Review of Data and Goliath

During the Cold War, communist East Germany was perhaps the most spied-upon nation on earth, with one secret police informant for every 66 citizens.

Those were the good old days. In 21st-century America, we've got more informants than citizens, all of them digital. Our phones and computers incessantly rat us out, broadcasting our interests, friendships, and locations to governments and corporations alike, according to renowned cryptographer and Internet privacy advocate Bruce Schneier in his new book, "Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World."

Nobody planned it this way; hyper-surveillance just happened. Everybody loves the cheap and powerful digital devices that make it possible. But these devices were never designed with privacy in mind; they spew personal data like carbon monoxide from a tailpipe. And downwind, inhaling our secrets, are businesses, criminals, and police agencies.

"You have zero privacy anyway," said Sun Microsystems chief executive Scott McNealy over 15 years ago. "Get over it." It's far worse now. Yet Schneier isn't ready to surrender. In his lucid and fast-paced new book, Schneier describes with dismay the erosion of privacy, then lays out a strategy for turning the tide.

Schneier worked with journalist Glenn Greenwald to analyze the documents released by National Security Agency whistle-blower Edward Snowden. In the process he learned of remarkable innovations in US electronic intelligence. For instance, the NSA tracks cellphone locations and data traffic worldwide, with special attention to people who switch their phones off—consider that if several phones are simultaneously switched off in the same general area, it could indicate an Al Qaeda meeting.

Businesses are every bit as creative in exploiting our data exhaust, he notes. For example, the travel site Orbitz in 2012 discovered that customers who used Macintosh computers tend to be more affluent, so they charged them a little extra for hotel rooms. American Express has reduced the credit limits of customers who shop frequently at discount retailers.

Corporations such as Google and Verizon are in fact more adept at collecting information about us than the FBI could ever be. But Schneier reminds us that law enforcement and intelligence agencies have struck up an uneasy and often unwelcome alliance with corporate America, raiding commercial databases to support a campaign of ubiquitous surveillance aimed at nearly everyone on earth.

When Google compromises our privacy, we at least get free e-mail in exchange. But Schneier claims all-pervasive government surveillance hasn't made our nation more secure. Every time a potential terrorist has been caught in recent years, it's been due to old-school police and intelligence techniques, not the digital dragnet. So far, the post-9/11 surveillance surge has only aided the politicians and bureaucrats who point to the uptick as proof that they're doing their best to avert the next attack.

But the computers and smartphones that track us also serve us, and very well. The data they capture can route us past traffic jams, protect the security of our homes, and keep tabs on our children. Schneier doesn't expect us to resist these irresistible benefits—just the abuses that have emerged as byproducts.

For instance, he argues, we shouldn't need an Edward Snowden to find out what kinds of information US intelligence agencies collect about Americans or foreigners. The general principles that guide their work should be a matter for public discussion and debate.

Further, Schneier says, the corporations that collect so much of our data could stand more oversight. The United States needs a privacy law to set standards for what personal data businesses can collect and what they can do with it. Companies must let us see our own files, and at least in some cases we should be able to demand their deletion. And they should be held financially liable for data breaches that compromise customer privacy.

It's a pretty comprehensive list of reforms, the work of a decade at least. But it's a cheerful prospect too. Unlike some techno-pessimists, Schneier is confident that all is not lost. After all, nobody wants to live in East Germany, not even the digital version.

Categories: Book Reviews, Data and Goliath, Text

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.