. Flame appears to be a sophisticated cyber-snooping tool, designed to collect information from one party and deliver it to another. It’s been described primarily as a form of espionage; it’s perhaps the state of the art in spyware.
In all the news reports on Flame that I’ve heard, one data security expert or another has discussed how the virus infiltrated systems. That’s a perfectly reasonable thing to say: if one views Flame as a surrogate for an espionage agency, it can be said to infiltrate a computer system in the same way that a covert operative might infiltrate an enemy organization.
However, in every single report I’ve listened to, those security experts have gone on to discuss how Flame also exfiltrates information from the host system to the source espionage agency (here’s one example, here’s another). It’s that usage (of exfiltrate) that bothers me.
Exfiltrate (and it’s various forms) isn’t a new word to me. I can’t pin down the first time I heard it, but it was probably more than a decade ago. Although I’ve only ever come across it in military jargon, the meaning has always been clear: it’s the opposite of infiltrate, and indicates withdrawing troops (or units, or resources) from the field, usually in a way symmetrical with the infiltration. Infiltrate tends to imply a slow (or at least controlled and methodical) entry; exfiltrate tends to imply the same form of measured and careful disengagement. Both often imply stealth (although dictionaries don’t seem to endorse that distinction). Perhaps no one loves their specialized lingo more than the military, and it’s no surprise that some tangentially related fields – such as data security – would adopt the term.
The worst kind of purely military jargon, exfiltrate is an interesting word because even though it’s an entirely unnecessary backformation of infiltrate, its meaning is immediately clear. Anyone who knows the definition of infiltrate will readily grasp the meaning of exfiltrate, at least if the word is used in a clear context.
Unfortunately, the recent popular use of exfiltrate doesn’t use the word with its conventionally accepted meaning. Instead of meaning, roughly, ‘to skedaddle safely,’ the current buzz usage means something more like ‘to sneak stuff out unnoticed.’ In their need to sound plugged in and in the know in a public forum, current users have created confusion. Perhaps that’s their intent – security through obscurity is still a very popular strategy; it’s also very hard not to notice that much of the modern anti-virus industry (out of which most of these interviews have arisen) has thrived as much on fear as on actual threats.
However, this is probably merely an example of the specialized jargon of one specialty being used inappropriately in a general situation. Within the anti-virus community, exfiltrate might have one specific meaning. It’s just not the same meaning others already know. That kind of careless usage often creates more confusion than it solves.
The military jargon meaning of exfiltrate goes back to at least 1968, according to OED. Interestingly, their first use example (“the removal of personnel or units from areas under enemy control”) is from a dictionary of military terminology, so one must assume that, at least in some parts of the military, it goes back somewhat further.
More interesting, at least to me (and I hope to many readers), is that the use of infiltrate in a military (or espionage) context goes back only to the 1930s. The word was known prior to then, but was used to indicate substances infiltrating other substances: diseases infiltrating the body; salt water infiltrating an aquifer; alien customs or fashion infiltrating a culture; and so on. It’s not at all surprising that the usage would come to incorporate a person (or people) infiltrating a group. It’s probably more surprising that it didn’t happen sooner. (In this case, I suspect that it probably had, but that OED simply hasn’t identified earlier examples yet.)
While infiltrate was in use with a meaning congruent with what we know today as early as the 1750s, exfiltrate doesn’t seem to have been used in any sense at all before the 1870s. At that time it appears as an obscure term in geology, and describes the filtering out (or filtration) of one substance from another in some geological processes.
So while infiltration has long had a clear and accepted colloquial meaning, exfiltration hasn’t. The explosion in its use this week – with an alternative meaning – is unfortunate. While it might be accepted and commonly understood jargon in particular specialties, I don’t recommend that you use the word – even if you’re writing about the Flame virus. Instead, use words that avoid jargon and stick with familiar vocabulary. There are thousands of perfectly good verbs in English. Try using some of them rather than distracting your audience with an ambiguous neologism.
What does the Flame virus do? It collects data (or it records data, or it spies on a system, or it steals). It transmits (or delivers, or sends, or relays, or downloads, or even burgles) that data. Does it infiltrate (or target, or infect, or compromise) systems? Certainly. Does it exfiltrate?
Not really. Exflitrate should mean, roughly, ‘to remove one’s own assets (personnel or material) from hostile territory.’ Flame can, apparently, be deleted at will by its controller. It can send messages back to that controller – secrets smuggled from behind enemy lines. But there’s nothing of the controller’s on the infected system needing recovery. Flame doesn’t exfiltrate anything; like the operatives in the old Mission: Impossible series, it can either be captured or be ordered to self-destruct, but it will be totally disavowed.
You’re welcome to disagree, but I believe that careful writers should avoid using exfiltrate.