Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World, by Bruce Schneier

Paul Bernal clicks with a maverick thinker who shows how business and governments are building a global surveillance network and how we can fight back

Investigating surveillance—whether corporate or governmental—can be a demoralising process. Those performing that surveillance, from the US' National Security Agency and the UK's Government Communications Headquarters (GCHQ) to Google and Facebook, are giants so overwhelmingly powerful that it seems too daunting to even contemplate taking them on. Their agendas may be even more terrifying: as Bruce Schneier observes, "The endgame of this isn't pretty: it's a global surveillance network where all countries collude to surveil everyone on the entire planet." What's more, he adds, the governments and the corporations are both in the same game: "It's a powerful feedback loop: the business model supports the government effort, and the government effort justifies the business model."

And yet, as the title of this book suggests, these giants are not invincible. Goliath was brought down to size—and here, Schneier attempts to set out how the new Goliaths might suffer a similar fate. He shows that it is not only individuals who are under surveillance but our whole world—and that it is not just individuals who need to change their behaviour but our whole society, which will require a profound shift in attitudes if we are to avoid the harms that this surveillance brings.

The language in Data and Goliath is accessible, even when Schneier deals with technical subjects. His interesting background—straddling academia, journalism, computer science and activism—makes his approach unique and appealing, if sometimes a little more polemical than most academic readers are used to. It is very much a personal book, written in the first person and offering Schneier's personal perspective on the issues. That, however, is a strength rather than a weakness—because his understanding and perspective are of great value.

As Schneier observes, "the biggest cost [of surveillance] is liberty". He is passionate about the subject—and he shows exactly why and how it matters. The combination of qualitative analysis and detailed examples is compelling and the conclusions are stark. Surveillance matters, and not just at a theoretical level. Schneier shows how it causes damage even when it's used "properly", and also offers examples of how it can be and is abused. And he is at his best when demolishing the case for mass surveillance from a security perspective: it's here that his expertise really kicks in. His understanding of encryption, cyberattacks and vulnerabilities, and his ability to explain them in a relatively accessible way, is impressive and admirable.

The book finishes with a set of ideas on how to fight back. Schneier calls for less secrecy and more transparency, and explains the apparent contradiction between this aim and the promotion of individual privacy as a way to address the power imbalance between people and both governments and corporations. That is the core of Data and Goliath: it is a call to arms for us to take on the seemingly overwhelming power of not just the NSA and GCHQ but Google and Facebook, too. It is a book full of rage, but ultimately also full of hope—and realism. "As individuals and as a society, we are constantly trying to balance our different values. We never get it completely right," says Schneier. "What's important is that we deliberately engage in the process. Too often the balancing is done for us by governments and corporations with their own agendas."

He's right—we need to engage more. Data and Goliath could help us to do just that.


Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World
By Bruce Schneier
W. W. Norton, 320pp, £17.99
ISBN 9780393244816
Published 28 April 2015

Categories: Book Reviews, Data and Goliath, Text

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.