Book review: Data and Goliath, by Bruce Schneier

Posted by   Virus Bulletin on   May 11, 2015

Paul Baccas reviews Data and Goliath 'The Hidden Battles to Collect You Data and Control Your World', by Bruce Schneier.

This book has been difficult to review. It has proved tricky not because I didn't enjoy the book or because it was boring or badly written, but because it was so pertinent. Every time I went to write about it, a news story would emerge referencing the subject and I would find that my opinions of the news were influenced by the book and my opinions of the book were influenced by the news. This is an important topic and everyone should make up their own minds based on a decent knowledge and understanding of the issues. This book provides an excellent basis for a discriminating reader to do just that (as such, you should probably stop reading this review and just buy the book!).

Data and Goliath is a large book divided into four parts, the last of which consists of notes and an index of the entire book. In fact, the notes take up one third of the book and I'd go as far as to say that the notes alone are worth the sticker price ($27.95 USD). I am going to have to go back into student mode and read the book again, delving into the notes to further grok the subject.

In the introduction, the author states that the book is primarily about the US and that it takes a mainly US-centric view of the issues. However, the other Five Eyes countries and the European Union also feature heavily. The issues discussed are global — intentionally or not, the US, Five Eyes countries and Europe are more open about them, but the principles are still valid for the rest of the world. With the treasure trove of the NSA leaks now in the public domain (Schneier reviewed some of them before they were published), data collection, at least by the NSA, is in the news.

Part one of the book describes the known (at the time of writing) state of surveillance. Questions such as: 'What data?', 'How is it used?', 'How much?', 'Who uses it?', 'What governments collect?' and 'What corporations collect?' are posed and answered. This section of the book is fact-based, while the other two, while fact-heavy, are more opinion-based.

Part two of the book discusses the potential harm of data collection and the differences between the potential harm caused by government collection and that caused by corporate collection. Part three of the book looks at what can be done at governmental, corporate and individual levels. Sub-headings in this part include: 'Less secrecy, more transparency', 'More — and better — oversight', 'Regulate data use' and 'Agitate for political change' — indicating that we may need a whole gamut of solutions, but the last will be the most effective. We got into this scenario with the technical elite giving the issues full consideration. Open discussion on the harms, potential or otherwise, needs to take place.

The Pandora's box of data collection has been opened. It may be that 'hope' can be found, but we will need knowledge of the (ab?)use to find that hope. This book has made me think about data collection, and for such a book to have made me think is high praise indeed.

  • Title: Data and Goliath 'The Hidden Battles to Collect You Data and Control Your World'
  • Author: Bruce Schneier
  • Publisher: W. W. Norton & Company
  • ISBN-10: 0393244814
  • ISBN-13: 978-0393244816


Posted on 11 May 2015 by Virus Bulletin
twitter.png
fb.png
linkedin.png
googleplus.png
reddit.png

 

Latest posts:

Necurs pump-and-dump spam campaign pushes obscure cryptocurrency

A Necurs pump-and-dump spam campaign pushing the lesser known Swisscoin botnet is mostly background noise for the Internet.

Alleged author of creepy FruitFly macOS malware arrested

A 28-year old man from Ohio has been arrested on suspicion of having created the mysterious FruitFly malware that targeted macOS and used it to spy on its victims.

The threat and security product landscape in 2017

At the start of the new year, Virus Bulletin looks back at the threats seen in the 2017 and at the security products that are available to help mitigate them.

Spamhaus report shows many botnet controllers look a lot like legitimate servers

Spamhaus's annual report on botnet activity shows that botherders tend to use popular, legitimate hosting providers, domain registrars and top-level domains when setting up command-and-control servers.

Tips on researching tech support scams

As tech support scammers continue to target the computer illiterate through cold calling, VB's Martijn Grooten uses his own experience to share some advice on how to investigate such scams.