Book review: Data and Goliath, by Bruce Schneier

Posted by   Virus Bulletin on   May 11, 2015

Paul Baccas reviews Data and Goliath 'The Hidden Battles to Collect You Data and Control Your World', by Bruce Schneier.

This book has been difficult to review. It has proved tricky not because I didn't enjoy the book or because it was boring or badly written, but because it was so pertinent. Every time I went to write about it, a news story would emerge referencing the subject and I would find that my opinions of the news were influenced by the book and my opinions of the book were influenced by the news. This is an important topic and everyone should make up their own minds based on a decent knowledge and understanding of the issues. This book provides an excellent basis for a discriminating reader to do just that (as such, you should probably stop reading this review and just buy the book!).

Data and Goliath is a large book divided into four parts, the last of which consists of notes and an index of the entire book. In fact, the notes take up one third of the book and I'd go as far as to say that the notes alone are worth the sticker price ($27.95 USD). I am going to have to go back into student mode and read the book again, delving into the notes to further grok the subject.

In the introduction, the author states that the book is primarily about the US and that it takes a mainly US-centric view of the issues. However, the other Five Eyes countries and the European Union also feature heavily. The issues discussed are global — intentionally or not, the US, Five Eyes countries and Europe are more open about them, but the principles are still valid for the rest of the world. With the treasure trove of the NSA leaks now in the public domain (Schneier reviewed some of them before they were published), data collection, at least by the NSA, is in the news.

Part one of the book describes the known (at the time of writing) state of surveillance. Questions such as: 'What data?', 'How is it used?', 'How much?', 'Who uses it?', 'What governments collect?' and 'What corporations collect?' are posed and answered. This section of the book is fact-based, while the other two, while fact-heavy, are more opinion-based.

Part two of the book discusses the potential harm of data collection and the differences between the potential harm caused by government collection and that caused by corporate collection. Part three of the book looks at what can be done at governmental, corporate and individual levels. Sub-headings in this part include: 'Less secrecy, more transparency', 'More — and better — oversight', 'Regulate data use' and 'Agitate for political change' — indicating that we may need a whole gamut of solutions, but the last will be the most effective. We got into this scenario with the technical elite giving the issues full consideration. Open discussion on the harms, potential or otherwise, needs to take place.

The Pandora's box of data collection has been opened. It may be that 'hope' can be found, but we will need knowledge of the (ab?)use to find that hope. This book has made me think about data collection, and for such a book to have made me think is high praise indeed.

  • Title: Data and Goliath 'The Hidden Battles to Collect You Data and Control Your World'
  • Author: Bruce Schneier
  • Publisher: W. W. Norton & Company
  • ISBN-10: 0393244814
  • ISBN-13: 978-0393244816


Posted on 11 May 2015 by Virus Bulletin
twitter.png
fb.png
linkedin.png
googleplus.png
reddit.png

 

Latest posts:

New paper: Does malware based on Spectre exist?

It is likely that, by now, everyone in computer science has at least heard of the Spectre attack, and many excellent explanations of the attack already exist. But what is the likelihood of finding Spectre being exploited on Android smartphones?

More VB2018 partners announced

We are excited to announce several more companies that have partnered with VB2018.

Malware authors' continued use of stolen certificates isn't all bad news

A new malware campaign that uses two stolen code-signing certificates shows that such certificates continue to be popular among malware authors. But there is a positive side to malware authors' use of stolen certificates.

Save the dates: VB2019 to take place 2-4 October 2019

Though the location will remain under wraps for a few more months, we are pleased to announce the dates for VB2019, the 29th Virus Bulletin International Conference.

Necurs update reminds us that the botnet cannot be ignored

The operators of the Necurs botnet, best known for being one of the most prolific spam botnets of the past few years, have pushed out updates to its client, which provide some important lessons about why malware infections matter.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.