More Data and Goliath News

Right now, the book is #6 on the New York Times best-seller list in hardcover nonfiction, and #13 in combined print and e-book nonfiction. This is the March 22 list, and covers sales from the first week of March. The March 29 list -- covering sales from the second week of March -- is not yet on the Internet. On that list, I'm #11 on the hardcover nonfiction list, and not at all on the combined print and e-book nonfiction list.

Marc Rotenberg of EPIC tells me that Vance Packard's The Naked Society made it to #7 on the list during the week of July 12, 1964, and -- by that measure -- Data and Goliath is the most popular privacy book of all time. I'm not sure I can claim that honor yet, but it's a nice thought. And two weeks on the New York Times best-seller list is super fantastic.

For those curious to know what sorts of raw numbers translate into those rankings, this is what I know. Nielsen Bookscan tracks retail sales across the US, and captures about 80% of the book market. It reports that my book sold 4,706 copies during the first week of March, and 2,339 copies in the second week. Taking that 80% figure, that means I sold 6,000 copies the first week and 3,000 the second.

My publisher tells me that Amazon sold 650 hardcovers and 600 e-books during the first week, and 400 hardcovers and 500 e-books during the second week. The hardcover sales ranking was 865, 949, 611, 686, 657, 602, 595 during the first week, and 398, 511, 693, 867, 341, 357, 343 during the second. The book's rankings during those first few days don't match sales, because Amazon records a sale for the rankings when a person orders a book, but only counts the sale when it actually ships it. So all of my preorders sold on that first day, even though they were calculated in the rankings during the days and weeks before publication date.

There are few new book reviews. There's one from the Dealbook blog at the New York Times that treats the book very seriously, but doesn't agree with my conclusions. (A rebuttal to that review is here.) A review from the Wall Street Journal was even less kind. This review from InfoWorld is much more positive.

All of this, and more, is on the book's website.

There are several book-related videos online. The first is the talk I gave at the Harvard Bookstore on March 4th. The second and third are interviews of me on Democracy Now. I also did a more general Q&A with Gizmodo.

Note to readers. The book is 80,000 words long, which is a normal length for a book like this. But the book's size is much larger, because it contains a lot of references. They're not numbered, but if they were, there would be over 1,000 numbers. I counted all the links, and there are 1,622 individual citations. That's a lot of text. This means that if you're reading the book on paper, the narrative ends on page 238, even though the book continues to page 364. If you're reading it on the Kindle, you'll finish the book when the Kindle says you're only 44% of the way through. The difference between pages and percentages is because the references are set in smaller type than the body. I warn you of this now, so you know what to expect. It always annoys me that the Kindle calculates percent done from the end of the file, not the end of the book.

And if you've read the book, please post a review on the book's Amazon page or on Goodreads. Reviews are important on those sites, and I need more of them.

Posted on March 19, 2015 at 2:35 PM • 15 Comments


Paul BayMarch 19, 2015 2:49 PM

Bruce, I attended the Edina, Minnesota book signing last night. You gave a very thoughtful talk about the book, and then had a good Q&A, prior to the signings. I have finished the book, and thought it was insightful. The issues surrounding privacy and data collection you brought up deserve public discussion. I hope other people 'enjoy the book' as much as I did. ;-) Paul

vas pupMarch 19, 2015 3:32 PM

Q#1: When we going to see presentation of this book on C-SPAN 2 Book TV?
Q#2: When Russian and Chinese translation will show up (I guess Ed Snwdn could help you with his current contacts)?
Book is good.

Z.LozinskiMarch 19, 2015 4:06 PM

It's good to see the reception - all contributions to the privacy and/or security debate are needed right now.

You'll get another blip in the actual sales when the book is published outside the USA. But I have no idea if/how that is reflected back to you - eg Amazon UK is currently saying orders will arrive Tue 5 May 2015.

I'm sure your publisher has this sort of thing under control, but getting them to send review copies to 'The Economist', 'New Scientist' and the 'New Statesman' before UK publication has a lot going for it.

TomMarch 19, 2015 7:39 PM

Congratulations, Bruce. I'm pleased that the books is doing well. And I'm relieved that WSJ didn't like it—it would be worrying if they did.

Starship Buzzing ByMarch 19, 2015 7:40 PM

Mr Knee makes an interesting and revealing comment when he states the following:

Mr. Schneier’s use of concrete examples of bad behavior with data will make even skeptics queasy and potentially push the already paranoid over the edge

I believe he is speaking with confidence there on his own viewpoint, which is common: a skeptic, whose reading of the book made him literally wince, and not without paranoia on the possibilities. Note the later statement he made theoretically, the former he stated as a fact. This indicates that he has some level of paranoia.

The majority reaction to such an "omnipotent" and "omnipresent" system is very much like this.

O'Neil states:

Wait, before we move on, who is more pro-democracy, the guy who wants to stop totalitarian social control methods, or the guy who wants to leave it to the opaque authorities

I would suggest there are 'waves of the future' involved in these things (and matters not stated) that we can expect three major components of the future global system: 1. No more secrets, relatively speaking. eg, 'what is whispered in secret will be shouted from the rooftops'. 2. Number one precludes number two, but worth mentioning as a truly separate point: this means opaque governance will be gone. 3. true collective governance (not to be confused with simplistic communist or democratic systems currently existing, but can be seen as shadowed by democratic systems including the very sort making form in modern internet systems)

There is one aspect of the intelligence 'big data' systems which is not getting much discussion, and for good reasons. That is on the usefulness for these systems as defensive not just against "terrorism", but also against destructive, 'offensive' intelligence.

I recall Mr Schneier pointing out a few data points early on in the book in these regards, data points I take he obtained from the Snowden documents. They are interesting. For instance, friendly spies on foreign shores are tracked and with them data is collected on handsets around them. This might reveal foreign spies previously undetected. Or, patterns of handsets where batteries are taken out are examined. For instance, are a number of handsets showing their batteries taken out in a movie theater? A pattern there could reveal potentially previously unknown spies.

From Snowden documents or not, that is, of course, some level of "throwaway" information, as Snowden documents generally were such designed for wide, if internal, dissemination. So, for instance, these possibilities probably were already well on foreign spies radars. Though smaller nations would be likely not so able to evade such systems.

My point is: would such a system of intelligence 'big data' really not have potentially profound capacities for detecting previously unknown foreign intelligence networks operating underground?

I think they very much would, and I think they very much do.

Schneier kind of goes deeper into this, for instance, pointing out facial recognition technology and how it can be used to build up profiles of people via internet content. What if someone is using disguise? Then, they will not be on the internet much, will they? 'If you are not on the internet, you do not exist'. And people who 'do not exist' are very strong likely people who are very interesting to find.

One might argue that a simple solution to that problem is to utilize disguises that rely on real people. This would be an even more problematic and revealing indicator: a person who exists in two or more places at once at the same time?

More complex systems of legend creation would have to be created, however considering the pace of the delivery of the mass intelligence system against the pace of reactive solutions, there gives little hope there. While it is relatively trivial to create social network and other internet presence, it is a little more difficult to backtrack all of that data in a way which well mimics real data from real people who actually exist.

And the errors from such a system being created too late would be tremendous in giving out entirely new indicators. New indicators which would greatly increase the level of shutting down signal to noise.

Doc SportelloMarch 19, 2015 9:04 PM

Thanks for sharing the information on book sales.

I purchased my copy via Apple's iBook store. Do you have figures for that? And was it available on any other services?

Starship Buzzing ByMarch 20, 2015 1:33 AM


Kaspersky Lab

Off topic, but yes, I think if some guy trained at the CIA or FBI and then went to found an antivirus company, some suspicions would remain that maybe he is not so "former" as he presents himself. Eugene Kaspersky, further, does not hide the fact of his continuing close ties to the FSB.

I know FireEye quite well, and they do have very deep ties to the US Government. I might go even further and point out the eEye CTO/CHO Marc Maifrett went to work with their early company as CTO. eEye -> FireEye? Anyone? Sound kind of familiar?

No offense intended to Marc. His dad was a janitor, not some super-super spook. And, he is a super nice guy. Point is FireEye probably was influenced - somehow, someway - by the uber mysterious eEye Digital Security.

Whose primary customer was the department of defense.

Point being, I can see why none of that makes anyone scratch their heads. But, Kaspersky? Either you are an idiot or you are a Russian spy to have that not cause reason to scratch your heads.

Still, so far, in terms of "winners" in regards to disclosures of mass spying by nations: China has been engaging in mass economic espionage, attested to by countless corporations. Russia, far more sneaky about everything, tends to work via their local and eastern european criminal rings. Something not yet hitting the presses, but true.

The US? Overzealous in looking for spies and terrorists.

The systems they have built I will state are potentially highly dangerous for a democratic nation -- or any nation.

The major damage they have caused currently is scaring the *** out of people, however, and killing much online and offline speech and action. People are scared - and rightly so - of a system called, consistently "omnipotent" and "omnipresent".

Make no mistake about it, while the US allows for ample free speech and other rights, their systems are full of corruption, just like any other. Great show to alert people to: Death Sentence Stories by Robert Redford, narrated by Susan Sarandon. But, even the most minorly critical of shows or any sort of speech or action is not at all allowed in Russian or Chinese nations.

Good to be critical of systems that might actually have some even remote hope of responding to that criticism. Not good to play it up that far worse corruption is not endemic in the vast majority of the world. Does no one a favor. Unless you are, like, the resident FSB agent.

Well,then you get a very meager paycheck, a bit of allure and a bit of an interesting life, and no hope beyond that. You know. You sold your soul for some coin.

Nick PMarch 20, 2015 11:17 AM

@ Alex

Thanks for the link. Great writeup that added necessary details to what I already believed about them.

Bill K.March 20, 2015 7:54 PM

Dear Bruce,

indeed congratulations for what appears to be a truly fantastic work.

Let me state in Europe we are really disappointing by the release date in Europe.

We must wait more than one month to get the book. What is going on? My colleagues are thinking of pirating it!

Anyways, looking forward to reading it.


Bob PerdriauMarch 20, 2015 8:07 PM


I'm not quite finished with the book but I really love what you have done with it. I am referring as many people to it as I can.

One question. I bought the hardcover. Is there a place where I can get electronic access to the very large number of references included?


vas pupMarch 26, 2015 8:51 AM

Bruce, on p.173 you stated that POTUS executive order(s) are nor subject for court decisions because they are not law. I guess that is not like this, e.g. Federal Judge put breaks on
POTUS' recent executive order related to immigration, meaning in the US no legal act of any branch of the Government is exempt from challenging in the court as best of my humble understanding. Please clarify why PDD 12333 you considered being exempt.

Recent events confirmed that humans are the weakest link in security (as your stated in your books many times) including aviation:

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.