Book review: Data and Goliath, by Bruce Schneier

Posted by   Virus Bulletin on   May 11, 2015

Paul Baccas reviews Data and Goliath 'The Hidden Battles to Collect You Data and Control Your World', by Bruce Schneier.

This book has been difficult to review. It has proved tricky not because I didn't enjoy the book or because it was boring or badly written, but because it was so pertinent. Every time I went to write about it, a news story would emerge referencing the subject and I would find that my opinions of the news were influenced by the book and my opinions of the book were influenced by the news. This is an important topic and everyone should make up their own minds based on a decent knowledge and understanding of the issues. This book provides an excellent basis for a discriminating reader to do just that (as such, you should probably stop reading this review and just buy the book!).

Data and Goliath is a large book divided into four parts, the last of which consists of notes and an index of the entire book. In fact, the notes take up one third of the book and I'd go as far as to say that the notes alone are worth the sticker price ($27.95 USD). I am going to have to go back into student mode and read the book again, delving into the notes to further grok the subject.

In the introduction, the author states that the book is primarily about the US and that it takes a mainly US-centric view of the issues. However, the other Five Eyes countries and the European Union also feature heavily. The issues discussed are global — intentionally or not, the US, Five Eyes countries and Europe are more open about them, but the principles are still valid for the rest of the world. With the treasure trove of the NSA leaks now in the public domain (Schneier reviewed some of them before they were published), data collection, at least by the NSA, is in the news.

Part one of the book describes the known (at the time of writing) state of surveillance. Questions such as: 'What data?', 'How is it used?', 'How much?', 'Who uses it?', 'What governments collect?' and 'What corporations collect?' are posed and answered. This section of the book is fact-based, while the other two, while fact-heavy, are more opinion-based.

Part two of the book discusses the potential harm of data collection and the differences between the potential harm caused by government collection and that caused by corporate collection. Part three of the book looks at what can be done at governmental, corporate and individual levels. Sub-headings in this part include: 'Less secrecy, more transparency', 'More — and better — oversight', 'Regulate data use' and 'Agitate for political change' — indicating that we may need a whole gamut of solutions, but the last will be the most effective. We got into this scenario with the technical elite giving the issues full consideration. Open discussion on the harms, potential or otherwise, needs to take place.

The Pandora's box of data collection has been opened. It may be that 'hope' can be found, but we will need knowledge of the (ab?)use to find that hope. This book has made me think about data collection, and for such a book to have made me think is high praise indeed.

  • Title: Data and Goliath 'The Hidden Battles to Collect You Data and Control Your World'
  • Author: Bruce Schneier
  • Publisher: W. W. Norton & Company
  • ISBN-10: 0393244814
  • ISBN-13: 978-0393244816


Posted on 11 May 2015 by Virus Bulletin
twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest posts:

VBSpam tests to be executed under the AMTSO framework

VB is excited to announce that, starting from the Q3 test, all VBSpam tests of email security products will be executed under the AMTSO framework.

In memoriam: Prof. Ross Anderson

We were very sorry to learn of the passing of Professor Ross Anderson a few days ago.

In memoriam: Dr Alan Solomon

We were very sorry to learn of the passing of industry pioneer Dr Alan Solomon earlier this week.

New paper: Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

In a new paper, researchers Aditya K Sood and Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited in order to gather threat intelligence, and present a model of mobile AppInjects.

New paper: Collector-stealer: a Russian origin credential and information extractor

In a new paper, F5 researchers Aditya K Sood and Rohit Chaturvedi present a 360 analysis of Collector-stealer, a Russian-origin credential and information extractor.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.