Recent Comments


Note: new comments may take a few minutes to appear on this page.

April 16, 2014 4:32 PM

John J on Book Title:

Data and Goliath.

I hear you on the Gladwell thing, but as others have said, he's way too vague. And it's not as if "David and Goliath" is original at all. You're just taking a cue from the popular story just like so many others have...except you're actually putting a clever spin on it.

For another thing, if not for this blog post, (and even now that you mentioned it) it would still be almost no one who would notice. I mean, think about all the info you're talking about...someone would have to be familiar with both Gladwell and you, AND the chronology of the release of four different books.

While I understand your concern from an author's perspective, it's such a negligible concern when viewed in the grand scheme that I think it should not really weigh on the decision so much.

I just think of what you want to hear the news anchor say on the air as they're introducing you...

"And here with us to discuss, Bruce Schneier, security expert and author of the new book Data and Goliath: The Hidden Battles to Capture Your Data and Control Your World. Bruce, thanks for joining us."

I like Data and Goliath probably for the same reasons you do. I think not only does it have that catchy, memorable, "book titely" quality to it that publishers love so much...but it actually conveys what you're writing about. It actually does give the reader an idea of what the focus of the book is without even needing the subtitle. That's what you want.

I see a lot of mentions for "Data: the new currency of power", but that's too vague, and I don't think gives the same impression. Granted, I haven't read the manuscript, but I'm assuming you'll be addressing this inherent power struggle between the individual and "the powers that be" who would want his data such as to grow/maintain their power. And I think that's the important part of the debate.

Plus I'm not a fan of one-word titles that require subtitles. One word titling usually only works for fiction.

A few I haven't seen yet:

Big Data/Big Brother: How Your Information is the New Currency of Power

No Secrets: Power, Privacy, and Panopticon in the World of Big Data
(if panopticon is too much, you could replace it with "privilege". But I'd say there's enough other words in there that people do know, so it could work fine. Nothing wrong with teaching people a new word.)

Your Data, Our Power: The Battle for Control of Your Information in the Digital Age

April 16, 2014 4:32 PM

Carl A. Adams on Book Title:

From this list, I like "Permanent Record: ...". it is plucks at your memory about school records and the power teachers and principals had over your life. For me, this is a primal memory of the power data can have over you that goes back to adolescence, which is when many people start to really form world views of their own. It also doesn't hurt that it also trips the portion of my memory dedicated to Violent Femmes lyrics ("Kiss Off"), but that's less relevant and probably just says something about when I was a teenager in school.

I also like "Data: The New Currency of Power", as the mention of power underscores how important this really is.

April 16, 2014 4:28 PM

embarrasing, I know on Book Title:

hm.

how to keep biblical underdog story and battles without referencing david and goliath...

Out of E-Script: A Chronicle of the Battles to Control Your Data.

April 16, 2014 4:13 PM

Darzi on New Book on Data and Power:

Data, Metadata, and Mining - the modern three monkeys of power?

Look forward to the book, however can see why so many here say they'd rather you helped our (data) safety by working on the technical design instead.

April 16, 2014 4:04 PM

Gavin B. on Book Title:

Bruce - if you can make anything out of these you're v. welcome.

Spies Undone! - We're All Exposed Now: Data, Power, Control. etc

Bit Naked, Butt Naked - Data, Power, Control, etc
Big Data v. Little Us/Me/You ...
Data Spooks - Data means Control means Power.
Global Stalkers ... in your back pocket.
Jaw-dropping Eavesdropping ...

April 16, 2014 4:03 PM

FWIW on Book Title:

FWIW I like

Hunt and Gather: The Hidden Battles to Capture Your Data and Control Your World

and

Tracking You: The Forces that Capture Your Data and Control Your World

the best from the list.

April 16, 2014 4:02 PM

e.r. on Book Title:

Data. The hidden battlefield of power

April 16, 2014 4:02 PM

ليلة الدخلة, on Friday Squid Blogging: Squid Sex Organs:

You could possibly absolutely go to your skills within the work you're writing. The entire world hopes for much more ardent internet writers just like you exactly who are certainly not reluctant to mention how they feel. Everyday comply with your coronary heart.

April 16, 2014 3:52 PM

Fixer on Seventh Movie-Plot Threat Contest:

The Fixer
The head of the NSA is developing a serious Meth addiction and becomes increasingly paranoid about National Security. He believes that the US government is too weak because of conflicts between the major parties and decides to take matters in his own hand.
During the last year he built up a secret team of specialists he calls the “The Fixer”, the members of this teams are mostly hackers involved in Cybercrime and identified during regular NSA operations. After enough evidence is secured to land them in prison for a long time they got an offer to work as a fixer and enjoy protection and a good salary or spent a long future in jail.
A journalist is the first person to become a target after emails indicate that he is working on a story that the CIA is raising funds for secret operations by “taxing” drug traffickers.
The Fixer Team decides to lure the journalists to a meeting in South East Asia, promising details about another story the journalist is working on, and after the journalists arrives the Fixer access his laptop using 0 day exploits and plant encrypted files with a weak password on his machine in a hidden folder. The journalist is invited by his contacts to meet in a bar in a redlight district, to his surprise a highly attractive Asian woman shows up and after a few drinks she receives a call that the meeting will take place in a rundown hotel nearby. They walk over to the hotel and have another drink in the room and then he suddenly falls asleep.
He wakes up and finds local police in the room and a couple of naked girls next to him. His laptop is confiscated and the content analysed, it turns out there were encrypted files containing Child Porn on it. At the end the journalists is sentenced to 20 years in a local prison
After the success of this operation similar tactics are used against officials and judges and politicians to influence decisions, mostly it is already enough to call the target and tell them to open their laptop and then change the background to a more “provocative” one in realtime to ensure “cooperation”.

April 16, 2014 3:52 PM

anon on Book Title:

Data: The New Currency of Power

April 16, 2014 3:52 PM

Benni on Book Title:

I think "Permanent Record: The Hidden Battles to Capture Your Data and Control Your World" is the best, because that is what they want. They want a permanent record of all your data that you ever produce, and they want to store it indefinitely at best.

By the way, this are the recent comments of the OpenBsd developers on openssl:

http://freshbsd.org/search?project=openbsd&q=libssl

If I would not have to do other things now, i would like to join them much. If you are having some money, you should throw it at these curageous OpenBsd developers.

They are just getting the NSA and the german BND out of Unix TLS here. This is a major undertaking that they do here.

It is virtually unbelievable, what they have found already in openssl. A library like this should not be distributed in any Unix system.

Funny is this comment:

spray the apps directory with anti-VMS napalm.
so that its lovecraftian horror is not forever lost, i reproduce below
a comment from the deleted code.

/* 2011-03-22 SMS.
* If we have 32-bit pointers everywhere, then we're safe, and
* we bypass this mess, as on non-VMS systems. (See ARGV,
* above.)
* Problem 1: Compaq/HP C before V7.3 always used 32-bit
* pointers for argv[].
* Fix 1: For a 32-bit argv[], when we're using 64-bit pointers
* everywhere else, we always allocate and use a 64-bit
* duplicate of argv[].
* Problem 2: Compaq/HP C V7.3 (Alpha, IA64) before ECO1 failed
* to NULL-terminate a 64-bit argv[]. (As this was written, the
* compiler ECO was available only on IA64.)
* Fix 2: Unless advised not to (VMS_TRUST_ARGV), we test a
* 64-bit argv[argc] for NULL, and, if necessary, use a
* (properly) NULL-terminated (64-bit) duplicate of argv[].
* The same code is used in either case to duplicate argv[].
* Some of these decisions could be handled in preprocessing,
* but the code tends to get even uglier, and the penalty for
* deciding at compile- or run-time is tiny.
*/

April 16, 2014 3:48 PM

indrajit on Book Title:

My vote for - Data: The New Currency of Power. Simple and Powerful.

April 16, 2014 3:44 PM

Tom on Book Title:

Data to Power: Using Massive Surveillance to Control You

Surveillance of the People, by Big Data, for Controlling the People

April 16, 2014 3:42 PM

TPM on Auditing TrueCrypt:

Schneier,

What's your take on the Trusted Platform Module?

April 16, 2014 3:30 PM

Daniel on Book Title:

How about this twist: Data and Power: The Hidden Battles to Control Your World

April 16, 2014 3:27 PM

Maqp on Book Title:

How about "Tracking and Privacy: New economy of power"

April 16, 2014 3:24 PM

TJ on Book Title:

"Data and Goliath" implicitly affirms a Biblical frame of reference, allowing authoritarians to control the language and set the terms of the debate.

I like the Panopticon theme with a subtitle. It clearly defines the two classes of people, those with information and power and those deprived of information and power.

Data and information are the tools, but the struggle is essentially between two moral systems, a master-slave system vs. individual rights.

April 16, 2014 3:22 PM

Bobby on Book Title:

I would suggest : " Up to them : The Hidden Battles to Capture Your Data and Control Your World " or " No longer up to you : The Hidden Battles to Capture Your Data and Control Your World "

:)

April 16, 2014 3:16 PM

share on Friday Squid Blogging: Giant Squid Attaches itself to Yacht:

A person actually help to create really threads I'd personally point out. This can be a brand new I actually visited your online site and up to today? My partner and i shocked while using examination you made to generate this particular distribute remarkable. Great undertaking!

April 16, 2014 3:11 PM

RSaunders on Book Title:

I see you (or your publisher) is keen on the "Hidden Battles to Capture Your Data and Control Your World" subtitle idea, but I'll agree with other folks that it's too long. That said, I know Liars and Outliers had a subtitle, but I can't read it from here so I've forgotten it.

I think the message you've hinted at needs a more direct title, like Taken, Stolen, or Exploited. Any of these could have a subtitle like "Your Data and the Hidden Battle to Control Your World". Leaving the action work ("capture" in your suggestions) lost in the subtitle softens its effect. I perceive you're going the other direction. You should make the action up-front.

While I suppose Owned (or even Pwned) might be more direct, I'm presuming you want to sell a lot of books. A less precise word like Stolen gets the idea across to the less-geeky. Some might argue that it's not really stealing data because users succumbed to some "we won't do business with you if you don't let us keep data on you" scam, but I argue that taking my car is stealing even if my garage door is up.

I particularly like Stolen because ownership of data about you is one of the hard points you're going to need to discuss. Businesses will say they "own" the data on my usage, just as phone companies got the SCOTUS to agree to in Maryland vs ... . Nobody foresaw this interpretation of "who owns phone records" allowing the NSA to get phone records on you without even suspecting you of something. Since the data wasn't "your data" it was "the phone company's data", you and your lawyers don't even have standing to argue that this is a problem.

Maybe this isn't a big point in the book, and knowing what's in the book should inform your title-picking. Choose as action that makes sense in the main example in the book, and leave the title almost at that. Three words max.

April 16, 2014 3:07 PM

Joshua Brule on Book Title:

I strongly prefer "Data: The New Currency of Power"; catchy and to the point.

I also like "Data and Goliath", but it sound a little bit gimmicky.

April 16, 2014 3:05 PM

Neil in Chicago on Book Title:

There's a mismatch between the focus group here and your target market, I think. These, for the most part, are people who already know. If you're selling to people who don't, that's not the same.
My favorite is They Already Know, because it's creepy, which seems appropriate.

April 16, 2014 3:04 PM

name.withheld.for.obvious.reasons on Friday Squid Blogging: Bronze Giant Squid Sculpture:

@ Clive Robinson
Thanks for stating the less apparent--many are unaware of the extent, scope, and breadth of fascism in the U.S.

@ BJP

If you want sources; Public Intelligence, Muck Rock, Federation of American Scientists and others have FOIA document releases of information confirming what was stated. So many documents to reference that it represents a reading list that I posted a while ago.


There are two important components of my statement; the first is the qualification of "could" versus "has" in suggesting the action versus the act. Not trying to get all NSA up in here, just qualified the statement without hyperbolic (unbelieveably given the subject) prose.

The second component is from multiple sources; the codification in law of domestic targeting, the actions of the DoJ/DoD, the statements made by politicians and government officials, and programs/actions carried out in recent months. In essence public, and non-public, law supports the targeting of individuals using unknown processes, standards, and verifiable systems and have been used to target anonymous members, Julian Assange, the Guardian (a short list), and others on any one of the FBI's various list. Not judging the actions of any these persons/entities--the issue is--neither should the government without a) public law, and b) due process.

So the decision matrix and action list looks like this:
------------------------------------------------------

  1. Lists of hackers, that could be labeled hobbyists;

    Barnaby Jack, Aaron Swartz (FBI Lists)
  2. FBI admits active campaign against "hackers"
  3. FBI Morphs its charter/mission/legal framework to a INTEL bureau

  4. Legal rationale for U.S. domestic drone strikes,
    (Paul filibuster in protest of CIA Brennen nomination)
  5. DoD cyber warfare capacity/powers
    agency head of AN IC can declare war...PPD 20
  6. What are the list of IC's (Intelligence Community)members
    (Important question, statues and new authorities
  7. Statements made recent months by Pentagon officials (not off record, calling for summary execution of Snowden/Assange/Anonymous)

In summary:
Add it up--there is an organized campaign to target hackers--irrespective of the label hacker and how it was acquired.
All these secret lists, laws, files, and targeting systems (irrespective of the action) add up to the potential for what one would believe unthinkable. I want to know who is the maintainer of these lists--is there a listserv for subscription? People don't seem to understand the level of the invisible hand of power...the trigger finger twitches ready to fire without cause/reprisal/identification. Dead men don't tell tales.

April 16, 2014 2:58 PM

Nick P on Auditing TrueCrypt:

@ mike the goat

It's definitely suspicious. Yet, I ran my previous organization with cash, proxies, remailers, PGP, etc. That snoops of all kinds would draw a blank looking into me was fine with me. I asked customers to judge me on my references and the quality of my work. As I specialized in advanced threats, Im sure I dodged some metaphorical and literal bullets using that approach.

Truecrypt is made by people who love crypto and privacy. Looking back at cypherpunk movement, it wasn't unusual for people to have nothing IDing them but their key, alias, and writing/work. Truecrypt people are much more likely to be targeted than most of them were. Makes sense for them to stay in the shadows.

Of course, they could also be scheming pricks hiding their evils. Could go either way. Just wanted to point out there's legit reasons for operating anonymously if the opponent is TLA's from US to dictatorships.

April 16, 2014 2:38 PM

Annoyed on Auditing TrueCrypt:

@Mike the goat

Don't forget the fact that they changed their forum policy such that you need an email address from a paid provider (eg: traceable).

To add to that suspicion, my friend had an account registered with an AT&T email (paid) but it was still blocked with the explanation that too much spam comes from that provider.

So it appears they are either incapable or unwilling to filter spammers vs. non-spammers from a single ISP which begs the question, why the need for paid email providers? Why not just ban an entire block or provider when a spammer pops up?

April 16, 2014 2:30 PM

QM on Book Title:

What's the big deal about following "David and "Goliath" with "Data and Goliath"? By the time the book comes out, everyone will just think it's a fresh take on an old theme. After all, Gladwell was hardly original in his title. He'll probably appreciate any traffic he gets from the near miss.

April 16, 2014 2:29 PM

That Guy on Book Title:

-1 for "Data and Goliath" (Cute, but too cheezy IMHO)
+1 for anything with "Panopticon"; bonus points for invoking Michel Foucault
+2 for "All your Data are belong to U.S."

(h/t to the respective commenters)

Random ideas, not from the list -

Absolute Data Access Corrupts Absolutely
Nothing to Hide; Everything to Fear
The Revolution Will Be (Monitored|Recorded|Surveilled)
Total Information Awareness: A Rose By Any Other Name

April 16, 2014 2:24 PM

Man in Black on Book Title:

What about The Prestidigitation of Privacy:The Hidden Battles to Capture Your Data and Control Your World? Or is that too clever for it's own good?

@M4n_in_Bl4ck

April 16, 2014 2:22 PM

John Campbell on Book Title:

Resistance may be futile but...

Impedance can be fun!

April 16, 2014 2:11 PM

PJ on Book Title:

Data: The New Currency of Power is my favorite... but you probably already knew that... ;-)

April 16, 2014 2:02 PM

Clive Robinson on Friday Squid Blogging: Bronze Giant Squid Sculpture:

@ Figureitout,

A thought occurs,

Once upon a time, being a "Hacker" carried respect, then journalists corupted it to a "mark of Cain" or equivalent, now you would at best call yourself "an old school hacker" if using the word. And as we have seen Federal prosecutors use such changes in meaning to help obtain prosections...

I thus wonder how long it will be befor other old school terms become "crimes in the mind" where the meaning is twisted and those who use them or have used them become "enamies of the state. George Orwell kind of played with this idea in his later works...

Thus how long do you dare to use the term "Bit Banging" before it mutates... and being "a serial bit banger" becomes a serious crime in the mind of those who would put themselves of judgment over you?

It would be just a silly musing / joke if we could not already see it happening...

April 16, 2014 1:51 PM

Bob on Book Title:

Bruce,

I like the last one, by far. "Data: The New Currency of Power" It's concise and communicates your idea very effectively. I'll email you.

April 16, 2014 1:35 PM

Tom Noir on Book Title:

Screw Gladwell, 'Data and Goliath' is awesome. USE IT.

April 16, 2014 1:28 PM

Dennis on Book Title:

"Data: The New Currency of Power" impressed me the most, but judging a book by it's title, that one sounds like a different topic than all the others. I would go with that if it really fits the topic of the book.

I like: Tracked, Tracking You, They Already Know.
I don't like: Permanent Record, Hunt and Gather, We Already Know.
I have mixed feelings about: All About You, Data and Goliath.

April 16, 2014 1:28 PM

Dave Lugg on Book Title:

Digital Footprint: The Hidden Battles to Capture Your Data and Control Your World

April 16, 2014 1:25 PM

Just_Me on Book Title:

Dangit, name.withheld beat me to it, although my idea was a bit different:
All your Secrets are belong to US.

April 16, 2014 1:14 PM

EC on Book Title:

You've got Hacked

April 16, 2014 1:06 PM

Paul Kust on Book Title:

Count me in for "Data: the New Currency of Power".

Or perhaps "Permanent Record: Data as the New Currency of Power".

April 16, 2014 1:04 PM

Anura on Friday Squid Blogging: Bronze Giant Squid Sculpture:

https://blogs.oracle.com/security/entry/april_2014_critical_patch_update

Also included in this Critical Patch Update were fixes for 37 Java SE vulnerabilities. 4 of these Java SE vulnerabilities received a CVSS Base Score of 10.0. 29 of these 37 vulnerabilities affected client-only deployments, while 6 affected client and server deployments of Java SE.


Is it just me, or does it seem like Java needs a more frequent release schedule? Rule number one of keeping yourself secure on the internet: Disable Java in your browser. It's right behind keeping your software up-to-date and running behind a firewall.

April 16, 2014 1:00 PM

Milo M. on Book Title:

"The Value of Nothing"

Partly from the Oscar Wilde quote and the implication about the collectors in its first part.

Partly from the notion that the lower your e-footprint, the better off you are (e.g., avoid social media, etc.).

April 16, 2014 12:59 PM

John Campbell on Book Title:

It's not merely WHAT you know...

Nor is it merely WHO you know...

It is all WHAT you know about WHO.

(sighs)

If it weren't for an incredible lust for respect (via reputation) there would be no power in knowing things about people, for, there'd be no value to embarrassment.

April 16, 2014 12:59 PM

Anders on Book Title:

Resistance is futile. You will be indexed....

April 16, 2014 12:59 PM

NSA on Book Title:

Metadata: The New Measure of Power.

April 16, 2014 12:57 PM

Shawn Smith on Friday Squid Blogging: Bronze Giant Squid Sculpture:

Figureitout,

If you're calling the BASIC interpreter "the most butt-fucking ugly code I've ever seen," then I would think that you have not seen very much. Go back to the first year (1984) and behold the joy of seeing a C program where main is defined as an array of shorts with a mix of integers and characters--advertised as portable to both VAX and PDP. LOL. And I used to work at a small startup that was an offshoot of the company that employed the guy who wrote the winning entry in 1985 (shapiro.c). Although I never actually saw the stuff he did, I heard that his entry wasn't that much different from the stuff he wrote for work.

And yeah, I'm aware of the basic structure of Forth (postfix, like Postscript) and lately I've decided I would like to learn it, and possibly use it to swap out the ROMs on my Apple IIe at home. It's not the way I normally think, though, as I'm more of a prefix (LISP) kind of thinker. An anecdote along those lines--in the late '80s - early '90s Microsoft had a postfix-based screen editor, where you would select the text you want to work on first, and then issue a command on that text. Those who could think like that were able to get their editing done quite quickly, but I was never one of those people. My guess is that it was probably a result of my having learned Unix ed as my first programming editor. Oh, well.

April 16, 2014 12:56 PM

Anura on Heartbleed:

@Rob

The only place you would likely be able to see this is in TCP logs, which is probably not done unless you explicitly installed a TCP logging utility. That would probably be a gigantic logfile if it was detailed enough to detect the exploit.

April 16, 2014 12:52 PM

anonymous on Book Title:

How can we choose a title without even know what this book is about?

"Data: The New Currency of Power" may fit if this book is targeted to analyse how large corporations use our personal information to get profit.

"Tracked: The Hidden Battles to Capture Your Data and Control Your World" fits better on a book about NSA surveillance (that is anything except security centered).

"Permanent Record: The Hidden Battles to Capture Your Data and Control Your World" may fit on a book about how data is captured to form our (I hope soon declared illegal) public digital footprints.

Cannot believe anyone is seriously asking us to choose a title to a unknown book!

April 16, 2014 12:48 PM

POD on Book Title:

Tracked: +1

Captured: How Your Data is Appropriated by Opaque Entities to Determine Your Future.

Perhaps a Skosh hyperbolic but why not?

April 16, 2014 12:46 PM

Earle on Book Title:

Lik others above, I think the title needs to reflect the insidious nature of the omnidata capture...

"Every Breath You Take:"

"Exposed:"

"Betrayed:"

"You Are The Product:"

April 16, 2014 12:44 PM

Morgan on Book Title:

Single-word titles are awful. If you called your book "Data" or "Tracked," how could you expect anyone to find it by searching?

Familiar phrases are out, too, like "permanent record" and "all about you." If you're monitoring print, online, and social media for mentions, there's a lot of noise when you use a phrase that is or can be used in everyday conversation.

"Data and Goliath" is your best bet here. Who cares that Gladwell published a book with a familiar phrase? (See above.) If he didn't have his name and a built-in audience, he'd have trouble building buzz and tracking mentions. "Data and Goliath" is a unique play on words that should net you greater visibility.

What needs work is the subtitle. It's too long, wordy, and moderate. You need something punchier, like:

"The Covert War to Master Your Fate"
"The Covert War to Control Your Destiny"
"The Covert War for Your Life, Liberty & Identity"

"Hidden Battles" is soft. "Capture Your Data and Control Your World" is too specific. You're thinking like an engineer. You have to ask yourself, "What's going to rattle people into action?"

With your subject matter, you have an opportunity to strike at what your readers value most—their independence and autonomy—so you need a subtitle that plays well with "Data and Goliath" and which communicates the stakes of that conflict.

April 16, 2014 12:38 PM

S-boxVertigo on New Book on Data and Power:

Just for the sake of brainstorming, consider:

Data Siphoning: The Powerhouse of the Information Age

I wouldn't linger too much on it. After all, a title may kindle interest, but the real value is in the content.

April 16, 2014 12:37 PM

Paul Coddington on Book Title:

"Data: The New Currency of Power" or "All About You: The Hidden Battles to Capture Your Data and Control Your World".

April 16, 2014 12:35 PM

SG on Book Title:

"So long, and thanks for all the (or your) data"

April 16, 2014 12:29 PM

Luke on Book Title:

Agree that "Data and Goliath" is probably too good to pass up -- Gladwell's titles are so generic it would be hard not to bump into them once in a while.

"Permanent Record" is also very evocative, but I'm not sure if the phrase has the same impact outside of the U.S.

April 16, 2014 12:27 PM

Arclight on Book Title:

"Person of Interest: Big data and you"
"Panopticon: The rise of Big Data"
"Power, Privacy and Persuasion: How Big Data drives public affairs"
"I Am a Number: Big Data and the Asymmetry of Power"


Arclight

April 16, 2014 12:23 PM

Colin on Book Title:

Data & Golliath is certainly the cleverest (and don’t worry about aping Gladwell — if the name fits use it). But “Forces” is a better subtitle. “Hidden Battle” makes it seem like it will tell me about “other vs. other” whereas the “Forces” subtitle seems like it’s about *me* vs. other. (It’s more personal — it connects.)

“Tracking You” would be my second choice for a book title, again because it connects the book’s contents to the individual. "Why should I care about this book?” Because it’s going to tell me about something that’s happening to *me*.

April 16, 2014 12:14 PM

name.withheld.for.obvious.reasons on Friday Squid Blogging: Bronze Giant Squid Sculpture:

@ Nick P, Figureitout

...serial bit-banged pc with 2k/RAM.

Reminds me, as a hobbyist in the 70's, of purchasing static RAM DIP 1Kx8 for $10 a piece for building a Z80 based project during my wasted years of technological learning/training. Today a hobbyist could be labeled (and this has happened) as a hacker and automatically selected for drone targeting by the U.S. government to assist in the application of lethal force....

Be very, very, quite...I'm hunting hackers. Something Elmer Fudd would say, and the DoJ/DoD but without the comical effect.

April 16, 2014 12:13 PM

Duvane on Book Title:

I do like "Data and Goliath", but riffing on that, how about "Data and Leviathan"? (Depending on how much one appreciates Higgs.)

April 16, 2014 12:10 PM

Anura on More on Heartbleed:

@Kevin Lyda

Regarding https://tools.ietf.org/html/rfc6520 , isn't it a problem that the response must contain a copy of the data sent? Isn't that a possible attack vector?
For cryptanalysis, isn't knowing that the same text is being encrypted by the same key a useful thing to know? I'm not clear if TLS is using the same key to encrypt in each direction of course, but if it is this seems like a problem.

Even if it was the same key, at best it falls under the realm of a known plaintext (but the plaintext itself isn't actually known to the attacker, so it's not even thant). Ciphers are designed to be secure against known and chosen plaintext attacks with ridiculously large numbers of plaintexts.

The big problem is that it's completely pointless to allow 65535 bytes of data. I don't see any reason not to just hardcode the damned thing to one byte (justifying the need for a heartbeat in the first place is another matter entirely).

April 16, 2014 12:06 PM

Ben on Book Title:

Bruce,

I like a mash-up of two titles you suggested:
Permanent Record: The Forces that Capture Your Data and Control Your World

As others have mentioned, Permanent Record resonates with me, and I like the subtitle from Tracking You better as the battle has largely been an uncontested grab more than a fight between two forces.

April 16, 2014 12:02 PM

yesme on Book Title:

"The Eagle and The Hawk"

"Hawks in Control"

"Hawk Eye View"

"The Hawk and the Data"

April 16, 2014 11:59 AM

name.withheld.for.obvious.reasons on Book Title:

To appeal to youth I suggest the following titles:
All your Data are belong to U.S.
Pwned Bits; Your Data, Mein Fruit (Formerly Kanf)

April 16, 2014 11:55 AM

Walter on Book Title:

Tracked... It's powerful and direct, yet personal.

April 16, 2014 11:54 AM

Winter on Book Title:

"What they don't know can't hurt you."

That is very wrong. When they do not know where you are if you call for help, that will most definitely hurt you. More examples are easy to get.

April 16, 2014 11:53 AM

penkapp on Book Title:

Your Data: The New Currency of Power

Add the word "your" to the beginning.

April 16, 2014 11:52 AM

Speed on Book Title:

Security and Power. What they don't know can't hurt you.

April 16, 2014 11:51 AM

René Bastien on Book Title:

How about this. Big Data, Small World; the Ongoing Battles to Capture Your Data and Control Your World.

I am looking forward to reading your new book.

April 16, 2014 11:45 AM

Fortune on Book Title:

I like All Your Data Can And Will Be Used Against You. Very good, Jur.

I forgot to mention that those things we "trade" data for is not even a consensual arrangement. I never agreed to the privacy policies of websites of scripts, images, and videos that get embedded by website owners and users. I usually don't even know it's happening. Google (DoubleClick, Blogspot, YouTube, Google APIs), Facebook, Twitter, Instagram, Flickr, and Amazon all take data even if I don't have an account, opt not to use them, or don't even know what they are.

On the state level: Unelected people collect my data, but more importantly have blackmail material of the people I voted for and the ones I voted against... and even more more important: they have the power to spy on grass roots movements. Political issues I may not even know about could be squashed before I or most other people hear about them, through various methods but probably mainly propaganda and subtle nudges. Not to mention the biggest military is also the biggest spy on civilians of all nations, including its own.

April 16, 2014 11:40 AM

Claudiu on Book Title:

How about: "1984,Today :Big Brother is watching every bit". Just a sugestion.

April 16, 2014 11:33 AM

bryan on Book Title:

I like "Data: The New Currency of Power", but that could just be connotative bias because all the others are similar.

"Control Your World" isn't wrong, but runs close to the type of phrasing I might dismiss out of hand as conspiracy-theory nonsense like "Control the World".

Your term "digital fiefdom" from a speech really struck me. Something in the vein of "Digital Fiefdom: How Modern Technology Consolidates Power and Conspires Against You"? That's probably too narrow for your entire book and/or sounds too much like saying the sky is falling.

April 16, 2014 11:33 AM

Fortune on Book Title:

Permanent Record: The Hidden Battles to Capture OUR Data and Control Your World

Permanent Record is a concept people are already familiar with. It's accurate and concise. Good metaphors from the old school physical world to abstract concepts involving technology are extremely rare. Please do not sacrifice it to make a pun, as great as puns are.

Data as currency is a harmful metaphor and should be drop from our vocabulary except for the purposes of explaining propaganda/marketing to younger generations. Currency can be spent once. Data can be used forever. Currency can have one owner. Data can be held by many.

Currency has a face value. Data does not. Currency is fungible for other currency. Data is not. Currency decreases in value. Data from a person's childhood becomes more valuable when they are able to vote and spend money and when they have more debts and less security.

Currency has the same value to me as an organization with server farms and botnets. Data does not. Holding on to currency is only immoral if I spend it on something bad. Data can be something I don't have the right to in the worst case scenario or something that is a liability (mostly to someone else) in the best case.

Currency is not something that can bite me after I give it away or after it gets stolen. Data can harm the person whom is the subject of it, their family, their friends, their coworkers, their fellow consumers, and their fellow citizens anytime just one of the holders of that data is willing, able, and not legally restricted from exploiting that data.


This does not even go into the fact that exposure of data is never a fair trade for something, the harm bubbling of search engine results, reading material, and advertisement does to people, the failure of these models to make more money than traditional advertisement based models, or the fact that gratis based business models existed long before this new model allegedly based on exchanging data for services.

---

The word We to refer to the data holders should be They, since a tiny minority of people hold data indefinitely, let alone have the ability, legal "right", or sociopathic tendency to exploit it without consequence. We is a utopian promise and a lie. The word Tracked conjures up paranoid movie plot style paranoia instead of the action of mass aggregation of data from various sources for mass manipulation. (The holder of data may not even be the tracker.)

Whatever title you choose should reflect that this is a collective problem. It's not about me and it's not about you but it affects us because the mass of people are being exploited and manipulated. It's all of Our data and that's why it's even more dangerous.

April 16, 2014 11:31 AM

asdf on Book Title:

"Data and Big Brother: ..."

April 16, 2014 11:29 AM

asdf on Book Title:

+1 to "Tracked: ..."

April 16, 2014 11:29 AM

Petréa Mitchell on Book Title:

What audience are you trying to reach the most? If the largely uninformed general public, then my top pick would be the first title; if it's a more the tech-savy layman, then the last one.

April 16, 2014 11:25 AM

Nan on Book Title:

From a gut level I prefer "Hunt and Gather", maybe because it stands out from the others. Security-related book titles (and IT books in general) tend to be strung together from the same small pool of words.

April 16, 2014 11:22 AM

Jur on Book Title:

All Your Data Can And Will Be Used Against You

April 16, 2014 11:21 AM

nat on Book Title:

"Tracked:..." for me has the strongest potential to make an impact/grab attention, followed by "They Already Know:...", though the latter comes off a little glib.

April 16, 2014 11:18 AM

Jur on Book Title:

Appetite For Data: The Hunt For Your Digital Footprint

April 16, 2014 11:18 AM

George on Book Title:

Battle's already fought, and won, by the intel community, so preferable titles are

Permanent Record: The Hidden Surrender of Your Personal Data
They Already Know: The Hidden Surrender of Your Personal Data
Permanent Record: The End of Data Privacy

April 16, 2014 11:15 AM

Joe on Book Title:

+1 for "Data: The New Currency of Power". Nice and simple. What bothers me about the other ones is the whole "Control Your World" which seems a bit over the top..

April 16, 2014 11:02 AM

AnonDev on Book Title:

I vote against "Data: The New Currency of Power" because of the implication that something is new in the gathering and storing of data and information in attempts to exert power and control over others and over society. Reading recently about spying in Elizabethan England certainly brings home to a person that not much has changed except the raw Horsepower available.

Some new ones:

Who Has Your File?
The battle for your data and your world

Have You Seen Your File?
The battle for your data and your world

Who Has Your File?
Your Data and Your World in the Information Age

To Know You is To Control You
The battle for your data

The Gathering of You
No Stone Unturned

Knowing Me, Knowing You
Our Data in the Information Age

Do You Know Where YOUR Data is?

Who Owns Your Mind?
Your Data in the Information Age

Controlling the Data, Controlling the Future

Collect It All
The Battle for Your Data and You

etc etc.

April 16, 2014 11:01 AM

rob on Book Title:

I very much like something along the lines of the suggested "Panopticon: The Massive Hidden Initiatives to Capture Your Data and Control Your World". Maybe it is a bit unwieldy, though? The 'massive' could be cut and maybe ... well how about:

"Panopticon: Hidden Initiatives to Capture and Control Your On-line Life"

(omitting the 'The' is also significant, BTW)

From the list, I like "Tracked: ..." and "Permanent record .."

April 16, 2014 11:01 AM

MS on Book Title:

Permanent Record is almost certainly the best, as it sums up in two words what the whole issue is: you do in fact have a permanent, inescapable record, much worse than the school records to which the title refers. "Permanent record" gives you an easy lead-in chapter to explain the whole premise of the book for dumb reporters and book reviewers. "Chapter 1. When I was a kid and we did something wrong, we used to talk about it going on your permanent record...."

"Data" is far too generic. Soybean crop records are data, but not dangerous. Half the population couldn't even tell you what "data" is.

"Permanent Record". "On Your Permanent Record". Something like that.

I suggest you do an A/B test using Google Adwords, like this:

http://thulme.com/2010/10/64-the-4-hour-workweek-escape-9-5-live-anywhere-and-join-the-new-rich/

You just run ads for both (or all) of the prospective titles, see which ones are actually appealing to people.

April 16, 2014 10:58 AM

paul on Book Title:

I like "Tracked:..." followed by "Data: the new currency of power."

Depends a lot on your target audience. (If you want to go mainstream it might even be "Tracked!" and a bunch of plays on tracking vs hacking.)

April 16, 2014 10:58 AM

PonyAdvocate on Book Title:

Suggestion for main title: "The Lidless Eye". It has the appropriate sense of amorphous menace, I think. Tolkien mavens will recognize it as a metonym for Sauron. Also, didn't the Total Information Awareness program have a creepy logo, of which an eye was a part?

I suggest verbing up the subtitle a bit, e.g., "Capturing Your Data, Controlling Your World".

April 16, 2014 10:54 AM

greg on Book Title:

"Permanent Record" is the most insidious and dangerous part of data collection and data in general.

April 16, 2014 10:51 AM

Greg on Book Title:

Permanent Record:

is the title I like the best.

April 16, 2014 10:50 AM

Winter on Book Title:

@Carlo Graziani
"Panopticon: The Massive Hidden Initiatives to Capture Your Data and Control Your World"

Then a reference to the fact that the Panopticon makes everyone an inmate would be better.

For instance:
"Panopticon: How total data capture makes all of us prisoners"

That might be a bit over the top.

April 16, 2014 10:46 AM

xd0s on Book Title:

How about

The Currency of Power: Establishing Control by Grabbing Data

Also agreed that despite the commonality with Malcom, Data and Goliath is pretty good.

Of those listed:
Data or Permanent Record are my favorites.

April 16, 2014 10:45 AM

Rob on Heartbleed:

So far I have been unable to find any solid information on how a site or server can determine if they have been attacked with the Heartbleed vulnerability. Is there any fingerprint left in the logs of a standard Apache2/OpenSSL configuration with production level logging (ie. NOT set to 11)?

April 16, 2014 10:45 AM

Carlo Graziani on Book Title:

I don't like "battles" in the subtitle, because it strikes me as excessively dramatic, without describing the narrative very accurately. So far as I'm aware, the NSA, Google, Facebook, etc. have not really fought any secret battles -- during the time when what they were doing was secret, they simply took what they wanted without much opposition at all. Opposition took shape after disclosure. If I'm wrong, and you do really describe secret disputes in the text, then perhaps "Struggles" is still better than "Battles" as a summary of the thesis of the book.

Otherwise, "Hidden Drives", "Hidden Initiatives", "Hidden Efforts", "Hidden Programs". Perhaps these could be modified by "Massive", which is certainly accurate.

As for the main title, what do you think of "Panopticon"? From Wikipedia:


The Panopticon is a type of institutional building designed by the English philosopher and social theorist Jeremy Bentham in the late 18th century. The concept of the design is to allow a single watchman to observe (-opticon) all (pan-) inmates of an institution without them being able to tell whether they are being watched or not. Although it is physically impossible for the single watchman to observe all cells at once, the fact that the inmates cannot know when they are being watched means that all inmates must act as though they are watched at all times, effectively controlling their own behaviour constantly. The name is also a reference to Panoptes from Greek mythology; he was a giant with a hundred eyes and thus was known to be a very effective watchman.

Looks very apposite to me (I didn't notice the connection to the NSA scandal myself, BTW, it was in some article whose source I've unfortunately forgotten).

So, the candidate title would then be something along the lines of "Panopticon: The Massive Hidden Initiatives to Capture Your Data and Control Your World"

April 16, 2014 10:43 AM

Jim on Book Title:

How about "Data: Because people in power can't buy understanding" ?

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..