News in the Category “Book Reviews”
Ben's Book of the Month: Review of "Click Here to Kill Everybody: Security and Survival in a Hyper-connected World"
Perhaps the most meaningless term in information security is though leader. I know what it is supposed to mean, but many people who consider themselves information security thought leaders are anything but that. Nonetheless, if there is anyone who is a thought leader in the true sense of the term, it's Bruce Schneier. Schneier has written on near every aspect of information security.
Policy-makers must get to grips with "the internet of things." I'm recommending this book to them
Oh no! Another book with a terrifying, it's-the-end-of-the-world title. They're in vogue at the moment. Sadly, for us mere mortals, Click Here to Kill Everybody is by Bruce Schneier, who is one of the world's top cyber-security experts, and not someone given to exaggeration.
More than 40 years ago, Bill Gates and Paul Allen founded Microsoft with a vision for putting a personal computer on every desk.
No one really believed them, so few tried to stop them. Then before anyone realized it, the deed was done: Just about everyone had a Windows machine, and governments were left scrambling to figure out how to put Microsoft's monopoly back in the bottle.
This sort of thing happens again and again in the tech industry.
The US government and Silicon Valley have designed and created an insecure world to maximize political control and corporate profit, but in the cyberphysical world we now live in, where cars, planes, trains and nuclear power plants are connected to the internet, that deliberate insecurity must be reversed — for safety reasons, or people are going to start dying, Bruce Schneier argues in his new book, Click Here to Kill Everybody (W.W. Norton & Company, 2018).
The days of "going online" are over. We now live on the internet.
Schneier (Data and Goliath), a fellow at the Berkman Center for Internet and Society at Harvard University, provides a clear perspective on the threat posed by the evolution of the internet into what is commonly referred to as the “internet of things.” As “everything is becoming a computer... on the Internet,” with even pedestrian items such as light bulbs or refrigerators collecting, using, and communicating data, the convenience and efficiency of such “smart” technology comes at the cost of increased vulnerability to the schemes of crafty hackers. Horror stories, such as a vehicle’s controls being taken over remotely, are not new, but Schneier’s vast experience enables him to tie together many strands and put them in context. For example, after discussing the inherent security issues with software (there are “undiscovered vulnerabilities in every piece”), Schneier goes on to observe that such flaws are only part of the problem; he convincingly demonstrates that a major, if not the main, reason, for an insecure internet is that its “most powerful architects—governments and corporations—have manipulated the network to make it serve their own interests.” Schneier concedes that his book has “a gaping hole” in not explaining how his nuanced recommendations for increasing security and resilience could become policy, but it is a useful introduction to the dimensions of the challenge.
Electronic security expert Bruce Schneier's studiously terrifying new book Click Here To Kill Everybody: Security and Survival in a Hyper-connected World, is a concerted counter-playbook to the end of human civilization, and the deaf ears it will fall upon have been deadened by two completely erroneous assumptions: that an unregulated Internet is better than a regulated one, and that Internet problems only affect people on the Internet.
Ninety percent of Schneier's readers have more than one "smart" electronic device, be it a cellphone or a tablet or a laptop or a new-model automobile. And ninety percent of that ninety percent have the same personal password for all of those separate devices and haven't changed that password in years. Virtually every single one of Schneier's readers who choose to download his book instead of buying a printed copy in a bookstore leaves a wide and easily-followed data-trail back to themselves.
FIX THE INTERNET BEFORE IT FIXES US — Technologist Bruce Schneier is out with his latest book and his most alarming title yet: "Click Here to Kill Everybody." In fact, it's one of the most ominous in the entire cybersecurity canon. Even in his introduction, Schneier admits to hyperbole, yet writes the title isn't without merit since "we're already living in a world where computer attacks can crash cars and disable power plants — both actions that can easily result in catastrophic deaths if done at scale."
So, OK, it's scary. In this outing, published last week, Schneier digs into the dangers posed by the rapid spread of internet connectivity into all our things. But since he doesn't think the marketing term "internet of things" is encompassing enough, he coined his own term: Internet+.
The great and memorable title of Bruce Schneier's latest book, Click Here to Kill Everybody, certainly caught the eye of those in my household—my children kept trying to touch the button on the front cover to 'kill everybody'! (Indeed, the book's attention-grabbing title may make me a little wary about reading it openly on the Tube or while going through airport security.)
Of course, the book is not really about how to kill everybody, but rather how, from an ethical standpoint on the part of tech, and a moral standpoint on the part of government, we appear to be sleep-walking into a scenario where something, whether by accident or design, could possibly 'click here' and kill everyone.
My advance reading copy wasn't quite ready for publishing, but as it stood the book was divided into three approximately equal sections:
- The first section describes the issues of computing, IOT, and an Internet of the future.
- The second section describes the things technologists and policy makers should consider in order to bring about the changes needed for the Internet of the future.
- Finally, as with Schneier's previous book, the third section contains copious notes.
In the introduction ('Everything is a Computer'), Bruce describes three situations: hacking a car; hacking the power supply; and hacking printers (conventional, 3D and bioprinters). For each of these he expands on the potential issues: death of multiple passengers; wide-scale human and economic damage; etc.
If I were still doing radio shows, I would happily welcome Bruce Schneier back as a guest. He's a security expert who I first spoke with when he revealed the uselessness of the TSA's screening procedures at airports, which he labelled "security theater." Since then, he's made multiple appearances with me.
Bruce has just published a new book, Click Here To Kill Everybody: Security and Survival in a Hyper-connected World, and asked me to review it.
As in his previous works, Bruce sees the holes that exist in the digital world and explains the risks of having so many more things connected as part of the Internet of Things, from thermostats to refrigerators to manufacturing equipment to your kid's dolls.
Pervasive connected devices mean we REALLY can't afford shitty internet policy
Bruce Schneier (previously) has spent literal decades as part of the vanguard of the movement to get policy makers to take internet security seriously: to actually try to make devices and services secure, and to resist the temptation to blow holes in their security in order to spy on "bad guys." In Click Here to Kill Everybody: Security and Survival in a Hyper-connected World, Schneier makes a desperate, impassioned plea for sensible action, painting a picture of a world balanced on the point of no return.
Click Here... describes a world where all the bad policy decisions of PCs and laptops and phones are starting to redound onto embedded systems in voting machines and pacemakers and cars and nuclear reactors. He calls this internet-plus-IoT system the "Internet+" and the case he makes for its importance is by turns inspiring and devastating.
That's because Schneier, more than the average policymaker or marketing blowhard, has a pretty good idea of what the actual benefits of these systems can be.
Big Brother is watching and scheming and up to no good—and, writes security technologist Schneier (Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World, 2015), it looks like he's winning.
By way of an opening gambit, the author posits three scenarios in which hackers take over machines and computer systems, from printers to power plants, both to demonstrate their ability to do so and to show how the interdependence of the web can easily be put to work against us. In one of those scenarios, real-world to the core, Russian hackers came into a Ukrainian power plant through a malware backdoor, "then remotely took control of the center's computers and turned the power off." That's not just a threat to life, but it also erodes trust in social and economic systems, the basis for civil society. In another scenario, which gives the book its title, a "bio-printer" is hacked to "print a killer virus"—and does.
Click Here to Kill Everybody: Security and Survival in a Hyper-connected World Bruce Schneier W. W. Norton (2018)
Hardly a day now passes without reports of a massive breach of computer security and the theft or compromise of confidential data. That digital nightmare is about to get much worse, asserts security technologist Bruce Schneier in Click Here to Kill Everybody, his critique of government inertia on Internet security.
The burgeoning threat, writes Schneier, arises from the rapid expansion of online connectivity to billions of unsecured nodes.
The early architects of the internet did not want it to kill anybody. In cyber security expert Bruce Schneier's new book, David Clark, a professor at the Massachusetts Institute of Technology, recalls their philosophy: "It is not that we didn't think about security. We knew that there were untrustworthy people out there, and we thought we could exclude them".
Schneier describes how the internet, developed as a gated community, is now a battleground where these untrustworthy people cause great harm: harnessing computers to kill by crashing cars, disabling power plants and perhaps, soon enough, using bioprinters to cause epidemics.
With today's rapid technological advancement, almost every activity such as communication, work, and business can be done easily and efficiently through the many available devices and applications. Although it seems that we have so many benefits of the rapid development of technologies, many unseen threats also await. One of the most serious issues in this digital era is concerning our privacy and data protection. Today, in this big data era, governments and private companies can easily obtain our data from various media—such as devices and applications developed by the governments and private companies—and use these data to "surveil" us.
"Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World" is a book meant to scare you, and it does a good job. The book is designed to get our attention and serve as a wake-up call on a number of issues that beg for more robust public discussion. Chief among these issues are mass surveillance from governments and the commercial world, and how this is affecting personal privacy and even public security. More importantly, I believe Bruce Schneier offers some excellent recommendations as to what we should all be talking about and doing when it comes to bringing these critical issues out of the shadows and into the light.
One of the most striking paradoxes of our time resides in our smartphones. Our everyday use of these iconic and progressively factotum apparatuses records at various levels every activity we do in space and time, with the unbelievable outcome that, on a mass scale, we're happy about that and willfully give up our intimate privacy to be allowed to continue using them. It's nothing new, but we're still turning our head to what is behind. There are battles going on to conquer the most strategic parts of the big data we produce, in the huge business called "DaaS" (data as a service).
Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World: Bruce Schneier could have justifiably written an angry diatribe full of vitriol against President Obama, his administration, and the NSA for their wholesale spying on innocent Americans and violations of myriad laws and the Constitution. Instead, he has written a thoroughly convincing and brilliant book about big data, mass surveillance and the ensuing privacy dangers.
Data and Goliath
by Bruce Schneier
W. W. Norton & Company
From the moment you wake up, you start generating data. Your phone tracks your movements. Your purchases signal whether you’re sick or pregnant or going on vacation.
Bruce Schneier is a man worth listening to. In 1993, just as the Internet was gaining speed, he wrote one of the earliest books on applying cryptography to network communications, and has since become a well-known security specialist and author of about a dozen books on Internet security and related matters. So when someone like Schneier says we're in big trouble and we need to do something fast to keep it from getting worse, we should at least pay attention.
The trouble is mass surveillance.
Data and Goliath is a fascinating exploration of this post-Snowden world we live in. It shows how the back-doors that technology companies were forced to implement for the NSA, have actually become weapons for other agencies and hackers to use. We're taken through the murky world of international espionage, and shown how we have all become collateral damage in this digital arms race. Schneier also explains that even when we try to protect ourselves by leaving Facebook or Gmail, the fact that our friends and relatives still use them means we're caught up in this global informational dragnet.
In Data and Goliath, Bruce Schneier, a security technologist and fellow at Harvard Law School, explores what it means to have entered the age of mass surveillance. Our data are collected in the first instance by private corporations, but are increasingly exploited, as Edward Snowden has shown, by government intelligence agencies. The NSA didn't have to build from scratch a vast database on billions of innocent citizens the world over, Schneier explains, because private corporations had already done so. All the NSA needed was access.
I'm interested how we choose the books we read. Here is my request to you. Please keep track of, and share with our IHE community, how you select your books.
For one of the recent books that I read I can definitely share my book selection process.
Schneier, a fellow at Harvard’s Berkman Center for Internet and Society, has written an exceptionally readable yet thoroughly chilling book about the dangers of the ubiquitous mass surveillance we face thanks to modern life. While the author focuses on the United States, the rest of the world is largely capable of nearly the same levels of surveillance thanks to the openness of the Internet and the availability of cell phones. Schneier describes the types of data being collected about us, stemming from our interactions, activities, purchases, and where we go. As he competently explains, this “metadata” provides those collecting it with the entire framework of our existence: who we converse with and the duration of the conversation, the things we read (especially electronically), and what we buy.
Paul Bernal clicks with a maverick thinker who shows how business and governments are building a global surveillance network and how we can fight back
Investigating surveillance—whether corporate or governmental—can be a demoralising process. Those performing that surveillance, from the US' National Security Agency and the UK's Government Communications Headquarters (GCHQ) to Google and Facebook, are giants so overwhelmingly powerful that it seems too daunting to even contemplate taking them on. Their agendas may be even more terrifying: as Bruce Schneier observes, "The endgame of this isn't pretty: it's a global surveillance network where all countries collude to surveil everyone on the entire planet." What's more, he adds, the governments and the corporations are both in the same game: "It's a powerful feedback loop: the business model supports the government effort, and the government effort justifies the business model."
And yet, as the title of this book suggests, these giants are not invincible. Goliath was brought down to size—and here, Schneier attempts to set out how the new Goliaths might suffer a similar fate.
This book has been difficult to review. It has proved tricky not because I didn't enjoy the book or because it was boring or badly written, but because it was so pertinent. Every time I went to write about it, a news story would emerge referencing the subject and I would find that my opinions of the news were influenced by the book and my opinions of the book were influenced by the news. This is an important topic and everyone should make up their own minds based on a decent knowledge and understanding of the issues.
Privacy is becoming an antiquated concept. In “Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World” (ISBN: 9780393244816), security expert Bruce Schneier leads you through a labyrinth of surveillance that should scare the hell out of you.
Welcome to the NSA! We want to thank you for helping us with our collection of data about your work and personal habits. By using the computer, phone, public transportation, private vehicle, credit cards, library, banking systems, online shopping, or retail shopping, you are contributing to our data files.
DATA AND GOLIATH. By Bruce Schneier. Norton. 365 pages. $27.95.
Think of some of the ways the Enlightenment helped advance the human individual. The ability to shape your identity. The ability to own and control your stuff. Economic autonomy.
I finally got around to finishing Bruce Schneier's latest bestseller: Data and Goliath. I've read a few of Bruce's books over the years (and own most of the rest, waiting patiently to be read). I've watched Bruce on many TV news segments, lectures, interviews, and web videos. I follow his blog and Twitter posts.
The Internet birthed unprecedented freedom of communication, interconnecting individuals from every corner of the globe and every walk of life. This free flow of information has the potential to establish a world of truly free and equal citizens, yet many politicians want to turn this technology inside out and use the Internet as a universal surveillance mechanism. This path would roll back centuries of civil rights and revive feudalism on a global scale. Sadly, this rush to oppression isn't restricted to some backwater dictator massaging his own ego.
Bruce Schneier is a world-renowned cryptographer, computer security and privacy specialist, and author of numerous books on security. So when he speaks, TechMan tends to listen.
In his latest book, “Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World,” his point is well worth taking note of: Surveillance and data collections are a trade-off between individual value and group value. You give Google personal information in return for free search, free email, free maps and all the other free things Google provides.
"Over the past twenty years," complained Newsweek, the United States has become "one of the snoopiest and most data-conscious nations in the history of the world." Part of the problem is that "the average American trails data behind him like spoor through the length of his life." Another part of the problem is that the government and private firms "have been chasing down, storing, and putting to use every scrap of information they can find." These "vast reservoirs of personal information" are "poured into huge computers" and "swapped with mountains of other data from other sources" with "miraculous speed and capacity." As a result of these forces, "Americans have begun to surrender both the sense and the reality of their own right to privacy—and their reaction to their loss has been slow and piecemeal."
The Newsweek article—published in 1970, and entitled The Assault on Privacy—nicely captures the thesis of Bruce Schneier's new book, Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World. That doesn't mean that Schneier's book isn't valuable—it is. It just means that there is something to be learned about Schneier's argument from the fact that it was made 45 years ago. (Disclosure: I gave Schneier comments on a draft of his book and he and I are teaching a class together on Internet power and governance.)
Data and Goliath is an informed, well-written, accessible, and opinionated critique of "ubiquitous mass surveillance" by governments and corporations—how it happens, its costs, and what to do about it.
A computer-security expert weighs up the costs and benefits of collecting masses of personal data
Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World. By Bruce Schneier.W.W. Norton; 383 pages; $27.95 and £17.99.
SOCIETY has more digital information than ever and can do new things with it. Google can identify flu outbreaks using search queries; America's National Security Agency (NSA) aspires to do the same to find terrorists.
Mass surveillance by governments and corporations is comparable to child labor or environmental pollution. That is the largely persuasive claim of security expert Bruce Schneier in his new book "Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World." Resistance is not futile, Schneier thinks, although it will be tricky to fight overreaching securocrats and snooping online advertisers without giving up at least some of the genuine advantages of Big Data.
Much of the problem lies in excessive expectations about what mass surveillance can achieve, writes Schneier, who is chief technology officer at security firm Resilient Systems and a fellow at Harvard Law School's Berkman Center for Internet and Society. It might seem that the combination of huge amounts of collected data and sophisticated data-mining could have prevented the 9/11 attacks or the Boston Marathon bombing.
A couple of weeks ago, I mentioned that I was reading Bruce Schneier's new book, Data and Goliath, just published by Norton. The subtitle (which, as is the custom these days, is more or less an elevator pitch for the book) provides a hint of what's inside: The Hidden Battles to Collect Your Data and Control Your World. What's missing from this descriptive subtitle is the best part: And Here's How We Can Fix It. Because unlike a lot of books that focus on big scary issues, this one has lots of concrete recommendations and encouragement to think that we can actually make change happen.
This is, above all, a refreshingly rational book. The subject matter is frightening, but Schneier doesn't use our anxiety to dramatize the importance of his subject or to threaten us with doom if we fail to take his advice.
Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World By Bruce Schneier Norton 384 pages ISBN 978-0-393-24481-6 $27.95
We did not exactly know the trade-offs we would be making in 2015 when we first began using email or got our first mobile phones. If anyone had asked 15 years ago whether we wanted a device that enabled governments and corporations to monitor our whereabouts and access the details of our personal, business, and social lives at all times, it's pretty clear that almost everyone would have said 'no'.
Similarly, few of us would have argued for developing technology to give governments the ability to spy on all aspects of the lives of billions of people. That we have arrived here is a matter of billions of individual choices, made one by one in the interests of convenience and functionality.
From spyware designed to catch students misbehaving to police tracking rioters by phone, we are spied on as never before, reveals a book by Bruce Schneier
"DEAR subscriber, you have been registered as a participant in a mass disturbance." This text was sent by the Ukrainian government last year to everyone with a cellphone known to have been near a protest in the capital, Kiev.
Just what you'd expect from an ex-Soviet country? Not so fast. In the US and Europe, police are also seeking information on phones linked to specific places and times—and always without a warrant.
If you'd asked me a year ago, 'do you worry about government surveillance?', I would have said no. But today, my answer would be an empathic YES.
The scary part is that, like most Canadians, I hadn't worried about that kind of surveillance until the current debate around C-51. (If you don't know what that is, check it out here.) This terrifying bill would, among many other things, make it illegal to talk positively of terrorism on the internet.
Bruce Schneier has built a career explaining the principles of security in plain English, helping the uninitiated to think clearly and critically about managing risk, and exposing the nonsense peddled by government spokesmen and high-tech hucksters. He is at once a great popularizer and a great debunker.
Schneier's new book, Data and Goliath, examines the prevalence, mechanisms, uses, and dangers of mass surveillance.
This book scared the hell out of me.
"The surveillance society snuck up on us," says Bruce Schneier in Data and Goliath: The Hidden Battles to Capture Your Data and Control Your World. It's a thought-provoking, absorbing, and comprehensive guide to our new big data world. Most important, it's a call for a serious discussion and urgent action to stop the harms caused by the mass collection and mining of data by governments and corporations. To paraphrase Schneier's position on anonymity—we either need to develop more robust techniques for preserving our freedom, or give up on the idea entirely.
During the Cold War, communist East Germany was perhaps the most spied-upon nation on earth, with one secret police informant for every 66 citizens.
Those were the good old days. In 21st-century America, we've got more informants than citizens, all of them digital. Our phones and computers incessantly rat us out, broadcasting our interests, friendships, and locations to governments and corporations alike, according to renowned cryptographer and Internet privacy advocate Bruce Schneier in his new book, "Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World."
Nobody planned it this way; hyper-surveillance just happened.
"Even the East Germans couldn't follow everybody all the time," Bruce Schneier writes. "Now it's easy."
This may sound hyperbolic, but Schneier's lucid and compelling Data and Goliath is free of the hysteria that often accompanies discussions about surveillance. Yes, our current location, purchases, reading history, driving speed and Internet use are being tracked and recorded. But Schneier's book, which focuses mainly on the United States, is not a rant against the usual bad guys such as the U.S.
Sind Privatsphäre und Sicherheit wirklich ein Gegensatz? Bruce Schneier ist einer der bekanntesten Experten für Verschlüsselung. Er fordert, der Geheimdienst NSA solle zerschlagen werden.
Damit Bruce Schneier für einen kurzen Augenblick seine ruhige Art vergisst, reicht es aus, wie der Chef der zum Inlandsgeheimdienst gewandelten US-Bundespolizei FBI zu argumentieren. Etwa so: Haben Strafverfolgungsbehörden recht, wenn sie davor warnen, bald im Dunkeln zu tappen, weil sich Verbrecher immer stärker in den digitalen Raum verziehen?
In Data and Goliath, one of the world's foremost security experts piles on the evidence that privacy is dead -- and proposes a detailed plan to restore it
You can't help but get a little depressed as you read Bruce Schneier's latest book, "Data and Goliath: The Hidden Battles to Capture Your Data and Control Your World." It confirms over and over how all our supposed guaranteed personal privacy, digital or otherwise, is nothing but a façade. Here are some examples from the book:
- It doesn't take much metadata to specifically identify and track anyone.
- "We kill people based on metadata."—General Michael Hayden, former director of the NSA and the CIA
- The U.S. Post Office photographs (and keeps) the exterior back and front of every piece of mail sent in the United States, and this data is available to other agencies.
- "... man who complained to a Target store that had sent baby-related coupons to his teenage daughter, only to find out later that Target was correct."
- In 2011, a man forced Facebook to turn over all data it had on him.
A mature democracy needs to carefully balance individual privacy, national security and business efficiency.
New technologies are always a mixed blessing, their potential for good carrying with it the risk of evil. The deep challenge for a democracy is to develop legal rules, social practices and institutional arrangements that, at some reasonable cost, separate good from bad behavior. The exponential improvement in computation and communication technologies over the past few decades has posed this challenge in an acute form. Both large bureaucracies and determined individuals can now collect and organize huge amounts of information—and all of it,, in one sense or another, is about all of us.
Book Review of Data and Goliath by Bruce Schneier
There is a certain predictability to media and technology finance. Any company looking for money is inevitably characterized as similar to whatever has recently garnered the highest valuations.
For instance, when all of the software as a service (referred to in tech jargon as SaaS) companies traded in the public markets at 10 times revenue, other businesses looked desperately for something in their operations that could be tied, however tenuously, to SaaS.
The trouble with this approach is that bubbles tend to burst, as the SaaS one did last year.
Within a remarkably short period of time—less than two decades—all of us have become immersed in a sea of electronic data collection. Our purchases, communications, Internet searches, and even our movements all generate collectible traces that can be recorded, packaged, and sold or exploited.
Before we have had a chance to collectively think about what this phenomenal growth in data production and collection means, and to decide what to do about it, it threatens to become an irreversible feature of our lives.
In his new book Data and Goliath: The Hidden Battles to Capture Your Data and Control Your World (Norton, 2015), author and security technologist Bruce Schneier aims to forestall that outcome, and to help recover the possibility of personal privacy before it is lost or forgotten.
In Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World, author Bruce Schneier could have justifiably written an angry diatribe full of vitriol against President Obama, his administration, and the NSA for their wholesale spying on innocent Americans and violations of myriad laws and the Constitution. Instead, he has written a thoroughly convincing and brilliant book about big data, mass surveillance and the ensuing privacy dangers facing everyone.
A comment like what's the big deal? often indicates a naiveté about a serious significant underlying issue. The idea that if you have nothing to hide you have nothing to fear is a dangerously narrow concept on the value of privacy.
A Way Forward: Bruce Schneier’s Data and Goliath Explains Where Our Privacy is Now, and How We Fix It
EFF is honored to have renowned security technologist Bruce Schneier as a member of our board and a collaborator for nearly 20 years. But even if we'd never met him, we'd still be incredibly excited about the release of his new book, Data and Goliath.
Schneier has been providing detailed analyses of cryptography, big data, NSA leaks, security flaws, and more for decades (when he's not terrifying NSA Director Mike Rogers with deceptively simple questions about security). What's exceptional about his writing and his is that he manages to be well-researched, in-depth, and accurate while remaining accessible to non-technical readers.
Bruce Schneier's 'Data and Goliath' a lucid overview of how corporate and governmental surveillance works
On a recent trip overseas, I brushed up against these overlapping systems of control. In the international airport in Ho Chi Minh City, Vietnam, I saw devices set up that automatically took temperature readings of arriving passengers (the Ebola scare was ongoing). When I returned from my trip and entered customs at John F. Kennedy International Airport, security officers divided us into lines based on national background. I swiped my passport at a kiosk, received some sort of receipt, and was made to wait again.
Bruce has just published Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World, a book that will interest many Lawfare readers. Data and Goliath is deeply informed and accessibly written analysis of mass surveillance by firms and the government. Part One is a terrific tutorial on big data and data mining, in the public and private sectors (and the two sectors in conjunction). Part Two explains the many reasons Bruce thinks we should worry about big data and data mining.
Bruce Schneier's Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World (Book Review)
No one explains security, privacy, crypto and safety better than Bruce Schneier, and while he's been talking about this subject for decades, it's never been more relevant, as his new guide to the post-Snowden world Data and Goliath demonstrates.
It's been nearly two years since the Snowden revelations, and we're nowhere near figuring out what to make of his revelations, but now there's a book that collects all the most significant facts, implications and insights from the debates and packages them in a way that is accessible, smart, and important.
Since the first Snowden leaks, we've been buffeted by new revelations that made it hard -- even impossible -- to understand exactly what kind of spying was taking place, under whose oversight, and what effect it was having. Schneier starts with the nature of data and surveillance in the Internet age, the way that data use and abuse can empower us or harm us (both individually or as a society), patiently steps through a condensed (but still representative) account of the leaks, and then combines all this in a powerful argument that out-of-control, unaccountable, mass-scale surveillance has harmed us, and presents an existential threat to a good, safe and just society.
The world is not becoming less computerized, after all.
A new book by security expert Bruce Schneier is raising serious questions about the state of privacy in the big data age, and whether giving corporations and government access to the most intimate details of our lives in exchange for convenience and security is a tradeoff we should be making.
Since 9/11, Schneier has been an outspoken critic of the government's sometimes ham-handed approach to security. Take the airport security checkpoints, for example. Is the economic loss from asking everybody to wait in line and take off their belts and shoes (more than $10 billion per year in 2004 dollars) or the added deaths from people deciding to drive instead of fly (500 per year) worth the marginal increase in security we get from the checkpoints?
In my Open Forum article, “Privacy and Social Media,” February 2015, I mentioned Bruce Schneier's new book, Data and Goliath (W.W.Norton & Company). For those concerned with the arrival of the surveillance state, this is a must-read book, and one of the best assessments of our current state of affairs. Schneier delves into all of the areas that I find most disconcerting, including our general loss of privacy and anonymity and the omnipresence of corporate and government Big Brother in nearly all facets of our lives. Are we really surprised that most social media, online search engines, and other corporations are selling our data, while others are aggregating that data (think big data and analytics), disabling our ability to remain anonymous?
Security technologist, commentator, and popular author Schneier was one of the first to analyze the documentation of NSA surveillance practices leaked by Edward Snowden. What he discovered fueled his mission to zap our complacency regarding “ubiquitous mass surveillance.” In this mind-blowing exposé, backed by 130 pages of revelatory notes, Schneier reveals exactly how all the information generated by our smartphones and computers regarding our exact location, communications, financial and medical transactions, everything we read in digital form, and every Google search is captured, stored, and traded. He elucidates the difference between data and metadata (an email’s content is data; all records pertaining to the sender, recipient, and routing are metadata), and explains how metadata is used to track our activities, interests, and concerns. With meticulously researched details and high-velocity prose, he outs the federal government’s intrusive “data mining,” the immensely profitable big-data industry, and the hidden collusion between them.
Neither Borgman nor Lohr truly grapples with the immensity of the big-data story. At its core, big data is not primarily a business or research revolution, but a social one. In the past decade, we have allowed machines to act as intermediaries in almost every aspect of our existence. When we communicate with friends, entertain ourselves, drive, exercise, go to the doctor, read a book—a computer transmitting data is there.
A jeremiad suggesting our addiction to data may have made privacy obsolete.
Prolific technological writer Schneier (Fellow/Berkman Center for Internet and Society, Harvard Law School; Carry On: Sound Advice from Schneier on Security, 2013, etc.) clearly examines how technology has transformed every interaction, noting how our intimate communications are now "saved in ways we have no control over." He suggests that most Americans remain unconcerned about the relationship between data and surveillance, due to the attraction of "free" products like Gmail. He focuses on the social costs of surveillance, which "puts us at risk of abuses by those in power—exacerbated by the fact that we are generating so much data and storing it indefinitely." He also argues that this "pervasive mass surveillance" will inevitably chill progressive movements—e.g., gay rights and cannabis decriminalization. The problem is more sprawling than most realize: Edward Snowden's revelations clarified "how much the NSA relies on US corporations to eavesdrop on the Internet," and corporations are using such technologies for their own ends.
Jeg har lige lagt Bruce Schneiers "Liars and Outliers" fra mig og det bliver ikke nemt at gøre den retfærdighed i en boganmeldelse.
Denne gang har han skrevet en bog om sikkerhed der ikke handler om computere og faktisk kun halvvejs handler om sikkerhed.
Bogen er i bund og grund en analyse af hvordan mennesker omgås hinanden, hverken mere eller mindre, men det er ikke nogen særlig hjælpsom opsummering, for det dækker alt fra affaldshåndtering over skattelovgivning til computersikkerhed.
"Liars & Outliers: Enabling the Trust that Society Needs to Thrive," by Bruce Schneier
Internationally renowned security expert Bruce Schneier delves into the world of trust, bringing together "ideas from across the social and biological sciences to explain how society induces trust ... how trust works and fails in social settings, communities, organizations, countries and the world."
Tomas Gilså har läst ”Liars & Outliers” – en utmärkt grundkurs i mänskligt beteende utifrån ett säkerhetsperspektiv.
Bruce Schneier, it-säkerhetsbranschens husgud, har lyft blicken än en gång. Efter att ha börjat med ”Applied Cryptography” 1994 och fortsatt med böcker om allmän it-säkerhet, informationssäkerhet och praktisk säkerhet är han idag framme vid sin trettonde bok, ”Liars & Outliers”. Med den tar han steget upp på samhällsnivå.
”Liars & Outliers” förklarar säkerhet som en funktion av tillit, dess fördelar och tilkortakommanden.
One of the best books I've read this year is by a security technologist, Bruce Schneier. In Liars and Outliers, he sets out to investigate how trust works in society and in business, how it is betrayed and the degree to which technology changes all of that, for the better or the worse.
Schneier absolutely understands how profoundly trust oils the wheels of business and of daily life. "The more customers trust merchants, the more business gets done.
[In The Righteous Mind, Jonathan] Haidt writes:
Moral systems are interlocking sets of values, virtues, norms, practices, identities, institutions, technologies, and evolved psychological mechanisms that work together to suppress or regulate self-interest and make cooperative societies possible.
It is interesting to compare this perspective with what one finds in Liars and Outliers, a recent book by Bruce Schneier on the social problem of trust and security. Schneier, a security consultant, views our lives from the perspective of game theory. Every day, we must decide whether to cooperate or to defect.
Society runs on trust and would collapse without it. The interconnectedness of the modern world creates new and dangerous risks to trust.
Bruce Schneier's recent book Liars and Outliers is a philosophical exploration of the role of trust in society, and is likely to appeal more to policy makers and academics than to information security practitioners. He describes how theories regarding trust (and perhaps trust itself) have evolved over time and sets this within the context of today's global interconnected society.
Schneier has done a very careful literature review, citing theories and experiments across multiple disciplines such as sociology, anthropology, and psychology.
Bruce Schneier’s new book explores the relationships of trust on which civilization depends
Bruce Schneier is a security icon, the cryptological equivalent of action-movie superstar Chuck Norris, able to straighten elliptic curves with his bare hands. Liars & Outliers isn’t the book you’d expect from someone whose portrait adorns posters—nor from the coauthor of several important encryption algorithms (one of them a finalist for the next generation of national encryption standards).
On his blog, Schneier reminds us almost daily that protecting our secrets with a 4096-bit key doesn’t do much good if we have to tape the new pass phrase to our monitors, and that an unforgeable ID card can be a very bad idea if someone can get one by slipping 20 bucks to a file clerk. In Liars & Outliers, however, he takes an almost Aristotelian step back from those frontline concerns to discuss the first causes of security: the kinds of trust that security measures help to enable; why we secure things in the first place, even when—indeed, especially when—we know that security will never be perfect; and why we probably shouldn’t even want security to be perfect.
Since the days when Plato and Aristotle walked this Earth, philosophers have debated what constitutes the ideal state and, more specifically, what holds societies together. Why doesn't society just fall apart? How does society function when you know you can't possibly trust everyone in it? And why aren't we living in what Thomas Hobbes memorably referred to as a state of constant "war of all against all"?
1. Summary of the review
Bruce Schneier's Beyond Fear is a book about security in general. In contrast to many other books, Schneier explains how security works in the most general case, starting from protecting your diary of your sister to protecting the nation from global terrorism. Schneier's book does not focus on cryptography or network security, instead it uses examples of systems everyone is expected to be familiar with.
"There is a perception in both the private and government sector, that security, both physical and digital, is something you can buy. Witness the mammoth growth of airport security products following 9/11, and the sheer number of vendors at security conferences. With that, government officials and corporate executives often think you can simply buy products and magically get instant security by flipping on the switch. The reality is that security is not something you can buy; it is something you must get."
Perhaps no one in the world gets security like author Bruce Schneier does.
Here are some recently released top-quality books:
Beyond Fear: Thinking Sensibly About Security In An Uncertain World, by Bruce Schneier. Schneier continues proving himself a leading thinker on security issues, in part because he continues to evolve from an expert who first approached security as a techno-centrist to one who now sees security as a process involving a broader set of factors, including power, agenda, bureaucracy and people. A goal of the latest book is to take the lessons that Schneier has learned in his computer security work and apply them to other security concerns, like protecting the nation from terrorist attacks, or protecting homes from burglars.
A theme of this latest book, Schneier's third in a series, is that "security" always involves "trade-offs." He outlines five steps for evaluating a security program's worth: (1) What assets are you trying to protect?
Bruce Schneier is perhaps the best example of why IT security professionals are "eating the lunch" of physical security managers in some corporations. He thinks creatively, he expresses himself logically, and he has cultivated the ear of people high on the corporate food chain. His latest book will be food for thought for security professionals.
Beyond Fear is organized into three sections: "Sensible Security," "How Security Works," and "The Game of Security." The first section introduces three of Schneier's core concepts: that all security involves trade-offs, that trade-offs are subjective, and that they depend on power and agenda.
It's a rare security book that can raise awareness without resorting to sensationalism, but Bruce Schneier's recent title Beyond Fear is one of them. It covers the theory behind both good and bad security practices, though it's not a manual. It does not explain how to make whatever you wish to defend more secure, but it will help you to think clearly about how to do that.
The book clearly defines the essential concepts and basic practices behind security in all areas of life.
Bruce Schneier has been one of my heroes for many years, not least because of the clarity of his thought and the crispness of his writing. Readers of this column have seen references in the past to his free monthly Crypto-Gram newsletter, and I hope you have subscribed to that always-worthwhile publication.
In 2000, Schneier published a groundbreaking primer for non-nerds called Secrets & Lies in which he confronted many misunderstandings and outright myths about security in the digital realm. In 2003, he continued his educational efforts with Beyond Fear, a superb analysis of the basis of rational thought about security in the wider world—not just computers and networks.
In 1996, a man named Willis Robinson reprogrammed a computerized cash register at a Taco Bell in Maryland. The compromised machine would ring a $2.99 item internally as a one-cent sale, even as it showed the proper amount on its screen. Robinson skimmed $3,600 from his employer. He was caught only because he bragged about his exploits.
Secrets and Lies: Digital Security in a Networked World.
By Bruce Schneier.
John Wiley & Sons; 432 pages; $29.99 and £19.50
WHEN an acknowledged expert suddenly announces that his previous views are completely wrong, it is time to take notice. That is exactly what Bruce Schneier, an authority on computer security, has just done in "Secrets and Lies". Like many in his field, he used to be beguiled by the mathematics of cryptography, and believed that, with enough fancy encryption and authentication, it was possible to build a totally secure system—a mathematical utopia he described in a previous book, "Applied Cryptography", which became a standard work.
Secrets and Lies by Bruce Schneier, John Wiley, £19.50, ISBN 0471253111
An exceptional amount of disinformation plagues the world of information security. For decades spies obstructed the "proliferation" of cryptographic and security know-how. This made their job of snooping far easier.
When in 1993 I tried to organise a research programme in computer security, cryptography and coding theory, a spook in a suit approached the institute involved.
Bruce Schneier's book Secrets and Lies won a Productivity Award in the 13th Annual Software Development Magazine Product Excellence Awards.
Photo of Bruce Schneier by Per Ervland.
Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.