Bruce Schneier's Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World (Book Review)

No one explains security, privacy, crypto and safety better than Bruce Schneier, and while he's been talking about this subject for decades, it's never been more relevant, as his new guide to the post-Snowden world Data and Goliath demonstrates.

It's been nearly two years since the Snowden revelations, and we're nowhere near figuring out what to make of his revelations, but now there's a book that collects all the most significant facts, implications and insights from the debates and packages them in a way that is accessible, smart, and important.

Since the first Snowden leaks, we've been buffeted by new revelations that made it hard -- even impossible -- to understand exactly what kind of spying was taking place, under whose oversight, and what effect it was having. Schneier starts with the nature of data and surveillance in the Internet age, the way that data use and abuse can empower us or harm us (both individually or as a society), patiently steps through a condensed (but still representative) account of the leaks, and then combines all this in a powerful argument that out-of-control, unaccountable, mass-scale surveillance has harmed us, and presents an existential threat to a good, safe and just society.

The world is not becoming less computerized, after all. Whatever the "Internet of Things" ends up being, it will put more surveillance opportunities into our lives than ever before, and more potential for harm. Schneier's answer to the "nothing to hide, nothing to fear" argument is particularly good here.

The final third of the book is devoted, surprisingly, to practical solutions to the surveillance conundrum. Why is that surprising? Because when you look at the changes to personal, social, political, legal and technical reality that we need to make to get to a point where mass surveillance is remembered as an unfortunate aberration in our history, it's hard to hold out hope.

But Schneier offers hope. He starts by demolishing the idea that we should be worried about government surveillance but not corporate surveillance, or vice-versa. They are the same thing. People from industry go to work for spook agencies. Spooks leave their jobs and go to work in industry. The government doesn't build its own surveillance apparatus -- it hacks, bribes, threatens or sweet-talks its way into the giant Internet companies and telcos' data-centers, and snaffles up all the data they gather on us. The project of getting the government to rein in corporate spying won't get anywhere for so long as corporate spying is essential to government spying.

How to effect change? Schneier breaks down his prescription into four parts: "solutions for government" (laws, rules, and procedures, including many that are already in the works); "solutions for corporations" (business models, best practices); "solutions for the rest of us" (crypto, privacy tools, products and best practices we can follow to take us out of untargeted surveillance); and "social norms and the big data trade-off" (when it's OK to gather user data, to spy, and to data-mine, and how to have that discussion).

Whether you're someone who really cares about this stuff and wants to figure out how to talk to the people in your life about, or someone who is purely confused by it all and wants to know what it means, Data and Goliath is a beginning-to-end guide to life in the age of total information awareness.

Categories: Book Reviews, Data and Goliath, Text

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.