Entries Tagged "books"

Page 6 of 15

New Book on Data and Power

I’m writing a new book, with the tentative title of Data and Power.

While it’s obvious that the proliferation of data affects power, it’s less clear how it does so. Corporations are collecting vast dossiers on our activities on- and off-line—initially to personalize marketing efforts, but increasingly to control their customer relationships. Governments are using surveillance, censorship, and propaganda—both to protect us from harm and to protect their own power. Distributed groups—socially motivated hackers, political dissidents, criminals, communities of interest—are using the Internet to both organize and effect change. And we as individuals are becoming both more powerful and less powerful. We can’t evade surveillance, but we can post videos of police atrocities online, bypassing censors and informing the world. How long we’ll still have those capabilities is unclear.

Understanding these trends involves understanding data. Data is generated by all computing processes. Most of it used to be thrown away, but declines in the prices of both storage and processing mean that more and more of it is now saved and used. Who saves the data, and how they use it, is a matter of extreme consequence, and will continue to be for the coming decades.

Data and Power examines these trends and more. The book looks at the proliferation and accessibility of data, and how it has enabled constant surveillance of our entire society. It examines how governments and corporations use that surveillance data, as well as how they control data for censorship and propaganda. The book then explores how data has empowered individuals and less-traditional power blocs, and how the interplay among all of these types of power will evolve in the future. It discusses technical controls on power, and the limitations of those controls. And finally, the book describes solutions to balance power in the future—both general principles for society as a whole, and specific near-term changes in technology, business, laws, and social norms.

There’s a fundamental trade-off we need to make as society. Our data is enormously valuable in aggregate, yet it’s incredibly personal. The powerful will continue to demand aggregate data, yet we have to protect its intimate details. Balancing those two conflicting values is difficult, whether it’s medical data, location data, Internet search data, or telephone metadata. But balancing them is what society needs to do, and is almost certainly the fundamental issue of the Information Age.

As I said, Data and Power is just a tentative title. Suggestions for a better one—either a title or a subtitle—are appreciated. Here are some ideas to get you started:

  • Data and Power: The Political Science of Information Security
  • The Feudal Internet: How Data Affects Power and How Power Affects Data
  • Our Data Shadow: The Battles for Power in the Information Society
  • Data.Power: The Political Science of Information Security
  • Data and Power in the Information Age
  • Data and Goliath: The Balance of Power in the Information Age
  • The Power of Data: How the Information Society Upsets Power Balances

My plan is to finish the manuscript by the end of October, for publication in February 2015. Norton will be the publisher. I’ll post a table of contents in a couple of months. And, as with my previous books, I will be asking for volunteers to read and comment on a draft version.

If you notice I’m not posting as many blog entries, or writing as many essays, this is what I’m doing instead.

Posted on March 21, 2014 at 12:19 PMView Comments

New Book: Carry On

I have a new book. It’s Carry On: Sound Advice from Schneier on Security, and it’s my second collection of essays. This book covers my writings from March 2008 to June 2013. (My first collection of essays, Schneier on Security, covered my writings from April 2002 to February 2008.)

There’s nothing in this book that hasn’t been published before, and nothing you can’t get free off my website. But if you’re looking for my recent writings in a convenient-to-carry hardcover-book format, this is the book for you.

I’m also happy with the cover.

The Kindle and Nook versions are available now, and they’re 50% off for some limited amount of time.

Unfortunately, the paper book isn’t due in stores—either online or brick-and-mortar—until 12/27, which makes it a pretty lousy Christmas gift, though Amazon and B&N both claim it’ll be in stock there on December 16. And if you don’t mind waiting until after the new year, I will sell you a signed copy of the book here.

Suggestions for a title of my third collection of essays, to be published in five-ish years, are appreciated.

Posted on December 6, 2013 at 2:47 PMView Comments

Book Review: Cyber War Will Not Take Place

Thomas Rid, Cyber War Will Not Take Place, Oxford University Press, 2013.

Cyber war is possibly the most dangerous buzzword of the Internet era. The fear-inducing rhetoric surrounding it is being used to justify major changes in the way the Internet is organized, governed, and constructed. And in Cyber War Will Not Take Place, Thomas Rid convincingly argues that cyber war is not a compelling threat. Rid is one of the leading cyber war skeptics in Europe, and although he doesn’t argue that war won’t extend into cyberspace, he says that cyberspace’s role in war is more limited than doomsayers want us to believe. His argument against cyber war is lucid and methodical. He divides “offensive and violent political acts” in cyberspace into: sabotage, espionage, and subversion. These categories are larger than cyberspace, of course, but Rid spends considerable time analyzing their strengths and limitations within cyberspace. The details are complicated, but his end conclusion is that many of these types of attacks cannot be defined as acts of war, and any future war won’t involve many of these types of attacks.

None of this is meant to imply that cyberspace is safe. Threats of all sorts fill cyberspace, but not threats of war. As such, the policies to defend against them are different. While hackers and criminal threats get all the headlines, more worrisome are the threats from governments seeking to consolidate their power. I have long argued that controlling the Internet has become critical for totalitarian states, and their four broad tools of surveillance, censorship, propaganda and use control have legitimate commercial applications, and are also employed by democracies.

A lot of the problem here is of definition. There isn’t broad agreement as to what constitutes cyber war, and this confusion plays into the hands of those hyping its threat. If everything from Chinese espionage to Russian criminal extortion to activist disruption falls under the cyber war umbrella, then it only makes sense to put more of the Internet under government—and thus military—control. Rid’s book is a compelling counter-argument to this approach.

Rid’s final chapter is an essay unto itself, and lays out his vision as to how we should deal with threats in cyberspace. For policymakers who won’t sit through an entire book, this is the chapter I would urge them to read. Arms races are dangerous and destabilizing, and we’re in the early years of a cyber war arms race that’s being fueled by fear and ignorance. This book is a cogent counterpoint to the doomsayers and the profiteers, and should be required reading for anyone concerned about security in cyberspace.

This book review previously appeared in Europe’s World.

Posted on October 25, 2013 at 9:26 AMView Comments

Book Review: Rise of the Warrior Cop

Rise of the Warrior Cop: The Militarization of America’s Police Forces, by Radley Balko, PublicAffairs, 2013, 400 pages.

War as a rhetorical concept is firmly embedded in American culture. Over the past several decades, federal and local law enforcement has been enlisted in a war on crime, a war on drugs and a war on terror. These wars are more than just metaphors designed to rally public support and secure budget appropriations. They change the way we think about what the police do. Wars mean shooting first and asking questions later. Wars require military tactics and weaponry. Wars mean civilian casualties.

Over the decades, the war metaphor has resulted in drastic changes in the way the police operate. At both federal and state levels, the formerly hard line between police and military has blurred. Police are increasingly using military weaponry, employing military tactics and framing their mission using military terminology. Right now, there is a Third Amendment case—that’s the one about quartering soldiers in private homes without consent—making its way through the courts. It involves someone who refused to allow the police to occupy his home in order to gain a “tactical advantage” against the house next-door. The police returned later, broke down his door, forced him to the floor and then arrested him for obstructing an officer. They also shot his dog with pepperball rounds. It’s hard to argue with the premise of this case; police officers are acting so much like soldiers that it can be hard to tell the difference.

In Rise of the Warrior Cop, Radley Balko chronicles the steady militarization of the police in the U.S. A detailed history of a dangerous trend, Mr. Balko’s book tracks police militarization over the past 50 years, a period that not coincidentally corresponds with the rise of SWAT teams. First established in response to the armed riots of the late 1960s, they were originally exclusive to big cities and deployed only against heavily armed and dangerous criminals. Today SWAT teams are nothing special. They’ve multiplied like mushrooms. Every city has a SWAT team; 80% of towns between 25,000 and 50,000 people do as well. These teams are busy; in 2005 there were between 50,000 and 60,000 SWAT raids in the U.S. The tactics are pretty much what you would expect—breaking down doors, rushing in with military weaponry, tear gas—but the targets aren’t. SWAT teams are routinely deployed against illegal poker games, businesses suspected of employing illegal immigrants and barbershops with unlicensed hair stylists.

In Prince George’s County, MD, alone, SWAT teams were deployed about once a day in 2009, overwhelmingly to serve search or arrest warrants, and half of those warrants were for “misdemeanors and nonserious felonies.” Much of Mr. Balko’s data is approximate, because police departments don’t publish data, and they uniformly oppose any attempts at transparency or oversight. But he has good Maryland data from 2009 on, because after the mayor of Berwyn Heights was mistakenly attacked and terrorized in his home by a SWAT team in 2008, the state passed a law requiring police to report quarterly on their use of SWAT teams: how many times, for what purposes and whether any shots were fired during the raids.

Besides documenting policy decisions at the federal and state levels, the author examines the influence of military contractors who have looked to expand into new markets. And he tells some pretty horrific stories of SWAT raids gone wrong. A lot of dogs get shot in the book. Most interesting are the changing attitudes of police. As the stories progress from the 1960s to the 2000s, we see police shift from being uncomfortable with military weapons and tactics—and deploying them only as the very last resort in the most extreme circumstances—to accepting and even embracing their routine use.

This development coincides with the rhetorical use of the word “war.” To the police, civilians are citizens to protect. To the military, we are a population to be subdued. Wars can temporarily override the Constitution. When the Justice Department walks into Congress with requests for money and new laws to fight a war, it is going to get a different response than if it came in with a story about fighting crime. Maybe the most chilling quotation in the book is from William French Smith, President Reagan’s first attorney general: “The Justice Department is not a domestic agency. It is the internal arm of national defense.” Today we see that attitude in the war on terror. Because it’s a war, we can arrest and imprison Americans indefinitely without charges. We can eavesdrop on the communications of all Americans without probable cause. We can assassinate American citizens without due process. We can have secret courts issuing secret rulings about secret laws. The militarization of the police is just one aspect of an increasing militarization of government.

Mr. Balko saves his prescriptions for reform until the last chapter. Two of his fixes, transparency and accountability, are good remedies for all governmental overreach. Specific to police departments, he also recommends halting mission creep, changing police culture and embracing community policing. These are far easier said than done. His final fix is ending the war on drugs, the source of much police violence. To this I would add ending the war on terror, another rhetorical war that costs us hundreds of billions of dollars, gives law enforcement powers directly prohibited by the Constitution and leaves us no safer.

This essay originally appeared in the Wall Street Journal.

Related essay.

Posted on August 13, 2013 at 1:31 PMView Comments

Lessons from Biological Security

Nice essay:

The biological world is also open source in the sense that threats are always present, largely unpredictable, and always changing. Because of this, defensive measures that are perfectly designed for a particular threat leave you vulnerable to other ones. Imagine if our immune system were designed to deal only with a single strain of flu. In fact, our immune system works because it looks for the full spectrum of invaders ­ low-level viral infections, bacterial parasites, or virulent strains of a pandemic disease. Too often, we create security measures ­ such as the Department of Homeland Security’s BioWatch program ­ that spend too many resources to deal specifically with a very narrow range of threats on the risk spectrum.

Advocates of full-spectrum approaches for biological and chemical weapons argue that weaponized agents are really a very small part of the risk and that we are better off developing strategies ­ like better public-health-response systems ­ that can deal with everything from natural mutations of viruses to lab accidents to acts of terrorism. Likewise, cyber crime is likely a small part of your digital-security risk spectrum.

A full-spectrum approach favors generalized health over specialized defenses, and redundancy over efficiency. Organisms in nature, despite being constrained by resources, have evolved multiply redundant layers of security. DNA has multiple ways to code for the same proteins so that viral parasites can’t easily hack it and disrupt its structure. Multiple data-backup systems are a simple method that most sensible organizations employ, but you can get more clever than that. For example, redundancy in nature sometimes takes the form of leaving certain parts unsecure to ensure that essential parts can survive attack. Lizards easily shed their tails to predators to allow the rest of the body (with the critical reproductive machinery) to escape. There may be sacrificial systems or information you can offer up as a decoy for a cyber-predator, in which case an attack becomes an advantage, allowing your organization to see the nature of the attacker and giving you time to add further security in the critical part of your information infrastructure.

I recommend his book, Learning from the Octopus: How Secrets from Nature Can Help Us Fight Terrorist Attacks, Natural Disasters, and Disease.

Posted on June 27, 2013 at 6:34 AMView Comments

Why We Lie

This, by Judge Kozinski, is from a Federal court ruling about false statements and First Amendment protection

Saints may always tell the truth, but for mortals living means lying. We lie to protect our privacy (“No, I don’t live around here”); to avoid hurt feelings (“Friday is my study night”); to make others feel better (“Gee you’ve gotten skinny”); to avoid recriminations (“I only lost $10 at poker”); to prevent grief (“The doc says you’re getting better”); to maintain domestic tranquility (“She’s just a friend”); to avoid social stigma (“I just haven’t met the right woman”); for career advancement (“I’m sooo lucky to have a smart boss like you”); to avoid being lonely (“I love opera”); to eliminate a rival (“He has a boyfriend”); to achieve an objective (“But I love you so much”); to defeat an objective (“I’m allergic to latex”); to make an exit (“It’s not you, it’s me”); to delay the inevitable (“The check is in the mail”); to communicate displeasure (“There’s nothing wrong”); to get someone off your back (“I’ll call you about lunch”); to escape a nudnik (“My mother’s on the other line”); to namedrop (“We go way back”); to set up a surprise party (“I need help moving the piano”); to buy time (“I’m on my way”); to keep up appearances (“We’re not talking divorce”); to avoid taking out the trash (“My back hurts”); to duck an obligation (“I’ve got a headache”); to maintain a public image (“I go to church every Sunday”); to make a point (“Ich bin ein Berliner“); to save face (“I had too much to drink”); to humor (“Correct as usual, King Friday”); to avoid embarrassment (“That wasn’t me”); to curry favor (“I’ve read all your books”); to get a clerkship (“You’re the greatest living jurist”); to save a dollar (“I gave at the office”); or to maintain innocence (“There are eight tiny reindeer on the rooftop”)….

An important aspect of personal autonomy is the right to shape one’s public and private persona by choosing when to tell the truth about oneself, when to conceal, and when to deceive. Of course, lies are often disbelieved or discovered, and that, too, is part of the push and pull of social intercourse. But it’s critical to leave such interactions in private hands, so that we can make choices about who we are. How can you develop a reputation as a straight shooter if lying is not an option?

Two books on the evolutionary psychology of lying are related: David Livingstone Smith’s Why We Lie, and Dan Ariely’s The Honest Truth about Dishonesty.

Posted on May 30, 2013 at 6:31 AMView Comments

What I've Been Thinking About

I’m starting to think about my next book, which will be about power and the Internet—from the perspective of security. My objective will be to describe current trends, explain where those trends are leading us, and discuss alternatives for avoiding that outcome. Many of my recent essays have touched on various facets of this, although I’m still looking for synthesis. These facets include:

  1. The relationship between the Internet and power: how the Internet affects power, and how power affects the Internet. Increasingly, those in power are using information technology to increase their power.
  2. A feudal model of security that leaves users with little control over their data or computing platforms, forcing them to trust the companies that sell the hardware, software, and systems—and allowing those companies to abuse that trust.
  3. The rise of nationalism on the Internet and a cyberwar arms race, both of which play on our fears and which are resulting in increased military involvement in our information infrastructure.
  4. Ubiquitous surveillance for both government and corporate purposes—aided by cloud computing, social networking, and Internet-enabled everything—resulting in a world without any real privacy.
  5. The four tools of Internet oppression—surveillance, censorship, propaganda, and use control—have both government and corporate uses. And these are interrelated; often building tools to fight one as the side effect of facilitating another.
  6. Ill-conceived laws and regulations on behalf of either government or corporate power, either to prop up their business models (copyright protections), fight crime (increased police access to data), or control our actions in cyberspace.
  7. The need for leaks: both whistleblowers and FOIA suits. So much of what the government does to us is shrouded in secrecy, and leaks are the only we know what’s going on. This also applies to the corporate algorithms and systems and control much of our lives.

On the one hand, we need new regimes of trust in the information age. (I wrote about the extensively in my most recent book, Liars and Outliers.) On the other hand, the risks associated with increasing technology might mean that the fear of catastrophic attack will make us unable to create those new regimes.

I believe society is headed down a dangerous path, and that we—as members of society—need to make some hard choices about what sort of world we want to live in. If we maintain our current trajectory, the future does not look good. It’s not clear if we have the social or political will to address the intertwined issues of power, security, and technology, or even have the conversations necessary to understand the decisions we need to make. Writing about topics like this is what I do best, and I hope that a book on this topic will have a positive effect on the discourse.

The working title of the book is Power.com—although that might be too similar to the book Power, Inc. for the final title.

These thoughts are still in draft, and not yet part of a coherent whole. For me, the writing process is how I understand a topic, and the shape of this book will almost certainly change substantially as I write. I’m very interested in what people think about this, especially in terms of solutions. Please pass this around to interested people, and leave comments to this blog post.

Posted on April 1, 2013 at 6:07 AMView Comments

1 4 5 6 7 8 15

Sidebar photo of Bruce Schneier by Joe MacInnis.