News: 2015 Archives
The Security Reading Room: The Best Information Security Books of 2015
Excerpt
Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World: Bruce Schneier could have justifiably written an angry diatribe full of vitriol against President Obama, his administration, and the NSA for their wholesale spying on innocent Americans and violations of myriad laws and the Constitution. Instead, he has written a thoroughly convincing and brilliant book about big data, mass surveillance and the ensuing privacy dangers.
Audio: Bruce Schneier on the Golden Age of Surveillance
Listen to the Audio on TheTechnoskeptic.com
Internet security expert, privacy advocate, and author Bruce Schneier speaks with the Technoskeptic about the public-private surveillance partnership that monitors everything we do, and what needs to happen in order to restore our privacy.
Cyberattack Prediction: Hackers Will Target a US Election Next Year
A major cyberattack next year will target a U.S. election, security expert Bruce Schneier predicts.
The attack won’t hit the voting system and may not involve the presidential election, but the temptation for hackers is too great, even in state and local races, said Schneier, a computer security pioneer and longtime commentator.
“There are going to be hacks that affect politics in the United States,” Schneier said. Attackers may break into candidates’ websites, e-mail or social media accounts to uncover material the campaigns don’t want public, he said…
Book Review: Beyond Fear by Bruce Schneier
Each and every one of us makes security decisions every day, sometimes even without thinking about it. Should i buy items with my credit card or is doing so too risky? Should i park in the underground parking slot or is it safe enough to park on a side-street next to the building? How often should i brush my teeth? These are some of the many security decisions we make every day.
But how often do we stop to think: are we making ‘good’ security decisions or ‘poor’ ones?
Are our decisions based on fear, uncertainty, and doubt, or are our decisions based on real information and a repeatable decision-making process?…
Video: Bruce Schneier Receives the Business Leader in Cybersecurity Award from Boston Global Forum
Bruce Schneier was honored as the Business Leader in Cybersecurity by the Boston Global Forum, for dedicating his career to the betterment of technology security and privacy.
Mr. Schneier attended and sent his acceptance speech remotely via online conference.
Holiday Gift Guide: Good Reads Worth the Investment
Excerpt
Data and Goliath
by Bruce Schneier
W. W. Norton & Company
From the moment you wake up, you start generating data. Your phone tracks your movements. Your purchases signal whether you’re sick or pregnant or going on vacation. In the background, this information is collected and analyzed. This book looks at how this surveillance state of our own creation affects us.
Datenschutz in Rücklage
Hansueli Schöchli reviewed the German edition of Data and Goliath for Neue Zürcher Zeitung.
Video: Making Your Mark as a CISO: Ask Bruce, Episode Four
Being a CISO is often a tenuous, highly political job—and for security matters, the buck stops with you. In this interview, Bruce Schneier offers strategies for making your mark on your organization.
Rolling Back Mass Surveillance
Bruce Schneier is a man worth listening to. In 1993, just as the Internet was gaining speed, he wrote one of the earliest books on applying cryptography to network communications, and has since become a well-known security specialist and author of about a dozen books on Internet security and related matters. So when someone like Schneier says we’re in big trouble and we need to do something fast to keep it from getting worse, we should at least pay attention.
The trouble is mass surveillance. In his latest book, Data and Goliath, he explains that mass surveillance is the practice of indiscriminately collecting giant data banks of information on people first, and then deciding what you can do with it. One of the best-known and most controversial examples of this is the practice of the U. S. National Security Agency (NSA) of grabbing telecommunications metadata (basically, who called whom when) covering the entire U. S., which was revealed when Edward Snowden made his stolen NSA files public in 2013. Advocates of the NSA defend the call database by saying the content of the calls is not monitored, only the fact that they were made. But Schneier makes short work of that argument in a few well-chosen examples showing that such metadata can easily reveal extremely private facts about a person: medical conditions or sexual orientation, for example…
Video: Today’s Trends in Cyber Resilience: Ask Bruce, Episode Three
“Cyber resilience” has emerged as the standard cybersecurity teams are striving for. Resilient Systems CTO and security expert Bruce Schneier explains what’s driving cyber resilience, and offers steps and strategies for improving cyberattack preparedness and resilience.
Video: A Conversation with Bruce Schneier
Bruce Schneier spoke at CyberSeed 2015: Emerging Cybersecurity Trends in Cloud, IoT and Mobility.
Video: Incident Response and the Rise of Organizational Doxing: Ask Bruce, Episode Two
In the wake of the cyberattacks on Sony and Ashley Madison, it’s clear that organizational doxing—the act of hacking into a business and releasing private information like executive and employee emails or salary information—is a rising threat for businesses.
Resilient Systems CTO and security expert Bruce Schneier explores the trend and how security teams can prepare for a doxing attack.
Video: Automation in Incident Response: Ask Bruce, Episode One
Resilient Systems CTO and security expert Bruce Schneier explores how security pros can intelligently leverage automation to empower incident response teams to mitigate cyberattacks faster and more effectively.
Data Privacy, One of These Days
For some odd reason, data privacy maven Bruce Schneier is an optimist. It’s odd because, according to Schneier, there’s practically no such thing as data privacy. Just about everything we do these days is under some form of electronic surveillance, with governments and corporations eager to record and analyze our every action.
But when Schneier holds forth on Friday at Harvard University, as part of the ongoing HUBweek festivities, he’ll reassure his listeners that the cause is not lost, that our online privacy will someday be ensured. Just give it a decade or two…
Video: Adam Ruins Security
Bruce Schneier appeared on an episode of truTV’s “Adam Ruins Everything.”
Read: Data and Goliath
This just happened. Oops.
If you read this book I want you to focus on the pickle. It’s a book about big data, surveillance and freedom vs convenience, but I want you thinking like this book is one of those MASSIVE corned beef sandwiches you get in New York. You know the ones where the slices of bread look like postage stamps under a virtual mountain of charred, savory flesh. The sandwich is the key but the pickle should not ever be forgotten because often times is the last thing you taste. Bruce Schneier’s book on big data is something that EVERY American over the age of, well, reading age, should read. Will they? No. Why? Because for some reason many Americans don’t seem to care about much of this. At least until something happens to them, at which time they turn around and try to explain what happened to an audience who…just…doesn’t…care. I did my own little …
Q&A with Bruce Schneier: What if Your Law Firm Is the Next Ashley Madison?
If the subject is security, chances are Bruce Schneier has an opinion on it, and that opinion has been published somewhere—on his blog, in the New York Times, on the BBC, in the Guardian, in Wired, in one of his 13 books. You get the point. On security, Schneier is among the most well-known and most prolific authorities in the world. Since coming to prominence in the mid-90s through his writings on cryptography, he has testified on the floor of Congress, served on several government committees, coined the term ‘security theater’ in the wake of 9/11, and hooked a global following of some quarter-million readers through his website and …
Data and Goliath by Bruce Schneier (Book Review)
Excerpt
Data and Goliath is a fascinating exploration of this post-Snowden world we live in. It shows how the back-doors that technology companies were forced to implement for the NSA, have actually become weapons for other agencies and hackers to use. We’re taken through the murky world of international espionage, and shown how we have all become collateral damage in this digital arms race. Schneier also explains that even when we try to protect ourselves by leaving Facebook or Gmail, the fact that our friends and relatives still use them means we’re caught up in this global informational dragnet…
Audio: Security and Privacy with Bruce Schneier
Listen to the Audio on SoftwareEngineeringDaily.com
“What we learn again and again is that security is less about what you think of, and more about what you didn’t think of.”
Questions
- In Data and Goliath, what are the motives of different goliaths?
- Why is the Ashley Madison case a watershed moment in security?
- Do you still feel we should break up the NSA?
- Will Google and Amazon become military contractors?
- How can we defend ourselves from DOS attacks from refrigerators?
- When we put processors in refrigerators, and cars, and thermostats, are we increasing the attack surface, and our vulnerabilities faster than we are improving our utility?…
Internet das Coisas Poderá Criar Caos Em Segurança Digital, Diz Especialista
Um hacker pode invadir uma smarTV, uma geladeira com internet ou outro tipo de produto da chamada “internet das coisas” e, uma vez com acesso, roubar informações de um computador ou de um celular que estiverem conectados à mesma rede. E, por causa da propagação desse tipo de aparelho, nossa segurança digital pode ficar (ainda) mais vulnerável a criminosos.
Essa é a visão de Bruce Schneier, considerado por alguns o maior especialista em segurança na internet no mundo, que vem ao Brasil nesta semana para falar durante um evento de tecnologia, o Mind the Sec…
"A Lot of Attacks from Western Countries Go through China," Says Bruce Schneier
The attack on Sony Pictures over the film The Interview was perpetrated by North Korea, according to security expert Bruce Schneier.
The former chief technology officer of BT Managed Security Solutions, now CTO at Resilient Systems, had expressed scepticism at the time of the attack that the secretive dictatorship had been behind the attack, motivated by the theme of the film: two hapless American agents who were supposed to assassinate the country’s leader, Kim Jong-un.
But in a video keynote speech at LinuxCon 2015, Schneier claimed that he had changed his mind. “Many of us, including myself, were skeptical for several months. By now it does seem obvious that it was North Korea, as amazing as that sounds,” he said…
Bruce Schneier: The Cyberwar Arms Race Is On
Security expert says we're in a cyberwar arms race, and with the Sony attack, North Korea has already taken the first shot at the United States.
LinuxCon is about Linux, cloud, and containers, but it’s also about security. In the past year, programmers have been reminded that merely being “open-source” doesn’t mean that your code is safe. Assuming you’re secure is a mistake. Because, as security maven Bruce Schneier explained to the LinuxCon audience via Google Hangouts, we’re in a cyber-arms race.
In particular Schneier focused on last fall’s Sony cyber attack. At the time, Schneier said that when the FBI said North Korea was behind the attack, he didn’t believe them. Now, he does.
…
Bruce Schneier: "We're in Early Years of a Cyber Arms Race"
Security guru Bruce Schneier says there’s a kind of cold war now being waged in cyberspace, only the trouble is we don’t always know who we’re waging it against.
Schneier appeared onscreen via Google Hangouts at the LinuxCon/CloudOpen/ContainerCon conference in Seattle on Tuesday to warn attendees that the modern security landscape is becoming increasingly complex and dangerous.
"We know, on the internet today, that attackers have the advantage," Schneier said. "A sufficiently funded, skilled, motivated adversary will get in. And we have to figure out how to deal with that."…
Video: Private Thoughts – Bruce Schneier on the Ephemeral, Privacy, and Data
Private Thoughts sat down with Bruce Schneier at the Electronic Frontier Foundation’s 25th anniversary party in July. Schneier is an internationally renowned security technologist and author of 13 books. He discussed the effects of the loss of ephemeral communication and the ease of data collection and storage.
The New America: Little Privacy, Big Terror
Excerpt
In Data and Goliath, Bruce Schneier, a security technologist and fellow at Harvard Law School, explores what it means to have entered the age of mass surveillance. Our data are collected in the first instance by private corporations, but are increasingly exploited, as Edward Snowden has shown, by government intelligence agencies. The NSA didn’t have to build from scratch a vast database on billions of innocent citizens the world over, Schneier explains, because private corporations had already done so. All the NSA needed was access.
…
Bruce Schneier on Security Metrics that Matter
“I like to measure the performance of the team,” said Bruce Schneier (@schneierblog), CTO of Resilient Systems, Inc., in our conversation at the 2015 Black Hat Conference in Las Vegas. “I like to see metrics about people, about process, about technology. There isn’t one metric that works since it’s such a complicated and moving target… Right now companies have to use the data that they have to figure out if their teams are effective.”
Schneier feels that certain metrics, such as blocked attacks, don’t really provide a gauge of how secure you are…
Video: Bruce Schneier on Jeep Hack and Encryption
Boom Bust correspondent Bianca Facchinei sits down with Bruce Schneier – chief technology officer at Resilient Systems, Inc. and fellow at the Berkman Center for Internet and Society at Harvard Law School – at the Black Hat conference in Las Vegas. Bruce gives us his take on the infamous 2014 Jeep Cherokee hack and tells us how government surveillance impacts social movements.
Video: How Vulnerable are Airlines to Hackers?
Resilient Systems CTO Bruce Schneier discusses the vulnerability of airlines to hackers with Bloomberg’s Emily Chang at the Def Con hacking convention in Las Vegas.
Bruce Schneier: "Hacking Team is a Dangerous Company"
The American security guru fears that the diffusion of the software could be used by criminal groups
This interview also appeared in Italian.
You wrote in your blog: “I don’t think the company is going to survive”. However, at least in Italy and in the US Hacking Team has powerful sponsors…Will they survive?
«It remains to be seen. We know from the leaked documents that they have sold their products to the most repressive governments in the world…and overcharged them whenever possible. We know that they secretly put spyware and remote-control capabilities into the software they sold, allowing them back-door access without the knowledge of the governments they sold to. We know that they try to shield their activities from the UN in any way they can. We know, because of how completely and severely they were penetrated, that their own network security was pretty bad. They’ve already told all of their customers to stop using their software because it is no longer safe for them to do so. Hacking Team might have enough money in their bank accounts to stay around for a while, but do you think anyone will do business with them ever again?»…
Bruce Schneier: It’s Time to Start Prioritizing IT Security
Cyberattacks are getting more frequent, sophisticated and successful. Can organizations adapt security choices to cope better?
Nobody would disagree that IT security is necessary.
At minimum, it’s needed to satisfy relevant government and industry compliance regulations, along with your insurance company, investors, suppliers, customers and other business partners. At most, it also protects your data and systems from much-dreaded cyberattacks.
The hard part lies in the details.
‘What type of security should we invest in?”
“How much will this cost?’
‘Is there any ROI on security spending?’
To explore these issues, we sat down with security technologist Bruce Schneier…
Bruce Schneier: Get Ready for More "Organizational Doxing"
Bruce Schneier has been writing about security issues on his blog, his blog, Schneier on Security, since 2004, and in a monthly newsletter since 1998. He writes books, articles, and academic papers. Currently, he is the Chief Technology Officer of Resilient Systems, a fellow at Harvard’s Berkman Center, and a board member of Electronic Frontier Foundation.
What do you see as the greatest cyber risks today?
I don’t like ranking risks, and I worry that concentrating on the ‘greatest’ risk obscures all of the other risks. Basically, the big cyber risks are what everyone is talking about. It’s not like they’re hidden or subtle. They’re risks against our data: copying it, deleting it, modifying it, barring us access from it. They’re follow-on risks, because the Internet is so pervasive in modern society. They’re everything we’re actually worried about…
Infosec Influencers: An Interview with Bruce Schneier
This week, as part of our new ‘Infosec Influencer’ series, I had the pleasure of sitting down with Bruce Schneier, an internationally renowned security technologist and one of The State of Security’s Top Influencers in Security You Should Be Following in 2015. He has written 12 books, including Liars and Outliers: Enabling the Trust Society Needs to Thrive, not to mention published hundreds of articles and essays. His blog has is read by over 250,000 people, and he is regularly quoted by the press. Additionally, he regularly testifies before Congress and is an advisory board member for EFF and EPIC, among other organizations…
Is iPhone Banking Safe? An Expert Answers
iPhone and mobile banking can feel like setting foot in the jungle: You don’t know what’s in there, but you suspect a lot of it’s not good. We hear a lot of terms thrown around when it comes to iPhone banking security: 128 bit encryption, two factor authentication, security dongles—and a lot of scary anecdotes about millions of credit card account numbers being stolen from this or that company. Getting to the bottom of whether iPhone banking is safe can be confusing at best. So is iPhone banking safe?
To get a real handle on the question, ‘Is iPhone banking safe?’ we interviewed internet security expert Bruce Schneier, cryptographer, fellow at Harvard’s Berkman Center and the Chief Technology Officer of Resilient Systems. He’s also the author of various books on general security, cryptography and computer security, including the critically acclaimed …
Bruce Schneier: IT Teams Need Cyberattack Response Planning More Than Prevention
Corporate and government IT teams have been rushing to prevent the kind of large-scale cyberattack experienced recently by Sony Pictures, Blue Cross, Anthem, Target, Home Depot and the U.S. Department of the Interior, among others. In each of these cases, hackers from locations around the globe were able to gain access to computer networks housing sensitive information, accounts, and personal data, such as the social security and credit card numbers of consumers and employees. The consequences of such security breaches can be devastating.
"Everyone is hoping that they’re not next," said Bruce Schneier, a security guru and internationally renowned security technologist…
Bruce Schneier: David Cameron's Proposed Encryption Ban Would 'Destroy the Internet'
A highly respected cryptographer and security expert is warning that David Cameron’s proposed ban on strong encryption threatens to "destroy the internet."
Last week, the British Prime Minister told Parliament that he wants to "ensure that terrorists do not have a safe space in which to communicate."
Strong encryption refers to the act of scrambling data in such a way that it cannot be understood by anyone without the correct key or password—even law enforcement with a warrant, or the software manufacturer itself. It’s used in some of the most popular tech products in the world, including the iPhone, WhatsApp messenger, and Facebook…
What’s to Be Done about Data? Q&A with Bruce Schneier
Bruce Schneier has been called a “security guru” by the Economist. He has written 13 books and hundreds of articles, and his influential newsletter Crypto-Gram and his blog Schneier on Security have over 250,000 readers. He has testified before the U.S. Congress, is a frequent guest on television and radio, and has served on several U.S. government committees. Schneier is a fellow at the Berkman Center for Internet and Society at Harvard Law School, a board member of the Electronic Frontier Foundation, and the Chief Technology Officer at Resilient Systems…
I Read “Data and Goliath” Because of Barbara Fister
I’m interested how we choose the books we read. Here is my request to you. Please keep track of, and share with our IHE community, how you select your books.
For one of the recent books that I read I can definitely share my book selection process. I chose to buy and read (two very different actions) Data and Goliath because of Barbara Fister. Barbara reviewed the book—A Scare-Your-Socks-Off Thriller: Data and Goliath. I bought the book.
If you have not secured your copy of Data and Goliath, or you have an unread copy, I encourage you to make time this summer for the book…
This Security Expert Reckons Mass Surveillance Doesn't Stop Terror Attacks
This interview originally appeared in French on VICE France.
Today’s terrorist attack in the Rhône-Alpes region of France, involving the decapitation of a man, has been met with widespread horror and condemnation. So have those in Tunisia, killing 28, and another in Kuwait killing 25. These horrific events are sure to fuel discussion about how to stop this kind of atrocity happening again.
Following January’s Charlie Hebdo attacks in Paris, the French government decided to expedite a new surveillance law. Two days ago, on Wednesday 24th of June, French officials at the National Assembly gave the green light to that new law. France’s new surveillance law has already been compared to the late American Patriot Act—an American anti-terrorism act passed after 9/11 which was …
Terrifying Action Movie Plots About… Encryption
Imagine this: It’s the morning of Election Day, 2020. Americans across the country cast secure, encrypted votes from their smartphones and laptops, electronically choosing their president for the first time in history. Turnout reaches record highs. Live results online show that it’s a close race between the two leading candidates. But by early afternoon, an independent candidate—a sketchy figure with ties to multiple terrorist organizations and no public support whatsoever—mysteriously takes the lead. At 4 p.m., he officially wins the election. The American people rise up in protest: Clearly, hacking, bribery, or other nefarious activity has taken place. However, because the voting software is designed with end-to-end encryption to ensure anonymity, no audit or recount is possible…
Library Journal Review of Data & Goliath
Starred Review
Schneier, a fellow at Harvard’s Berkman Center for Internet and Society, has written an exceptionally readable yet thoroughly chilling book about the dangers of the ubiquitous mass surveillance we face thanks to modern life. While the author focuses on the United States, the rest of the world is largely capable of nearly the same levels of surveillance thanks to the openness of the Internet and the availability of cell phones. Schneier describes the types of data being collected about us, stemming from our interactions, activities, purchases, and where we go. As he competently explains, this “metadata” provides those collecting it with the entire framework of our existence: who we converse with and the duration of the conversation, the things we read (especially electronically), and what we buy. Corporations use this data to deliver targeted advertising and sell our information to other corporations at a large profit. Governments employ the data to map our interactions and otherwise infiltrate our privacy. As Schneier helps us understand the issues, he makes the case that “Ubiquitous mass surveillance is the enemy of democracy, liberty, freedom, and progress.” Though there are few signs of change in corporate and government surveillance practices, Schneier devotes a chapter to practical solutions we can use to limit how we are tracked, information about how other countries approach privacy, and a set of potential principles we could adopt. …
20 Top Security Influencers
Excerpt
With so much going on in the enterprise security space, it can be hard to keep up with the flow of information and to know where to turn for actionable advice. This list of security experts, selected by eSecurityPlanet, is a good place to start.
All are active bloggers and even more active as Twitter users. These thought leaders have a variety of backgrounds, numerous years of experience and unique viewpoints. The list contains founders, CEOs, CTOs and more. Companies these individuals are, or have been, associated with include Kaspersky Labs, BT, WhiteHat Security, Juniper Networks and Cisco…
Audio: Cybersecurity: Are We Ever Safe From Hackers?
Listen to the Audio on BBC.co.uk
The number of cyber attacks happening every year is on the rise. We speak to Bruce Schneier, chief technology officer at the IT company Resilient Systems and a fellow at Harvard’s Berkman Center for the Internet and Society, about why it can take months before a company or organisation even realises it is under attack, and why so many are unprepared. Also, Wil van Gemert, deputy director of operations at Europol, tells us what European law enforcers are doing about it. He says it is now possible to buy “malware,” or malicious software meaning that anyone can become a cyber criminal. Carl Leonard, principal security analyst at Websense, says security issues are only going to become more urgent as the internet-of-things develops. Once everyday items such a fridges and cars are connected online, we will become ever more vulnerable…
Review: Data and Goliath by Bruce Schneier
Bruce Schneier, Data and Goliath: The Hidden Battles to Capture Your Data and Control Your World. New York, NY: W.W. Norton., 2015. Pp. 400. £ 17.99, ISBN: 978-0-393-24481-6.
If you’re not familiar with the Information Security community in the IT industry, it’s worth knowing that Bruce Schneier has earned the reputation of a prophet, sage and action hero combined. As a renowned cryptologist and technologist, Schneier has been a leading critic of the US government’s attempts to limit the global spread of encryption and recently of the NSA’s ‘bulk collection’ program of communication records of US citizens, following the disclosures by Edward Snowden in 2013. …
Surveillance, Bulk Data Collection and Intelligence: an Interview with Bruce Schneier
Bruce Schneier is an internationally renowned security technologist and the author of 13 books—including ‘Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World’—as well as hundreds of articles, essays, and academic papers. Schneier is a fellow at the Berkman Center for Internet and Society at Harvard Law School, a program fellow at the New America Foundation’s Open Technology Institute, a board member of the Electronic Frontier Foundation, an Advisory Board Member of the Electronic Privacy Information Center, and the Chief Technology Officer at …
We Stand on the Brink of Global Cyber War, Warns Encryption Guru
Schneier: Sony hack "high skill, high focused"
We are in the early years of a cyber war arms race, security guru Bruce Schneier warned delegates at the Infosecurity Europe exhibition on Wednesday.
Schneier, CTO of Resilient Systems, said the much publicised Stuxnet attacks on Iran by the US and Israel in 2010, Iran’s attack on Saudi Aramco, China’s apparent role in hacking GitHub, and the North Korean assault on Sony Pictures last year are all examples of the phenomenon.
“These nations are building up for cyber war and now we’re all in the blast radius,” he warned, while speaking in London…
We Are in Early Years of International Cyber War Arms Race, Says Security Expert Bruce Schneier
Countries are not attacking each other but striking at the IT infrastructure of enterprises in rival states, says security pundit Bruce Schneier
Cyber attacks—such as that on Sony Pictures in 2014—suggest the world is in the early stages of a cyber war arms race.
So said Bruce Schneier, chief technology officer of Resilient Systems: “We are in the early years of a cyber war arms race.
“There is a lot of nation state rhetoric, and we are seeing a lot of nation state attacks against non nation states,” he told Infosecurity Europe 2015 in London.
Schneier cited North Korea’s attack on Sony Pictures, China’s attack on Github and Iran’s attack on Saudi Aramco as examples.
“There is a lot of this back and forth, where countries are not attacking each other, but attacking companies in those countries—and I think we are going to see more of that,” he said…
Video: Expert: TSA Airport Security Is "A Lot of Theater"
The “smart bad guys” figure out how to get around TSA, says security technologist and Harvard Law School fellow Bruce Schneier.
EPIC Lifetime Achievement Award
Bruce Schneier received a Lifetime Achievement Award at the Electronic Privacy Information Center’s Champions of Freedom Event.
Bruce Schneier on Privacy and the Data Free-for-All
Over the past two decades, few voices have shouted louder from the rooftops about global cybersecurity and digital privacy concerns than Bruce Schneier. He’s the CTO of Resilient Systems, a board member of the Electronic Frontier Foundation (EFF) and has authored 14 books—his latest, Data and Goliath, was published in March.
As Facebook and Google have infiltrated our every waking moment, Schneier warns that these data giants, if left unchecked, could compromise the very principles of a democratic society. Web companies collect metrics like age, gender and social interests (to serve up better advertisements), while cellular networks track everyone’s geolocation with homing devices we call smartphones. As we’ve seen, smartphones are also powerful proxy surveillance tools for nosy governments…
Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World, by Bruce Schneier (Review)
Paul Bernal clicks with a maverick thinker who shows how business and governments are building a global surveillance network and how we can fight back
Investigating surveillance—whether corporate or governmental—can be a demoralizing process. Those performing that surveillance, from the US’ National Security Agency and the UK’s Government Communications Headquarters (GCHQ) to Google and Facebook, are giants so overwhelmingly powerful that it seems too daunting to even contemplate taking them on. Their agendas may be even more terrifying: as Bruce Schneier observes, “The endgame of this isn’t pretty: it’s a global surveillance network where all countries collude to surveil everyone on the entire planet.” What’s more, he adds, the governments and the corporations are both in the same game: “It’s a powerful feedback loop: the business model supports the government effort, and the government effort justifies the business model.”…
Audio: Spy-wear?
Listen to the Audio on BBC.co.uk
Dr Chris Brauer from Goldsmiths, University of London, on how big brands want to sell us things via wearable devices. Bruce Schneier, security and privacy expert and author of the book “Data and Goliath”, warns of the threat of companies and governments misusing data about us. Emily Bell, from the Tow Centre for Digital Journalism, on Verizon’s buyout of AOL, and Facebook’s instant articles. And Zoe Kleinman spends a night alone in a house full of robots. Presented by Rory Cellan-Jones, with Fiona Graham and Dave Lee from the BBC Online tech desk…
Audio: Stuxnet, Sexism, CEOs and Surveillance
Listen to the Audio on NewAmerica.org
New America’s Peter Singer and Passcode’s Sara Sorcher chat with Bruce Schneier, prolific author and chief technology officer at Resilient Systems, about the challenges of publicly blaming countries for cyberattacks—and whose job it should be to defend private companies against sophisticated nation-state attacks. They also hear from Nate Fick, the CEO of Endgame, a venture-backed security intelligence software company, about how he’s leveraging cybersecurity solutions once produced just for the government into the private sector…
Book Review: Data and Goliath, by Bruce Schneier
This book has been difficult to review. It has proved tricky not because I didn’t enjoy the book or because it was boring or badly written, but because it was so pertinent. Every time I went to write about it, a news story would emerge referencing the subject and I would find that my opinions of the news were influenced by the book and my opinions of the book were influenced by the news. This is an important topic and everyone should make up their own minds based on a decent knowledge and understanding of the issues. This book provides an excellent basis for a discriminating reader to do just that (as such, you should probably stop reading this review and just buy the book!)…
Book Review: Data and Goliath—You Don’t Have Any Secrets Anymore
Privacy is becoming an antiquated concept. In “Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World” (ISBN: 9780393244816), security expert Bruce Schneier leads you through a labyrinth of surveillance that should scare the hell out of you.
Welcome to the NSA! We want to thank you for helping us with our collection of data about your work and personal habits. By using the computer, phone, public transportation, private vehicle, credit cards, library, banking systems, online shopping, or retail shopping, you are contributing to our data files. Wait, did we say files? We meant mega-warehouse. Either way, we here at the National Security Agency are pleased to get to know you…
Audio: Data and Goliath: The Hidden Battles to Capture Your Data and Control Your World
Listen to the Audio on YouTube.com
Cris Sheridan welcomes Bruce Schneier, Chief Technology Officer at Resilient Systems and author of Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World. Bruce writes “we are living in the golden age of surveillance” where almost everything we do is now being tracked and used without our knowledge. Bruce speaks with Cris about how much data we produce, the way corporations are using it, the problems associated with ubiquitous surveillance, and why this is a defining issue of our time…
Audio: Schneier v. Baker Puts Mayweather v. Pacquiao in the Shade
Listen to the Audio on SteptoeCyberblog.com
Episode 65 would be ugly if it weren’t so much fun. Our guest is Bruce Schneier, cryptographer, computer science and privacy guru, and author of the best-selling Data and Goliath—a book I annotated every few pages of with the words, “Bruce, you can’t possibly really believe this.” And that’s pretty much how the interview goes, as Bruce and I mix it up over hackbacks, whether everyone but government should be allowed to use Big Data tools, Edward Snowden, whether “mass surveillance” has value in fighting terrorism, and whether damaging cyberattacks are really infrequent and hard to attribute. We disagree mightily—and with civility…
Review: ‘Data and Goliath’ Delves into Brave New World of Big Data, Hacking and Cyber Crime
DATA AND GOLIATH. By Bruce Schneier. Norton. 365 pages. $27.95.
“Data and Goliath” is a broad-ranging assessment of our interconnected world, with all of its risks and hidden dangers, by foremost security expert Bruce Schneier. His book makes clear that we are living in the golden age of government and corporate surveillance and control. And that says nothing of the hackers and cyber criminals.
Schneier paints a dismal picture, but he offers several concrete suggestions to correct, or at least minimize, most of the problems. Take the issue of data brokers: If your business would like a list of people who fall in the category of “adults with senior parents” or “potential inheritor” or “diabetic households,” Acxiom can provide them. InfoUSA and Equifax can, too. Schneier points out that every day we allow such companies to spy on us in exchange for services. “If something is free, you are not the customer, you are the product,” he writes…
Bruce Schneier's Data and Goliath—Solution or Part of the Problem?
Think of some of the ways the Enlightenment helped advance the human individual. The ability to shape your identity. The ability to own and control your stuff. Economic autonomy. All three help to define the modern world, they’re ways we know that “now” is not like “before”. All three are founded on the sanctity of the individual. And all three are interlinked.
For example, our identity means little if you can’t express it creatively, by protecting your inventions and creations, and having some say over their use. You don’t have economic autonomy if an individual cannot negotiate what spoils come from exploiting the value of their work. Privacy is built on the same respect, and it’s a more modern and much more culturally specific—laws and norms come from what societies think and feel about the individual. Japanese and Chinese views on privacy are as different as German and American ideas are different…
Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World (Review)
“We may not like to admit it, but we are under mass surveillance.” So says Bruce Schneier, in his book Data and Goliath, for a popular audience. Schneier is a well-known writer in cryptography, and more recently a public figure in discussions of computer and network security.
The first fifth of Data and Goliath establishes his thesis: we are entering a world of ubiquitous surveillance, by both governments and businesses. He presents numerous anecdotes and stories, many from the Snowden documents (where we learned of the many forms of electronic data collection used by the NSA) and others from the popular press (e.g., the family that found out about their daughter’s pregnancy by the targeted advertising she was receiving). The second fifth explains what is at stake: limits to our freedom of expression (for fear of being attacked with our own secrets), chilling effects on expressions of dissent, discrimination in commercial dealings, as well as a host of abuses. For example, the backdoor built by Ericsson into Vodafone products to support legal wiretaps was abused by unknown third parties in 2004 and 2005 to wiretap members of the Greek government. But surveillance is not all bad: the phone company needs to monitor the location of your mobile phone to direct calls to you…
"Against an Adequately Skilled, Adequately Funded Adversary, Our Defenses Don't Work"
Cryptologist Bruce Schneier tells RSA conference that focus should be on dealing with fallout of cyberattacks
Last year’s massive cyberattack on Sony—presumed to have been a nation state attack orchestrated by North Korea—presents many of the most pressing issues of catastrophic risk, says well known cryptologist and author Bruce Schneier, chief security officer at security company Resilient. In a talk at the RSA security conference in San Francisco, Schneier considered the timeline of the attack, and the response to it. During the event, hackers penetrated Sony’s network, stole data, and then embarrassed the company by slowly releasing private emails from executives, salary details, copies of unreleased films, and other sensitive information. The hack, which occurred over several weeks in November and December 2014, is believed to have been done in response to the studio’s release of the Seth Rogen comedy …
Identifying Perpetrators of Cyberattacks "Getting Tougher"
Cybersecurity is becoming increasingly challenging as identifying attackers by their weaponry is difficult to their invisible nature wherein attacks can be launched by a group of hacktivist or sponsored by a nation, according to an expert.
Bruce Schneier, a leading voice on cybersecurity, said a majority of organisations and individuals use the same run-of-the-mill ‘warlike weaponry’ at a time when the attackers are largely unknown, cybercrime is becoming more difficult to combat.
While the IT security industry knows how to deal with high volume, low-focus attacks, security professionals must be resilient and ensure better management of incident responses in order for organisations to thrive even in the face of a cyberattack, he said…
Audio: Schneier on Security Resilience
Insights from Security Leader at GISEC Event in Dubai
Listen to the Audio on InfoRiskToday.in
In developing markets such as Asia and the Middle East, how can security practitioners best prepare themselves to tackle the rapidly-changing threat landscape? Resilience is the key, says security leader Bruce Schneier.
The way to think about security is a combination of protection, detection and response, says Schneier, a fellow at the Berkman Center for Internet and Society at the Harvard Law School, USA. While there is a lot of prevention and detection technology, response is the missing piece, he says. The more you can look at response, the more effective you will be…
Video: Schneier: Incident Response Management Key to Surviving a Data Breach
SAN FRANCISCO—Between Target, Home Depot, Sony Pictures and many others, 2014 was undeniably the year of the data breach, and companies are finally realizing the likelihood that they could be next.
“Last year was being called the ‘year of the breach,’” said Bruce Schneier, CTO of Resilient Systems, formerly Co3 Systems. “Now, you and I know every year [has] been the year of the breach. But last year there were a bunch of really high-profile breaches where the companies involved did a terrible job of responding, that they were actually in chaos and it looked that way.”…
Book Review: Data and Goliath (Bruce Schneier)
I finally got around to finishing Bruce Schneier’s latest bestseller: Data and Goliath. I’ve read a few of Bruce’s books over the years (and own most of the rest, waiting patiently to be read). I’ve watched Bruce on many TV news segments, lectures, interviews, and web videos. I follow his blog and Twitter posts. I’ve even had the pleasure of emailing him from time to time. Some day I’d love to meet the guy. So… what I’m trying to say here is: fair warning, I’m a bit of a Bruce Schneier fan boy.
However, I feel this is completely justified. I tend to have the most respect for the even-keeled, professorial types—the ones who are passionate about what they do and highly knowledgeable about their field, but at the end of the day are most concerned with getting it right and avoiding hyperbole. That’s a small camp of people, but Bruce is definitely in it…
Video: Cloud Computing Trade-Offs
“As a business or as an individual you have to make a choice. Should I do this thing—whatever it is—on my computer and on my network or on a cloud computer on a cloud network,” asked Bruce Schneier (@schneierblog), CTO of Resilient Systems, Inc., in our conversation at the 2015 RSA Conference in San Francisco.
Whatever you choose, you’re going to be making a trade-off. Schneier recommends you first look at who your adversaries are.
“If your adversaries are a cybercriminal, I bet Google can do a better job at securing your stuff than you can. If your adversary is the U.S. government, Google will respond to court orders and not tell you about it, so maybe you’re better keeping it. It’s going to depend on what you’re worrying about,” said Schneier, who runs his personal email on his own computers, not so much for security reasons, but for control. He doesn’t want Google looking at his email or sending him advertising…
RSAC—Schneier Details Ways to Survive Catastrophic Attack
Catastrophic issues in security can occur, but there are ways to recover.
Speaking at RSA Conference in San Francisco, Bruce Schneier, CTO of Resilient Systems, highlighted the Sony Pictures attack as being an interesting case as it brings catastrophic risk uses to the fore, and not catastrophic as in a life ending sense, but in company terms.
He highlighted seven ways in which a catastrophic incident could be dealt with. Firstly he recommended keeping it internal to "incapsulate the catastrophic risk", secondly consider that attackers on two axes of skills and focus and with someone who is low skilled but has a high focus would use a basic APT, but in the case of Sony this was low skills and low targets. "Why this matters for security is the difference between absolute and low security; it doesnt matter how good security is, be more secure than the other guy and in a high skill high focus they want you," he said…
What Bruce Schneier Learned from the Sony Breach
After spending a lot of time thinking about the massive breach of Sony, security luminary Bruce Schneier came to a scary – but not really surprising – conclusion.
“The lesson is that we are all vulnerable. North Korea could have done it to anyone,” said Scheier during a packed session at the RSA conference in San Francisco.
While the IT security industry knows how to deal with high volume, low-focus attacks, Schneier said, security professionals have trouble handling highly skilled and focused attackers, commonly referred to as advanced persistent threats (APTs)…
Audio: What Does It Take To Feel Secure?
Listen to the Audio on NPR.org
Computer security expert Bruce Schneier says there’s a big difference between feeling secure and actually being secure. He explains why we worry about unlikely dangers while ignoring more probable risks.
Transcript
GUY RAZ, HOST:
It’s the TED Radio Hour from NPR. I’m Guy Raz. And on the show today, we’re exploring ideas about Maslow’s hierarchy of human needs, and ranked at number two, security – the second step on the pyramid.
BRUCE SCHNEIER: There’s no other place for it to come. Security is basic. Without security, worrying about anything else doesn’t matter…
What Do You Use to Get Stuff Done?
Who are you, and what do you do?
I’m Bruce Schneier, security technologist. Basically, I think and work in the intersection of security, technology, and people. Most people think of me as a cryptographer, but these days I do more policy than anything else: security policy, privacy policy, the NSA and surveillance. I suppose that’s the natural evolution of things.
Right now I am thinking a lot about catastrophic risk. Technology empowers, for both good and bad. A broad history of "attack" technologies shows trends of empowerment, as individuals wield ever more destructive power. The natural endgame a nuclear bomb in everybody’s back pocket, or a bioprinter that can drop a species. And then what? Is society even possible when the most extreme individual can kill everyone else? Honestly, I don’t know…
Audio: The Hidden Struggles to Control Your Data
Listen to the Audio on ABC.net.au
Just how much of your life is being watched and tracked? Who has access to all this information and what are they doing with it?
Bruce Schneier, fellow at Harvard Law School, author of Data and Goliath, points out the danger is not only from corporations and governments, but also cybercriminals, when these institutions lose your details.
Schneier on “Really Bad” IoT Security: ‘It’s Going to Come Crashing Down’
Security expert Bruce Schneier has looked at and written about difficulties the Internet of Things presents – such as the fact that the "things" are by and large insecure and enable unwanted surveillance—and concludes that it’s a problem that’s going to get worse before it gets better.
After a recent briefing with him at Resilient Systems headquarters in Cambridge, Mass., where he is CTO, he answered a few questions about the IoT and what corporate security executives ought to be doing about it right now. Here’s a transcript of the exchange…
Video: Schneier: Turn Data Over to Those With Greatest Data Security Knowledge
Erin Ade sits down with Bruce Schneier – security expert, author, and fellow at the Berkman Center for Internet and Society at Harvard Law School. Bruce tells us that a cloud service is safer than running your own data center when you are entrusting your data to a provider who understands security better than you do. And for most people this is definitely the case. Bruce also talks to Erin about state actors weakening security standards and about the security of various open source encryption options. Schneier also weighs in on the security risks and benefits of using the Apple mobile platform…
Review of Data and Goliath
The Internet birthed unprecedented freedom of communication, interconnecting individuals from every corner of the globe and every walk of life. This free flow of information has the potential to establish a world of truly free and equal citizens, yet many politicians want to turn this technology inside out and use the Internet as a universal surveillance mechanism. This path would roll back centuries of civil rights and revive feudalism on a global scale. Sadly, this rush to oppression isn’t restricted to some backwater dictator massaging his own ego. The most powerful nations on earth are violating their own laws to continuously develop new and more invasive methods of scrutinizing everyone they can reach…
Ced Kurtz’s Techman Texts: Computer Surveillance Is a Trade-off
Bruce Schneier is a world-renowned cryptographer, computer security and privacy specialist, and author of numerous books on security. So when he speaks, TechMan tends to listen.
In his latest book, “Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World,” his point is well worth taking note of: Surveillance and data collections are a trade-off between individual value and group value. You give Google personal information in return for free search, free email, free maps and all the other free things Google provides…
The Ends of Privacy
“Over the past twenty years,” complained Newsweek, the United States has become “one of the snoopiest and most data-conscious nations in the history of the world.” Part of the problem is that “the average American trails data behind him like spoor through the length of his life.” Another part of the problem is that the government and private firms “have been chasing down, storing, and putting to use every scrap of information they can find.” These “vast reservoirs of personal information” are “poured into huge computers” and “swapped with mountains of other data from other sources” with “miraculous speed and capacity.” As a result of these forces, “Americans have begun to surrender both the sense and the reality of their own right to privacy—and their reaction to their loss has been slow and piecemeal.”…
Collecting Private Information
A computer-security expert weighs up the costs and benefits of collecting masses of personal data
Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World. By Bruce Schneier.W.W. Norton; 383 pages; $27.95 and £17.99.
SOCIETY has more digital information than ever and can do new things with it. Google can identify flu outbreaks using search queries; America’s National Security Agency (NSA) aspires to do the same to find terrorists. But at the same time people are under constant surveillance by companies and governments, since the rules protecting privacy are hopelessly out of date.
In “Data and Goliath” Bruce Schneier, a computer-security expert, does a fine job of laying out the problems caused by this compulsive collection of personal data, and suggests some steps that would help protect society from the most egregious excesses. The challenges are severe because modern technologies collect large amounts of information on the most innocuous of activities, which formerly left no data trace…
Review: Choking on Digital Exhaust
Mass surveillance by governments and corporations is comparable to child labor or environmental pollution. That is the largely persuasive claim of security expert Bruce Schneier in his new book “Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World.” Resistance is not futile, Schneier thinks, although it will be tricky to fight overreaching securocrats and snooping online advertisers without giving up at least some of the genuine advantages of Big Data.
Much of the problem lies in excessive expectations about what mass surveillance can achieve, writes Schneier, who is chief technology officer at security firm Resilient Systems and a fellow at Harvard Law School’s Berkman Center for Internet and Society. It might seem that the combination of huge amounts of collected data and sophisticated data-mining could have prevented the 9/11 attacks or the Boston Marathon bombing. But Schneier says this approach is both very expensive and downright ineffective…
Under the Volcano With Bruce Schneier
I’m in a locked room, underneath a volcano somewhere in the southern hemisphere talking to one of the world’s leading security experts, Bruce Schneier. We’re discussing the NSA, squid, Edward Snowden, Chuck Norris, and what parents should really be worrying about when their kids go online. His new book, “Data and Goliath: The Hidden Battles to Capture Your Data and Control Your World” is picking up rave reviews.
GeekDad: Bruce, please tell us who you are in fourteen words.
Schneier: Security technologist. Speaker, author, researcher. Security and privacy advocate. Anti-fear. Meta meta meta guy…
Fixing the Surveillance-Industrial Complex
A couple of weeks ago, I mentioned that I was reading Bruce Schneier’s new book, Data and Goliath, just published by Norton. The subtitle (which, as is the custom these days, is more or less an elevator pitch for the book) provides a hint of what’s inside: The Hidden Battles to Collect Your Data and Control Your World. What’s missing from this descriptive subtitle is the best part: And Here’s How We Can Fix It. Because unlike a lot of books that focus on big scary issues, this one has lots of concrete recommendations and encouragement to think that we can actually make change happen…
Schneier, Bruce. Data and Goliath: The Hidden Battles to Capture Your Data and Control Your World
Focusing on the tension between surveillance and personal privacy, Schneier (Berkman Center for Internet and Society, Harvard Law School) notes that though surveillance has been practiced throughout history, it has become far more intrusive with the advent of computers, tablets, cell phones, and the Internet. Various entities practice surveillance, but the primary ones are governments and corporations. The book is in three parts. The first, “The World We’re Creating,” describes the data individuals generate, how it is gathered by surveillance, how it is used by corporations for advertising and other purposes, and what governments do with it. Part 2, “What’s at Stake,” addresses the harm all this surveillance does and how it impacts individual privacy. The final part, “What to Do about It,” which discusses how people can protect themselves, includes recommendations for dealing with governments and corporations and guidance about individual initiatives one should take. In making his case, Schneier cites numerous examples, many from Edward Snowden’s revelations. In a notes section, the author references and amplifies on his citations. This informative, easy-to-understand book will appeal to a broad readership. Summing Up: *** Highly recommended. All readers.—E. M. Aupperle, emeritus, University of Michigan…
Data and Goliath, Book Review: A Handbook for the Information Age
Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World By Bruce Schneier Norton 384 pages ISBN 978-0-393-24481-6 $27.95
We did not exactly know the trade-offs we would be making in 2015 when we first began using email or got our first mobile phones. If anyone had asked 15 years ago whether we wanted a device that enabled governments and corporations to monitor our whereabouts and access the details of our personal, business, and social lives at all times, it’s pretty clear that almost everyone would have said ‘no’…
David and Goliath: What Do We Do about Surveillance?
From spyware designed to catch students misbehaving to police tracking rioters by phone, we are spied on as never before, reveals a book by Bruce Schneier
“DEAR subscriber, you have been registered as a participant in a mass disturbance.” This text was sent by the Ukrainian government last year to everyone with a cellphone known to have been near a protest in the capital, Kiev.
Just what you’d expect from an ex-Soviet country? Not so fast. In the US and Europe, police are also seeking information on phones linked to specific places and times—and always without a warrant. We’re all spied on. Our phones are bugged, our laptops inveterate informants. Reports on activities that define you—where you go, who you meet, what you buy—are sold to the highest bidder. But do we notice? And do we care?…
Bruce Schneier Talks Privacy, Politics, Books and More
As author of a dozen books plus hundreds of shorter works on security and privacy, security technologist Bruce Schneier, Chief Technology Officer of Resilient Systems, is one of the better known—and frequently quoted—experts in these areas. His "Schneier on Security" blog and Crypto-Gram monthly newsletter are read by an estimated quarter-million people. You can follow him on Twitter @schneierblog.
Schneier’s most recent book—a New York Times bestseller—is "Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World", which, Schneier said in his blog, "is a book about surveillance, both government and corporate. It’s an exploration in three parts: what’s happening, why it matters, and what to do about it."…
The Essential Guide To Digital Life: Bruce Schneier’s Data And Goliath
If you’d asked me a year ago, ‘do you worry about government surveillance?’, I would have said no. But today, my answer would be an empathic YES.
The scary part is that, like most Canadians, I hadn’t worried about that kind of surveillance until the current debate around C-51. (If you don’t know what that is, check it out here.) This terrifying bill would, among many other things, make it illegal to talk positively of terrorism on the internet. Just look at the news in Canada on any day lately, and you’ll see a report or an opinion on it. I personally like …
Audio: Bruce Schneier, Data and Goliath
Listen to the Audio on PaulHarrisOnline.BlogSpot.com
Bruce Schneier spoke with Paul Harris about his new book, Data and Goliath. Topics include:
- Are we giving up too much information voluntarily in exchange for free services?
- What are data brokers gathering about us, who are they selling it to?
- Are private companies doing enough to shield our data from government?
- How companies and law enforcement can use your cell phone to know where you’ll be tomorrow.
- Whether the NSA can process the huge amounts of surveillance info it is gathering on all of us…
Wanted: Slingshots
Bruce Schneier has built a career explaining the principles of security in plain English, helping the uninitiated to think clearly and critically about managing risk, and exposing the nonsense peddled by government spokesmen and high-tech hucksters. He is at once a great popularizer and a great debunker.
Schneier’s new book, Data and Goliath, examines the prevalence, mechanisms, uses, and dangers of mass surveillance.
This book scared the hell out of me.
That doesn’t happen very often. Having spent 20 years writing about political repression, police brutality, counterinsurgency, and torture, I’ve come to expect the worst as a matter of habit. Schneier’s book, however, shows that the present state of mass surveillance—its scale, intrusiveness, and implications—surpasses what I could have imagined. It was not the big stuff, like the National Security Agency’s goal of total global omniscience (epitomized in the slogan ‘Collect it all’), but the smaller details that gave me chills. ‘It’s less Big Brother,’ Schneier writes, ‘and more hundreds of tattletale little brothers.’…
"We the People Have a Lot of Work to Do" Says Schneier in a Must-Read Book on Security and Privacy
“The surveillance society snuck up on us,” says Bruce Schneier in Data and Goliath: The Hidden Battles to Capture Your Data and Control Your World. It’s a thought-provoking, absorbing, and comprehensive guide to our new big data world. Most important, it’s a call for a serious discussion and urgent action to stop the harms caused by the mass collection and mining of data by governments and corporations. To paraphrase Schneier’s position on anonymity—we either need to develop more robust techniques for preserving our freedom, or give up on the idea entirely…
Review of Data and Goliath
During the Cold War, communist East Germany was perhaps the most spied-upon nation on earth, with one secret police informant for every 66 citizens.
Those were the good old days. In 21st-century America, we’ve got more informants than citizens, all of them digital. Our phones and computers incessantly rat us out, broadcasting our interests, friendships, and locations to governments and corporations alike, according to renowned cryptographer and Internet privacy advocate Bruce Schneier in his new book, “Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World.”…
All the Secret Ways You're Being Tracked That You Don't Even Realize
Your cellphone emits a signal that tags your location every minute of every day. Your Google search log records your private anxieties and interests. Your text messages and social media accounts capture every detail of your social life. Your store purchases produce records of your spending habits. Your photos are embedded with the date, time and location of the moment they were taken.
Everything you do and everywhere you go, you leave a trail of data that reveals intimate details of your life, and governments, corporations and hackers are keen on having more and more of it in their hands…
Audio: Metadata Retention and Privacy
Listen to the Audio on 2ser.com
Last week the proposed data retention bill passed through the House of Representatives, and is expected to pass through the Senate soon. These laws are set to allow warrantless access to phone calls, sms, social media and internet usage, in the name of tightening our national security.
Disputes and amendments to the bill have focused on confidentiality threats for journalists and whistleblowers, but what effect will data retention have on the average person?
Our host Sam Baran spoke to Bruce Schneier, who is a fellow at Harvard University’s Berkman Center for Internet and Society and author of the book …
Expert Bruce Schneier: It’s Hard Not to Despair over the State of IT Security
The more things change the more they stay the same, goes an old saying. That certainly seems to be true in IT security.
Despite decades of experience almost every day there’s another story about a data breach, software vulnerability or new malware discovered.
So perhaps it’s no surprise that the 15th anniversary edition of veteran security expert Bruce Schneier’s book Secrets and Lies: Digital Security in a Networked World begins with a foreword that admits how little things have changed since the book first came out in 2000.
Not, he said in an interview Monday, that there’s evidence the amount of malware itself has increased. But his arguments on the limits of cryptography, on authentication, threats and attacks haven’t changed. Nor in his prescription—vital to CEOs—that technology alone can’t secure the enterprise: There has to be defence in depth, and the organization has to be ready to respond to the inevitable intrusion…
Cyberattack Is Easier than Cyberdefence—Bruce Schneier
Cybersecurity guru Bruce Schneier to reveal lessons learned from the Sony hack scandal at the Gulf Information Security Expo and Conference (GISEC)
Cybercriminal attacks around the world will continue to rise as long as personal data provides the ability to commit fraud, and intellectual property is worth stealing, leaving both individuals and organisations vulnerable to harmful computer and network intrusions.
According to cybersecurity guru Bruce Schneier, one of the keynote speakers at Gulf Information Security Expo and Conference (GISEC), a cyberattack is much easier to implement than it is to install impenetrable cyberdefences.
The 3rd edition of GISEC, the region’s leading I.T. security platform, will take place from 26-28 April 2015 at Dubai World Trade Centre. The event will address key issues surrounding cybersecurity management, identity management and disaster recovery across different sectors…
Video: Data and Goliath
With Australia’s data retention laws set to pass the Senate, world-leading online security expert Bruce Schneier explains the danger of metadata.
Note: this video may not be viewable outside Australia.
Two Books Look at How Modern Technology Ruins Privacy
Excerpt
“Even the East Germans couldn’t follow everybody all the time,” Bruce Schneier writes. “Now it’s easy.”
This may sound hyperbolic, but Schneier’s lucid and compelling Data and Goliath is free of the hysteria that often accompanies discussions about surveillance. Yes, our current location, purchases, reading history, driving speed and Internet use are being tracked and recorded. But Schneier’s book, which focuses mainly on the United States, is not a rant against the usual bad guys such as the U.S. government or Facebook. Schneier describes how our data is tracked by both corporate and government entities, often working together. And in many cases, the American people allow them to do it…
Verschlüsselungs-Experte Bruce Schneier "Dein Handy weiß alles über dich"
Sind Privatsphäre und Sicherheit wirklich ein Gegensatz? Bruce Schneier ist einer der bekanntesten Experten für Verschlüsselung. Er fordert, der Geheimdienst NSA solle zerschlagen werden.
Damit Bruce Schneier für einen kurzen Augenblick seine ruhige Art vergisst, reicht es aus, wie der Chef der zum Inlandsgeheimdienst gewandelten US-Bundespolizei FBI zu argumentieren. Etwa so: Haben Strafverfolgungsbehörden recht, wenn sie davor warnen, bald im Dunkeln zu tappen, weil sich Verbrecher immer stärker in den digitalen Raum verziehen? “Bullshit”, platzt Schneier in die Frage. “Das stimmt einfach nicht. Wenn man das FBI nach Beispielen fragt, werden sie plötzlich seltsam still. Wo sind denn all diese unaufgeklärten Verbrechen?” Noch nie sei es so einfach gewesen, Menschen auszuspionieren, sagt Schneier am Telefon: “Wir leben im Goldenen Zeitalter der Überwachung”…
Audio: ALP Supports Amended Version of Govt’s ISP Data Bill
Listen to the Audio on ABC.net.au
Transcript
MARK COLVIN: The ALP has agreed to support an amended version of the Government’s bill to force Internet Service Providers to keep their customers’ data for two years.
It’ll let government agencies see what we’ve all been doing on the phone or online.
Bipartisan support means the bill is likely to pass.
The bodies expected to get access range from various police and customs agencies to the Competition watchdog, the ACCC.
But there’s also a provision for the Attorney-General to let other agencies see your data at the stroke of a pen…
Security Guru Bruce Schneier: Your Privacy is Already Gone
In <cite>Data and Goliath</cite>, one of the world's foremost security experts piles on the evidence that privacy is dead -- and proposes a detailed plan to restore it
You can’t help but get a little depressed as you read Bruce Schneier’s latest book, “Data and Goliath: The Hidden Battles to Capture Your Data and Control Your World.” It confirms over and over how all our supposed guaranteed personal privacy, digital or otherwise, is nothing but a façade. Here are some examples from the book:
- It doesn’t take much metadata to specifically identify and track anyone.
- “We kill people based on metadata.”—General Michael Hayden, former director of the NSA and the CIA
- The U.S. Post Office photographs (and keeps) the exterior back and front of every piece of mail sent in the United States, and this data is available to other agencies…
The Hard Questions
A mature democracy needs to carefully balance individual privacy, national security and business efficiency.
Excerpt
New technologies are always a mixed blessing, their potential for good carrying with it the risk of evil. The deep challenge for a democracy is to develop legal rules, social practices and institutional arrangements that, at some reasonable cost, separate good from bad behavior. The exponential improvement in computation and communication technologies over the past few decades has posed this challenge in an acute form. Both large bureaucracies and determined individuals can now collect and organize huge amounts of information—and all of it,, in one sense or another, is about all of us…
Audio: Personal Data Collection and Your Technology Footprint
Listen to the Audio on RadioNZ.co.nz
How much do you know about what others might know about you, from your use of technology? How do you minimise your online footprint on things you’d rather keep private?
Bruce Schneier is a US technology and security expert, whose latest book is Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World, talks to Kathryn Ryan about how much information is being gathered by governments and corporations through our use of phones and computers.
Looking at the Promise and Perils of the Emerging Big Data Sector
Book Review of Data and Goliath by Bruce Schneier
There is a certain predictability to media and technology finance. Any company looking for money is inevitably characterized as similar to whatever has recently garnered the highest valuations.
For instance, when all of the software as a service (referred to in tech jargon as SaaS) companies traded in the public markets at 10 times revenue, other businesses looked desperately for something in their operations that could be tied, however tenuously, to SaaS.
The trouble with this approach is that bubbles tend to burst, as the SaaS one did last year. And once you have introduced yourself to investors—particularly in an initial public offering—it is hard to recharacterize your story later without losing all credibility…
Data and Goliath: The Hidden Battles to Capture Your Data and Control Your World (Review)
Security technologist Schneier (Schneier on Security) eloquently limns the challenges of maintaining privacy in the Internet age, and offers some thoughtful proposals to preserve individual freedom without compromising national security. Even readers well versed in the issues are likely to be shocked by some instances of technological intrusions, such as when a school district near Philadelphia lent high school students laptops installed with highly invasive spyware. Schneier plausibly makes the case that the powerful algorithms of companies such as Facebook could be used to actually manipulate American elections. The book also notes the psychological aspects of the loss of control of one’s data. For example, for most of human history “interactions and conversations have been ephemeral,” and the indefinite preservation of online interactions has social and emotional repercussions for which society is unprepared. Schneier may be accused by some of minimizing the threat from terrorism, however, as when he dismisses terrorists as no more of a danger than organized crime, an analogy that weakens the overall strength of his case…
Video: Part 2: Bruce Schneier on the Hidden Battles to Collect Your Data and Control Your World
Part 2 of our discussion with Bruce Schneier about about the golden age of surveillance and his new book, “Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World.”
Watch the Video on DemocracyNow.org
Transcript
AMY GOODMAN: This is Democracy Now!, democracynow.org, The War and Peace Report. I’m Amy Goodman, with Juan González. Our guest is Bruce Schneier. He is a leading security technologist. He has a new book out, has just hit number six on the New York Times best-seller list; it’s called Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World…
Video: Data and Goliath: Bruce Schneier on the Hidden Battles to Collect Your Data and Control Your World
Leading security and privacy researcher Bruce Schneier talks about about the golden age of surveillance and his new book, “Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World.” The book chronicles how governments and corporation have built an unprecedented surveillance state. While the leaks of Edward Snowden have shed light on the National Security Agency’s surveillance practices, less attention has been paid to other forms of everyday surveillance—license plate readers, facial recognition software, GPS tracking, cellphone metadata and data mining…
Computer Security Expert Bruce Schneier Is Here to Answer Questions
Bruce Schneier did a one-hour open question and answer session on Gizmodo.
Data and Goliath: Confronting the Surveillance Society
Within a remarkably short period of time—less than two decades—all of us have become immersed in a sea of electronic data collection. Our purchases, communications, Internet searches, and even our movements all generate collectible traces that can be recorded, packaged, and sold or exploited.
Before we have had a chance to collectively think about what this phenomenal growth in data production and collection means, and to decide what to do about it, it threatens to become an irreversible feature of our lives.
In his new book Data and Goliath: The Hidden Battles to Capture Your Data and Control Your World…
Video: Interview: Online Security Expert Bruce Schneier
Transcript
EMMA ALBERICI, PRESENTER: One of the world’s leading experts in online security is Bruce Schneier. He’s a fellow at Harvard University’s Berkman Center for Internet and Society. His latest book, ‘Data and Goliath’, is about how governments and corporations are using and controlling our data.
I spoke to Bruce Schneier from Minneapolis.
Bruce Schneier, welcome to Lateline.
BRUCE SCHNEIER, AUTHOR, ‘DATA AND GOLIATH’: Thanks for having me.
EMMA ALBERICI: How much of our privacy are we unwittingly giving away?…
Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World (Review)
In Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World, author Bruce Schneier could have justifiably written an angry diatribe full of vitriol against President Obama, his administration, and the NSA for their wholesale spying on innocent Americans and violations of myriad laws and the Constitution. Instead, he has written a thoroughly convincing and brilliant book about big data, mass surveillance and the ensuing privacy dangers facing everyone.
A comment like what’s the big deal? often indicates a naiveté about a serious significant underlying issue. The idea that if you have nothing to hide you have nothing to fear is a dangerously narrow concept on the value of privacy. For many people the notion that the NSA was performing spying on Americans was perceived as not being a big deal, since if a person is innocent, then what they have to worry about. In the book, Schneier debunks that myth and many others, and defends the important of privacy…
A Way Forward: Bruce Schneier’s Data and Goliath Explains Where Our Privacy is Now, and How We Fix It
EFF is honored to have renowned security technologist Bruce Schneier as a member of our board and a collaborator for nearly 20 years. But even if we’d never met him, we’d still be incredibly excited about the release of his new book, Data and Goliath.
Schneier has been providing detailed analyses of cryptography, big data, NSA leaks, security flaws, and more for decades (when he’s not terrifying NSA Director Mike Rogers with deceptively simple questions about security). What’s exceptional about his writing and his is that he manages to be well-researched, in-depth, and accurate while remaining accessible to non-technical readers…
Audio: Balancing Surveillance: Privacy and Security in the Digital Age
Listen to the Audio on ScienceFriday.com
The NSA, Facebook, and Google are constantly mining our personal information for surveillance and advertising purposes, among other goals. Is it possible to keep our data secure in the digital age? Bruce Schneier, a cybersecurity expert and author of Data and Goliath, says, “We need to examine our own fears and decide how much of our privacy we are really willing to sacrifice for convenience.” Read an excerpt from his book here.
Trying to Make Sense of the World of Ubiquitous Surveillance
Bruce Schneier's 'Data and Goliath' a lucid overview of how corporate and governmental surveillance works
Excerpt
On a recent trip overseas, I brushed up against these overlapping systems of control. In the international airport in Ho Chi Minh City, Vietnam, I saw devices set up that automatically took temperature readings of arriving passengers (the Ebola scare was ongoing). When I returned from my trip and entered customs at John F. Kennedy International Airport, security officers divided us into lines based on national background. I swiped my passport at a kiosk, received some sort of receipt, and was made to wait again. Whatever this piece of paper meant, it was apparently better than one received by a young man next to me. His was marked with several Xs; it seemed no coincidence that, his skin being brown and mine white, he had been selected for further investigation, and I was allowed to move forward…
Bruce Schneier’s Important New Book
Bruce has just published Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World, a book that will interest many Lawfare readers. Data and Goliath is deeply informed and accessibly written analysis of mass surveillance by firms and the government. Part One is a terrific tutorial on big data and data mining, in the public and private sectors (and the two sectors in conjunction). Part Two explains the many reasons Bruce thinks we should worry about big data and data mining. And Part Three calls for very extensive limitations and regulation of public and private data collection and use. Bruce is more worried about surveillance than I am, and his prescriptions in some respects seem self-defeating to me. But among the book’s many virtues is that Bruce fully understands and fairly engages contrary arguments. I have a review of the book coming out soon, and I recommend it highly…
Audio: There is Actually One Thing You Can Do to Fight the Surveillance Machine
Stop feeling guilty about skimming the Terms of Service. Get mad instead.
Reading this right now?
Congratulations. You’re winning.
Yes, all of the usual corporate and government entities know you’re here. Google remembers everything you’ve ever searched, BuzzFeed knows how you’ve scored on all their quizzes, and your cell phone provider knows who you talk to and who you sleep with. Terms of Service agreements are an exercise in futility, encrypted email often takes more trouble than it’s worth, and yeah, sure, go ahead and give Facebook a fake name, but don’t think you’re fooling anyone. Companies are collecting your data from just about everywhere, storing it through time unknown, and using it however they want. Oh, and that’s where the FBI-and-friends find it…
Bruce Schneier's Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World (Book Review)
No one explains security, privacy, crypto and safety better than Bruce Schneier, and while he’s been talking about this subject for decades, it’s never been more relevant, as his new guide to the post-Snowden world Data and Goliath demonstrates.
It’s been nearly two years since the Snowden revelations, and we’re nowhere near figuring out what to make of his revelations, but now there’s a book that collects all the most significant facts, implications and insights from the debates and packages them in a way that is accessible, smart, and important…
Data and Goliath a Portrait of Big Data Abuses
A new book by security expert Bruce Schneier is raising serious questions about the state of privacy in the big data age, and whether giving corporations and government access to the most intimate details of our lives in exchange for convenience and security is a tradeoff we should be making.
Since 9/11, Schneier has been an outspoken critic of the government’s sometimes ham-handed approach to security. Take the airport security checkpoints, for example. Is the economic loss from asking everybody to wait in line and take off their belts and shoes (more than $10 billion per year in 2004 dollars) or the added deaths from people deciding to drive instead of fly (500 per year) worth the marginal increase in security we get from the checkpoints? In Schneier’s analysis, they’re not…
Book Review
In my Open Forum article, “Privacy and Social Media,” February 2015, I mentioned Bruce Schneier’s new book, Data and Goliath (W.W.Norton & Company). For those concerned with the arrival of the surveillance state, this is a must-read book, and one of the best assessments of our current state of affairs. Schneier delves into all of the areas that I find most disconcerting, including our general loss of privacy and anonymity and the omnipresence of corporate and government Big Brother in nearly all facets of our lives. Are we really surprised that most social media, online search engines, and other corporations are selling our data, while others are aggregating that data (think big data and analytics), disabling our ability to remain anonymous? As Schneier points out, there is a balance that must be struck between convenience and the benefits of data collection and analysis. But when that balance tips towards unnecessary and undesired intrusion into our private lives, it is time for a change…
Data and Goliath (Book Review)
Security technologist, commentator, and popular author Schneier was one of the first to analyze the documentation of NSA surveillance practices leaked by Edward Snowden. What he discovered fueled his mission to zap our complacency regarding “ubiquitous mass surveillance.” In this mind-blowing exposé, backed by 130 pages of revelatory notes, Schneier reveals exactly how all the information generated by our smartphones and computers regarding our exact location, communications, financial and medical transactions, everything we read in digital form, and every Google search is captured, stored, and traded. He elucidates the difference between data and metadata (an email’s content is data; all records pertaining to the sender, recipient, and routing are metadata), and explains how metadata is used to track our activities, interests, and concerns. With meticulously researched details and high-velocity prose, he outs the federal government’s intrusive “data mining,” the immensely profitable big-data industry, and the hidden collusion between them. Schneier convincingly argues that our privacy is “an inherent human right, and a requirement for maintaining the human condition with dignity and respect” and states that constant surveillance is too high a price to pay for electronic convenience. By matching jolting disclosures of alarming realities with lucid guiding principles and policy recommendations for forging new surveillance laws and regulations, Schneier has created an invaluable and empowering call to awareness and action…
How to Sabotage Encryption Software (And Not Get Caught)
In the field of cryptography, a secretly planted “backdoor” that allows eavesdropping on communications is usually a subject of paranoia and dread. But that doesn’t mean cryptographers don’t appreciate the art of skilled cyphersabotage. Now one group of crypto experts has published an appraisal of different methods of weakening crypto systems, and the lesson is that some backdoors are clearly better than others—in stealth, deniability, and even in protecting the victims’ privacy from spies other than the backdoor’s creator.
In a paper titled “Surreptitiously Weakening Cryptographic Systems,” well-known cryptographer and author Bruce Schneier and researchers from the Universities of Wisconsin and Washington take the spy’s view to the problem of crypto design: What kind of built-in backdoor surveillance works best?…
Big Data: The Revolution Is Digitized
Excerpt
Neither Borgman nor Lohr truly grapples with the immensity of the big-data story. At its core, big data is not primarily a business or research revolution, but a social one. In the past decade, we have allowed machines to act as intermediaries in almost every aspect of our existence. When we communicate with friends, entertain ourselves, drive, exercise, go to the doctor, read a book—a computer transmitting data is there. We leave behind a vast cloud of bits and bytes.
Bruce Schneier, a security analyst known for designing the Blowfish block-cipher algorithm—a fast and flexible method of encrypting data—grasps this revolution’s true dimensions. In Data and Goliath, he describes how our relationships with government, corporations and each other are transformed by ordinary, once-ephemeral human interactions being stored in digital media. The seemingly meaningless, incidental bits of data that we shed are turning the concept of privacy into an archaism, despite half-hearted (and doomed) regulations to protect “personally identifiable information.” As science-fiction pioneer Isaac Asimov wrote some 30 years ago: “Things just seem secret because people don’t remember. If you can recall every remark, every comment, every stray word made to you or in your hearing and consider them all in combination, you find that everyone gives himself away in everything.”…
Video: "Where's the Data Going?"
CTV News spoke with Bruce Schneier about voice recognition in Samsung TVs, and sensors in consumer devices in general.
Kirkus Review of Data and Goliath
A jeremiad suggesting our addiction to data may have made privacy obsolete.
Prolific technological writer Schneier (Fellow/Berkman Center for Internet and Society, Harvard Law School; Carry On: Sound Advice from Schneier on Security, 2013, etc.) clearly examines how technology has transformed every interaction, noting how our intimate communications are now “saved in ways we have no control over.” He suggests that most Americans remain unconcerned about the relationship between data and surveillance, due to the attraction of “free” products like Gmail. He focuses on the social costs of surveillance, which “puts us at risk of abuses by those in power—exacerbated by the fact that we are generating so much data and storing it indefinitely.” He also argues that this “pervasive mass surveillance” will inevitably chill progressive movements—e.g., gay rights and cannabis decriminalization. The problem is more sprawling than most realize: Edward Snowden’s revelations clarified “how much the NSA relies on US corporations to eavesdrop on the Internet,” and corporations are using such technologies for their own ends. Yet both the NSA and corporations are blithe about how they treat the fruits of this nonstop spying. “From the military’s perspective,” writes the author, “it’s not surveillance until a human being looks at the data.” Such strange pronouncements about the common good are hard to counter, since whistleblowers such as Snowden are prohibited from explaining their actions in court. Schneier argues that all this invasion of privacy is unlikely to succeed in its alleged goal: “Even highly accurate terrorism prediction systems will be so flooded with false alarms that they will be useless.” He concludes this grim catalog of privacy erosion with a set of prescriptions for governments, corporations and “the rest of us,” advocating a mix of legal framework, incentives for fairer business models and a more realistic understanding of the current moment’s potential for harm…
Top Influencers in Security You Should Be Following in 2015
Excerpt
In December of 2011, Tripwire published a list of security’s top 25 influencers. More than three years later, we are pleased to announce a new list for 2015—The Infosec Avengers!
For each influencer whom we have selected, we include their Twitter handle, blog URL and reasoning for selecting them. We also include their answer for what infosec-related superpower they would choose to have.
This year’s list (in no particular order) has some old faces and some new. Do you agree with our choices? Who else would you have chosen?
…
Bruce Schneier | …
Audio: Passwords
Security expert Bruce Schneier returns to Science for the People to talk about the use and misuse of passwords to safeguard our most important data.
Once More Undo the Breach
After the online breach of JPMorgan Chase, cybersecurity awareness is growing in the financial world. But what exactly is cybersecurity (and cybervulnerability)? What can or cannot be done to make sensitive information more secure?
A leading computer security and privacy expert, Bruce Schneier is one of the world’s most recognizable voices on cybersecurity, author of the popular security blog Schneier on Security, board member of the Electronic Frontier Foundation, and CTO of Co3 Systems. His new book, Data and Goliath: The Hidden Battles to Capture Your Data and Control Your World…
Sidebar photo of Bruce Schneier by Joe MacInnis.