Bruce Schneier's Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World (Book Review)
No one explains security, privacy, crypto and safety better than Bruce Schneier, and while he's been talking about this subject for decades, it's never been more relevant, as his new guide to the post-Snowden world Data and Goliath demonstrates.
It's been nearly two years since the Snowden revelations, and we're nowhere near figuring out what to make of his revelations, but now there's a book that collects all the most significant facts, implications and insights from the debates and packages them in a way that is accessible, smart, and important.
Since the first Snowden leaks, we've been buffeted by new revelations that made it hard -- even impossible -- to understand exactly what kind of spying was taking place, under whose oversight, and what effect it was having. Schneier starts with the nature of data and surveillance in the Internet age, the way that data use and abuse can empower us or harm us (both individually or as a society), patiently steps through a condensed (but still representative) account of the leaks, and then combines all this in a powerful argument that out-of-control, unaccountable, mass-scale surveillance has harmed us, and presents an existential threat to a good, safe and just society.
The world is not becoming less computerized, after all.
Security technologist, commentator, and popular author Schneier was one of the first to analyze the documentation of NSA surveillance practices leaked by Edward Snowden. What he discovered fueled his mission to zap our complacency regarding “ubiquitous mass surveillance.” In this mind-blowing exposé, backed by 130 pages of revelatory notes, Schneier reveals exactly how all the information generated by our smartphones and computers regarding our exact location, communications, financial and medical transactions, everything we read in digital form, and every Google search is captured, stored, and traded. He elucidates the difference between data and metadata (an email’s content is data; all records pertaining to the sender, recipient, and routing are metadata), and explains how metadata is used to track our activities, interests, and concerns. With meticulously researched details and high-velocity prose, he outs the federal government’s intrusive “data mining,” the immensely profitable big-data industry, and the hidden collusion between them.
In the field of cryptography, a secretly planted "backdoor" that allows eavesdropping on communications is usually a subject of paranoia and dread. But that doesn't mean cryptographers don't appreciate the art of skilled cyphersabotage. Now one group of crypto experts has published an appraisal of different methods of weakening crypto systems, and the lesson is that some backdoors are clearly better than others—in stealth, deniability, and even in protecting the victims' privacy from spies other than the backdoor's creator.
In a paper titled "Surreptitiously Weakening Cryptographic Systems," well-known cryptographer and author Bruce Schneier and researchers from the Universities of Wisconsin and Washington take the spy's view to the problem of crypto design: What kind of built-in backdoor surveillance works best?
Neither Borgman nor Lohr truly grapples with the immensity of the big-data story. At its core, big data is not primarily a business or research revolution, but a social one. In the past decade, we have allowed machines to act as intermediaries in almost every aspect of our existence. When we communicate with friends, entertain ourselves, drive, exercise, go to the doctor, read a book—a computer transmitting data is there.
A jeremiad suggesting our addiction to data may have made privacy obsolete.
Prolific technological writer Schneier (Fellow/Berkman Center for Internet and Society, Harvard Law School; Carry On: Sound Advice from Schneier on Security, 2013, etc.) clearly examines how technology has transformed every interaction, noting how our intimate communications are now "saved in ways we have no control over." He suggests that most Americans remain unconcerned about the relationship between data and surveillance, due to the attraction of "free" products like Gmail. He focuses on the social costs of surveillance, which "puts us at risk of abuses by those in power—exacerbated by the fact that we are generating so much data and storing it indefinitely." He also argues that this "pervasive mass surveillance" will inevitably chill progressive movements—e.g., gay rights and cannabis decriminalization. The problem is more sprawling than most realize: Edward Snowden's revelations clarified "how much the NSA relies on US corporations to eavesdrop on the Internet," and corporations are using such technologies for their own ends.
In December of 2011, Tripwire published a list of security's top 25 influencers. More than three years later, we are pleased to announce a new list for 2015—The Infosec Avengers!
For each influencer whom we have selected, we include their Twitter handle, blog URL and reasoning for selecting them. We also include their answer for what infosec-related superpower they would choose to have.
After the online breach of JPMorgan Chase, cybersecurity awareness is growing in the financial world. But what exactly is cybersecurity (and cybervulnerability)? What can or cannot be done to make sensitive information more secure?
A leading computer security and privacy expert, Bruce Schneier is one of the world's most recognizable voices on cybersecurity, author of the popular security blog Schneier on Security, board member of the Electronic Frontier Foundation, and CTO of Co3 Systems.
Photo of Bruce Schneier by Per Ervland.
Schneier on Security is a personal website. Opinions expressed are not necessarily those of Resilient Systems, Inc.