Looking at the Promise and Perils of the Emerging Big Data Sector

Book Review of Data and Goliath by Bruce Schneier

There is a certain predictability to media and technology finance. Any company looking for money is inevitably characterized as similar to whatever has recently garnered the highest valuations.

For instance, when all of the software as a service (referred to in tech jargon as SaaS) companies traded in the public markets at 10 times revenue, other businesses looked desperately for something in their operations that could be tied, however tenuously, to SaaS.

The trouble with this approach is that bubbles tend to burst, as the SaaS one did last year. And once you have introduced yourself to investors—particularly in an initial public offering—it is hard to recharacterize your story later without losing all credibility.

Hard on the heels of the software-as-a-service craze comes a new buzz phrase that no banker pitch can be without: Big Data. You don't have to be an actual data company to partake. Any company that runs software or has a website or actually sells anything at all is the proud owner of the "data exhaust" that comes from customer or user interactions.

Big Data holds the promise of extensive monetization opportunities for unexploited assets. Particularly, entrepreneurial bankers have even fused their clients' exposure to SaaS and Big Data by inventing a creative new term: DaaS, or data as a service. If regulators and the public follow the recommendations in Bruce Schneier's "Data and Goliath: The Hidden Battle to Collect Your Data and Control Your World," (W.W. Norton & Company ) the coming Big Data crash will make the collapse of SaaS company valuations look like a minor market adjustment.

When it comes to what government and business are doing together and separately with personal data scooped up from the ether, Mr. Schneier is as knowledgeable as it gets.An expert in cryptography generally and security specifically, Mr. Schneier has encyclopedic knowledge of not just the uses and abuses of data collection around the globe but the dizzying array of laws, regulations, international accords and not-so-secret orders governing these practices. A half-dozen members of Congress invited Mr. Schneier to brief them about the unpublished Snowden documents.

Mr. Schneier's use of concrete examples of bad behavior with data will make even skeptics queasy and potentially push the already paranoid over the edge. Mr. Schneier writes clearly and simply about a complex subject and is most convincing when arguing that the subject demands at a minimum a more public and transparent debate about how and what lines to draw.

When it comes to his specific policy recommendations, however, Mr. Schneier becomes significantly less compelling. And the underlying philosophy that emerges — once he has dispensed with all pretense of an evenhanded presentation of the issues — seems actually subversive of the very democratic principles that he claims animates his mission.

The author is at his most vehement in his opposition of all forms of government mass surveillance. He claims that data mining of undifferentiated bulk communications sucked up by our national security apparatus is "an inappropriate tool for finding terrorists." "Whenever we learn about an N.S.A. success," Mr. Schneier informs us, "it invariably comes from targeted surveillance rather than from mass surveillance."

Like the claim that waterboarding failed to yield actionable intelligence that thwarted terrorist plots, it is impossible for a citizen without access to classified information to assess its validity.

Even if Mr. Schneier is correct that "traditional investigative police work" is ultimately responsible for successfully identifying the truly dangerous, there are still reasons that the public would want our spies to have access to a ready cache of metadata. As soon as the bad guy is found using old-fashioned methods, data-mining of previous communications would still presumably allow the speedy identification of known associates with a potentially lifesaving efficiency.

In the corporate realm, Mr. Schneier promotes no less than a fundamental reshaping of the media and technology landscape. Companies with access to large amounts of personal data would be "automatically classified as fiduciaries" and subject to "special legal restrictions and protections."

That these limits would render illegal most current business models — under which consumers exchange enhanced access by advertisers for free services—does not seem to bother Mr. Schneier: "If we succeed in raising the cost of surveillance and data collection, new businesses that don't rely on it will rise up and take the place of the current ones that do."

Although professing to be primarily preoccupied with respect of individual autonomy, the fact that Americans as a group apparently don't feel the same way as he does about privacy appears to have little impact on the author's radical regulatory agenda. He actually blames "the media" for the failure of his positions to attract more popular support.

More troubling is Mr. Schneier's overarching philosophical perspective on the rights and responsibilities of citizenship generally. Mr. Schneier mentions that he assisted The Guardian newspaper in analyzing the documents pilfered by Edward Snowden, the onetime Booz Allen Hamilton consultant whose company was contracted with the National Security Agency.

Although he leaves vague the extent of his actual relationship with Mr. Snowden, Mr. Schneier is crystal clear on the extent of his admiration of Mr. Snowden's "courageous" illegal actions Indeed, more broadly, Mr. Schneier argues that a little illegality goes a long way in fostering a healthy democracy.

Part of Mr. Schneier's argument against surveillance is that it will excessively deter a brand of law-breaking that spurs social innovation. For this proposition he cites no less an authority than Frank Zappa: "Without deviation from the norm, progress is not possible."

Mr. Schneier is also fond of referencing the life and ideas of the Rev. Dr. Martin Luther King Jr., who understood the value of lawbreaking. But King drew on a proud tradition of civil disobedience that reaches all the way back to Socrates, who he cited repeatedly in his "Letter From a Birmingham Jail."

The fundamental premise of this line of thought is that a citizen who breaks an unjust law must serve as an example and accept the consequences. Socrates, it will be recalled, sternly refused the offer of his friends to escape from jail and avoid execution.

This is called having the courage of one's convictions and is a fundamental responsibility of citizenship. Mr. Schneier, by contrast, seems to think that those with laudable convictions should simply be given a pass.He even proposes a law that would allow juries to judge when "conscience-driven" lawbreaking is justified.

Mr. Schneier argues that a rethinking of our data practices will be "Edward Snowden's legacy." If we as a people allow Mr. Snowden's actions to be venerated in this way, his true legacy will be to subvert the sacred concept of citizenship that reached its pinnacle in the life of Dr. King.

Categories: Book Reviews, Data and Goliath, Text

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.