Sunday, May 10, 2015

Book review: Data and Goliath, by Bruce Schneier


My second book review is about "Data and Goliath", the second book I have read from Bruce Schneier. In short, it is a nice read and it activates you as a reader to become more aware about the privacy issues we face today and likely the coming time ahead. Buy or lend the book from someone, read it and spread the word.

But let me take you a bit through the steps Bruce is taking in his book to explain his point-of-view about "the hidden battles to collect your data and control your world".

Part one: The world we're creating

Creating data

From the three parts in Bruce’s book this is the first. In this chapter he explains what causes the fast amounts of data that is being produced every, well, second.

In short (again); Data is a by-product of computing. Everything we do on a computer, whether it is a smartphone, tablet, ATM, desktop, Cloud-services or any other example of a computer, it leaves a trail of data. This can be either meta-data or content-data.

Meta-data is data about data. It gives information about the characteristics of specific data. For instance, the meta-data from an e-mail is the header with the sender’s and receiver’s information. Content-data is the actual data itself. In the e-mail that is the subject and the message that is embodied in the e-mail.

The amounts of data that is generated is growing every second. To give an idea Bruce’s states: “By 2010, we as a species were creating more data per day than we did from the beginning of time until 2003.”. That are hefty amounts of data, especially when considering that by 2015 we will generate 76 exabytes (76,000,000,000 gigabyte) per year.

Exponential growth

Bruce is also talking about the ever growing capacity of computers and its strengths with repetitive tasks. They are extremely good and fast at it. Collecting, correlating, and reporting of data is being improved almost on a daily basis.

Ray Kurzweil calls this The Law of Accelerating Returns. This law (of which Moor’s Law is only the 5th paradigm) explains that the amount of compute power and storage per dollar doubles every two years. Fast forwarding 20 years in to the future you’re smartphone at the time of this writing is a billion times more powerful and 1000 times smaller for the exact same value.

This principle is a thriving force towards surveillance, especially mass-surveillance. All those data floating around in the Cybersea of data is asking to be analyzed. If you think the secret services can do allot with data today, imagine what it is possible in 20 years from now combined with the fact that we generate more data every day.

Surveillance

Generally speaking there are two types of surveillance. The first is targeted-surveillance and the second is mass-surveillance. Targeted-surveillance is often a form of surveillance targeted at specific individuals or a small group of individuals. This form of surveillance is highly successful in terms of succeeding its goals and are often approved in courts of law. Mass-surveillance is about collecting and correlating data of every citizen or at least large portions of society and is not nearly as successful as targeted-surveillance. Often these practices are justified because of terrorism, child pornography, global organized crime and dangerous regimes.

At present moment there is no proof of success that by mass-surveillance alone the actual threat of previous mentioned issues has been reduced. Ever… Schneier is giving allot of details on how surveillance works and to know more about it I highly recommend to read these chapters.

Part two: What’s at stake

In this part of the book Bruce is talking about what is at stake with mass-surveillance. And in my opinion the following topics are the most important: political liberty and justice, privacy and security. The other two (Commercial fairness and equality and business competitiveness) are important on an economical level.

The Economist magazine says in an article in 2013 about video-surveillance the following: “If every move you make is being chronicled, liberty is curtailed.”. It means that if everything you do is being monitored your liberty is practically gone and your privacy with it. This is because of the so called chilling effect.

The US Supreme Court says in a ruling about the use of GPS by the FBI: “Awareness that the Government may be watching chills associational and expressive freedoms.”. What is meant here is that when someone is surveilling you, you will alter your behavior. You will become compliant and a conformist. Imagine that you are being monitored how often you go to violent movies. Will you reconsider going to violent movies in the cinemas? Or imagine that you are being surveilled about how often you talk about equal rights for the prisoners in Guantanamo Bay. Perhaps you are also a terrorist, rather than someone is just fighting for an equal cause for all prisoners.

Surveillance in the ends chills populations. It violates your liberty and privacy and it violates justice to all people. Some people chill more than others or are more affected, but it applies to everyone. And that is what is at stake with surveillance and Bruce talks more about this with more in-depth information and considerations in his book.

Part three: What to do about it

To improve your privacy, you generally need to improve your security. Improving your security by decreasing your privacy seldom works. We already have decent checks and balances implemented in our democracies to give justice departments the proper means to do house-searches, phone-taps and more. Technically these are also privacy violations, but within reason and proportion to the crime the suspect is being accused off. It is balanced and it is for the public to monitor for abuse.

There are multiple levels we can fight against mass-surveillance. Bruce describes a couple of approaches and those are at the level of the government, company and yourself. Without going deep into the details, because for that you will just have to read the book, I will outline the big picture.

The first is the non-technical approach. Start or join political movements that fight for freedom and/or privacy. Choose companies that have transparent privacy and security policies and talk allot about privacy and surveillance. Keep explaining these topics to friends, family and co-workers. You can also advocate proper privacy and security policies to your own employer and try improving them on behalf of your customers.

The second is the technical approach. Think about using up-to-date software and hardware, encrypted hard-drives, and the use encrypted network and internet connections. Stop giving information away when it is not absolutely needed and have a unique password for every service or application. Delete your cookies to prevent tracking and install plugins or enable features in your browser to stop tracking. There are more options in which I will explore more in another blogpost. There are also more examples given by Bruce in this chapter and highly encourage you to read them.

I'd like to give a couple of basic rules towards privacy and security:
  1. Always store your data encrypted;
  2. always connect through services encrypted;
  3. when possible communicate with other people encrypted;
  4. and only supply information when it is needed for you to let a service work or a law specifies that it is obligated to supply it for such a service.
It does not stop or prevent targeted-surveillance, but mass-surveillance is allot more difficult this way and the resources that are needed for it are most likely not worth the effort to include you in the collection.

Conclusion

All-in-all, it is a good and fun book to read. It gives a good background analyses of what the cause is the fact that we are where we are and what you can do about it to better your society.

Just try not to get paranoid, that is not helping anybody :). Technology has it benefits also and we should not be afraid of it.

First released: March 2015
Pages: 320
ISBN: 978-0-393-24481-6
Link: https://www.schneier.com/books/data_and_goliath/