New Book: Data and Goliath

After a year of talking about it, my new book is finally published.

This is the copy from the inside front flap:

You are under surveillance right now.

Your cell phone provider tracks your location and knows who's with you. Your online and in-store purchasing patterns are recorded, and reveal if you're unemployed, sick, or pregnant. Your e-mails and texts expose your intimate and casual friends. Google knows what you're thinking because it saves your private searches. Facebook can determine your sexual orientation without you ever mentioning it.

The powers that surveil us do more than simply store this information. Corporations use surveillance to manipulate not only the news articles and advertisements we each see, but also the prices we're offered. Governments use surveillance to discriminate, censor, chill free speech, and put people in danger worldwide. And both sides share this information with each other or, even worse, lose it to cybercriminals in huge data breaches.

Much of this is voluntary: we cooperate with corporate surveillance because it promises us convenience, and we submit to government surveillance because it promises us protection. The result is a mass surveillance society of our own making. But have we given up more than we've gained? In Data and Goliath, security expert Bruce Schneier offers another path, one that values both security and privacy. He shows us exactly what we can do to reform our government surveillance programs and shake up surveillance-based business models, while also providing tips for you to protect your privacy every day. You'll never look at your phone, your computer, your credit cards, or even your car in the same way again.

And there's a great quote on the cover:

"The public conversation about surveillance in the digital age would be a good deal more intelligent if we all read Bruce Schneier first." --Malcolm Gladwell, author of David and Goliath

This is the table of contents:

Part 1: The World We're Creating
Chapter 1: Data as a By-Product of Computing
Chapter 2: Data as Surveillance
Chapter 3: Analyzing our Data
Chapter 4: The Business of Surveillance
Chapter 5: Government Surveillance and Control
Chapter 6: Consolidation of Institutional Surveillance
Part 2: What's at Stake
Chapter 7: Political Liberty and Justice
Chapter 8: Commercial Fairness and Equality
Chapter 9: Business Competitiveness
Chapter 10: Privacy
Chapter 11: Security
Part 3: What to Do About It
Chapter 12: Principles
Chapter 13: Solutions for Government
Chapter 14: Solutions for Corporations
Chapter 15: Solutions for the Rest of Us
Chapter 16: Social Norms and the Big Data Trade-off

I've gotten some great responses from people who read the bound galley, and hope for some good reviews in mainstream publications. So far, there's one review.

You can buy the book at Amazon, Amazon UK, Barnes & Noble, Powell's, Book Depository, or IndieBound -- which routes your purchase through a local independent bookseller. E-books are available on Amazon, B&N, Apple's iBooks store, and Google Play.

And if you can, please write a review for Amazon, Goodreads, or anywhere else.

Posted on February 15, 2015 at 6:41 AM • 67 Comments

Comments

SoWhatDidYouExpectFebruary 15, 2015 7:57 AM

So, I expect that buying this book will elevate my position on the watchlist of the spooks.

SoWhatDidYouExpectFebruary 15, 2015 8:13 AM

I placed my order through Amazon, but they say the book is still only available as a pre-order. I selected free shipping (5-8 day delivey) but the expected delivery date is shown as March 9-12. Tha is more than 3 weeks out, perhaps to be expected for a "pre-order".

David Haywood YoungFebruary 15, 2015 8:47 AM

I got all excited, then also found that (1) it's a "pre-order" still, supposedly till 3/2, and (2) I'd already pre-ordered it anyway.

Looking forward to reading this once it becomes available. And life's an uncertain beast...but I do intend to post a review. Should be fun.

Rex RollmanFebruary 15, 2015 9:02 AM

I'm going to buy this but I will have to buy a paper copy; all of the electronic versions are DRM-encumbered.

BoppingAroundFebruary 15, 2015 9:32 AM

Bruce, can you offer some insights as to how do you write your books? Do you work on them steadily, say, several hours each day [bar the week-end] or do you work in a more burst-like fashion?

Thanks.

David Haywood YoungFebruary 15, 2015 11:52 AM

@Rex

If you see this...how do you know the ebooks are going to be DRM-encumbered? Did you find one actually available for purchase? Where?

I've got a couple of hours to kill this afternoon, so I'd love to buy a copy. Even with DRM if that turns out to be necessary. It's been years since I've been able to force myself to read a print book anyway.

requiredFebruary 15, 2015 11:57 AM

@SoWhatDidYouExpect
Yep, I had the idea of spreading out my book purchase to at least keeping private companies at bay. But Amazon, Amazon UK, Book Depository, Abe books, Goodreads ( and most of the other review book sites are owned by Amazon in one way or another ).

They have the best selection and best prices, it's hard to choose other when you don't have much of an income. And living in a tiny nation with terrible translations if any doesn’t help much.

So feel free to share any good websites (from the privacy perspective ) that sell books.

WaelFebruary 15, 2015 12:10 PM

@Keiner,

eeehm, really?

Originally, it's a story in some scriptures. If you want to split hairs more, I'll tell you the names are not accurate, and I'll leave it at that so I don't get into a different subject.

GweihirFebruary 15, 2015 2:25 PM

Amazon.de says "March 2nd" for the Kindle Edition.

As to "preventing terrorism" with surveillance, there is since yesterday now the second utter fail in a short time that confirms surveillance is worthless against terrorism. Not that there is any surprise here.

linux userFebruary 15, 2015 5:17 PM

Is there a place I can buy this ebook and read it with free and open source software? It doesn't look like any of the ones you linked to support Linux or Android without Google? :'(

DanielFebruary 15, 2015 6:30 PM

Obviously I haven't read the book but reading through the TOC I'm struck by what seems to me a glaring omission from the "what's at stake" portion: individual autonomy. Perhaps this is subsumed in some of the other topics like "privacy" or "liberty" but at least to my mind autonomy is a discrete concept that doesn't fall neatly into either of those two constructs.

AlexFebruary 15, 2015 8:43 PM

Really hope it isn't as dry of a read as 'Liars and Outliers'. That one was the first one of your books that I've picked up 3-4 times now and laid back down, still only about a 3rd of the way through. Just can't capture my attention for some reason.

Colonel PanikFebruary 15, 2015 9:47 PM

Mr. Schneier, Please tell me where to send YOU the money for one paper copy.
I will send a postal money order.

Better yet, tell me when you are going to be within 18 driving hours of ABQ NM
and I will come meet you and we can close the deal a la sneaker-net.
I will buy lunch, eh?


http://www.kob.com/article/stories/S3706563.shtml?cat=520#.VOFnvLuMy8M
Saw this billboard today. Aliens, and I do not mean from South of the Border.
w00t

P. MohammadFebruary 15, 2015 11:44 PM

Dear Prof. Scheiner:

Your books are not available in India in low cost edition. India is a big market with great security and privacy concerns and I think your books should be available in India with low cost edition.

Regards,
P. Mohammad

AndrewFebruary 16, 2015 12:39 AM

Congratulation on the book. I think its a small contribution to make the world a better place.
I'll buy an electronic copy, not because I really expect something new but just to rise its rating :).

ChristianFebruary 16, 2015 1:04 AM

I too was hoping for a DRM free electronic version. Isn't it a little ironic that I would have to go to Amazon, Google or Apple to buy this book in digital form?

Please consider going with O'Reilly, Springer or one of the other publishers that offer plain PDFs next time.

keinerFebruary 16, 2015 2:28 AM

@Christian

It's the typical irony of critics of capitalistic excesses like big data that such a book comes via Amazon and Google. It's the same farce as buying Che Guevara t-shirts. They simply eat up the critics and get even fatter with selling them. They pervert everything, including their own critics.

keinerFebruary 16, 2015 2:32 AM

...reminds me of the Matrix, the opposition is part of the game, to take away the worst pressure, but not having to change anything. We are part of this game. All.

Rex RollmanFebruary 16, 2015 5:08 AM

@David Haywood Young

Just an educated guess based on past experience with those stores (even though publishers have the option of not applying the DRM, they usually do). I was hoping it might be offered on O'Reilly, which offers a number of Bruce's books, but I am not seeing it listed.

Z.LozinskiFebruary 16, 2015 5:52 AM

Looking forward to this. My dead-tree version will not be available in the UK until 17 April 2015, according to amazon.co.uk.

Selective release must be quite irritating for authors who do want to build up a groundswell of reviews, especially the way the "bestseller" charts in places like the New York Times work. It also implies publishers haven't yet caught up with the Movie/TV industry who are moving to global release to reduce the opportunity for piracy.

random blokeFebruary 16, 2015 6:09 AM

Waiting on your book tour talks to hit youtube. Please tell me it's gonna be so Bruce? Are you even doing a "book tour" or talks based on your book?

Your talk based on "Liars and Outliers" was good. If a bit short at 60min. Could have listened and been attentive for much longer. As a person who nightly watches "talks" and that type of stuff, yours is always one of the top ones.


Bruce SchneierFebruary 16, 2015 6:35 AM

"I placed my order through Amazon, but they say the book is still only available as a pre-order."

Interesting. I believe that Amazon will ship the books as soon as they get them, which should be soon.

Bruce SchneierFebruary 16, 2015 6:36 AM

"I'm going to buy this but I will have to buy a paper copy; all of the electronic versions are DRM-encumbered."

Is this a problem for anyone? I buy all my e-books through Amazon, and strip off the DRM using Calibre.

Bruce SchneierFebruary 16, 2015 6:38 AM

"Bruce, can you offer some insights as to how do you write your books? Do you work on them steadily, say, several hours each day [bar the week-end] or do you work in a more burst-like fashion?"

Several hours each day sounds like a "more burst-like fashion" to me.

I work on my book pretty much all the time. If I'm not actually writing, I'm thinking about it. I do tend to write every day, sometimes a little and sometimes a lot.

Bruce SchneierFebruary 16, 2015 6:39 AM

"Will there be any audiobook version, anytime soon?"

I don't know. Not anytime soon, I think. Audiobooks involve some other company buying the audio rights and then making one. I don't think anyone has bought those rights yet, which means it'll be a while before there is an audio book.

Bruce SchneierFebruary 16, 2015 6:41 AM

"...reading through the TOC I'm struck by what seems to me a glaring omission from the 'what's at stake' portion: individual autonomy. Perhaps this is subsumed in some of the other topics like 'privacy' or 'liberty' but at least to my mind autonomy is a discrete concept that doesn't fall neatly into either of those two constructs."

It's in the "liberty" chapter. Yes, I know it's not really liberty. But if the chapter titles included everything that's in the chapters themselves, they'd be much too long.

Bruce SchneierFebruary 16, 2015 6:44 AM

"Your books are not available in India in low cost edition. India is a big market with great security and privacy concerns and I think your books should be available in India with low cost edition."

I have no idea if Norton does low-cost editions for high-piracy Third-World markets. Wiley did. Basically they decided that they would undercut the printed book pirates by printing and selling their own cheap editions. It was a clever idea, I think.

I don't know if Norton does this.

Bruce SchneierFebruary 16, 2015 6:46 AM

"Please consider going with O'Reilly, Springer or one of the other publishers that offer plain PDFs next time."

I went with a mainstream publisher because I want this book to reach a mainstream audience. Why don't you just rip the copy protection off? That's what I do.

WmFebruary 16, 2015 7:11 AM

"Your cell phone provider tracks your location and knows who's with you."

My cell phone is always off, except when I need to use it. Communication between me and my wife is encrypted text only over a throwaway. The throwaway phone is replaced from time to time.

"Your online and in-store purchasing patterns are recorded, and reveal if you're unemployed, sick, or pregnant."

I pay cash for everything. Never give out my phone number when requested (including to the clerk at the license plate office when she suddenly requested it).

"Your e-mails and texts expose your intimate and casual friends."
All emails to such use mixnym.net or A.A.M Direct
http://aamdirect.sourceforge.net/

"Google knows what you're thinking because it saves your private searches."
I use ixquick.com

"Facebook can determine your sexual orientation without you ever mentioning it."
I am not into myself and don't use such services.

Although it may be of little or no worth, I always use a cotse SSH proxy when browsing.

And to tweak what I believe is Bruce's anti gun stance, I carry a gun everywhere I go, ready to use it to defend my life at a moments notice, rather than just hoping that there is a cop nearby to save me so that I don't have to simply lie down and die before evil.

There may be flaws in the above (not including lawful gun possession by law abiding citizens), but I am at least trying. I am sure that Bruce's book might be helpful also.

Clive RobinsonFebruary 16, 2015 8:14 AM

As Bruce has mentioned "calibre" you can find out about it's native features and some plugins on Wikipedia.

However whilst it notes that the plugins are written in Python, it does not mention that some you might want to use require not just specific versions but libraries as well.

One good source of information on this is,

https://apprenticealf.wordpress.com/

However read the "copyright" notice carefully.

ChristianFebruary 16, 2015 9:11 AM

@Bruce: "I went with a mainstream publisher because I want this book to reach a mainstream audience. Why don't you just rip the copy protection off? That's what I do."

It's refreshing to read that you as the author suggest that I "rip off" the copy protection from the book that you wrote. But I think that buying DRMed content and breaking it for personal use still sets the wrong incentive. I want to support publishers that "get it" and offer DRM free content. I don't want to support the dominant position on ebook distribution that Amazon, Google and Apple already have. How can we work towards getting rid of DRM if we play their game?

I understand that you want your book to be read as widely as possible. I also don't have a clue about the publishing world. But is O'Reilly (or Springer etc.) such a niche player that the book could not have reached its audience if you had published with one of them? Amazon and Barnes & Noble carry their titles, so does my local book store.

The ebook reader that reports my reading habits to the publisher and limits the control over my personal copy just fits the book subtitle too well. I think this is a missed opportunity to take a more principled stand in this battle.

Also from a security standpoint, I'm reluctant to trust the output produced by a DRM cracking tool.

anonymousFebruary 16, 2015 9:11 AM

* sigh *

Wm • February 16, 2015 7:11 AM

And to tweak what I believe is Bruce's anti gun stance, I carry a gun everywhere I go, ready to use it to defend my life at a moments notice, rather than just hoping that there is a cop nearby to save me so that I don't have to simply lie down and die before evil.

There may be flaws in the above (not including lawful gun possession by law abiding citizens), but I am at least trying. I am sure that Bruce's book might be helpful also.


Wm, are you a plant by Bloomberg to make the rest of us gun-owners look stupid?

As I wrote in response to your comment at "Obama Says Terrorism Is Not an Existential Threat":

anonymous • February 4, 2015 10:03 AM

* sigh *

I get as frustrated as any other gun-owner (and gun-owner rights activist) when the usual skepticism about "security theater" gets jettisoned in regards to gun-owner control on this web site. However, this was not one of those instances.

The next time, please check your knee before you jerk it. You're making the rest us look like fools.

Doctor EvilFebruary 16, 2015 9:48 AM

Well, Wm, Bruce's book may be somewhat helpful for trembling, bedwetting pussies who are afraid to stick their nose outside the door without a gun. However, maybe you should eat a pound of Paxil instead. Nine out of ten cowards recommend Paxil!

keinerFebruary 16, 2015 9:52 AM

Gun owners BY DEFINITION are fools. Keep on filling the prisons, until half of your populations lives as inmates, heard it's a cool business model to have some private jugs...

y@ erpFebruary 16, 2015 11:01 AM

@keiner

Yeah, well, the next time some thug tries to bust in, you can try beating him to death with a book.

AndrewFebruary 16, 2015 11:15 AM

@WM
So youre still using a phone, right? Soon (if not already), there will be enough processing power to filter out your voice fingerprint from millions of simultaneous conversations, or to recognize your text syntax patterns in your internet messages.
Automatic face recognition is already better than human's so as soon youre on the street you will be located by some camera.
Elysium movie is already here, youre a bit too optimistic.

DamianFebruary 16, 2015 1:10 PM

Congratulations Bruce! I'll be ordering a copy shortly.

I started using the Internet back in 1991. Never in my wildest dreams would I have imagined it turning into the mass surveillance system that we have today! Back then there was a sense that if you took modest precautions you would be safe. Nowadays it feels like the only winning move is not to play.

David ThornleyFebruary 16, 2015 1:16 PM

@Wm:

I have a public life, which any three-letter agency is welcome to watch. It's easier, and if I were to decide to do something without being observed I know the drill and can keep my public identity active as a cover. I don't know if it's all those role-playing games, but I'm perfectly comfortable using different identities at different times.

packagedblueFebruary 16, 2015 3:07 PM

Pretty good Harold.

Waiting for the next book: Data and The Machine.

-
Person OF Interest
-

SoWhatDidYouExpectFebruary 16, 2015 4:57 PM

I think this is tied to the "Goliath" part of the thread...from Slashdot:

How "Omnipotent" Hackers Tied To NSA Hid For 14 Years and Were Found At Last

http://yro.slashdot.org/story/15/02/16/2031248/how-omnipotent-hackers-tied-to-nsa-hid-for-14-years-and-were-found-at-last

From the post:

"The money and time required to develop the Equation Group malware, the technological breakthroughs the operation accomplished, and the interdictions performed against targets leave little doubt that the operation was sponsored by a nation-state with nearly unlimited resources to dedicate to the project. The countries that were and weren't targeted, the ties to Stuxnet and Flame, and the Grok artifact found inside the Equation Group keylogger strongly support the theory the NSA or a related US agency is the responsible party, but so far Kaspersky has declined to name a culprit. NSA officials didn't respond to an e-mail seeking comment for this story. What is safe to say is that the unearthing of the Equation Group is a seminal finding in the fields of computer and national security, as important, or possibly more so, than the revelations about Stuxnet."

mooFebruary 16, 2015 6:41 PM

@Bruce:

"Is this a problem for anyone? I buy all my e-books through Amazon, and strip off the DRM using Calibre."

...Isn't that a violation of the DMCA? Maybe you shouldn't recommend that, even if its the obviously sane course of action in a world full of DRM-enamored publishers.

PackagedBlueFebruary 16, 2015 8:04 PM

Beats hell out of me...

How security and privacy follow forms and privacy, meet Data and :::

BuckFebruary 16, 2015 9:52 PM

Isn't that a violation of the DMCA? Maybe you shouldn't recommend that
Ha! I wonder if recommending law-breaking is a punishable offensive by any of these new anti-terror (free-speech) laws...

YouAreAllDoomed, MUHAHAHAAFebruary 16, 2015 11:32 PM


NSA Has Planted Surveillance Software Deep Within Hard Drives Since 2001: Kaspersky
http://www.ibtimes.com/nsa-has-planted-surveillance-software-deep-within-hard-drives-2001-kaspersky-1818398

The U.S. National Security Agency (NSA) has been planting surveillance software deep within hard drives made by top manufacturers, allowing it to eavesdrop on almost every computer in the world, according to Kaspersky Lab, a Moscow-based software security company that announced its findings Monday.

Kaspersky did not explicitly name from which country or intelligence agency the spying software was found, but former operatives from the NSA confirmed that the findings correlated with NSA activity, Reuters reported.

The NSA’s spyware lies within drives manufactured by Western Digital and Seagate, who deny that they had any knowledge of such programs. Samsung and Toshiba drives also contained the code, but both declined to comment.

AndrewFebruary 17, 2015 1:16 AM

If I was NSA engineer, I'd design the HDD/SSD spyware like this.

I'd ask TAO/Administrative to deliver the source code / access to firmware of all HDD/SSD manufacturers, so to know how to access their hidden functions. Some of them have been asked/forced to include such functions already.

Then, the module that got access to the target computer (zero-days/physical access/factory default) would install itself in a special reserved memory (for example where the firmware is) which is completely inaccessible/visible with regular access methods, format resistant etc.

This module would load first every time at system boot, before operating system and would allow commands from a command&control server to install further control/spyware modules (RAT).
This small code would also scan memory/documents for some keywords, based on computer language, and save a compacted version of any suspicious document in the reserved area, for further analysis, in case the computer is air gaped or remote control modules cannot be installed. This way, for a HDD/SSD of 500Gigabytes, a reserved memory zone of one hundred megabytes is enough to store everything important on that computer (chat logs, documents etc).

This kind of "reserved memory" probably already exists in every SSD/HDD/USB in the world, covered under firmware zone.

Clive RobinsonFebruary 17, 2015 2:00 AM

@ All,

Can we please take the "off topic" about the NSA TAO etc over to the current Fridy Squid page.

Having the conversation split over several threads makes it difficult for people to follow and a lot of stuff gets repeated.

Also it ruins this thread for people who want to stay "on toppic".

SoWhatDidYouExpectFebruary 17, 2015 5:40 AM

@Clive

Data is what is on my hard drive. Goliath is the set of 3 letter agencies (and their "guilt by association" friends). I think the posts you refer to are very much part of this discussion. However, I do think it would be smarter to put that infiltration into the computer chip directly (firmware, microcode, BIOS, UEFI) because the failure rate there is lower and disk drives are mostly filled with OS & crapware anyway. But then, what do I know about anything?

keinerFebruary 17, 2015 7:35 AM

@y@ erp

So you live in a part of the world where is war?! How about moving to some place where the finest country in the world recently brought peace? Iraq, maybe?

CallMeLateForSupperFebruary 17, 2015 8:07 AM

A heads-up re: IndieBound: its site would not load while I was running TOR in TAILS.
I did not try any of the other links.

Terry ClothFebruary 17, 2015 10:58 AM

Any chance of a paperback RSN?

I'd like to buy a dozen or so and send them to various people, but it would be a strain on my budget. ISTM bringing out a (mass-market?) paperback would be another good way “to reach a mainstream audience.” I wouldn't be surprised if you lose nothing by such a move—I know I'd buy the hardback for myself regardless of its availability in softcover.

BjörnFebruary 18, 2015 5:02 PM

I am also looking for the DRM free ebook, e.g. from O'Reilly (they have other Schneier titles). Is there a chance to buy your book DRM free somewhere soon?

timFebruary 19, 2015 12:10 AM

Malcolm Gladwell

Is there a version of the book without this blowhards quote on it? Some of us have standards.

Terry ClothFebruary 19, 2015 1:59 PM

@tim:

Malcolm Gladwell
Is there a version of the book without this blowhards quote on it? Some of us have standards.

As my great-grandmother used to say: “Even a blind chicken occasionally finds a grain of corn.” :-)

Tristan NitotFebruary 20, 2015 3:40 AM

Hi Bruce,

Somehow I missed your previous announcements about your upcoming book.

It happens that I'm writing one myself, in French, on pretty much the same topic!

I've started with what you called Part 2 then I'll be discussing what you've put in Part 1. What you've put in Part 3 is split into 2 parts in my book, but cover most of it.

I plan my book to be quite short (less than 100 pages) in order to be approachable to most people. It will be very inexpensive to buy.

Well, I'm glad that we both agree that this is a very important topic (and Im' glad that did not write your in French, otherwise I would have been able to compete with your writing!

Congrats on finishing it. I've already ordered my copy!

Best,


--Tristan Nitot

milkshakeFebruary 23, 2015 4:32 PM

from Ed Snowden, Reddit AMA, today: ...One of the arguments in a book I read recently (Bruce Schneier, "Data and Goliath"), is that perfect enforcement of the law sounds like a good thing, but that may not always be the case...

Chris RavnFebruary 26, 2015 9:32 PM

@Bruce Schneier:


Is this a problem for anyone? I buy all my e-books through Amazon, and strip off the DRM using Calibre.

Is this legal? Does it not go against the license of the purchased ebook?

BuckFebruary 26, 2015 10:39 PM

@Chris Ravn

It's all well and legal based on old precedents of the personal right to do as one wishes with purchased products. Never can be too sure with these newfangled robotic DMCA lawyers though... :-\

JustinApril 12, 2015 6:40 PM

Bruce,

I finally ordered the book. I think I somewhat understand how the data we generate in our day-to-day lives are being collected and correlated in a massive corporate/government surveillance regime. However, "we" don't have ownership or control over "our" data---maybe we can explore the bars of the prison we live in, but "we" don't decide what to do with "our" data---not only criminal records, mental health records, credit history, but library records, everything we look at online, nearly everything we buy, everywhere we drive, everywhere we take our cell phone, everyone we call, text, or email. Others (corporations and governments) "own" this information, and they profit in various ways by collecting and maintaining and sharing it in ways that are certainly not always in "our" best interests.

I don't see any real solutions, although I am interested to read what you propose in the third section of your book.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.