Is “bad actor” a useless term?

One of the most over-used of all terms within the world of content moderation, disinfo, online abuse, etc. etc. has got to be “bad actor.”

I’m sure I’ve used it myself in the past, because it is a quick convenient shorthand to collapse a potentially complex thing into. But I’m going to go out of my way to avoid using it anymore, because I’ve been feeling sort of triggered by it when I see it come up, like in that Atlantic article about conspiracy theories & generative AI (two things I happen to know something about):

These are powerful and easy-to-use programs that produce synthetic text, images, video, and audio, all of which can be used by bad actors to fabricate events, people, speeches, and news reports to sow disinformation.

I’m trying to unpack why I’ve come to hate this term, apart from mere overuse. I think it has to do also with the inherent judgement included in it, which seems to go something like: actor A did “bad” thing B, and therefore actor A is “bad.” I just think that’s an overly simplistic way to look at things.

Plenty of times it occurs that basically “innocent” actors engage in an activity online which to them in the moment might not seem all that bad, per se, but might later prove to have unintended negative consequences. Does that make them “bad”? Or does that require actual malice? (as difficult to detect as any kind of intent)

It seems to me like it might be more fruitful to put away the notion of bad actors, and even perhaps the idea of “bad actions,” because analytically it’s just not that precise . I think it would be better to instead analyze the consequences of a given action, rather than decide if the perpetrator is ontologically “bad” (which is basically unknowable). Further, even “good” actions can end up having negative consequences. So, instead of getting stuck on the action, look at what happens as a result of it. Look at the actual harms caused by things, and focus on mitigating those, instead of passing moral judgements without any specific outcome arising from it.

I like that in security contexts, there are alternative more neutral terms in use, like “threat actor.” It helps to refocus the conversation toward the specific threat —> which is generally linked to the risk of a specific negative outcome(s), instead of an unnecessarily judgemental decision about the moral character of participants.