Scan barcode
Reviews
Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World by Bruce Schneier
amber_lea84's review against another edition
5.0
This was published pre-Trump, pre-pandemic and pre-everything else we've been going through lately, so I'd be curious what an updated version would look like. Especially considering how dramatically the internet landscape has changed in the last seven years. That isn't to say this book is out of date because it's not. Everything it says it still relevant, it just doesn't address the additional things that have happened since it was published and I'm guessing Bruce Schneier probably has a lot to say.
But man. Yeah. It's not good.
I think one of the best solutions he recommended is coming up with better ways for governments to find bad actors so they don't have a good excuse for mass surveillance. And he made a good point about how ineffective mass surveillance is because it's a sea of false positives. I don't know what the solution is, but I feel like if we could come up with one then we'd be half way toward being able to have privacy and security. I think he's right that it's a false choice we're being tricked into making.
Of course, I don't know what we do about undoing the damage that's already been done. I don't really understand the logistics of demanding that companies delete data which is something he mentions several times. It seems to me like it would be easy for them to just...not do that. I would think it would be better to stop them from being able to collect it in the first place. I imagine it's easier to track what's being collected in a lot of situations or to put more blocks in place to stop collection. And then there's the whole matter of passing laws which sounds like the hardest part.
I don't know. I feel like step one is just understanding the situation and this book is good for that. Every chapter is clear, informative, and concise. And it does offer up a heap of solutions at the end. But I feel like a path forward is perhaps a whole other book. I'd be curious to know what's possible and what other countries do/have tried.
But man. Yeah. It's not good.
I think one of the best solutions he recommended is coming up with better ways for governments to find bad actors so they don't have a good excuse for mass surveillance. And he made a good point about how ineffective mass surveillance is because it's a sea of false positives. I don't know what the solution is, but I feel like if we could come up with one then we'd be half way toward being able to have privacy and security. I think he's right that it's a false choice we're being tricked into making.
Of course, I don't know what we do about undoing the damage that's already been done. I don't really understand the logistics of demanding that companies delete data which is something he mentions several times. It seems to me like it would be easy for them to just...not do that. I would think it would be better to stop them from being able to collect it in the first place. I imagine it's easier to track what's being collected in a lot of situations or to put more blocks in place to stop collection. And then there's the whole matter of passing laws which sounds like the hardest part.
I don't know. I feel like step one is just understanding the situation and this book is good for that. Every chapter is clear, informative, and concise. And it does offer up a heap of solutions at the end. But I feel like a path forward is perhaps a whole other book. I'd be curious to know what's possible and what other countries do/have tried.
lazygal's review
4.0
A frighetning read, and deservedly so. Schneier's eye-opening look at exactly how insidious information harvesting is, and how little control we have over what is kept or how it is used, may not completely surprise readers but with luck it will create more of an interest in changing things. Perhaps there is more focus here on the NSA (and other intelligence agency) efforts - many exposed by the Snowdon revelations - because commercial entities (like Google and DoubleClick) are constantly evolving to get around apps like AdBlocker, making it more difficult for us to avoid tracking.
This is no "get offline, it's the only way you can be safe!" polemic, but a warning about the pervasiveness of the tracking of data and metadata and a call to citizen action.
ARC provided by publisher.
This is no "get offline, it's the only way you can be safe!" polemic, but a warning about the pervasiveness of the tracking of data and metadata and a call to citizen action.
ARC provided by publisher.
macho's review
4.0
For anyone who ever wondered what the Snowden revelations were all about, this book provides a good intro to the landscape of contemporary digital mass surveillance, including both corporate and state varieties. Leading digital security expert Bruce Schneier penned the book in an accessible, best-seller style (with all the good and bad you'd imagine comes with that). It’s rife with pithy real-world examples, it surveys the technological, legal, and social facets of the problem, and provides something of a theoretical framework through which to understand the reality it's describing and how to fight back collectively and individually. It's certainly liberal, and at times definitely cheezy, but I wouldn't hesitate to recommend it to anyone interested in a really solid and relatively up-to-date explanation of the basics of the topic.
inquiry_from_an_anti_library's review against another edition
adventurous
emotional
hopeful
informative
reflective
tense
fast-paced
5.0
Overview:
Technology has provided enormous benefits. Devices containing lots of personal data has been life-transforming. The problem are the threats possessed by their surveillance. Technology has enabled governments and corporations with the capacity for mass surveillance. An intimate form of continuous surveillance. Governments, and corporations gather, store, and analyze a lot of data. Often without consent, or knowledge that they are doing that. Profiles of individual attributes are built from the data. When data is collected and used within its service, to provide a better serve, people do not mind. Using data within the context of collection and is transparent makes it acceptable. Data collection is objected when the data is bought and sold without knowledge or consent, and used outside their context.
Mass surveillance has dangerous implications for it allows discrimination on any criteria, and can be used to control what is seen, what can be done, and what is said. Digital mass surveillance created a panopticon. When individuals think they are being monitored, they change their behavior. Data from surveillance is stored forever, which can be used as evidence against the individual later. Even the contemporary legally accepted values, can change their status in the future. In this way, many governments have persecuted people based on their past views and values, even if they have changed them. This surveillance comes without giving citizens an effect means of opting out, and without meaningful checks and balances. Making people less safe, and less free.
Tracking Technology:
It used to be difficult to retain a lot of data, and too difficult to sift through the data to find meaningful information. Early digital information products threw away most of the metadata that was created. But with technological improvements, the ability to save and sift data have improved. Reducing their costs, and increasing their effectiveness.
Communication devices connect individuals to a variety of people with ease and speed. To do that, the device needs to be tracked. Tracked everywhere. Which means that the device knows more about the individual than the individual, because the device does not rely on human memory.
To obtain the intimate data before cell phones required the use of private investigators. An obsolete profession because of the data tracking on the phone. Cell phone data can be used by a variety of professions, and can obtain historic use of that cell phone. To know where the phone has been, where it was, and who was around it.
Data is a byproduct of everything a computer does. Recording their every operation. Even without using the device, the device creates data about where the individual is, those near the individual, recording the interactions with others.
It is uncertain which technology products will make it, but what is certain is that they will create a lot of data. They can be used to provide a variety of life and world changing applications, but will record everything about the individual. Due to technological ability, secrets are harder to keep.
Intrusive surveillance systems tend to be hidden. They tend to be in the background, which makes them easier to ignore. Even if an individual tries to opt out of services that have surveillance, data is still being collected on them when they interact with others who are being monitored.
Internet anonymity is nearly impossible against ubiquitous surveillance. A single mistake in protecting the identity, permanently attaches the identity to the anonymous provider. Even trained government agents with resources have a hard time maintaining privacy and anonymity.
Governments:
Government went from collecting data on a few necessary people to as many people as possible. This was due to the reduction in expense of surveillance. Limited resources and risk of discovery limited surveillance.
Part of the reason why cell phone data is being taken by governments, is claim about protecting everyone from a variety of dangerous elements. Mass-surveillance programs are justified by trying to relieve the fear. In an effort to protect against various malicious actors such as terrorist, should not come at ignoring the costs of police or government tyranny. Just as bad would be to ignore malicious actors when trying to protect against government overreach. The problem is trying to focus on a single threat, especially the rare but dramatic threats, while not considering the many more frequent banal threats.
There are situations and contexts in which governments should conduct surveillance or sabotage. There are cases in which access to citizen’s private data is used to solve crimes and make people safer. This power should be given, but without the ability to abuse it. People need security provided by government, and security from government.
Another government defense for collecting the data, is that they collect only metadata. Not the words spoken, but the numbers of the interacting individuals, including the date, time, and duration of the call. While data provides the content, metadata provides context. Metadata can be very revealing, especially in aggregate. Targeting a single individual makes the contents important, but a population makes context important. With enough metadata on an individual, contend is not needed.
NSA successful surveillance comes from targeted surveillance rather than mass surveillance. With mass surveillance, there are many false positive threats that are flagged by the system. Each threat requires massive efforts in investigation, time, and money. Which prevents searching for actual threats. By trying to seek out all threats, very few threat are actually prevented. Ubiquitous surveillance and data mining cost taxpayers’ money without rewards of finding the dangerous criminals. Money that is not being spent on more proven surveillance programs. Surveillance and data collection are valuable tools, but needs to be limited and targeted.
Mass surveillance and data mining are more suitable for social control, as governments can discriminate between individuals and groups based on their various beliefs and associations. Data mining works with well-denied criminal profiles, such as credit card fraudsters and political dissidents. False alarms under authoritarian rules are not as costly, because of the fear instilled by charging innocent people.
Espionage used to be about spying of government on government. As perpetrators no longer belong to any particular government, and can be anywhere, governments monitor everyone. Domestic and international surveillance. Government espionage on other governments is a military mission during peacetime and wartime which is target and can act as a stabilizer by reducing uncertainties about other governments intentions.
As different countries are using cyberweapons against others, makes it important to remove vulnerabilities. Vulnerabilities risks that others can discover it, and use it against the users. The difference between cyberespionage and a cyberattack depends on their disruptions. Both require breaking into another country’s network. That is illegal under each country’s laws, but countries are doing that to each other constantly. Cyber-attacks on infrastructure should be recognized as an attack on the country, and subject to international law standards.
Everyone uses the same networks, which means that perpetrator communications use the same circuits as social media. Companies store the data in various places internationally. Difficult not to collect information on the innocent, non-targets, because of these networks. As everyone uses the same networks and with similar capabilities, it is not possible to choose to weaken or protect specific networks of enemies or allies. Vulnerabilities used by intelligence agencies to spy, is also used by criminals to steal information.
US feared purchases of technology equipment from international suppliers because of a security threat, that the foreign government created a backdoor to the equipment. It turned out that the NSA has been doing that to other governments.
Within the US, there is no legal defense for intelligence-related whistleblowing. Those on trial for leaking classified information, are even prevented from using terms and claims during the trial. Those on trial are not allowed to make their case. Government whistleblowers should be protected, just like corporate whistleblowers, as they provide an additional oversight mechanism.
NSA has made sure that nobody understands its legal authorization, while purposely misrepresenting themselves in court. Those who can access the documents, and the expertise to understand them, are lobbied by the NSA. The NSA uses different definitions for surveillance. NSA claims not to collect data on myriads of Americans, because the data is not seen by human beings. Even though algorithms go through the data in various ways, and are used for policy implementation.
Corporations:
Private corporations control where people gather online, and are gathering information about the individuals for their own benefit. Companies can categorize and manipulate people based on all the information they gather. Manipulation that is mostly hidden and unregulated. Much of the invisible surveillance is allowed because laws have not kept up with changes in business practices.
Corporate surveillance tends to be agreed with. Not because it was an informed decision, but because the product offered has value but is attached to the surveillance. That is not really a choice, because its either surveillance or nothing. Surveillance has become a business model because people get free content, and it’s convenient. Opting out of many of the digital tools is not possible, because they have become necessary for career and social life. The choice is not between surveillance or no surveillance, but who gets to spy on the individual.
Companies and data brokers track what individuals do on the internet. Companies can get permission to track you in other websites through third-party cookies. Giving access to third-party used to have limited applicability, and laws that enabled the loss of privacy when sharing the data were acceptable. But third-party parties now have access to a variety of information, while the same laws allow the lack of privacy.
Many companies make their business through selling advertisement space. As companies have made their customer into a commodity through data that is bought and sold. The consumer has changed, to those willing to buy the data. Individuals have become products. Companies need to collect far more data than before because the value of the data has been reduced, effecting advertising. Detailed consumer profiles were valuable, but have become common. To keep the value of the data, companies need to collect far more data than before, which is an increased cost to users of the interest.
Users of digital content providers cannot request more security for their content. They have no rights to do so. Users do not even have the right to find out what outsourcing companies that the content provider is using. There is no recourse to companies deleting data, and giving government access to the data. No way to take the data to another service.
Technological progress should not be inhibited for they provide many benefits, but the harms should be minimized. Liabilities for privacy violations would provide more responsibility for companies to protect customer data. Businesses use surveillance because of profit and lack of regulations. Collection and use of data should be regulated, and data retention costs increased.
Government and Corporations:
NSA utilized the surveillance networks of corporations. NSA even forces internet companies to give the NSA data on many people, in secret. To obtain the data, the NSA sometimes hacks corporations without permission, sometimes corporations work willingly with the NSA, sometimes the corporations are legally compelled to cooperate.
Running a business means that the FBI and NSA can use the business as a tool for mass surveillance. The NSA can even force the business to change the business’s security system. All this is done in secret, which the business is forced to keep secret. As it is difficult to shut down large businesses or parts of the business, the NSA basically control the business. Governments and corporations tend to resist transparency laws.
The NSA has even purposely weakened American companies; security, for NSA surveillance. NSA has deliberately created backdoors into encrypted software. Creating backdoors makes the software very vulnerable because there is no security in only the government utilizing it.
US companies are harmed competitively by NSA surveillance. US companies are less trusted, and therefore do not purchase US technology and network equipment.
Psychology, Liberty, and Ubiquitous Surveillance:
The cost of the invasiveness and pervasiveness of the surveillance system is liberty. Without any privacy, there is a lack of liberty. There are many examples of authority figures using some pieces of information about a disapproved individual, or group, to have them arrested or worse. With enough data, evidence of guilt can be found on everyone. Ubiquitous surveillance means everyone has the capacity to be considered a lawbreaker, depending on police inclination. Where everything that the individual has done is stored, which can be used as evidence against the individual later. Especially in countries with vague laws, such as the US.
Police are usually prohibited from using general warrants that allow them to search for anything. General warrants can become extremely abusive, and used for social control.
What is wrong changes over time. Surveillance can be misused by the authority in power, even if nothing wrong is being done. Fashionable political claims during a time when they acceptable, can be used against those individuals in the future. Any action can be used against the individual at an indefinite future, because the evidence is stored indefinitely. Records have become permanent.
Government censorship enabled by surveillance stifles freedom and the circulation of ideas. When people know that someone, like the government is watching, they self-censor. People are less likely to discuss seemingly forbidden topics. Not only can government technology provide surveillance, but also citizens. As citizens can discover and report others, as they might obtain penalties if they do not report.
Hard to think and act individualistic when the individual is being monitored. Fear and threat of reprisal, even potential future reprisals, makes people conformist and compliant. Society stagnates when individuality cannot be expressed, when nothing outside the norm is acceptable, when power is not questioned. Lack of individuality means less freedom.
Democracy, liberty, freedom, and progress are lost under ubiquitous mass surveillance. Dissent and forms of lawbreaking can be ways to improve society. There were many activities that were once considered terrible, but have become socially acceptable. Perfectly enforcing prior laws using mass surveillance would have meant that there would have been no time for citizens to consider those prior wrong acts as acceptable. There would have been no period when those acts would have been illegal, but become tolerable, and then acceptable and legal. A process that takes a lot of time. Deviation creates progress. Creativity is fostered by the lack of inhibitions in interactions not on the record.
Privacy is needed, even for those who have nothing to hide. Nothing wrong is done during the routine daily basic tasks. Privacy enables the individual have a choice, the power to select what information can be shared with whom. Nothing wrong with not sharing information given the context, such as seeking alternative employment without advising current employer. Nothing wrong in seeking private places for reflection and conversation. Privacy is a human right that gives humans dignity and respect. Ubiquitous surveillance means that the individuals has not power to control what and how their information is shared.
Research indicates that those under even the perception of constant surveillance makes people less physically and emotionally healthy. Surveillance that threatens the sense of oneself. Context matters for violations of privacy, for depending on what is found and by whom determines the damage done. The damage for privacy violations is higher for marginalized groups, and those in the public’s attention. Surveillance effects more those who are not in favor with those in power.
Security and privacy is usually associated by a trade-off, but that precipitates in inappropriate evaluations. That to get either security or privacy, the other must be sacrificed. This is a false trade-off. Costs of insecurity tend to be real and visceral, while costs of privacy loss are vague until faced with its aftereffects. There are security measures that do require a reduction in privacy, but others do not. Door locks and fences are for security and privacy. People become vulnerable without privacy, making people feel less secure. Privacy is enabled by the security of personal spaces and records. Even the U.S. constitution recognizes privacy as a fundamental right along with security.
Security and surveillance do have conflicting designs requirements. Making a system more secure, makes it harder to surveil, and vice versa. Not possible to create surveillance capacity for only appropriate people. Security protects information flow from damaging attacks of theft and destruction, of all users.
Caveats?
The book acknowledges a paradox within tracking. Referencing the ability to track every individual continuously, but also with government’s inability to catch threats using mass data. A resolution to this paradox might be practice, as it takes time and practice using the algorithms to find the threats. But this ability then leads to the threats against innocent people.
kcb263's review against another edition
4.0
I do not agree with everything the author proposes or the way he interprets some findings, however I applaud and appreciate the way he presents his findings without doing so in a heavy handed way. Well researched and a very relevant topic that affects all of us.
brussel777sprouts777's review against another edition
5.0
I am curious what proportion of folks continue to use the internet at all after having read this book.
One of my favorite sayings this year is "Cheap runs both ways."
One of my favorite sayings this year is "Cheap runs both ways."
laci's review against another edition
4.0
I'd recommend this book to anyone who uses (or comes in contact with) any electronic devices.
It explains, in clear and layman's terms, how data about us is collected online and off, by both governments and corporations, and how it's used to spy on us, sell us stuff, violate our privacy or give us actually useful services that provide great value.
One of the best things about this book is that while the author openly advocates for the need of privacy and security in our everyday lives, he doesn't present it as a binary, black-and-white problem: he acknowledges the needs of our society, science and commerce, and proceeds to illustrate how we should approach getting the most of them, whilst still keeping our private lives to ourselves. He describes not only the technological, but political, governmental, societal and psychological impact of technology, encryption and privacy (or lack thereof).
If you regularly use the internet, chances are you are being spied on by many websites and don't even know about it. The author explains this, and keeps hammering the point by giving many real-world examples.
In fact, the author keeps listing *so many* examples, I've originally thought them superfluous; until I've realized it serves a point. The data siphoning is so wide-spread and so all-encompassing it's difficult to grasp. By listing many, many of the cases in various areas of life, both online and off, you'll start getting the real picture into your head eventually.
So anyone wanting to navigate the world of today's technology and understand what bargains he's implicitly agreeing to by using GMail, Facebook, or owning a credit card, should give it a read.
Also, by the bye, the whole time I've kept thinking that if this book were published 30 years ago, it would have looked like an overblown, dystopian sci-fi, not a book of fact.
It explains, in clear and layman's terms, how data about us is collected online and off, by both governments and corporations, and how it's used to spy on us, sell us stuff, violate our privacy or give us actually useful services that provide great value.
One of the best things about this book is that while the author openly advocates for the need of privacy and security in our everyday lives, he doesn't present it as a binary, black-and-white problem: he acknowledges the needs of our society, science and commerce, and proceeds to illustrate how we should approach getting the most of them, whilst still keeping our private lives to ourselves. He describes not only the technological, but political, governmental, societal and psychological impact of technology, encryption and privacy (or lack thereof).
If you regularly use the internet, chances are you are being spied on by many websites and don't even know about it. The author explains this, and keeps hammering the point by giving many real-world examples.
In fact, the author keeps listing *so many* examples, I've originally thought them superfluous; until I've realized it serves a point. The data siphoning is so wide-spread and so all-encompassing it's difficult to grasp. By listing many, many of the cases in various areas of life, both online and off, you'll start getting the real picture into your head eventually.
So anyone wanting to navigate the world of today's technology and understand what bargains he's implicitly agreeing to by using GMail, Facebook, or owning a credit card, should give it a read.
Also, by the bye, the whole time I've kept thinking that if this book were published 30 years ago, it would have looked like an overblown, dystopian sci-fi, not a book of fact.