Book Review: Data and Goliath

This is one of Bruce Schneier’s latest books, but my first read from him. The title caught my attention, and I’m glad it did.

Data and Goliath book cover

Just in case you don’t know, Bruce Schneier is a big celebrity in the information security area. Cryptography, operating systems, encryption, computer and network security; you name it and this guy has a book on it. Not only that — they all have great reviews.

Don’t ask me how I did it, but I got Diogo Monica (the security lead at Docker) to answer a direct message on Twitter about books he thought were important for those wanting to get into the infosec world. He told me to read, among other titles, Cryptography Engineering, co-written by Schneier. I went and bought it along with this one, and it seemed like an interesting enough title to pick up and read straight through.

Now I know what you’re thinking. You’re thinking that this book might be too technical for you. You’d have to look up all the jargon like encapsulating buffers with quantum encryption and whatnot. Rest assured that the writing is very accessible. After all, no technical book would ever be a New York Times bestseller. Yep, that happened.


I seriously encourage anyone who can’t imagine how much companies and governments can find out about us to read this book. With that said, let’s get into the meat and potatoes.


The content

Schneier describes our current time to be one without privacy — and the sooner you learn to live with it, the sooner you can start to protect yourself. As a computer science student, none of the example told struck as too surprising, since most tech giants have resources that rival the governmental budgets of entire countries. What does in fact surprise me is the scope of surveillance: it’s ubiquitous.

You start to think about all the good stuff that technology has given us that we didn’t have one or two decades ago: free email, free cloud storage, along with powerful applications we use to improve our everyday lives. But Schneier says that we get really dumb when we see a price label with ‘Free’ written on it. We are in fact trading services for which personal data is harvested in exchange for something that happens to be free of charge. If you were handed a list of all information Google will sum up about you over the years, maybe you’d consider getting a paid email. But everything is taken silently, because nobody bothers to read terms and conditions. This calls for a Vine:

All jokes aside, there are some pretty sinister examples throughout the book that tell you what companies do with your data, and you’d be surprised at the sheer amount of times that it gets sold to what I’m calling Big Data Corporations, whose purpose is to profile you and merge every piece of information about you into a single data center. Please allow Mr. Schneier to drop some sense on your ass:

We use systems that spy on us in exchange for services. It’s just how the Internet works these days. If something is free, you’re not the customer, you’re the product.

The more I thought about this, the less I cared for all of my online profiles, but I’m not reaching for my tin foil hat just yet. This is a sobering and eye opening read, it is the reason why foundations like the EFF exist, and now I find it very important. Somewhere, a group of people is looking out for everyone’s privacy. Maybe the next time you’re feeling charitable you’ll consider donating to them. After all, they fight for your online rights, and they might just save your digital bacon someday.

Conclusion

I took me a while to figure out why this book should get a good review. I mean, it’s just a compilation of bad news for me both as a citizen and as a consumer, so why would I rate something positively if all it does is make me feel powerless? Furthermore, I’m definitely not going to throw my phone in a river and start living ‘off the grid’. It’s just the way the world is and I want to enjoy technology, not be afraid of it. This means that in the end it will be a tedious read for someone who doesn’t care for privacy. If you’re the type of person that couldn’t care less about what Facebook does with your data, then you’d probably find this to be the worst book you’ve ever read. It is definitely not marketed towards you!

The other side of the argument is that most people (including me) were not aware of the current state of online and offline privacy, and enlightening people seems like a great way to start solving the problem. It is a safe assumption that the general public is not aware of the scope of these practices, because we would rebel against it if we knew. So, by educating all of us we are indeed progressing towards a better future, one where people know they are being tracked and may voice their collective opinions on the topic. I feel that Schneier does a great job at this, especially because he doesn’t dive into the more technical details which would definitely scare away some readers.

TL;DR

You get bombarded with bad examples of both corporations and government agencies that largely go unpunished while being told just how much the biggest tech companies can easily find out about you (spoiler: everything).

In the ending chapters, when all is lost and doomed, a breath of fresh air arrives in the form of security best practices and recommendations, both to you as an individual and several suggestions towards society in general. If Snowden did his part by being a whistle-blower and telling us all about what the NSA is doing, then Schneier also did his best by making an understandable version for everyone.