Book Review: Data and Goliath

With his latest book, Data and Goliath, Bruce Schneier, a renowned expert on computer security, has delivered a cogent analysis of the many privacy and surveillance dilemmas facing society. Notably, Mr. Schneier worked with the Guardian newspaper to review the classified NSA documents in the possession of Edward Snowden. With an encyclopedic knowledge of the issues, he not only outlines the problems, but also offers some useful solutions, both for the individual and society at large.

The book is divided into three major sections. The first, “The World We’re Creating,” provides a tour of surveillance mechanisms, big data analytics, and government and corporate practices. The immense amount of data floating around the world is highlighted, with the NSA storing approximately 12 exabytes and Google around 15 exabytes. For the uninitiated, an exabyte is equal to a billion gigabytes. As colorfully noted by the author, “data is the exhaust of the information age,” and with all this data, there is ample opportunity for surveillance. With reference to the data itself, a useful distinction is made between raw data and metadata (data about data). For example, with respect to phone conversations, metadata would indicate who we talked to and the length of each conversation. The point is made that, while raw data is interesting, metadata is much more revealing, particularly in the aggregate. Whereas raw data contains content, metadata provides context.

In discussing surveillance, many of the details Schneier provides are fascinating and quite chilling. For example, he notes that when one visits the website to look up a word, the site will download over 200 cookies to your computer to track your clicks. Facebook and Google can track you even when you’re not on their sites. Of course, some amount of tracking is seen as a positive. We’re generally pleased when Amazon can make useful recommendations based on our browsing and purchasing history. However, excessive intrusions into our privacy are a cause for concern.

The reality of surveillance is that there is implicit cooperation between the NSA and private US corporations, although corporations are increasingly challenging the demands of the government on this matter. The NSA relies heavily on the corporate world to help them eavesdrop on the internet, and this occurs in various ways. In some cases, corporations work willingly with the NSA, but sometimes, they’re forced to do so, with this activity being hidden from the public. And occasionally, the NSA simply hacks into a corporate infrastructure without their knowledge or permission.

The second part of the book, “What’s at Stake,” focuses on the broader political, privacy and security issues at stake. Regarding political liberty, an interesting observation offered is that freedom requires an ability to break the law without immediate punishment. In order for broad society change to take place, there needs to be a period where people knowingly break the law, but society nevertheless tolerates their actions. As an example, the author posits that if the government had better surveillance on Martin Luther King, Jr. at the time they were attempting to discredit him, that might have prevented him from speaking out, to the detriment of society.

Schneier discusses the human need for privacy at length. Contrary to remarks by Mark Zuckerberg, people have a need for multiple identities. It’s not true that if people have nothing to hide, then they have nothing to worry about. In the real world, people act differently with different groups of people. We might reveal something to our best friend that we don’t even tell our spouse. This is all normal and good. Context matters. As noted, there is a vast difference between your spouse discovering pornography in your suitcase and the TSA making the same discovery.

In the third section of the book, “What to Do About It,” the author prescribes various thought provoking and practical suggestions. He recommends that the role of the NSA should be adjusted so the NSA handles espionage, which was its original mandate, and the FBI handles surveillance. His observation is that the FBI works much more effectively and openly with the court system, and could administer effective surveillance while still safeguarding our liberties.

The author ends the book with a slew of practical suggestions for the individual. First and foremost, he suggests encrypting your hard drive. Both Windows and Mac computers offer encryption, making it difficult for hackers to access your data. He suggests using the DuckDuckGo web browser, a browser that does not record your internet searches. He advises staying away from cloud storage of your data, noting that it’s almost impossible to even know what country your cloud data is being stored in. Earlier in the book, Schneier had pointed out that computer users tend to trust their data with modern day “feudal lords” such as Apple, Google or Facebook. Without making a big point of it, he reinforces the notion that there are distinct differences between the philosophies of these large corporations. Whereas Google needs to collect your data for revenue from advertising, Apple’s business model is more aligned with the idea of protecting the privacy of the individual consumer.

Data and Goliath is an intriguing and fast-paced journey into the realities of the internet age. Also, in keeping with the dictates of transparency, the book is extremely well researched. The author provides references to back up nearly every statement made, with 122 of the book’s 383 pages set aside to provide detailed notes on his sources.

Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World
by Bruce Schneier
W. W. Norton & Company, March 2015
383 pages, $27.95

Posted in Technology and Society. Comments Off on Book Review: Data and Goliath