Book review: Data and Goliath, by Bruce Schneier

Posted by   Virus Bulletin on   May 11, 2015

Paul Baccas reviews Data and Goliath 'The Hidden Battles to Collect You Data and Control Your World', by Bruce Schneier.

This book has been difficult to review. It has proved tricky not because I didn't enjoy the book or because it was boring or badly written, but because it was so pertinent. Every time I went to write about it, a news story would emerge referencing the subject and I would find that my opinions of the news were influenced by the book and my opinions of the book were influenced by the news. This is an important topic and everyone should make up their own minds based on a decent knowledge and understanding of the issues. This book provides an excellent basis for a discriminating reader to do just that (as such, you should probably stop reading this review and just buy the book!).

Data and Goliath is a large book divided into four parts, the last of which consists of notes and an index of the entire book. In fact, the notes take up one third of the book and I'd go as far as to say that the notes alone are worth the sticker price ($27.95 USD). I am going to have to go back into student mode and read the book again, delving into the notes to further grok the subject.

In the introduction, the author states that the book is primarily about the US and that it takes a mainly US-centric view of the issues. However, the other Five Eyes countries and the European Union also feature heavily. The issues discussed are global — intentionally or not, the US, Five Eyes countries and Europe are more open about them, but the principles are still valid for the rest of the world. With the treasure trove of the NSA leaks now in the public domain (Schneier reviewed some of them before they were published), data collection, at least by the NSA, is in the news.

Part one of the book describes the known (at the time of writing) state of surveillance. Questions such as: 'What data?', 'How is it used?', 'How much?', 'Who uses it?', 'What governments collect?' and 'What corporations collect?' are posed and answered. This section of the book is fact-based, while the other two, while fact-heavy, are more opinion-based.

Part two of the book discusses the potential harm of data collection and the differences between the potential harm caused by government collection and that caused by corporate collection. Part three of the book looks at what can be done at governmental, corporate and individual levels. Sub-headings in this part include: 'Less secrecy, more transparency', 'More — and better — oversight', 'Regulate data use' and 'Agitate for political change' — indicating that we may need a whole gamut of solutions, but the last will be the most effective. We got into this scenario with the technical elite giving the issues full consideration. Open discussion on the harms, potential or otherwise, needs to take place.

The Pandora's box of data collection has been opened. It may be that 'hope' can be found, but we will need knowledge of the (ab?)use to find that hope. This book has made me think about data collection, and for such a book to have made me think is high praise indeed.

  • Title: Data and Goliath 'The Hidden Battles to Collect You Data and Control Your World'
  • Author: Bruce Schneier
  • Publisher: W. W. Norton & Company
  • ISBN-10: 0393244814
  • ISBN-13: 978-0393244816


Posted on 11 May 2015 by Virus Bulletin
twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest posts:

VB2019 call for papers - now open!

Have you analysed a new online threat? Do you know a new way to defend against such threats? Are you tasked with securing systems and fending off attacks? The call for papers for VB2019 is now open and we want to hear from you!

VB2018 paper: Unpacking the packed unpacker: reversing an Android anti-analysis library

Today, we publish a VB2018 paper by Google researcher Maddie Stone in which she looks at one of the most interesting anti-analysis native libraries in the Android ecosystem. We also release the recording of Maddie's presentation.

VB2018 paper: Draw me like one of your French APTs – expanding our descriptive palette for cyber threat actors

Today, we publish the VB2018 paper by Chronicle researcher Juan Andres Guerrero-Saade, who argues we should change the way we talk about APT actors.

Book Review: Cyber Wars

VB Editor Martijn Grooten reviews Charles Arthur's Cyber Wars, which looks at seven prominent hacks and attacks, and the lessons we can learn from them.

VB2018 paper: Office bugs on the rise

At VB2018 Sophos researcher Gábor Szappanos provided a detailed overview of Office exploit builders, and looked in particular at the widely exploited CVE-2017-0199. Today we publish his paper and release the video of his presentation.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.