Data and Goliath, Book Review: A Handbook for the Information Age

Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World • By Bruce Schneier • Norton • 384 pages • ISBN 978-0-393-24481-6 • $27.95

We did not exactly know the trade-offs we would be making in 2015 when we first began using email or got our first mobile phones. If anyone had asked 15 years ago whether we wanted a device that enabled governments and corporations to monitor our whereabouts and access the details of our personal, business, and social lives at all times, it's pretty clear that almost everyone would have said 'no'.

Similarly, few of us would have argued for developing technology to give governments the ability to spy on all aspects of the lives of billions of people. That we have arrived here is a matter of billions of individual choices, made one by one in the interests of convenience and functionality. Edward Snowden's 2013 revelations began the process of understanding just what kind of bargain we actually made.

In Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World, the security expert Bruce Schneier examines what we've learned in the last two years and what to do about it, both individually and collectively. We are increasingly part of the collateral damage as nations ramp up efforts to exploit and control internet technologies. To take just one of Schneier's examples, Stuxnet was aimed at Iran but accidentally infected half a million computers in multiple countries, including some owned by Chevron and German industrial plants. We must, he writes at the outset, fight back.

The first third of the book reviews the state of play: the data generated as a by-product by our computer use, and the way it's used, while second third discusses the impact on society. These two sections display a fair amount of overlap with Frank Pasquale's recent book, Black Box Society. Both books emphasise the extent to which governments interested in surveillance have benefited from the data collection practices of private companies. The difference is one of approach: Schneier's background is in security and technology, while Pasquale's is in law. Both mount strong objections to the chilling effects of monitoring and the erosion of social justice.

Fighting data's dark side

The final third of Data and Goliath tackles the question of what's to be done by governments, by corporations, by individuals, and by society in general so that we can have both security provided by government and protection from government abuse.

Most of the principles for curbing government abuse are not new: necessity, proportionality, court-ordered targeting, transparency, and protection for whistleblowers. Schneier also suggests breaking up the NSA.

For corporations, he recommends establishing information fiduciaries, whose role in holding data would be similar to brokers in the financial industry, giving people rights to their data (an issue in the data-protection-law-deficient US), and joining the fight against government surveillance.

To individuals, he recommends care, the use of protective tools, and helping certain kinds of government surveillance in order to lessen the NSA's perceived need to penetrate our networks and our lives.

Finally, says Schneier, despite what governments tell us, we do not live in unique times where the size of the threat outweighs the human-rights principles of the past. Think, he concludes, of your grandchildren and the world they will inherit.

Categories: Book Reviews, Data and Goliath, Text

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.