What do you think?
Rate this book
Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World
Your cell phone provider tracks your location and knows who’s with you. Your online and in-store purchasing patterns are recorded, and reveal if you're unemployed, sick, or pregnant. Your e-mails and texts expose your intimate and casual friends. Google knows what you’re thinking because it saves your private searches. Facebook can determine your sexual orientation without you ever mentioning it.
The powers that surveil us do more than simply store this information. Corporations use surveillance to manipulate not only the news articles and advertisements we each see, but also the prices we’re offered. Governments use surveillance to discriminate, censor, chill free speech, and put people in danger worldwide. And both sides share this information with each other or, even worse, lose it to cybercriminals in huge data breaches.
Much of this is voluntary: we cooperate with corporate surveillance because it promises us convenience, and we submit to government surveillance because it promises us protection. The result is a mass surveillance society of our own making. But have we given up more than we’ve gained? In Data and Goliath, security expert Bruce Schneier offers another path, one that values both security and privacy. He brings his bestseller up-to-date with a new preface covering the latest developments, and then shows us exactly what we can do to reform government surveillance programs, shake up surveillance-based business models, and protect our individual privacy. You'll never look at your phone, your computer, your credit cards, or even your car in the same way again.
The powers that surveil us do more than simply store this information. Corporations use surveillance to manipulate not only the news articles and advertisements we each see, but also the prices we’re offered. Governments use surveillance to discriminate, censor, chill free speech, and put people in danger worldwide. And both sides share this information with each other or, even worse, lose it to cybercriminals in huge data breaches.
Much of this is voluntary: we cooperate with corporate surveillance because it promises us convenience, and we submit to government surveillance because it promises us protection. The result is a mass surveillance society of our own making. But have we given up more than we’ve gained? In Data and Goliath, security expert Bruce Schneier offers another path, one that values both security and privacy. He brings his bestseller up-to-date with a new preface covering the latest developments, and then shows us exactly what we can do to reform government surveillance programs, shake up surveillance-based business models, and protect our individual privacy. You'll never look at your phone, your computer, your credit cards, or even your car in the same way again.
427 pages, Paperback
First published March 2, 2015
570 people are currently reading
10163 people want to read
About the author
Bruce Schneier
55 books622 followersBruce Schneier is a renowned security technologist, called a “security guru” by the Economist. He has written more than one dozen books, including the New York Times bestseller Data and Goliath (2014) and Click Here to Kill Everybody (2018). He teaches at the Harvard Kennedy School and lives in Cambridge, Massachusetts.
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 30 of 403 reviews
March 16, 2015
Birthday present for myself. Bought it at Santa Cruz Bookstore and the cashier scolded me for taking the magnetic anti-theft tracker out of the book before buying it. Savor the irony.
Update: Finished the book on 3/13.
I read this at the same time I was listening to The Snowden Files and No Place To Hide on Audible, so they are all jumbled up in my head. (They are also probably jumbled up with We Are Anonymous and Dataclysm too.) Instead of a review for each, I just have this series of notes -- interspersed with work notes -- that I quickly jotted down in my hipster Evernote Moleskine notebook:
- The surveillance state really seems to exist as an insurance policy for politicians more than for our safety. It is presented as a false choice between security and terrorism (or some terrible event).
- Machine learning algorithms (which I am certainly not an expert in, though I've read several books on the topic) are not well suited to detecting terror attacks or single events. The cost of a false negative is a terrorist attack/event, and the cost of a false positive is deploying SWAT teams, manual surveillance of suspects, going undercover, etc. There aren't enough events (one hopes) to effectively tune an algorithm.
- Things machine learning algorithms are good for: targeting ads, profiling people (demographically, political leanings, sexual orientation), detecting fraudulent transactions, spelling corrections, recommending products. Cost for each false pos/neg is very low and plenty of events/data points to tune with.
- Business model: offer services for free in exchange for turning over data. This seems to be an accident of the Internet because no one will actually pay for content. Now the data is worth more than you could pay for the services. Free apps with ads gross more than one time paid apps. Data can also be resold to data brokers for additional revenue.
- Boston Marathon bombers was not stopped by the surveillance state despite one of the brothers being on watch lists and a specific warning from Russia. The bombers didn't disguise themselves and were chatty enough to tell a carjack victim that they were the bombers, yet all of the NSA and FBI data was worthless for its specifically intended purpose.
- "Underwear" bomber was not stopped by the surveillance state despite repeated warnings by his father at the US embassy at his country of origin. It was prevented by alert bystanders on the plane. (I wonder how many of them were subsequently put on watch lists after emailing descriptions of the event to friends due to using specific keywords.) Again, all the NSA and FBI data was worthless. And the TSA's response was, "Oh yeah, liquids..."
- One scary aspect of the collection of data is to think of how social norms will change in 10 years, so things you said or did now could be used against you in a whole different context. This was public information, but Brandon Eich was forced to resign as CEO of Mozilla Corporation after it came out that he donated to Yes on Proposition 8 (against gay marriage) six years earlier. Give me access to a decade of your email, texts, posts, likes, tweets, retweets, etc., and I'm pretty sure I could get you fired from your job or at least make it so that you can't volunteer at your kid's school.
- I saw Selma, and it struck me how the FBI used personal information to put political pressure on MLK Jr. in the movie. That's the ultimate argument against people who say that they have nothing to hide. Also, I'll bet it's much easier to find and "prove" plagiarism now.
- A lot of the defenses offered by the government are based on specific interpretations of words or phrases like "collect." Also the defense "We aren't listening to your phone calls" is technically true, because that is much harder to process than metadata about the phone calls, which can reveal much more information and is much more computer-friendly. During the Cold War, the US couldn't decrypt any of Russia's messages, but was still able to learn a lot through traffic analysis. (The US could listen in to Russia's cell phones until someone tipped them off about that and they encrypted them.)
- I like Justice Brandeis's notion of "the right to be let alone."
- It's interesting that the US Government positions itself as not being able to get much done (i.e. Congress), yet it is able to force Bolivia's presidential plane to land in Austria on a moment's notice to be searched because of a rumor that Mr. Snowden was on board. It's makes me wonder how much this fecklessness is real and how much is a charade.
- CEOs of companies who make money from their customers' information are happy to publicly state that privacy is dead/overrated/old fashioned, and then they fly off to Davos or Bohemian Grove for closed sessions. I'm trying not to confuse that with not wanting to be Google stalked or with PR, which are different things.
- I recently read Command and Control, which is a fascinating look into the way the US nuclear arsenal was handled. One very interesting part was the early struggle for control over these powerful weapons between civilian and military control. Civilian eventually won out, as we know. I wonder if a similar struggle is going on for control of this new, powerful weapon. And I wonder if it matters that this time the weapon is pointed at us instead of people on other continents.
- I'm nervous about using encryption now that I know that encrypted messages are automatically being stored.
- I'm working on a Google Doc with a list of plug-ins, browsers, etc. for staying reasonably safe and anonymous on the Internet. I think the corporate tracking is actually more insidious. Mr. Schneier has a lot of good tips like having your browser delete cookies when it closes that I'm going to start using right away, though it's always a balance between security and usability.
- One personal note about Snowden. In my career I have worked with a few people who haven't graduated high school -- not enough to draw scientifically valid conclusions about -- but to a person they have been brilliant but horrible to work with. The main issues are (1) they have no conflict resolution skills (think MTV's Real World) and (2) a ton of blind spots in their knowledge that they won't acknowledge for fear their whole intellectual edifice will come crashing down. I have also worked with a few people who haven't graduated college, and about 1/2 of them are like this to a lesser extent too. I'm not saying high school and college are all that great -- especially intellectually -- but there is some kind of necessary socialization that takes place. Anyway, I wonder if Snowden was a terror to work with. I know that there was at least one bad performance review from his CIA days. He certainly seems to have mellowed out nicely, and in the videos I have seen and transcripts I have read he explains things very, very patiently and well. But maybe that personality type and lack of socialization was necessary to do what he did.
- The bottom line: There is a massive surveillance apparatus built up with the stated goal of "owning the Internet" and getting into "all the networks." It is growing with the help of Moore's Law, an unlimited budget, and the assistance of the largest Internet companies. The legal arguments being used to justify it shocked even the authors of the Patriot Act, not exactly soft-hearted liberals. It is immensely powerful and growing more so, even though it is not making us one iota safer on an individual or societal level. And though for now it's in the hands of a government that we can reasonably trust, the head of the NSA has already lied directly to Congress about it and there is basically no oversight or accountability for how it is used.
Update: Finished the book on 3/13.
I read this at the same time I was listening to The Snowden Files and No Place To Hide on Audible, so they are all jumbled up in my head. (They are also probably jumbled up with We Are Anonymous and Dataclysm too.) Instead of a review for each, I just have this series of notes -- interspersed with work notes -- that I quickly jotted down in my hipster Evernote Moleskine notebook:
- The surveillance state really seems to exist as an insurance policy for politicians more than for our safety. It is presented as a false choice between security and terrorism (or some terrible event).
- Machine learning algorithms (which I am certainly not an expert in, though I've read several books on the topic) are not well suited to detecting terror attacks or single events. The cost of a false negative is a terrorist attack/event, and the cost of a false positive is deploying SWAT teams, manual surveillance of suspects, going undercover, etc. There aren't enough events (one hopes) to effectively tune an algorithm.
- Things machine learning algorithms are good for: targeting ads, profiling people (demographically, political leanings, sexual orientation), detecting fraudulent transactions, spelling corrections, recommending products. Cost for each false pos/neg is very low and plenty of events/data points to tune with.
- Business model: offer services for free in exchange for turning over data. This seems to be an accident of the Internet because no one will actually pay for content. Now the data is worth more than you could pay for the services. Free apps with ads gross more than one time paid apps. Data can also be resold to data brokers for additional revenue.
- Boston Marathon bombers was not stopped by the surveillance state despite one of the brothers being on watch lists and a specific warning from Russia. The bombers didn't disguise themselves and were chatty enough to tell a carjack victim that they were the bombers, yet all of the NSA and FBI data was worthless for its specifically intended purpose.
- "Underwear" bomber was not stopped by the surveillance state despite repeated warnings by his father at the US embassy at his country of origin. It was prevented by alert bystanders on the plane. (I wonder how many of them were subsequently put on watch lists after emailing descriptions of the event to friends due to using specific keywords.) Again, all the NSA and FBI data was worthless. And the TSA's response was, "Oh yeah, liquids..."
- One scary aspect of the collection of data is to think of how social norms will change in 10 years, so things you said or did now could be used against you in a whole different context. This was public information, but Brandon Eich was forced to resign as CEO of Mozilla Corporation after it came out that he donated to Yes on Proposition 8 (against gay marriage) six years earlier. Give me access to a decade of your email, texts, posts, likes, tweets, retweets, etc., and I'm pretty sure I could get you fired from your job or at least make it so that you can't volunteer at your kid's school.
- I saw Selma, and it struck me how the FBI used personal information to put political pressure on MLK Jr. in the movie. That's the ultimate argument against people who say that they have nothing to hide. Also, I'll bet it's much easier to find and "prove" plagiarism now.
- A lot of the defenses offered by the government are based on specific interpretations of words or phrases like "collect." Also the defense "We aren't listening to your phone calls" is technically true, because that is much harder to process than metadata about the phone calls, which can reveal much more information and is much more computer-friendly. During the Cold War, the US couldn't decrypt any of Russia's messages, but was still able to learn a lot through traffic analysis. (The US could listen in to Russia's cell phones until someone tipped them off about that and they encrypted them.)
- I like Justice Brandeis's notion of "the right to be let alone."
- It's interesting that the US Government positions itself as not being able to get much done (i.e. Congress), yet it is able to force Bolivia's presidential plane to land in Austria on a moment's notice to be searched because of a rumor that Mr. Snowden was on board. It's makes me wonder how much this fecklessness is real and how much is a charade.
- CEOs of companies who make money from their customers' information are happy to publicly state that privacy is dead/overrated/old fashioned, and then they fly off to Davos or Bohemian Grove for closed sessions. I'm trying not to confuse that with not wanting to be Google stalked or with PR, which are different things.
- I recently read Command and Control, which is a fascinating look into the way the US nuclear arsenal was handled. One very interesting part was the early struggle for control over these powerful weapons between civilian and military control. Civilian eventually won out, as we know. I wonder if a similar struggle is going on for control of this new, powerful weapon. And I wonder if it matters that this time the weapon is pointed at us instead of people on other continents.
- I'm nervous about using encryption now that I know that encrypted messages are automatically being stored.
- I'm working on a Google Doc with a list of plug-ins, browsers, etc. for staying reasonably safe and anonymous on the Internet. I think the corporate tracking is actually more insidious. Mr. Schneier has a lot of good tips like having your browser delete cookies when it closes that I'm going to start using right away, though it's always a balance between security and usability.
- One personal note about Snowden. In my career I have worked with a few people who haven't graduated high school -- not enough to draw scientifically valid conclusions about -- but to a person they have been brilliant but horrible to work with. The main issues are (1) they have no conflict resolution skills (think MTV's Real World) and (2) a ton of blind spots in their knowledge that they won't acknowledge for fear their whole intellectual edifice will come crashing down. I have also worked with a few people who haven't graduated college, and about 1/2 of them are like this to a lesser extent too. I'm not saying high school and college are all that great -- especially intellectually -- but there is some kind of necessary socialization that takes place. Anyway, I wonder if Snowden was a terror to work with. I know that there was at least one bad performance review from his CIA days. He certainly seems to have mellowed out nicely, and in the videos I have seen and transcripts I have read he explains things very, very patiently and well. But maybe that personality type and lack of socialization was necessary to do what he did.
- The bottom line: There is a massive surveillance apparatus built up with the stated goal of "owning the Internet" and getting into "all the networks." It is growing with the help of Moore's Law, an unlimited budget, and the assistance of the largest Internet companies. The legal arguments being used to justify it shocked even the authors of the Patriot Act, not exactly soft-hearted liberals. It is immensely powerful and growing more so, even though it is not making us one iota safer on an individual or societal level. And though for now it's in the hands of a government that we can reasonably trust, the head of the NSA has already lied directly to Congress about it and there is basically no oversight or accountability for how it is used.
April 1, 2018
Big Data helps in the indirect way of realizing dystopias.
Please note that I put the original German text at the end of this review. Just if you might be interested.
A book that is widely scattered and explains all aspects of the precarious situation to illustrate an increasingly threatening dilemma better. In contrast to other non-fiction books on the subject, which place the primary focus on the technical, economic, political or cultural aspect of the volatile situation and thus dilute it in part.
The application possibilities and therefore the misappropriation of big data are limitless, especially in cooperation with ever better neural networks and nationwide surveillance.
It is interesting how the desires on the part of the state can change. For example, if a system initially developed only for toll monitoring also arouses the interest of police and border guards. Many procedures seem to be tested on asylum seekers and foreigners, such as biometric passports and fingerprints. These were until recently obligatory only for these groups, but will now be imposed on all citizens. Every ten years new, of course, if one would like to call a valid passport his own.
The digitization of health data also offers exciting options for refusing potentially affected persons from chronic or hereditary diseases by insurance companies. In addition to the actual benefits of the evaluation, census delivers results that can be used in many other ways.
The names for the ever further expansion of the democratically highly questionable action of the policy are large eavesdropping, data retention or Patriot Act. Like their predecessors, they are often considered illegal by the Constitutional Court in various respects.
All efforts under the term "eGovernment" to bundle all the details of human life in one file, as well as the preventive monitoring of payment transactions using the example of SWIFT, round off the picture of the trend towards total control.
The state's attitude regarding civil rights shows in pure culture on the example of the "bootlegger are criminals" campaign. Which, with a draconian punishment catalog in favor of the media industry in the hindquarters, provides quite realistic expectations for the consequences of criminal copyright infringement. An exact investigation of the data of the illegal downloaders is seen as entirely legitimate. As with other copyright or state security endangering activities.
The intrinsic backwardness of rigorous bills for real protection of citizens' privacy and personal rights is significant for deliberately lousy policy in the interests of the state and the economy. Ever since the dawn of the Internet and the beginning of the ever-accelerating digitization of everyday life, efforts have been made neither at a regional nor supranational level to be able to counteract the hustle and bustle even in the first place.
Laws are being enacted to curtail further civil rights with far-reaching powers and deliberately spongy formulations that can be too widely interpreted.
In the wake of the scare tactics since 2001, all previous tentative efforts to establish realistic, applicable and executable measures to protect the population have been reversed. An ever stronger integration and merging of all aspects, be it social insurance periods, bank data, telephone connections, Internet use, illnesses, interests and private life, is driven forward. Also, either collected for profiling and analysis of potential buying behavior for companies or applied by the state to people spreading even remotely insubordination or subversive tendencies. What includes all relatives, friends, and co-workers of entirely respectable people, who represent a non-standard political opinion, engage in NGOs, participate in protest events or read reviews of books on the aspiring surveillance state.
One should look at the many examples of history in which, in the course of always one-sided shifted power structures came to the softening and consequent disintegration of the rule of law and democratic order. An ever-increasing co-operation of, for a good reason, strictly separated constitutional areas such as the police, ministry of the interior, intelligence, military, and politics has always been a vital alarm signal for drifting away in totalitarian directions. Towards those, they have been working for years offensively and forcefully.
Big Data hilft auf dem indirekten Weg der Verwirklichung von Dystopien.
Ein breit gestreutes und sämtliche Aspekte der prekären Lage erläuterndes Buch zur besseren Veranschaulichung eines immer bedrohlicher werdenden Dilemmas. Im Gegensatz zu anderen Sachbüchern zu dem Thema, die den Hauptfokus auf den technischen, wirtschaftlichen, politischen oder kulturell bedingten Aspekt der brisanten Sachlage legen und damit teilweise verwässern.
Die Anwendungsmöglichkeiten und damit auch Zweckentfremdungen von Big Data sind, vor allem in Kooperation mit immer besseren neuronalen Netzen und flächendeckender Überwachung, grenzenlos.
Interessant ist, wie sich die Begehrlichkeiten von Seiten des Staates verändern können. Etwa wenn ein anfangs nur zur Mautüberwachung entwickeltes System auch das Interesse von Polizei und Grenzschutz zu wecken beginnt. Wobei viele Verfahren probehalber scheinbar zuerst an Asylanten und Ausländern getestet zu werden scheinen, wie etwa die biometrischen Reisepässe samt Fingerabdrücken. Diese waren bis vor kurzem eigentlich nur für diese Gruppen obligat waren, werden jedoch nun sämtlichen Bürgern aufgezwungen werden. Alle 10 Jahre neu, versteht sich, möchte man einen gültigen Reisepass sein eigen nennen.
uch bieten die Digitalisierung der Gesundheitsdaten interessante Optionen zur Ablehnung potentiell von chronischen oder erblich bedingten Krankheiten betroffenen Personen für Versicherungskonzerne. Volkszählungen liefern neben dem eigentlich vorgegebenen Nutzen der Evaluierung noch vielfältig anders nutzbare Resultate.
Die Namen für die immer weitere Ausweitung des demokratisch hochgradig bedenklichen Handelns der Politik sind großer Lauschangriff, Vorratsdatenspeicherung oder Patriot Act. Sie werden, so wie ihre Vorgängermodelle, häufig im nachhinein in diversen Belangen vom Verfassungsgerichtshof als illegal bewertet.
Alle unter dem Begriff des „eGovernment“ zusammengefassten Bestrebungen, sämtliche Details eines menschlichen Lebens in einer Datei zu bündeln sind genauso wie die präventive Überwachung des Zahlungsverkehrs am Beispiel von SWIFT eine Abrundung des Bildes der Tendenz zur totalen Kontrolle.
Die staatliche Haltung bezüglich Bürgerrechten zeigt sich in Reinkultur am Beispiel der „Raubkopierer sind Verbrecher“ Kampagne. Die, mit einem drakonischen Strafenkatalog zugunsten der Medienindustrie in der Hinterhand, durchaus realistische Erwartungen für die Konsequenzen frevelhafter Copyrightverletzungen liefert. Eine genaue Eruierung der Daten der illegalen Herunterlader sei durchaus legitim. Wie bei anderen, die Urheberrechte oder die staatliche Sicherheit gefährdenden Aktivitäten.
Das systemimmanente Hinterherhinken rigiderer Gesetzesentwürfe zum wirklichen Schutz der Privatsphäre und Persönlichkeitsrechte der Bürger ist signifikant für eine bewusst schlechte Politik im Interesse von Staat und Wirtschaft. Schon seit den Urzeiten des Internets und dem Beginn der immer schneller voranschreitenden Digitalisierung des Alltags werden weder auf regionaler noch überstaatlicher Ebene Bemühungen unternommen, um dem Treiben auch nur im Ansatz entgegenwirken zu können.
Es werden Gesetze zur weiteren Einschränkung von Bürgerrechten mit weitgreifenden Befugnissen und bewusst schwammigen und zu mannigfacher Interpretation einladenden Formulierungen erlassen.
Im Zuge der Panikmache seit 2001 wurden sämtliche bisherigen zaghaften Bemühungen, realistische, anwendbare und exekutierbare Maßnahmen zum Schutz der Bevölkerung zu etablieren, ins Gegenteil verkehrt. Eine immer stärkere Verflechtung und Zusammenführung sämtlicher Aspekte, seien es Sozialversicherungszeiten, Bankdaten, Telefonverbindungen, Internetznutzung, Krankheiten, Interessen und Privatleben, wird vorangetrieben. Und entweder zwecks Profilerstellung und Analyse des potentiellen Kaufverhaltens für Unternehmen vereinnahmt oder von Staats wegen auf auch nur im Entferntesten Insubordination oder subversive Tendenzen verbreitende Personen angewandt. Was sämtliche Verwandte, Freunde und Arbeitskollegen von völlig unbescholtenen Personen mit einschließt, die eine von der Norm abweichende politische Meinung vertreten, sich in NGOs engagieren, bei Protestveranstaltungen mitmachen oder Rezensionen von Büchern über den angehenden Überwachungsstaat lesen.
Man sollte sich die vielen Beispiele der Geschichte vor Augen führen, in denen es im Zuge von immer einseitiger verschobenen Machtstrukturen zur Aufweichung und daraus resultierenden Zersetzung von Rechtsstaatlichkeit und demokratischer Ordnung kam. Wobei eine immer stärkere Zusammenarbeit von, laut Verfassung strikt zu trennenden Bereichen, wie etwa Polizei, Innenministerium, Geheimdienst, Militär und Politik, immer ein wesentliches Alarmsignal für ein Abdriften in totalitäre Richtungen war. Darauf wird seit Jahren offensiv und forciert hingearbeitet.
Please note that I put the original German text at the end of this review. Just if you might be interested.
A book that is widely scattered and explains all aspects of the precarious situation to illustrate an increasingly threatening dilemma better. In contrast to other non-fiction books on the subject, which place the primary focus on the technical, economic, political or cultural aspect of the volatile situation and thus dilute it in part.
The application possibilities and therefore the misappropriation of big data are limitless, especially in cooperation with ever better neural networks and nationwide surveillance.
It is interesting how the desires on the part of the state can change. For example, if a system initially developed only for toll monitoring also arouses the interest of police and border guards. Many procedures seem to be tested on asylum seekers and foreigners, such as biometric passports and fingerprints. These were until recently obligatory only for these groups, but will now be imposed on all citizens. Every ten years new, of course, if one would like to call a valid passport his own.
The digitization of health data also offers exciting options for refusing potentially affected persons from chronic or hereditary diseases by insurance companies. In addition to the actual benefits of the evaluation, census delivers results that can be used in many other ways.
The names for the ever further expansion of the democratically highly questionable action of the policy are large eavesdropping, data retention or Patriot Act. Like their predecessors, they are often considered illegal by the Constitutional Court in various respects.
All efforts under the term "eGovernment" to bundle all the details of human life in one file, as well as the preventive monitoring of payment transactions using the example of SWIFT, round off the picture of the trend towards total control.
The state's attitude regarding civil rights shows in pure culture on the example of the "bootlegger are criminals" campaign. Which, with a draconian punishment catalog in favor of the media industry in the hindquarters, provides quite realistic expectations for the consequences of criminal copyright infringement. An exact investigation of the data of the illegal downloaders is seen as entirely legitimate. As with other copyright or state security endangering activities.
The intrinsic backwardness of rigorous bills for real protection of citizens' privacy and personal rights is significant for deliberately lousy policy in the interests of the state and the economy. Ever since the dawn of the Internet and the beginning of the ever-accelerating digitization of everyday life, efforts have been made neither at a regional nor supranational level to be able to counteract the hustle and bustle even in the first place.
Laws are being enacted to curtail further civil rights with far-reaching powers and deliberately spongy formulations that can be too widely interpreted.
In the wake of the scare tactics since 2001, all previous tentative efforts to establish realistic, applicable and executable measures to protect the population have been reversed. An ever stronger integration and merging of all aspects, be it social insurance periods, bank data, telephone connections, Internet use, illnesses, interests and private life, is driven forward. Also, either collected for profiling and analysis of potential buying behavior for companies or applied by the state to people spreading even remotely insubordination or subversive tendencies. What includes all relatives, friends, and co-workers of entirely respectable people, who represent a non-standard political opinion, engage in NGOs, participate in protest events or read reviews of books on the aspiring surveillance state.
One should look at the many examples of history in which, in the course of always one-sided shifted power structures came to the softening and consequent disintegration of the rule of law and democratic order. An ever-increasing co-operation of, for a good reason, strictly separated constitutional areas such as the police, ministry of the interior, intelligence, military, and politics has always been a vital alarm signal for drifting away in totalitarian directions. Towards those, they have been working for years offensively and forcefully.
Big Data hilft auf dem indirekten Weg der Verwirklichung von Dystopien.
Ein breit gestreutes und sämtliche Aspekte der prekären Lage erläuterndes Buch zur besseren Veranschaulichung eines immer bedrohlicher werdenden Dilemmas. Im Gegensatz zu anderen Sachbüchern zu dem Thema, die den Hauptfokus auf den technischen, wirtschaftlichen, politischen oder kulturell bedingten Aspekt der brisanten Sachlage legen und damit teilweise verwässern.
Die Anwendungsmöglichkeiten und damit auch Zweckentfremdungen von Big Data sind, vor allem in Kooperation mit immer besseren neuronalen Netzen und flächendeckender Überwachung, grenzenlos.
Interessant ist, wie sich die Begehrlichkeiten von Seiten des Staates verändern können. Etwa wenn ein anfangs nur zur Mautüberwachung entwickeltes System auch das Interesse von Polizei und Grenzschutz zu wecken beginnt. Wobei viele Verfahren probehalber scheinbar zuerst an Asylanten und Ausländern getestet zu werden scheinen, wie etwa die biometrischen Reisepässe samt Fingerabdrücken. Diese waren bis vor kurzem eigentlich nur für diese Gruppen obligat waren, werden jedoch nun sämtlichen Bürgern aufgezwungen werden. Alle 10 Jahre neu, versteht sich, möchte man einen gültigen Reisepass sein eigen nennen.
uch bieten die Digitalisierung der Gesundheitsdaten interessante Optionen zur Ablehnung potentiell von chronischen oder erblich bedingten Krankheiten betroffenen Personen für Versicherungskonzerne. Volkszählungen liefern neben dem eigentlich vorgegebenen Nutzen der Evaluierung noch vielfältig anders nutzbare Resultate.
Die Namen für die immer weitere Ausweitung des demokratisch hochgradig bedenklichen Handelns der Politik sind großer Lauschangriff, Vorratsdatenspeicherung oder Patriot Act. Sie werden, so wie ihre Vorgängermodelle, häufig im nachhinein in diversen Belangen vom Verfassungsgerichtshof als illegal bewertet.
Alle unter dem Begriff des „eGovernment“ zusammengefassten Bestrebungen, sämtliche Details eines menschlichen Lebens in einer Datei zu bündeln sind genauso wie die präventive Überwachung des Zahlungsverkehrs am Beispiel von SWIFT eine Abrundung des Bildes der Tendenz zur totalen Kontrolle.
Die staatliche Haltung bezüglich Bürgerrechten zeigt sich in Reinkultur am Beispiel der „Raubkopierer sind Verbrecher“ Kampagne. Die, mit einem drakonischen Strafenkatalog zugunsten der Medienindustrie in der Hinterhand, durchaus realistische Erwartungen für die Konsequenzen frevelhafter Copyrightverletzungen liefert. Eine genaue Eruierung der Daten der illegalen Herunterlader sei durchaus legitim. Wie bei anderen, die Urheberrechte oder die staatliche Sicherheit gefährdenden Aktivitäten.
Das systemimmanente Hinterherhinken rigiderer Gesetzesentwürfe zum wirklichen Schutz der Privatsphäre und Persönlichkeitsrechte der Bürger ist signifikant für eine bewusst schlechte Politik im Interesse von Staat und Wirtschaft. Schon seit den Urzeiten des Internets und dem Beginn der immer schneller voranschreitenden Digitalisierung des Alltags werden weder auf regionaler noch überstaatlicher Ebene Bemühungen unternommen, um dem Treiben auch nur im Ansatz entgegenwirken zu können.
Es werden Gesetze zur weiteren Einschränkung von Bürgerrechten mit weitgreifenden Befugnissen und bewusst schwammigen und zu mannigfacher Interpretation einladenden Formulierungen erlassen.
Im Zuge der Panikmache seit 2001 wurden sämtliche bisherigen zaghaften Bemühungen, realistische, anwendbare und exekutierbare Maßnahmen zum Schutz der Bevölkerung zu etablieren, ins Gegenteil verkehrt. Eine immer stärkere Verflechtung und Zusammenführung sämtlicher Aspekte, seien es Sozialversicherungszeiten, Bankdaten, Telefonverbindungen, Internetznutzung, Krankheiten, Interessen und Privatleben, wird vorangetrieben. Und entweder zwecks Profilerstellung und Analyse des potentiellen Kaufverhaltens für Unternehmen vereinnahmt oder von Staats wegen auf auch nur im Entferntesten Insubordination oder subversive Tendenzen verbreitende Personen angewandt. Was sämtliche Verwandte, Freunde und Arbeitskollegen von völlig unbescholtenen Personen mit einschließt, die eine von der Norm abweichende politische Meinung vertreten, sich in NGOs engagieren, bei Protestveranstaltungen mitmachen oder Rezensionen von Büchern über den angehenden Überwachungsstaat lesen.
Man sollte sich die vielen Beispiele der Geschichte vor Augen führen, in denen es im Zuge von immer einseitiger verschobenen Machtstrukturen zur Aufweichung und daraus resultierenden Zersetzung von Rechtsstaatlichkeit und demokratischer Ordnung kam. Wobei eine immer stärkere Zusammenarbeit von, laut Verfassung strikt zu trennenden Bereichen, wie etwa Polizei, Innenministerium, Geheimdienst, Militär und Politik, immer ein wesentliches Alarmsignal für ein Abdriften in totalitäre Richtungen war. Darauf wird seit Jahren offensiv und forciert hingearbeitet.
March 18, 2017
Schneier é especialista em segurança e criptografia e contribuiu com a análise das revelações do Snowden sobre como governos e empresas espionam nossos dados pessoais. O livro é uma análise bem detalhada – e mais extensa do que o necessário, na minha opinião – sobre como isso acontece.
Ele passa por vários exemplos de vigilância, da voluntária à espionagem. Em seguida comenta sobre o que isso faz com as pessoas e como nossa qualidade de vida cai quando nos sentimos observados, além de como as falhas criadas para a espionagem são usadas por pessoas mal intencionadas, não só pela polícia e afins. Para depois terminar com recomendações de o que fazer para se proteger dessa vigilância toda, como se tornar um alvo mais difícil do que a maioria, e como o uso dos dados deveria ser regulado.
Ele passa por vários exemplos de vigilância, da voluntária à espionagem. Em seguida comenta sobre o que isso faz com as pessoas e como nossa qualidade de vida cai quando nos sentimos observados, além de como as falhas criadas para a espionagem são usadas por pessoas mal intencionadas, não só pela polícia e afins. Para depois terminar com recomendações de o que fazer para se proteger dessa vigilância toda, como se tornar um alvo mais difícil do que a maioria, e como o uso dos dados deveria ser regulado.
November 6, 2015
If you've never heard of Ghostery or Disconnect, go ahead and look them up. Try out their web browser extensions (you can always easily uninstall them). What you'll notice is that you're being tracked by many companies, some of which you've heard of, but many of them will be unfamiliar. There aren't just a few companies tracking you, but well over a thousand. And it's not just companies that are tracking you, but governments as well (this should already be obvious). What's great about this book is that it doesn't go into much technical detail, which is great for nontechies; it just gives you an overview of what's happening to your data as you browse around online and offers some suggestions on online privacy.
June 3, 2019
Solid intro to the myths/realities of privacy/security in the Age of Information Technology, for the general public by an IT specialist:
The Good:
--In the modern world of complex abstractions (finance, world market, mass media, foreign policy, science & technology, etc.), there is a pressing need for introductions that balance accessibility without sacrificing nuance.
--Schneier combines technical expertise (computer security, cryptography) with a down-to-earth writing style, a gift for the public.
--In laying out the realities of the Age of Information Technology (IT), here are some highlights:
1) Data as a “by-product” of computing; indeed, often as an “exhaust”, a “pollutant”, a market externality that needs to be accounted for.
2) “But I have nothing to hide…”: the human/social need for privacy, the power relations (censorship, unaccountability), the current realities of ubiquitous mass surveillance and mass permanent storage, etc. A good follow-up: This Machine Kills Secrets: How WikiLeakers, Cypherpunks, and Hacktivists Aim to Free the World's Information
3) Targeted vs. mass surveillance; how “metadata” is still surveillance.
4) The political economy of Corporate and State surveillance, and their interactions, with some useful bits on the business (i.e. profit) models of IT.
The Bad/Missing:
--Once we move outside of the author’s IT expertise and into areas of terrorism/foreign policy, global trade (“business competitiveness”), and the subsequent hurdle of “solutions”, we need to supplement our efforts.
--For profit and IT, I’m still searching for an accessible intro, as these are more advanced:
-Postcapitalism: A Guide to Our Future
-The Zero Marginal Cost Society: The Internet of Things, the Collaborative Commons, and the Eclipse of Capitalism.
On Terror:
American mass media propaganda has warped political affiliations into a hot mess, so we need to make the effort in untangling the principles from the contradictions. A key thread to untangle is American foreign policy’s role in terror. It is tiresome hearing someone as intelligent as Schneier 1) carefully calibrate his finely-balanced technical case for security vs. privacy while 2) assuming US intelligence is solely focused on domestic security for US citizens and at worst is overzealous in this goal. Orwellian...
Are we to ignore US intelligence + military’s stupendous record of funding terror (mostly fascist paramilitary thugs) throughout the world to destabilize threats (i.e. anti-colonialists, grassroots participatory democracy, not just communists but literally any human obstacle and bystander) to American corporations? Of course Islamophobes do not give a damn about the rest of the world, but The War on Terror’s lie on domestic security is beyond cartoonish. Who propped up “moderate rebels” (ones who threw acid in the faces of unveiled women) in the first place to go after USSR in Afghanistan? Who propped up and continually protects the Saudi Wahhabi monarchy against often democratic reformist (often secular!) challenges like Egypt’s Nasser, Iran’s Mosaddegh, Iraq’s Qasim, etc. etc.?
An empire requires its periphery to be smashed and dependent, and even liberals are comfortable with this especially if the periphery is coloured. The lower classes of the empire pay for this violence through taxes (while social spending is minimal) and lives (enlisting in the mercenary army of aggression; blow-back). A meaningful solution to terrorism at home would be to identify this process and protest the creation of terrorism abroad.
On IT & foreign policy:
-Cypherpunks: Freedom and the Future of the Internet
-When Google Met Wikileaks
On history of foreign policy:
-The Management of Savagery: How America's National Security State Fueled the Rise of Al Qaeda, ISIS, and Donald Trump
-Killing Hope: U.S. Military and C.I.A. Interventions Since World War II
-Hegemony or Survival: America's Quest for Global Dominance
-Manufacturing Consent: The Political Economy of the Mass Media
-Blackshirts and Reds: Rational Fascism and the Overthrow of Communism
The Good:
--In the modern world of complex abstractions (finance, world market, mass media, foreign policy, science & technology, etc.), there is a pressing need for introductions that balance accessibility without sacrificing nuance.
--Schneier combines technical expertise (computer security, cryptography) with a down-to-earth writing style, a gift for the public.
--In laying out the realities of the Age of Information Technology (IT), here are some highlights:
1) Data as a “by-product” of computing; indeed, often as an “exhaust”, a “pollutant”, a market externality that needs to be accounted for.
2) “But I have nothing to hide…”: the human/social need for privacy, the power relations (censorship, unaccountability), the current realities of ubiquitous mass surveillance and mass permanent storage, etc. A good follow-up: This Machine Kills Secrets: How WikiLeakers, Cypherpunks, and Hacktivists Aim to Free the World's Information
3) Targeted vs. mass surveillance; how “metadata” is still surveillance.
4) The political economy of Corporate and State surveillance, and their interactions, with some useful bits on the business (i.e. profit) models of IT.
The Bad/Missing:
--Once we move outside of the author’s IT expertise and into areas of terrorism/foreign policy, global trade (“business competitiveness”), and the subsequent hurdle of “solutions”, we need to supplement our efforts.
--For profit and IT, I’m still searching for an accessible intro, as these are more advanced:
-Postcapitalism: A Guide to Our Future
-The Zero Marginal Cost Society: The Internet of Things, the Collaborative Commons, and the Eclipse of Capitalism.
On Terror:
American mass media propaganda has warped political affiliations into a hot mess, so we need to make the effort in untangling the principles from the contradictions. A key thread to untangle is American foreign policy’s role in terror. It is tiresome hearing someone as intelligent as Schneier 1) carefully calibrate his finely-balanced technical case for security vs. privacy while 2) assuming US intelligence is solely focused on domestic security for US citizens and at worst is overzealous in this goal. Orwellian...
Are we to ignore US intelligence + military’s stupendous record of funding terror (mostly fascist paramilitary thugs) throughout the world to destabilize threats (i.e. anti-colonialists, grassroots participatory democracy, not just communists but literally any human obstacle and bystander) to American corporations? Of course Islamophobes do not give a damn about the rest of the world, but The War on Terror’s lie on domestic security is beyond cartoonish. Who propped up “moderate rebels” (ones who threw acid in the faces of unveiled women) in the first place to go after USSR in Afghanistan? Who propped up and continually protects the Saudi Wahhabi monarchy against often democratic reformist (often secular!) challenges like Egypt’s Nasser, Iran’s Mosaddegh, Iraq’s Qasim, etc. etc.?
An empire requires its periphery to be smashed and dependent, and even liberals are comfortable with this especially if the periphery is coloured. The lower classes of the empire pay for this violence through taxes (while social spending is minimal) and lives (enlisting in the mercenary army of aggression; blow-back). A meaningful solution to terrorism at home would be to identify this process and protest the creation of terrorism abroad.
On IT & foreign policy:
-Cypherpunks: Freedom and the Future of the Internet
-When Google Met Wikileaks
On history of foreign policy:
-The Management of Savagery: How America's National Security State Fueled the Rise of Al Qaeda, ISIS, and Donald Trump
-Killing Hope: U.S. Military and C.I.A. Interventions Since World War II
-Hegemony or Survival: America's Quest for Global Dominance
-Manufacturing Consent: The Political Economy of the Mass Media
-Blackshirts and Reds: Rational Fascism and the Overthrow of Communism
June 24, 2018
I love the topic. I love the details provided in this book. But, to tell a story you need more than a great topic and a bunch of facts. One needs a narrative and an attitude to tie the pieces together. This book lacked the story telling 'je ne sais quoi" (literal: "I don't know what", but figuratively "elusive quality") though he does have the attitude.
I don't think there is any current topic where I could be more interested in than along the lines of the merging of the data that is out there with computers and algorithms, and I would consider Edward Snowden a hero, because what we have learned from him and the potential to do harm (as well as good) with the merging of big data with computers and the power of using context and content that both government and corporations (and even private citizens) can use against us (or for us) as a potential threat to our liberty or a boon to our equality. Complete liberty means no equality, and complete equality means no liberty. There is a balance and books like this can offer a guideline, but it needs the story to tie the pieces together with a narrative of some kind.
I'll give an example, of a book that I just recently read. "Rise of the Machines", by Thomas Rid. He covers many of the same topics that were covered in this book, especially on the part of encryption and PGP (pretty good privacy). At the same time that book always had a theme woven into the story as a whole in which he was tying all the pieces together, and even summarized them in the final chapter for the dense reader like me. This book, "Data and Goliath", doesn't interweave them coherently and therefore made what should have been an incredibly exciting story for me into a dull story with a lot of facts.
My problem with this book is not that it didn't give the listener plenty of details, but it didn't give the listener an easy story to tell so one can, for example, share with colleagues over the water cooler while at work. The values we use to explain the world through science would include: simplicity, accuracy, prediction, fitting in to the web of knowledge, and lastly the ability to explain. In order to explain, one needs a story to put the pieces together this book doesn't offer that. (Galileo had a story to tell as well as plenty of details. Read "Dialogs Concerning Two Chief World Systems", e.g.).
I'm in the minority on this book. It gave me details which I loved, but it lacked a over arcing narrative that I could wrap my mind around. Good fiction needs a story to hook the listener, and non-fiction needs that narrative even more as to not bore. I like all genres of non-fiction except for the boring kind.
I don't think there is any current topic where I could be more interested in than along the lines of the merging of the data that is out there with computers and algorithms, and I would consider Edward Snowden a hero, because what we have learned from him and the potential to do harm (as well as good) with the merging of big data with computers and the power of using context and content that both government and corporations (and even private citizens) can use against us (or for us) as a potential threat to our liberty or a boon to our equality. Complete liberty means no equality, and complete equality means no liberty. There is a balance and books like this can offer a guideline, but it needs the story to tie the pieces together with a narrative of some kind.
I'll give an example, of a book that I just recently read. "Rise of the Machines", by Thomas Rid. He covers many of the same topics that were covered in this book, especially on the part of encryption and PGP (pretty good privacy). At the same time that book always had a theme woven into the story as a whole in which he was tying all the pieces together, and even summarized them in the final chapter for the dense reader like me. This book, "Data and Goliath", doesn't interweave them coherently and therefore made what should have been an incredibly exciting story for me into a dull story with a lot of facts.
My problem with this book is not that it didn't give the listener plenty of details, but it didn't give the listener an easy story to tell so one can, for example, share with colleagues over the water cooler while at work. The values we use to explain the world through science would include: simplicity, accuracy, prediction, fitting in to the web of knowledge, and lastly the ability to explain. In order to explain, one needs a story to put the pieces together this book doesn't offer that. (Galileo had a story to tell as well as plenty of details. Read "Dialogs Concerning Two Chief World Systems", e.g.).
I'm in the minority on this book. It gave me details which I loved, but it lacked a over arcing narrative that I could wrap my mind around. Good fiction needs a story to hook the listener, and non-fiction needs that narrative even more as to not bore. I like all genres of non-fiction except for the boring kind.
August 22, 2018
تخيل أننا نعيش في زمن يُطلب منك أن تحمل جهاز تعقّب لتعلم السّلطات مكانك بالضّبط وتسجّل جميع تحرّكاتك. تخيّل أنه سيّطلب منك التسجيل في مركز الشرطة (أو في مركز خاص بذلك) جميع صداقاتك، بل ويُفرض عليك أن تُخبر المركز بأية صداقة جديدة، كما يُطلب منك تقديم جميع البيانات التي تخصّك، من كلمات البحث التي تستخدمها للبحث على الإنترنت، إلى مراكز اهتمامك، إلى حالتك الصّحّيّة، وما إلى ذلك. ماذا لو قلت لك بأننا نعيش فعليًا في هذا الزّمن، لكن بدل أن يُفرض عليك الأمر فرضَا وبدل أن تتقدّم إلى مركز الشرطة للتبليغ عن هذه المعلومات، فإننا -وبكل بساطة- نقدّمها للشركات وللسلطات الأمنية على حد سواء على طبق من ذهب وبكل طواعية.
الكتاب يتحدث عن ماكينة تعقّب البشر التي أصبحت امتدادًا طبيعيا لاستخدامنا للتكنولوجيات الحديثة، عن كيف يُمكن معرفة أدق التفاصيل عنّا من خلال الكم الهائل من البيانات والب��انات الوصفية* التي "تولّدها" مُختلف التطبيقات الخدمات التي نستخدمها في حياتنا اليومية، عن الأخطار التي تُهدّدنا وتُهدّد خصوصياتنا بسبب ذلك، وكيف يُمكن الحدّ من ذلك (خاصّة للشركات والحكومات).
من بين أهم الأفكار التي ترسّبت لدي بعد الفراغ من الكتاب:
- البيانات الوصفية لا تقل أهمّية عن البيانات في حد ذاتها. بعبارة أخرى إن سمعت مسؤولا/مؤسس خدمة آخر يقول لك بأننا لا نحتفظ برسائلك ولا نقرأها بل كل ما نقوم بحفظه هو البيانات الوصفية (يعني من أرسل الرسالة ومن استقبلها، ومتى أرسلتها ونحو ذلك من البيانات حول الرسائل مقارنة بنص الرسالة في حد ذاتها) فاعلم أنه يُمكن استخلاص الكثير من مجرد تلك البيانات الوصفية، بل وفي الكثير من الحالات ما يُمكن استخلاصه من البيانات الوصفية يفوق ما يُمكن استخلاصه من الرسائل في حد ذاتها. فعلى سبيل المثال يُمكن استخلاص توقيت استيقاظك وخلودك إلى النوم من مجرد تحليل أوقات نشرك على شبكات التواصل الاجتماعي. بل ويُمكن أيضا معرفة عنوان سكنك، ومقر عملك من البيانات الوصفية المُتعلقة باستخدامك لهاتفك المحمول.
- الفكرة التي تنص على "من ليس لديه ما يُخفيه لن يحتاج فعليًا إلى الخصوصية" هي إحدى المُغالطات الأكثر انتشارًا بين عامة الناس والتي يصعب إقناعهم بعدم صحّتها. الخصوصية في حد ذاتها في غاية الأهمية ونحتاج أن نعمل جاهدين على حمايتها.
- لا وجود لما يمكن وصفه ببيانات مجهولة المصدر **. المقصود بذلك هو تلك البيانات التي يستخدمها الباحثون في مُختلف المجالات والتي يحصلون عليها بعد أن تُحذف هويات أصحابها. على سبيل المثال قد يحصل باحث ما على البيانات الوصفية لمجموعة من الرسائل التي تُرسل على بعض الشبكات الاجتماعية بعد أن يتم حذف البيانات التي يُمكن أن تؤدي إلى معرفة أصحابها. أشار الكاتب إلى أنه وبحكم توفر مصادر عديدة لمثل هذه البيانات مجهولة المصدر فإن ربط تلك البيانات بأصحابها الفعليين هي مسألة وقت، واستعرض عدّة أمثلة عن ذلك.
- الأدهى والأمر، أشار الكاتب بأنه رغم توفّر العديد من الطرق لحماية الخصوصية على الإنترنت فإن بعض الجهات المُختصّة (وكالة الاستخبارات المركزية الأمريكية*** على سبيل المثال) تستطيع استهداف حتى الأشخاص الذي يُحاولون التخفي. فعلى سبيل المثال لا الحصر، يكفي لمن يُحاول التخفي أن يُخطأ خطأ واحدًا (كأن يفتح بريده "الخاص" في مقر عمله أو في بيته) ليقضي على كامل جهود التخفي التي قام بها، حيث سيسهل حينها ربط تلك "الشخصية المجهولة" بشخصه بشكل مباشر. بل ويُمكن حتى استخدام تقنيات أكثر تقدمًا. لنفرض مثلًا أنك تستخدم هاتفًا خاصًا لدى قيامك ببعض الأعمال التي لا ترغب في أن تُرتبط باسمك. فيمكن مثلا تتبع أرقام الهواتف التي "تختفي" من الشبكة في الفترة التي تظهر فيها "الأرقام المجهولة" التي تُستخدم بدل ذلك. يُمكن أيضا اكتشاف وجود علاقات بين أشخاص لا يتواصلون بشكل مباشر (خاصة ما تعلّق بقضايا الإرهاب) فعلى سبيل المثال يُمكن للعديد من الجهات الأمنية استخراج جميع الأرقام التي ظهرت في أماكن مُعيّنة وفي أوقات مُعيّنة (لتبادل معلومات يدًا بيد على سبيل المثال). بل ويُمكن أيضا لبعض الجهات الأمنية معرفة ما إذا كانت بعض عناصرها (وجواسيسها) محل اشتباه أو تتبّع عبر معرفة أرقام الهواتف التي تظهر دائما في المناطق التي يظهر فيها رقم هاتف الجاسوس/العنصر.
- يشير الكاتب إلى نظام المُراقبة العالمي الذي نعيش فيه سيتسبب في إيقاف عجلة التقدّم الاجتماعي. يرى الكاتب بأنه لا يجب أن نسعى إلى القبض على جميع من ارتكب أي جنحة مهما كانت طبيعتها، فيجب أن نترك مجالا لارتكاب ما يُمكن أن يوصف بالجنح في وقتنا الراهن دون أن يتعرض أصحابها للمساءلة القانونية. ما يقصده الكاتب هنا هو تلك الجرائم/الجنح التي لم تكن لتُكتشف لولا المراقبة اللصيقة لجميع المواطنين. يستشهد الكاتب بأستاذ القانون يوشاي بنكلر الذي يقول "عدم الكمال هو إحدى الركائز الأساسية للحرية" ****. المقصود هنا هو أنه لو بنينا نظام مراقبة/قضاء كامل (لا يُغادر صغيرة ولا كبيرة إلا وعاقب مقترفها) فإن العديد مما كان يُنظر إليه سابقًا كجنح/مُخالفات ثم تطوّرت لتصبح "محل نظر" ثم أصبحت مقبولة ومسموحة لم تكن لتعرف هذا التطور. من بين الأمثلة التي ذكرها التمييز العنصري. فلو كانت القوانين التي تشرع ذلك تُطبّق على كل من يُعارضها بصرامة وبكفاءة عالية لما عرفت البشرية أي تقدّم فيها يخص مُناهضة العنصرية.
- القانون الأمريكي يمنع بقوة القانون الأشخاص الذين سبق لهم فضح أسرار وكالة الاستخبارات الأمريكية من الدفاع عن ما قاموا به. بعبارة أخرى دعوات العديد من السياسيين لإدوارد سنودن الرجوع إلى أمريكا والدفاع عن ما قام به في محكمة أمريكية هو مجرد ذر للرماد للعيون لأنه -وبكل بساطة- لا يسمح له القانون بالدفاع عن نفسه.
- العديد من الشركات والمتاجر تظهر لك سعرًا مُختلفًا ليس على حسب تاريخ تصفّحك فحسب وإنما حتى حسب المسافة التي تفصل المكان الذي أنت فيه حاليًا (من أين تتصفح المُنتج) من أقرب نقطة بيع لذلك المُنتج.
- رغم كل ما يُشاع حول أن تجميع أكبر قدر من البيانات على المُواطنين في أي بلد يُساهم في القضاء على الإرهاب بل وحتى إحباط مخططات إرهابية قبل حصولها، فإنه لا توجد أية أدلة على ذلك، فجميع المُخططات الإرهابية التي أُحبِطت كانت نتيجة للمراقبة المُستهدفة وليس عبر المُراقبة العامة ***** . بعبارة أخرى، رغم الثمن الغالي الذي يُدفع (التخلي عن خصوصياتنا) إلا أن النتيجة صفر.
- تقوم وكالة الاستخبارات الأمريكية بزرع ثغرات أمنية في العديد من المُنتجات (برمجيات وعتاد) سواء بعلم أو من دون عِلم الجهات المُصنّعة (وربما حتى بتواطؤ بعض الموظّفين في تلك الشركات) وذلك للتجسس حتى على الدول التي تُعتبر صديقة. عادة ما تعترض الوكالة شحنات بعض العتاد لزرع تلك الثغرات الأمنية فيها. هذا ما يُفسّر توجّس السلطات الأمريكية من العتاد الصيني في القطاعات الحساسة، حيث أنها لا تستبعد أن تقوم السلطات الصينية بعمل مُشابه.
- تشتري وكالة الاستخبارات الأمريكية الثغرات الأمريكية المُكتشفة وغير المُعلنة والتي تُسمى بثغرات زيرو داي******. لا تقوم الوكالة بإعلام الجهات المعنية بالثغرات لسدّها وإنما تعمل على استغلالها للتجسس. أفضل دليل على ذلك هو فيروس ستوكسنت الذي استغل 3 ثغرات زيرو داي مُختلفة في نظام تشغيل ويندوز لتنفيذ مهمّته. السؤال المطروح هو كم عدد الثغرات التي لا تزال في جُعبة الوكالة وكم عدد الدول التي تعمل على برامج مُشابهة. تجدر الإشارة إلى أن سوق بيع الثغرات سوق مزدهر ويدر دخلا كبيرًا على مُكتشفي الثغرات، حيث يستطيع المُكتشف أن يحصل على عشرات أضعاف ما قد يحصل عليه إن هو بلّغ عن الثغرة عبر القنوات الرسمية للمُنتج الذي يُعاني من الثغرة. يشير الكاتب إلى أن هذه المُمارسة تقيّض الأمن العالمي (وحتى الأمن القومي الأمريكي) لأن ترك تلك الثغرات مفتوحة سيسمح أيضا لباقي الدول من استغلالها، بل وحتى استهداف المصالح الأمريكية من خلالها.
- لم يقدم الكاتب حلولًا مُباشرة للمُستخدم لحماية نفسه بل اقترح حلولًا للشركات وللحكومات. فعلى سبيل المثال اقترح أن تتحمل الشركات تبعات تعرض بياناتها للقرصنة وذلك عبر تغريمها إن حدث ذلك، مما سيجعلها تحتفظ فقط بالبيانات التي تحتاجها فعليًا (حاليًا يتم حفظ كل شيء على أمل أن تجد الشركات سبيلا إلى استغلالها) أما فيما يخص الحكومات فيقترح مزيدا من الشفافية فيما يخص البيانات المُجمّعة وحماية أفضل لمن يكشف عن استغلال سيء للبيانات الشخصية.
- بحكم تغلل نظام مُراقبة وكالة الاستخبارات الأمريكية في كل مكان، فإنه عادة ما تتشارك البيانات مع مكتب التحقيقات الفيديرالي حول بعض القضايا التي يُحقّق فيها المكتب، ثم تطلب منه أن تجد طريقة أخرى تكون قانونية للوصول إلى نفس النتائج بحكم أن البيانات الأولى جُمِعت بطريقة غير قانونية. بعبارة أخرى، لما تصل تحقيقات مكتب إف بي آي إلى طريق مسدود، تستعين بالبيانات غير القانونية لدى سي آي إي لتجد حلًا ثم تحاول إعطاء صبغة قانونية للأمر. يشير الكاتب إلى أن أحد الأمثلة المُحتملة لهذا التعاون هو عملية إلقاء القبض على مُؤسس موقع سيلك رود الذي يعمل في الويب الخفي.
- أمريكا لديها شراكات أمنية/استخباراتية مع أغلب بلدان العالم وتتجسس على الجميع دون استثناء. قد تشترط بعض الدول أن لا تستهدف أمريكا مواطنيها عبر البيانات التي تتشاركها معها وهو أمر توافق عليه أمريكا، لكنها تستخدم بيانات من طرف بلدان أخرى للوصول إلى نفس الهدف. يعني تستخدم البيانات التي حصلت عليها من فرنسا للتجسس على ألمانيا وتستخدم البيانات التي حصلت عليها من ألمانيا للتجسس على إسبانيا وهكذا دواليك.
- التّتبع واختراق الخصوصية أصبح أمرًا "عاديًا" لدرجة أن الكثيرين لم يعودوا يأبهون للأمر. يتساءل الكاتب كيف سيكون وضع البشرية بعد سنوات قليلة بعد أن يصبح أغلب مستخدمي التكنولوجيا من الفئة التي وُلدت وترعرعت في هذا الزمن، أين التتبّع أصبح مقترنا باستخدام الإنترنت. قد نكون آخر جيل يولي اهتمامًا للقضية وهذا أمر مُخيف.
- ربما من الحلول القليلة التي بقيت في يد المُستخدم هي جعل بياناته أصعب للتحليل عبر التشويش على الخوارزميات التي تُحلل سلوكه. يذكر الكاتب بعض أصدقائه الذين يقومون ببعض الجهود في هذا الجانب، وخص بالذكر صديقًا يقوم بشكل دوري بالبحث على فيس بوك على أسماء أشخاص لا يعرفهم ولا تربطه بهم أية علاقات، فقط ليعطي الانطباع بأنه يعرفهم وهذا لتضليل خوارزميات فيس بوك. في حين أن مثل هذه المُمارسات قد لا تكون مُفيدة ولا سهلة التنفيذ، إلا أنها تعطي صورة عن حالة اليأس التي وصلنا إليها فيها يخص حماية خصوصياتنا.
الكتاب احتوى كما مُعتبرًا من المعلومات ومن القصص والأمثلة التي تعطي صورة قاتمة على ما يحدث في مجال التجسس/المراقبة على نطاق واسع، وعالج قضايا في غاية الأهمية، لكن يفتقد -ولكي أستعير من إحدى مُراجعات هذا الكتاب- إلى قصّة أو تسلسل قصصي يسهل تذكّر مُحتواه وتشارك أفكاره مع غيرنا (يعني يصعب تلخيص محتواه في فقرة بسيطة).
إضافة إلى ذلك لم أفهم سر استخدام هذه الصيغة بالذات في عنوان الكتاب، وأقصد هنا استبدال "داوود" بـ "بيانات" في العبارة/المقارنة الشهيرة "داوود وجالوت".
رغم أن الكتاب لم يحتوِ على معلومات غير متوفرة في مصادر أخرى، إلّا أنه يصلح كمقدّمة جيّدة فيما يخص حماية الخصوصية خاصة للأشخاص الذين لم يسبق لهم الاهتمام بالموضوع أو أنهم لم يعطوا مسألة حماية الخصوصية حقّها من البحث والتفكير.
---
* البيانات الوصفية meta data
** بيانات مجهولة المصدر anonymised data
*** وكالة الاستخبارات الأمريكية CIA
**** Imperfection is a core dimension of freedom
***** للمراقبة المُستهدفة targeted surveillance / المُراقبة العامة mass surveillance
****** zero day
سبق وأن نشرت هذا المقال على مُدوّنتي هنا: http://www.it-scoop.com/2018/08/data-...
الكتاب يتحدث عن ماكينة تعقّب البشر التي أصبحت امتدادًا طبيعيا لاستخدامنا للتكنولوجيات الحديثة، عن كيف يُمكن معرفة أدق التفاصيل عنّا من خلال الكم الهائل من البيانات والب��انات الوصفية* التي "تولّدها" مُختلف التطبيقات الخدمات التي نستخدمها في حياتنا اليومية، عن الأخطار التي تُهدّدنا وتُهدّد خصوصياتنا بسبب ذلك، وكيف يُمكن الحدّ من ذلك (خاصّة للشركات والحكومات).
من بين أهم الأفكار التي ترسّبت لدي بعد الفراغ من الكتاب:
- البيانات الوصفية لا تقل أهمّية عن البيانات في حد ذاتها. بعبارة أخرى إن سمعت مسؤولا/مؤسس خدمة آخر يقول لك بأننا لا نحتفظ برسائلك ولا نقرأها بل كل ما نقوم بحفظه هو البيانات الوصفية (يعني من أرسل الرسالة ومن استقبلها، ومتى أرسلتها ونحو ذلك من البيانات حول الرسائل مقارنة بنص الرسالة في حد ذاتها) فاعلم أنه يُمكن استخلاص الكثير من مجرد تلك البيانات الوصفية، بل وفي الكثير من الحالات ما يُمكن استخلاصه من البيانات الوصفية يفوق ما يُمكن استخلاصه من الرسائل في حد ذاتها. فعلى سبيل المثال يُمكن استخلاص توقيت استيقاظك وخلودك إلى النوم من مجرد تحليل أوقات نشرك على شبكات التواصل الاجتماعي. بل ويُمكن أيضا معرفة عنوان سكنك، ومقر عملك من البيانات الوصفية المُتعلقة باستخدامك لهاتفك المحمول.
- الفكرة التي تنص على "من ليس لديه ما يُخفيه لن يحتاج فعليًا إلى الخصوصية" هي إحدى المُغالطات الأكثر انتشارًا بين عامة الناس والتي يصعب إقناعهم بعدم صحّتها. الخصوصية في حد ذاتها في غاية الأهمية ونحتاج أن نعمل جاهدين على حمايتها.
- لا وجود لما يمكن وصفه ببيانات مجهولة المصدر **. المقصود بذلك هو تلك البيانات التي يستخدمها الباحثون في مُختلف المجالات والتي يحصلون عليها بعد أن تُحذف هويات أصحابها. على سبيل المثال قد يحصل باحث ما على البيانات الوصفية لمجموعة من الرسائل التي تُرسل على بعض الشبكات الاجتماعية بعد أن يتم حذف البيانات التي يُمكن أن تؤدي إلى معرفة أصحابها. أشار الكاتب إلى أنه وبحكم توفر مصادر عديدة لمثل هذه البيانات مجهولة المصدر فإن ربط تلك البيانات بأصحابها الفعليين هي مسألة وقت، واستعرض عدّة أمثلة عن ذلك.
- الأدهى والأمر، أشار الكاتب بأنه رغم توفّر العديد من الطرق لحماية الخصوصية على الإنترنت فإن بعض الجهات المُختصّة (وكالة الاستخبارات المركزية الأمريكية*** على سبيل المثال) تستطيع استهداف حتى الأشخاص الذي يُحاولون التخفي. فعلى سبيل المثال لا الحصر، يكفي لمن يُحاول التخفي أن يُخطأ خطأ واحدًا (كأن يفتح بريده "الخاص" في مقر عمله أو في بيته) ليقضي على كامل جهود التخفي التي قام بها، حيث سيسهل حينها ربط تلك "الشخصية المجهولة" بشخصه بشكل مباشر. بل ويُمكن حتى استخدام تقنيات أكثر تقدمًا. لنفرض مثلًا أنك تستخدم هاتفًا خاصًا لدى قيامك ببعض الأعمال التي لا ترغب في أن تُرتبط باسمك. فيمكن مثلا تتبع أرقام الهواتف التي "تختفي" من الشبكة في الفترة التي تظهر فيها "الأرقام المجهولة" التي تُستخدم بدل ذلك. يُمكن أيضا اكتشاف وجود علاقات بين أشخاص لا يتواصلون بشكل مباشر (خاصة ما تعلّق بقضايا الإرهاب) فعلى سبيل المثال يُمكن للعديد من الجهات الأمنية استخراج جميع الأرقام التي ظهرت في أماكن مُعيّنة وفي أوقات مُعيّنة (لتبادل معلومات يدًا بيد على سبيل المثال). بل ويُمكن أيضا لبعض الجهات الأمنية معرفة ما إذا كانت بعض عناصرها (وجواسيسها) محل اشتباه أو تتبّع عبر معرفة أرقام الهواتف التي تظهر دائما في المناطق التي يظهر فيها رقم هاتف الجاسوس/العنصر.
- يشير الكاتب إلى نظام المُراقبة العالمي الذي نعيش فيه سيتسبب في إيقاف عجلة التقدّم الاجتماعي. يرى الكاتب بأنه لا يجب أن نسعى إلى القبض على جميع من ارتكب أي جنحة مهما كانت طبيعتها، فيجب أن نترك مجالا لارتكاب ما يُمكن أن يوصف بالجنح في وقتنا الراهن دون أن يتعرض أصحابها للمساءلة القانونية. ما يقصده الكاتب هنا هو تلك الجرائم/الجنح التي لم تكن لتُكتشف لولا المراقبة اللصيقة لجميع المواطنين. يستشهد الكاتب بأستاذ القانون يوشاي بنكلر الذي يقول "عدم الكمال هو إحدى الركائز الأساسية للحرية" ****. المقصود هنا هو أنه لو بنينا نظام مراقبة/قضاء كامل (لا يُغادر صغيرة ولا كبيرة إلا وعاقب مقترفها) فإن العديد مما كان يُنظر إليه سابقًا كجنح/مُخالفات ثم تطوّرت لتصبح "محل نظر" ثم أصبحت مقبولة ومسموحة لم تكن لتعرف هذا التطور. من بين الأمثلة التي ذكرها التمييز العنصري. فلو كانت القوانين التي تشرع ذلك تُطبّق على كل من يُعارضها بصرامة وبكفاءة عالية لما عرفت البشرية أي تقدّم فيها يخص مُناهضة العنصرية.
- القانون الأمريكي يمنع بقوة القانون الأشخاص الذين سبق لهم فضح أسرار وكالة الاستخبارات الأمريكية من الدفاع عن ما قاموا به. بعبارة أخرى دعوات العديد من السياسيين لإدوارد سنودن الرجوع إلى أمريكا والدفاع عن ما قام به في محكمة أمريكية هو مجرد ذر للرماد للعيون لأنه -وبكل بساطة- لا يسمح له القانون بالدفاع عن نفسه.
- العديد من الشركات والمتاجر تظهر لك سعرًا مُختلفًا ليس على حسب تاريخ تصفّحك فحسب وإنما حتى حسب المسافة التي تفصل المكان الذي أنت فيه حاليًا (من أين تتصفح المُنتج) من أقرب نقطة بيع لذلك المُنتج.
- رغم كل ما يُشاع حول أن تجميع أكبر قدر من البيانات على المُواطنين في أي بلد يُساهم في القضاء على الإرهاب بل وحتى إحباط مخططات إرهابية قبل حصولها، فإنه لا توجد أية أدلة على ذلك، فجميع المُخططات الإرهابية التي أُحبِطت كانت نتيجة للمراقبة المُستهدفة وليس عبر المُراقبة العامة ***** . بعبارة أخرى، رغم الثمن الغالي الذي يُدفع (التخلي عن خصوصياتنا) إلا أن النتيجة صفر.
- تقوم وكالة الاستخبارات الأمريكية بزرع ثغرات أمنية في العديد من المُنتجات (برمجيات وعتاد) سواء بعلم أو من دون عِلم الجهات المُصنّعة (وربما حتى بتواطؤ بعض الموظّفين في تلك الشركات) وذلك للتجسس حتى على الدول التي تُعتبر صديقة. عادة ما تعترض الوكالة شحنات بعض العتاد لزرع تلك الثغرات الأمنية فيها. هذا ما يُفسّر توجّس السلطات الأمريكية من العتاد الصيني في القطاعات الحساسة، حيث أنها لا تستبعد أن تقوم السلطات الصينية بعمل مُشابه.
- تشتري وكالة الاستخبارات الأمريكية الثغرات الأمريكية المُكتشفة وغير المُعلنة والتي تُسمى بثغرات زيرو داي******. لا تقوم الوكالة بإعلام الجهات المعنية بالثغرات لسدّها وإنما تعمل على استغلالها للتجسس. أفضل دليل على ذلك هو فيروس ستوكسنت الذي استغل 3 ثغرات زيرو داي مُختلفة في نظام تشغيل ويندوز لتنفيذ مهمّته. السؤال المطروح هو كم عدد الثغرات التي لا تزال في جُعبة الوكالة وكم عدد الدول التي تعمل على برامج مُشابهة. تجدر الإشارة إلى أن سوق بيع الثغرات سوق مزدهر ويدر دخلا كبيرًا على مُكتشفي الثغرات، حيث يستطيع المُكتشف أن يحصل على عشرات أضعاف ما قد يحصل عليه إن هو بلّغ عن الثغرة عبر القنوات الرسمية للمُنتج الذي يُعاني من الثغرة. يشير الكاتب إلى أن هذه المُمارسة تقيّض الأمن العالمي (وحتى الأمن القومي الأمريكي) لأن ترك تلك الثغرات مفتوحة سيسمح أيضا لباقي الدول من استغلالها، بل وحتى استهداف المصالح الأمريكية من خلالها.
- لم يقدم الكاتب حلولًا مُباشرة للمُستخدم لحماية نفسه بل اقترح حلولًا للشركات وللحكومات. فعلى سبيل المثال اقترح أن تتحمل الشركات تبعات تعرض بياناتها للقرصنة وذلك عبر تغريمها إن حدث ذلك، مما سيجعلها تحتفظ فقط بالبيانات التي تحتاجها فعليًا (حاليًا يتم حفظ كل شيء على أمل أن تجد الشركات سبيلا إلى استغلالها) أما فيما يخص الحكومات فيقترح مزيدا من الشفافية فيما يخص البيانات المُجمّعة وحماية أفضل لمن يكشف عن استغلال سيء للبيانات الشخصية.
- بحكم تغلل نظام مُراقبة وكالة الاستخبارات الأمريكية في كل مكان، فإنه عادة ما تتشارك البيانات مع مكتب التحقيقات الفيديرالي حول بعض القضايا التي يُحقّق فيها المكتب، ثم تطلب منه أن تجد طريقة أخرى تكون قانونية للوصول إلى نفس النتائج بحكم أن البيانات الأولى جُمِعت بطريقة غير قانونية. بعبارة أخرى، لما تصل تحقيقات مكتب إف بي آي إلى طريق مسدود، تستعين بالبيانات غير القانونية لدى سي آي إي لتجد حلًا ثم تحاول إعطاء صبغة قانونية للأمر. يشير الكاتب إلى أن أحد الأمثلة المُحتملة لهذا التعاون هو عملية إلقاء القبض على مُؤسس موقع سيلك رود الذي يعمل في الويب الخفي.
- أمريكا لديها شراكات أمنية/استخباراتية مع أغلب بلدان العالم وتتجسس على الجميع دون استثناء. قد تشترط بعض الدول أن لا تستهدف أمريكا مواطنيها عبر البيانات التي تتشاركها معها وهو أمر توافق عليه أمريكا، لكنها تستخدم بيانات من طرف بلدان أخرى للوصول إلى نفس الهدف. يعني تستخدم البيانات التي حصلت عليها من فرنسا للتجسس على ألمانيا وتستخدم البيانات التي حصلت عليها من ألمانيا للتجسس على إسبانيا وهكذا دواليك.
- التّتبع واختراق الخصوصية أصبح أمرًا "عاديًا" لدرجة أن الكثيرين لم يعودوا يأبهون للأمر. يتساءل الكاتب كيف سيكون وضع البشرية بعد سنوات قليلة بعد أن يصبح أغلب مستخدمي التكنولوجيا من الفئة التي وُلدت وترعرعت في هذا الزمن، أين التتبّع أصبح مقترنا باستخدام الإنترنت. قد نكون آخر جيل يولي اهتمامًا للقضية وهذا أمر مُخيف.
- ربما من الحلول القليلة التي بقيت في يد المُستخدم هي جعل بياناته أصعب للتحليل عبر التشويش على الخوارزميات التي تُحلل سلوكه. يذكر الكاتب بعض أصدقائه الذين يقومون ببعض الجهود في هذا الجانب، وخص بالذكر صديقًا يقوم بشكل دوري بالبحث على فيس بوك على أسماء أشخاص لا يعرفهم ولا تربطه بهم أية علاقات، فقط ليعطي الانطباع بأنه يعرفهم وهذا لتضليل خوارزميات فيس بوك. في حين أن مثل هذه المُمارسات قد لا تكون مُفيدة ولا سهلة التنفيذ، إلا أنها تعطي صورة عن حالة اليأس التي وصلنا إليها فيها يخص حماية خصوصياتنا.
الكتاب احتوى كما مُعتبرًا من المعلومات ومن القصص والأمثلة التي تعطي صورة قاتمة على ما يحدث في مجال التجسس/المراقبة على نطاق واسع، وعالج قضايا في غاية الأهمية، لكن يفتقد -ولكي أستعير من إحدى مُراجعات هذا الكتاب- إلى قصّة أو تسلسل قصصي يسهل تذكّر مُحتواه وتشارك أفكاره مع غيرنا (يعني يصعب تلخيص محتواه في فقرة بسيطة).
إضافة إلى ذلك لم أفهم سر استخدام هذه الصيغة بالذات في عنوان الكتاب، وأقصد هنا استبدال "داوود" بـ "بيانات" في العبارة/المقارنة الشهيرة "داوود وجالوت".
رغم أن الكتاب لم يحتوِ على معلومات غير متوفرة في مصادر أخرى، إلّا أنه يصلح كمقدّمة جيّدة فيما يخص حماية الخصوصية خاصة للأشخاص الذين لم يسبق لهم الاهتمام بالموضوع أو أنهم لم يعطوا مسألة حماية الخصوصية حقّها من البحث والتفكير.
---
* البيانات الوصفية meta data
** بيانات مجهولة المصدر anonymised data
*** وكالة الاستخبارات الأمريكية CIA
**** Imperfection is a core dimension of freedom
***** للمراقبة المُستهدفة targeted surveillance / المُراقبة العامة mass surveillance
****** zero day
سبق وأن نشرت هذا المقال على مُدوّنتي هنا: http://www.it-scoop.com/2018/08/data-...
March 24, 2015
Reading this book was deeply unsettling. After Edward Snowden, perhaps none of us is naive about how easily information about any of us can be found, but the author (whom the dust jacket bills as "one of the world's foremost security experts") takes the reader into the belly of the beast, as it were. After the first chapter, I was reeling. I work with a colleague who is extremely careful with her electronic trail. I had always thought maybe she was a bit paranoid. I would blithely think, "oh, I'm too boring for anyone to care to track". Ha! We are ALL being tracked. The author says that people often say, "if you have nothing to hide, you have nothing to worry about". He notes that that patently understates the problem. People change, society changes, when you feel as though there is always someone watching. As he notes on page 32:
"Philosopher Jeremy Bentham conceived of his "panopticon" in the late 1700s as a way to build cheaper prisons. His idea was a prison where every inmate could be surveilled at any time, unawares. The inmate would have no choice but to assume that he was always being watched, and would therefore conform. This idea has been used as a metaphor for mass personal data collection, both on the Internet and off. On the Internet, surveillance is ubiquitous. All of us are being watched, all the time, and that data is being stored forever. This is what an information-age surveillance state looks like, and it's efficient beyond Bentham's wildest dreams."
The last section of the book has chapters with "solutions for government", "solutions for corporations", and "solutions for the rest of us". In the course of the book he details how corporations track us in order to sell us more stuff, while government forces the corporations to share the data, and often to create "back doors" to data that compromise security for everyone. He does , however, discourage fatalism, saying (on page 225):
"There is strength in numbers, and if the public outcry grows, governments and corporations will be forced to respond. We are trying to prevent an authoritarian government like the one portrayed in Orwell's 'Nineteen Eighty-Four', and a corporate-ruled state like the ones portrayed in countless dystopian cyberpunk science fiction novels. We are nowhere near either of those endpoints, but the train is moving in both those directions, and we need to apply the brakes."
He says we, as a society, have been ready to give up freedom for a sense of security, so stoking our fear has been a way to intrude on our privacy without an outcry. He notes that this is not unique to our own time period. On page 235, he comments:
"The government offers us this deal: if you let us have all of your data, we can protect you from crime and terrorism. It's a rip-off. It doesn't work. And, it overemphasizes group security at the expense of individual security. The bargain Google offers us is similar, and it's similarly out of balance: if you let us have all of your data and give up your privacy, we will show you advertisements you want to see---and we'll throw in free web search, e-mail, and all sorts of other services. Companies like Google and Facebook can only make that bargain when enough of us give up our privacy. The group can only benefit if enough individuals acquiesce."
He goes on to say (page 237):
"The big question is this: how do we design systems that make use of our data collectively to benefit society as a whole, while at the same time protecting people individually?....This is the fundamental issue of the information age. We can solve it, but it will require careful thinking about the specific issues and moral analysis of how different solutions affect our core values."
With 120 pages of bibliographical notes, you could really dig into this topic. Myself, I think I need to let all this settle a bit. As I said, it is creepy and unsettling...
"Philosopher Jeremy Bentham conceived of his "panopticon" in the late 1700s as a way to build cheaper prisons. His idea was a prison where every inmate could be surveilled at any time, unawares. The inmate would have no choice but to assume that he was always being watched, and would therefore conform. This idea has been used as a metaphor for mass personal data collection, both on the Internet and off. On the Internet, surveillance is ubiquitous. All of us are being watched, all the time, and that data is being stored forever. This is what an information-age surveillance state looks like, and it's efficient beyond Bentham's wildest dreams."
The last section of the book has chapters with "solutions for government", "solutions for corporations", and "solutions for the rest of us". In the course of the book he details how corporations track us in order to sell us more stuff, while government forces the corporations to share the data, and often to create "back doors" to data that compromise security for everyone. He does , however, discourage fatalism, saying (on page 225):
"There is strength in numbers, and if the public outcry grows, governments and corporations will be forced to respond. We are trying to prevent an authoritarian government like the one portrayed in Orwell's 'Nineteen Eighty-Four', and a corporate-ruled state like the ones portrayed in countless dystopian cyberpunk science fiction novels. We are nowhere near either of those endpoints, but the train is moving in both those directions, and we need to apply the brakes."
He says we, as a society, have been ready to give up freedom for a sense of security, so stoking our fear has been a way to intrude on our privacy without an outcry. He notes that this is not unique to our own time period. On page 235, he comments:
"The government offers us this deal: if you let us have all of your data, we can protect you from crime and terrorism. It's a rip-off. It doesn't work. And, it overemphasizes group security at the expense of individual security. The bargain Google offers us is similar, and it's similarly out of balance: if you let us have all of your data and give up your privacy, we will show you advertisements you want to see---and we'll throw in free web search, e-mail, and all sorts of other services. Companies like Google and Facebook can only make that bargain when enough of us give up our privacy. The group can only benefit if enough individuals acquiesce."
He goes on to say (page 237):
"The big question is this: how do we design systems that make use of our data collectively to benefit society as a whole, while at the same time protecting people individually?....This is the fundamental issue of the information age. We can solve it, but it will require careful thinking about the specific issues and moral analysis of how different solutions affect our core values."
With 120 pages of bibliographical notes, you could really dig into this topic. Myself, I think I need to let all this settle a bit. As I said, it is creepy and unsettling...
March 12, 2016
There is nothing that has made me more frightened of the prospect of Donald Trump as US President than reading this book. This is not because the book mentions Trump - it is a safe Trump-less read - but because the detailed image Schneier draws of the NSA, and its frenemies Google, Apple and other tech companies (not to mention low-profile security start-ups) offers a truly terrifying secret police state, able not only to know what we are thinking, but also to shape it. Schneier's moderate, chatty, factual tone counteracts the dystopian-future content, but of course, this simply reinforces the dawning realisation that we are at the dawn of technology/state/corporate alliances that could fundamentally change how democracy and society work.
The spine of the book is Schneier drawing on various sources - he heavily uses Snowden's leaked info but also records from various court cases, journalistic investigations and his own work (all meticulously footnoted for easy self-research) - to explain how data is collected, stored, traded and used by governments and corporations. The *strength* of the book though - the thing that will make it worth reading long after this info is out of date - is Schneier's clear understanding of *why* this occurs: how mass surveillance is about social control, whether that is exerted to stop us protesting or taking drugs, or to sell us things we don't need. Schneier carefully demolishes the myth that surveillance fights terrorism - devastatingly, he asserts (with footnotes!) that not a single terrorist attack has been prevented through mass surveillance techniques - all pre-emptive arrests have been the result of old-fashioned targeted investigation techniques. This makes sense, he points out - mass surveillance creates a huge amount of signal *noise* in the context of very rare, very secretive crime. If you are looking for a needle in a haystack, the last thing you want to do is pile on a lot more hay.
But mass surveillance works very well for social control. And yes, there is the standard panopticon reference here. But Schneier points out that knowing that everywhere we go, we are captured on camera - that if Trump became president and wanted a list of every person who attended a migrant rights rally last year, and their personal details, and hell, breakfast cereal preferences, this would be a trivial request for the NSA - this changes the way we start to behave. In this context, Schneier even talks about the importance of law breaking in changing stupid laws - with reference to LGBTI rights, marijuana legalisation etc. Even if we could assume that surveillance was only used to enforce perfect compliance with the law, this would stunt our growth as a society, our capacity to adjust and develop.
But even scarier is the trade and exploitation of personal data to interested stakeholders. So, if you make baby formula and you want a list of potential customers, you would pay handsomely for a list of low-income working pregnant women who lack any maternity leave, for example - a key target market. Or maybe a list of "gullible seniors" for legal scam artists? (This exists, and someone was actually prosecuted for selling it, based on browser data obtained legally). Or maybe you want to sell your 16-airbag, bulletproof six-figure car to people who lost loved ones in car accidents?
Schneier's scariest content for me was the swirl of data between commercial exploiters and the government - on the one hand, the NSA could be assumed to have free rein access to Google and Apple metadata - pretty much everything moving through smart phones from GPS to email to your candy crush habit - and on the other, governments sell data to raise cash. Incredibly, the British NHS is contemplating the sale of Brit's medical data, providing a rich resource for all those wanting to identify the sick and vulnerable to sell them things.
Of course, it is at the point that the pull is joined by a push, that we need to be aware of the power of Google et al. What would happen, asks Schneier, if Google suddenly decided only to show "enrol to vote" ads to Democrat voters? Statistically, that may be enough to swing an election. Or, as one real estate search service *did* do, show property ads only for neighborhoods of predominately the same race as the searcher? Or show firearms ads to suicidal people of a particular political, ethnic or cultural group? Or display reproductive services ads only to women from certain demographics?
Because I read neurosciencey stuff as well, one of the synergies which most hit me here was research that shows how influenced we are by the sequencing of information. So women who are reminded that men score better than women on math tests, will do worse in the test than those who weren't. Police who have just heard about a black man shooting a cop are more likely to shoot unarmed black men. What we see online, when we see it, and what follows on from that changes the way we react to situations around us. The power inherent in our mobile phones, our search engines, and our government databases is immense.
The question is, how do we define what we want to do with this technology? The kind of people we want to be?
And, finally, do we really want a world where our lives are totally transparent to those with power, but the workings of that power - the warrants, the algorithms, the extent of the surveillance - are as obscure as blackout curtains. Whose world is this anyway?
The spine of the book is Schneier drawing on various sources - he heavily uses Snowden's leaked info but also records from various court cases, journalistic investigations and his own work (all meticulously footnoted for easy self-research) - to explain how data is collected, stored, traded and used by governments and corporations. The *strength* of the book though - the thing that will make it worth reading long after this info is out of date - is Schneier's clear understanding of *why* this occurs: how mass surveillance is about social control, whether that is exerted to stop us protesting or taking drugs, or to sell us things we don't need. Schneier carefully demolishes the myth that surveillance fights terrorism - devastatingly, he asserts (with footnotes!) that not a single terrorist attack has been prevented through mass surveillance techniques - all pre-emptive arrests have been the result of old-fashioned targeted investigation techniques. This makes sense, he points out - mass surveillance creates a huge amount of signal *noise* in the context of very rare, very secretive crime. If you are looking for a needle in a haystack, the last thing you want to do is pile on a lot more hay.
But mass surveillance works very well for social control. And yes, there is the standard panopticon reference here. But Schneier points out that knowing that everywhere we go, we are captured on camera - that if Trump became president and wanted a list of every person who attended a migrant rights rally last year, and their personal details, and hell, breakfast cereal preferences, this would be a trivial request for the NSA - this changes the way we start to behave. In this context, Schneier even talks about the importance of law breaking in changing stupid laws - with reference to LGBTI rights, marijuana legalisation etc. Even if we could assume that surveillance was only used to enforce perfect compliance with the law, this would stunt our growth as a society, our capacity to adjust and develop.
But even scarier is the trade and exploitation of personal data to interested stakeholders. So, if you make baby formula and you want a list of potential customers, you would pay handsomely for a list of low-income working pregnant women who lack any maternity leave, for example - a key target market. Or maybe a list of "gullible seniors" for legal scam artists? (This exists, and someone was actually prosecuted for selling it, based on browser data obtained legally). Or maybe you want to sell your 16-airbag, bulletproof six-figure car to people who lost loved ones in car accidents?
Schneier's scariest content for me was the swirl of data between commercial exploiters and the government - on the one hand, the NSA could be assumed to have free rein access to Google and Apple metadata - pretty much everything moving through smart phones from GPS to email to your candy crush habit - and on the other, governments sell data to raise cash. Incredibly, the British NHS is contemplating the sale of Brit's medical data, providing a rich resource for all those wanting to identify the sick and vulnerable to sell them things.
Of course, it is at the point that the pull is joined by a push, that we need to be aware of the power of Google et al. What would happen, asks Schneier, if Google suddenly decided only to show "enrol to vote" ads to Democrat voters? Statistically, that may be enough to swing an election. Or, as one real estate search service *did* do, show property ads only for neighborhoods of predominately the same race as the searcher? Or show firearms ads to suicidal people of a particular political, ethnic or cultural group? Or display reproductive services ads only to women from certain demographics?
Because I read neurosciencey stuff as well, one of the synergies which most hit me here was research that shows how influenced we are by the sequencing of information. So women who are reminded that men score better than women on math tests, will do worse in the test than those who weren't. Police who have just heard about a black man shooting a cop are more likely to shoot unarmed black men. What we see online, when we see it, and what follows on from that changes the way we react to situations around us. The power inherent in our mobile phones, our search engines, and our government databases is immense.
The question is, how do we define what we want to do with this technology? The kind of people we want to be?
And, finally, do we really want a world where our lives are totally transparent to those with power, but the workings of that power - the warrants, the algorithms, the extent of the surveillance - are as obscure as blackout curtains. Whose world is this anyway?
March 25, 2018
My feelings about this book are all over the map so I'll present my thoughts in piecemeal fashion.
The author is very bright and knows the material intimately. The first third of the book (corporate data collection) is completely fascinating, I thought I'd finish the book in two days. The last two-thirds of the book read like a policy manual and are a complete slog; I couldn't wait to be done with the book.
The book was written in 2014 but is still quite relevant in 2018 (viz. Facebook in the headlines for the data it collects on its users, see Cambridge Analytica; concerns about the security of Huawei phones & devices).
We should be cautious with our use of Google (possibly use DuckDuckGo for our browsing needs instead); Facebook (reduce usage dramatically or eliminate use altogether); Amazon; Twitter; avoid online quizzes altogether.
I didn't care for the author's thoughts about how to break or sabotage government surveillance systems or his parting advice, "Pretty much everything in this category is illegal, so beware." I also didn't care for the author's advice to structure cash deposits to avoid currency reporting requirements (structuring is illegal too).
Edward Snowden gets the hero treatment for his NSA document leaks so keep that in mind as that may guide your feelings about the book.
The author is very bright and knows the material intimately. The first third of the book (corporate data collection) is completely fascinating, I thought I'd finish the book in two days. The last two-thirds of the book read like a policy manual and are a complete slog; I couldn't wait to be done with the book.
The book was written in 2014 but is still quite relevant in 2018 (viz. Facebook in the headlines for the data it collects on its users, see Cambridge Analytica; concerns about the security of Huawei phones & devices).
We should be cautious with our use of Google (possibly use DuckDuckGo for our browsing needs instead); Facebook (reduce usage dramatically or eliminate use altogether); Amazon; Twitter; avoid online quizzes altogether.
I didn't care for the author's thoughts about how to break or sabotage government surveillance systems or his parting advice, "Pretty much everything in this category is illegal, so beware." I also didn't care for the author's advice to structure cash deposits to avoid currency reporting requirements (structuring is illegal too).
Edward Snowden gets the hero treatment for his NSA document leaks so keep that in mind as that may guide your feelings about the book.
January 6, 2016
Data and Goliath is an eye-opening read. I mean, I understand how I'm under constant surveillance due to things like my smartphone or cookies or Facebook, and I understand that the government gets access to a lot of this information via the Snowden leaks, but I guess I never fully connected all the dots enough in a single unified understanding of my world. Bruce Schneier provides it.
Most of the book is somewhat technical, helping the reader understand how data about them is collected and used. It does a good job of disseminating the Snowden whistleblowing information as well, so it's all very informative. That being said, the level of information often made me feel hopeless, like there was nothing that could be done and I almost had to just accept that this is how life is now.
The final few chapters offer some respite from this feeling of hopelessness. It contains sections on what governments ought to do, what people should do in the macro sense, and even what people should do in the micro sense, just for themselves to avoid surveillance. Schneier isn't idealistic about it either, he's pragmatic, and fully admits that there are some data people will be willing to turn over for convenience, security, or usability. There's nothing wrong with that, everyone's got to find their sweet spot.
Mostly though, I just came away feeling like Bruce Schneier is a national treasure. Can I vote for him for some kind of public office? Anything really? In a world of seemingly limitless insanity, he's a consistently sane voice. I highly recommend everyone read Data and Goliath.
Most of the book is somewhat technical, helping the reader understand how data about them is collected and used. It does a good job of disseminating the Snowden whistleblowing information as well, so it's all very informative. That being said, the level of information often made me feel hopeless, like there was nothing that could be done and I almost had to just accept that this is how life is now.
The final few chapters offer some respite from this feeling of hopelessness. It contains sections on what governments ought to do, what people should do in the macro sense, and even what people should do in the micro sense, just for themselves to avoid surveillance. Schneier isn't idealistic about it either, he's pragmatic, and fully admits that there are some data people will be willing to turn over for convenience, security, or usability. There's nothing wrong with that, everyone's got to find their sweet spot.
Mostly though, I just came away feeling like Bruce Schneier is a national treasure. Can I vote for him for some kind of public office? Anything really? In a world of seemingly limitless insanity, he's a consistently sane voice. I highly recommend everyone read Data and Goliath.
March 3, 2015
Bruce Schneier covers all the bases, weaving together countless news stories and recent revelations to give us the big-picture view on data and its uses in our times. Pulled together in one place, Schneier illustrates the urgency of finding reasonable solutions to these hidden trade-offs that we’ve largely accepted because we never had much of a choice. And refreshingly, he offers his set of solutions and next steps.
Schneier's solutions—like “incent new business models” for corporations that run on data (which I agree — offer broad strokes, but lack practicalities of exactly *how* to do that. Also, Schneier does not present a concise definition of surveillance. He shows how the same data can be used for improving systems as can be used to monitor and track users to control or coerce them. But to me, it is important to unpack some dissection of *intent* in the use of that same data. A clearer definition of surveillance, to what ends, seems necessary.
This book is timely, and one of the first to lay down the stakes of our data-driven society. It is a must read for anyone with an interest and sense of the importance of our data-society: citizen, consumer, government employee, marketer, tech company, and so on.
Disclosure: Bruce is a friend and colleague at the Berkman Center for Internet and Society, and I had the honor to read and comment on drafts of the book in various forms.
Schneier's solutions—like “incent new business models” for corporations that run on data (which I agree — offer broad strokes, but lack practicalities of exactly *how* to do that. Also, Schneier does not present a concise definition of surveillance. He shows how the same data can be used for improving systems as can be used to monitor and track users to control or coerce them. But to me, it is important to unpack some dissection of *intent* in the use of that same data. A clearer definition of surveillance, to what ends, seems necessary.
This book is timely, and one of the first to lay down the stakes of our data-driven society. It is a must read for anyone with an interest and sense of the importance of our data-society: citizen, consumer, government employee, marketer, tech company, and so on.
Disclosure: Bruce is a friend and colleague at the Berkman Center for Internet and Society, and I had the honor to read and comment on drafts of the book in various forms.
March 30, 2016
I was pleasantly surprised by this book. I was expecting a shrill hyperventilating diatribe against pervasive surveillance and insistence on using air-gapped laptops and return to a cash-only economy.
In contrast it's a very reasonable overview of the current state of mass- / targeted surveillance and the current trends in data collection and mining, together with informed guesses about the way this is evolving. He suggests some ways of reducing the impact on individual privacy violations, and most of them are perfectly feasible.
He understands that many of todays data collection schemes have a net positive impact on humanity (improved medical data can help pharmaceutical research; improved real-time traffic monitoring helps you avoid pile-ups), but it's important to balance against individual privacy.
The specific examples are understandably US-centric and focus a lot on NSA, which is hardly surprising in light of the Snowden files, but a lot of the discussion is fairly generic.
In contrast it's a very reasonable overview of the current state of mass- / targeted surveillance and the current trends in data collection and mining, together with informed guesses about the way this is evolving. He suggests some ways of reducing the impact on individual privacy violations, and most of them are perfectly feasible.
He understands that many of todays data collection schemes have a net positive impact on humanity (improved medical data can help pharmaceutical research; improved real-time traffic monitoring helps you avoid pile-ups), but it's important to balance against individual privacy.
The specific examples are understandably US-centric and focus a lot on NSA, which is hardly surprising in light of the Snowden files, but a lot of the discussion is fairly generic.
February 26, 2017
Bruce Schneier is a great expert on digital privacy, security and their effects on society.
I started this book in 2015, set it aside (the tempo wasn't too good) for a while and finished in 2017. Pity, as I should have done it in one go. Quite a bit of the material is already slightly obsolete in 2017, with Privacy Shield, Trump, GDPR, ePrivacy and other aspects. I agree with Bruce's ideas. I approve that he tries to be constructive and give solutions. I wish that the world could move past the current social crises and tackle the concerns he talks about.
The writing is quite good and you have to respect the extensive research behind all claims in this book, this improves the quality a lot. Nevertheless, I see this book as a step on the path to us understanding the role of people, corporations and governments in digital societies.
I started this book in 2015, set it aside (the tempo wasn't too good) for a while and finished in 2017. Pity, as I should have done it in one go. Quite a bit of the material is already slightly obsolete in 2017, with Privacy Shield, Trump, GDPR, ePrivacy and other aspects. I agree with Bruce's ideas. I approve that he tries to be constructive and give solutions. I wish that the world could move past the current social crises and tackle the concerns he talks about.
The writing is quite good and you have to respect the extensive research behind all claims in this book, this improves the quality a lot. Nevertheless, I see this book as a step on the path to us understanding the role of people, corporations and governments in digital societies.
December 21, 2016
This is an important book that everyone should read. If you want to understand the ubiquity of mass surveillance, I highly recommend this book.
November 26, 2017
Ahhh, it has been TOO LONG, TECH/DIGITAL CIVIL LIBERTIES BOOK SHELF. Oh, how I missed thee. How I have missed thine refreshing icy showers. How inspired I am to finally go full Linux!
So this book is nothing new, if you've listened to The Surveillance State, or read Cory Doctorow, or were paying attention during Ed Snowden's explosive whistleblowing in 2013. I would also recommend Jaron Lanier and Sherry Turkle and the spam book and Richard Stallman, specifically his encyclopedic reasons not to use Facebook (the nudge that finally pushed me over into deleting my account).
Anyway, tl;dr: we have every reason to be paranoid, as total, mass surveillance by corporations and most governments is the de facto status quo in a post-9/11 world. We have a giant, automated, big data apparatus designed to know every intimacy of every person all the damn time. Most people don't realize this, and it's sucking the oxygen out of our freedom.
Schneier believes - and I agree with him - that the lazy security nihilism many people express (including some people I know *AHEM* especially younger people, shame on you kids) - anyway, that lazy idea that "why should I worry about [digital overlord]'s invasive privacy settings? ultimately, I have nothing to hide?" is a sign that: people are MASSIVELY underestimating how invasive these digital "services" are, and people are thus MASSIVELY undervaluing their own privacy and their own worth. If it's free, you are the product! Also, why do you want a profit-seeking platform to monetize your social connections so they can better serve you ads?!
Schneier writes clearly and comprehensively; I think this book would actually be a great intro and gift for the digital civil liberties noob in your life. You can give it to them with a copy of Ubuntu (or Kali Linux, haha!) and a burner phone.
Some notes for myself:
- Digital serfdom. Cory Doctorow has been using this term more and more recently, and Schneier gives a great overview of how, indeed, our digital rights and digital society is, indeed, a feudal state. It's impossible to live in modern society while opting out of everything (Google, Facebook/social media, etc), and so what you end up doing is selecting the digital lord you want to be a vassal/serf for. In exchange for tilling their fields (by giving up your data, every single day), they get your ad revenues and you're plugged you into the world economy. Can you imagine getting a job without access to Google? I'm starting to think it's impossible to get a date without having a Facebook account, given the tight integration between it and all the dating apps.
- No opting out. As the Internet of Things grows, we'll have networked devices passively collecting data on everything: our wifi fridge and wifi toaster spying on us, basically. I mean, people at iRobot already have floor plans of your house thanks to your spy Roomba. And End User License Agreements (EULAs) are essentially meaningless legal ass-covering: they're not designed to be read/understood, they're not designed to truly inform and allow consent.
- The interesting, tight coupling between the micro/commercial trade-off of convenience in exchange for privacy ("ok, Google, I'll let you know where I am 24/7 and what my darkest fears are and 90% of my communication, if you just let me have free maps, email, and synced calendars") and the macro/government trade-off between security and freedom. And, of course, how these are false dichotomies meant to entrap us.
- The delicious hypocrisy of tech moguls like Eric Schmidt (Google) and Zuckerberg, who pontificate from on high about living in a post-privacy, radical-transparency world, where good people have "nothing to hide", while they themselves cover their webcams.
- The interesting notes about our data "exhaust" and how we're producing more data, every day in 2017, than we did in all of human history before ~2012 or something. And how Charles Stross calls this event horizon the "end of prehistory"; after this point, all of human experience and data will become retrievable (e.g. kids growing up publicly on social media, etc).
I have MANY MORE THOUGHTS and pontifications of my own on the mindless way we use social media and our networked computrons these days, but I will pause my sermon for now. Suffice to say: for the love of God, at least put a sticker over your webcam!
So this book is nothing new, if you've listened to The Surveillance State, or read Cory Doctorow, or were paying attention during Ed Snowden's explosive whistleblowing in 2013. I would also recommend Jaron Lanier and Sherry Turkle and the spam book and Richard Stallman, specifically his encyclopedic reasons not to use Facebook (the nudge that finally pushed me over into deleting my account).
Anyway, tl;dr: we have every reason to be paranoid, as total, mass surveillance by corporations and most governments is the de facto status quo in a post-9/11 world. We have a giant, automated, big data apparatus designed to know every intimacy of every person all the damn time. Most people don't realize this, and it's sucking the oxygen out of our freedom.
Schneier believes - and I agree with him - that the lazy security nihilism many people express (including some people I know *AHEM* especially younger people, shame on you kids) - anyway, that lazy idea that "why should I worry about [digital overlord]'s invasive privacy settings? ultimately, I have nothing to hide?" is a sign that: people are MASSIVELY underestimating how invasive these digital "services" are, and people are thus MASSIVELY undervaluing their own privacy and their own worth. If it's free, you are the product! Also, why do you want a profit-seeking platform to monetize your social connections so they can better serve you ads?!
Schneier writes clearly and comprehensively; I think this book would actually be a great intro and gift for the digital civil liberties noob in your life. You can give it to them with a copy of Ubuntu (or Kali Linux, haha!) and a burner phone.
Some notes for myself:
- Digital serfdom. Cory Doctorow has been using this term more and more recently, and Schneier gives a great overview of how, indeed, our digital rights and digital society is, indeed, a feudal state. It's impossible to live in modern society while opting out of everything (Google, Facebook/social media, etc), and so what you end up doing is selecting the digital lord you want to be a vassal/serf for. In exchange for tilling their fields (by giving up your data, every single day), they get your ad revenues and you're plugged you into the world economy. Can you imagine getting a job without access to Google? I'm starting to think it's impossible to get a date without having a Facebook account, given the tight integration between it and all the dating apps.
- No opting out. As the Internet of Things grows, we'll have networked devices passively collecting data on everything: our wifi fridge and wifi toaster spying on us, basically. I mean, people at iRobot already have floor plans of your house thanks to your spy Roomba. And End User License Agreements (EULAs) are essentially meaningless legal ass-covering: they're not designed to be read/understood, they're not designed to truly inform and allow consent.
- The interesting, tight coupling between the micro/commercial trade-off of convenience in exchange for privacy ("ok, Google, I'll let you know where I am 24/7 and what my darkest fears are and 90% of my communication, if you just let me have free maps, email, and synced calendars") and the macro/government trade-off between security and freedom. And, of course, how these are false dichotomies meant to entrap us.
- The delicious hypocrisy of tech moguls like Eric Schmidt (Google) and Zuckerberg, who pontificate from on high about living in a post-privacy, radical-transparency world, where good people have "nothing to hide", while they themselves cover their webcams.
- The interesting notes about our data "exhaust" and how we're producing more data, every day in 2017, than we did in all of human history before ~2012 or something. And how Charles Stross calls this event horizon the "end of prehistory"; after this point, all of human experience and data will become retrievable (e.g. kids growing up publicly on social media, etc).
I have MANY MORE THOUGHTS and pontifications of my own on the mindless way we use social media and our networked computrons these days, but I will pause my sermon for now. Suffice to say: for the love of God, at least put a sticker over your webcam!
September 10, 2021
This book is more about politics than practical tips for protecting yourself online. Schneier, a recognized voice in security and privacy, talks about "the use and misuse of our personal data." I was expecting more of the book to be like Chapter 15, "Solutions for the Rest of Us," with practical tips for protecting your privacy online.
Schneier explains the political and societal ramifications of mass surveillance, then calls for legal reform to eliminate mass surveillance and use only targeted surveillance with proper oversight. He recommends changes in government, corporate, and individual behavior. He recommends giving government and law enforcement other abilities and tools so they don't need to resort to mass surveillance. Some of the changes are technical, but most require new laws and policies.
Schneier frequently references information revealed by Edward Snowden. Schneider worked with The Guardian to review Snowden's documents.
Notes
"If you have enough metadata you don't really need content."
The NSA and presumably other agencies can remotely turn on your mobile phone microphone.
Even when you opt out of a system, you can still be tracked through your interactions with others (e.g., Facebook and Google can track you even when you're not signed in to their services).
The NSA watches for places where people frequently turn off their phones, to identify secret meeting locations.
Most techniques for anonymizing data don't work, and data can be de-anonymized with surprisingly little information.
"Everything is–or soon will be–connected to the Internet. Internet surveillance is really shorthand for surveillance in an Internet-connected world."
RATs (Remote Access Trojans) can turn on your computer's camera without turning on the camera indicator light.
Widespread encryption makes mass surveillance infeasible because of the resources required to decrypt everyone.
Government-mandated access (back doors) force companies to make products and services less secure for everyone, because malicious people can find and exploit back doors.
There is no evidence that encryption hampers criminal investigation in any serious way. Law enforcement has plenty of other tools to investigate crimes.
Solutions for the Rest of Us
"If we are going to fix things we need to fight on both the technological and the political fronts."
Search with DuckDuckGo, which doesn't track you.
Use browser extensions to limit tracking (e.g., Lightbeam, Privacy Badger, Disconnect, Ghostery, FlashBlock).
Encrypt computer and mobile devices. Use encrypted chat, Internet phone service, cloud storage. Consider encrypted email. Browse sites with HTTPS.
Use Tor to browse anonymously. Use OnionShare to anonymously share files.
Disable phone location services when not needed. Limit which apps can access location and other data.
Don't post personally identifiable information on public sites.
Put a sticker over computer camera when not using it.
Don't put personal information on forms unless it's truly necessary.
Set your browser to delete cookies every time you close it, to limit tracking.
Don't take online surveys unless you know where your data is going.
Schneier explains the political and societal ramifications of mass surveillance, then calls for legal reform to eliminate mass surveillance and use only targeted surveillance with proper oversight. He recommends changes in government, corporate, and individual behavior. He recommends giving government and law enforcement other abilities and tools so they don't need to resort to mass surveillance. Some of the changes are technical, but most require new laws and policies.
Schneier frequently references information revealed by Edward Snowden. Schneider worked with The Guardian to review Snowden's documents.
Notes
"If you have enough metadata you don't really need content."
The NSA and presumably other agencies can remotely turn on your mobile phone microphone.
Even when you opt out of a system, you can still be tracked through your interactions with others (e.g., Facebook and Google can track you even when you're not signed in to their services).
The NSA watches for places where people frequently turn off their phones, to identify secret meeting locations.
Most techniques for anonymizing data don't work, and data can be de-anonymized with surprisingly little information.
"Everything is–or soon will be–connected to the Internet. Internet surveillance is really shorthand for surveillance in an Internet-connected world."
RATs (Remote Access Trojans) can turn on your computer's camera without turning on the camera indicator light.
Widespread encryption makes mass surveillance infeasible because of the resources required to decrypt everyone.
Government-mandated access (back doors) force companies to make products and services less secure for everyone, because malicious people can find and exploit back doors.
There is no evidence that encryption hampers criminal investigation in any serious way. Law enforcement has plenty of other tools to investigate crimes.
Solutions for the Rest of Us
"If we are going to fix things we need to fight on both the technological and the political fronts."
Search with DuckDuckGo, which doesn't track you.
Use browser extensions to limit tracking (e.g., Lightbeam, Privacy Badger, Disconnect, Ghostery, FlashBlock).
Encrypt computer and mobile devices. Use encrypted chat, Internet phone service, cloud storage. Consider encrypted email. Browse sites with HTTPS.
Use Tor to browse anonymously. Use OnionShare to anonymously share files.
Disable phone location services when not needed. Limit which apps can access location and other data.
Don't post personally identifiable information on public sites.
Put a sticker over computer camera when not using it.
Don't put personal information on forms unless it's truly necessary.
Set your browser to delete cookies every time you close it, to limit tracking.
Don't take online surveys unless you know where your data is going.
January 10, 2019
4 stars = I would rate lower, though this absolutely deserves a high rating
This is a well-researched book that delves deeper into politics and the law, and makes suggestions to what should change and what the status quo is with regards to privacy. Due to the fact that law is not my cup of tea, the text soon turned into two things:
1.) "here is another example of how your privacy is violated daily" - soon I was no longer surprised by any "scandalous" way how the government or the corporate world infringes upon our privacy
2.) "here is a law that should be amended this way"
These are important things to be known! It is just that for me they are, unfortunately, boring to read about. However, to be fair, the author also discussed our collective mentality and what actions have to be taken in order for a change to be instigated, and hence our privacy improved/reclaimed, on a nationwide level.
As a consequence, The Art of Invisibility: The World's Most Famous Hacker Teaches You How to Be Safe in the Age of Big Brother and Big DataI am reading at the moment has (so far) grabbed me more due to its different approach to the topic - the text is focused more on what we can do to protect our privacy as individuals (which albeit is time-consuming and too complex for the uninitiated).
This is a well-researched book that delves deeper into politics and the law, and makes suggestions to what should change and what the status quo is with regards to privacy. Due to the fact that law is not my cup of tea, the text soon turned into two things:
1.) "here is another example of how your privacy is violated daily" - soon I was no longer surprised by any "scandalous" way how the government or the corporate world infringes upon our privacy
2.) "here is a law that should be amended this way"
These are important things to be known! It is just that for me they are, unfortunately, boring to read about. However, to be fair, the author also discussed our collective mentality and what actions have to be taken in order for a change to be instigated, and hence our privacy improved/reclaimed, on a nationwide level.
As a consequence, The Art of Invisibility: The World's Most Famous Hacker Teaches You How to Be Safe in the Age of Big Brother and Big DataI am reading at the moment has (so far) grabbed me more due to its different approach to the topic - the text is focused more on what we can do to protect our privacy as individuals (which albeit is time-consuming and too complex for the uninitiated).
December 2, 2016
Well, this sure was eye-opening and worrisome. I read it for school, and I'll be interested to see what everyone thinks. Mostly I came out of this feeling like trying to protect my privacy is a losing battle. The author doesn't suggest that, and he has some helpful hints at the end of the book, but the problems he talks about still feel overwhelming.
The book has over 100 pages of references, and I'm a little cranky about whatever citation style he used. Not very user-friendly.
A lot of his solutions having to do with laws to keep government and corporations in check seem very difficult to attain. Not impossible, but I don't see them happening tomorrow. Still, the book is good food for thought.
The book has over 100 pages of references, and I'm a little cranky about whatever citation style he used. Not very user-friendly.
A lot of his solutions having to do with laws to keep government and corporations in check seem very difficult to attain. Not impossible, but I don't see them happening tomorrow. Still, the book is good food for thought.
May 1, 2020
الكتاب رائع!
يتحدث بروس شناير في المعلومات و جالوت عما تمثله مماراستنا على الانترنت للشركات و الحكومات عبر العالم، و كيف انها تستغل لاخيان كثيرة لغير صالحنا.
احتوى الكتاب على مراجع لأحداث تاريخية كثيرة سلطت الضوء عما تعنيه بياناتنا الغير محمية من خطر على المجتمعات بل و انتهاك لاحد حقوق الانسان و هي الخصوصية. و أضاف في نهاية الكتاب بعض الاقتراحات لجعل التكنولوجيا أقل خطرًا علينا.
رغم ثقل الموضوع و مدى تخصصه، الا انا شناير نجح بامتياز في تبسيطه و ارفاق الهوامش المناسبة لكل المصطلحات المهنية، و مع ذلك استغرق الكتاب مني دهرًا نظرًا لمدى تفاجئي بكل هذه التفاصيل.
يتحدث بروس شناير في المعلومات و جالوت عما تمثله مماراستنا على الانترنت للشركات و الحكومات عبر العالم، و كيف انها تستغل لاخيان كثيرة لغير صالحنا.
احتوى الكتاب على مراجع لأحداث تاريخية كثيرة سلطت الضوء عما تعنيه بياناتنا الغير محمية من خطر على المجتمعات بل و انتهاك لاحد حقوق الانسان و هي الخصوصية. و أضاف في نهاية الكتاب بعض الاقتراحات لجعل التكنولوجيا أقل خطرًا علينا.
رغم ثقل الموضوع و مدى تخصصه، الا انا شناير نجح بامتياز في تبسيطه و ارفاق الهوامش المناسبة لكل المصطلحات المهنية، و مع ذلك استغرق الكتاب مني دهرًا نظرًا لمدى تفاجئي بكل هذه التفاصيل.
November 28, 2018
After reading Data and Goliath by Bruce Schneier, I gained a whole new perspective on the digital world that surrounds us. Previously, I was aware that companies and corporations may view some of your data on websites and social media because of the terms and conditions listed on their websites, but I didn’t fully realize the extent of surveillance that is placed upon us, usually without most people aware.
Privacy is an essential human right, and it is necessary in the world we live in today. Unfortunately, it seems that the advancements in technology and everyday things we interact with are coming with the expense of privacy. The smartphones that everyone has in their pockets can be used by corporations and governments to track internet search history, text messages, and constantly updates your location as you move around. Nothing in life can really be free, and this is even more evident with Google and other corporations. When mentioning these so called “free services”, Schneier explains that, “If something is free, you’re not the customer; you’re the product” (Schneier 43). By providing services at no charge, you allow Google to have access to all of your search data and Google Drive documents, and Google can also mine data for targeted advertising purposes. Although it is nice to enjoy these sites for no initial charge, you are actually paying in a different way. Companies need to make the users fully aware of what their data is used for, and give easy ways for users to opt out of data collection.
The author does a fantastic job of explaining facts in an easy to interpret way, and with providing clear details to convey ideas to the reader. Schneier frequently uses illustration and thoroughly explains his arguments with lots of explanations and stories. He also uses statistics such as, “Estimates put the current number of Internet-connected devices at 10 billion” (Schneier) to point out the magnitude of devices that can have a form of surveillance. The only flaw is that an average person can only do so much to protect their privacy. Later in the book, he explains different ways laws could be changed to prevent this, however this would take a tremendous amount of support and probably wouldn’t be able to happen immediately. However, he does recommend various ways to protect privacy and how to opt out of services you don’t want to collect data.
I truly enjoyed reading this book because I learned so many things that I had not before. The author gives many examples and makes his points relevant to anyone. An extraordinary amount of data is extracted from you that it Google probably knows you better than you know yourself. Even though there is nothing that I am worried about others knowing, it is unnecessary for corporations to collect the amount of data that they are currently collecting. Schneier effectively conveyed his message that big data collection should be minimized and that less privacy equates to less freedom in the long run.
Privacy is an essential human right, and it is necessary in the world we live in today. Unfortunately, it seems that the advancements in technology and everyday things we interact with are coming with the expense of privacy. The smartphones that everyone has in their pockets can be used by corporations and governments to track internet search history, text messages, and constantly updates your location as you move around. Nothing in life can really be free, and this is even more evident with Google and other corporations. When mentioning these so called “free services”, Schneier explains that, “If something is free, you’re not the customer; you’re the product” (Schneier 43). By providing services at no charge, you allow Google to have access to all of your search data and Google Drive documents, and Google can also mine data for targeted advertising purposes. Although it is nice to enjoy these sites for no initial charge, you are actually paying in a different way. Companies need to make the users fully aware of what their data is used for, and give easy ways for users to opt out of data collection.
The author does a fantastic job of explaining facts in an easy to interpret way, and with providing clear details to convey ideas to the reader. Schneier frequently uses illustration and thoroughly explains his arguments with lots of explanations and stories. He also uses statistics such as, “Estimates put the current number of Internet-connected devices at 10 billion” (Schneier) to point out the magnitude of devices that can have a form of surveillance. The only flaw is that an average person can only do so much to protect their privacy. Later in the book, he explains different ways laws could be changed to prevent this, however this would take a tremendous amount of support and probably wouldn’t be able to happen immediately. However, he does recommend various ways to protect privacy and how to opt out of services you don’t want to collect data.
I truly enjoyed reading this book because I learned so many things that I had not before. The author gives many examples and makes his points relevant to anyone. An extraordinary amount of data is extracted from you that it Google probably knows you better than you know yourself. Even though there is nothing that I am worried about others knowing, it is unnecessary for corporations to collect the amount of data that they are currently collecting. Schneier effectively conveyed his message that big data collection should be minimized and that less privacy equates to less freedom in the long run.
February 27, 2022
This was published pre-Trump, pre-pandemic and pre-everything else we've been going through lately, so I'd be curious what an updated version would look like. Especially considering how dramatically the internet landscape has changed in the last seven years. That isn't to say this book is out of date because it's not. Everything it says it still relevant, it just doesn't address the additional things that have happened since it was published and I'm guessing Bruce Schneier probably has a lot to say.
But man. Yeah. It's not good.
I think one of the best solutions he recommended is coming up with better ways for governments to find bad actors so they don't have a good excuse for mass surveillance. And he made a good point about how ineffective mass surveillance is because it's a sea of false positives. I don't know what the solution is, but I feel like if we could come up with one then we'd be half way toward being able to have privacy and security. I think he's right that it's a false choice we're being tricked into making.
Of course, I don't know what we do about undoing the damage that's already been done. I don't really understand the logistics of demanding that companies delete data which is something he mentions several times. It seems to me like it would be easy for them to just...not do that. I would think it would be better to stop them from being able to collect it in the first place. I imagine it's easier to track what's being collected in a lot of situations or to put more blocks in place to stop collection. And then there's the whole matter of passing laws which sounds like the hardest part.
I don't know. I feel like step one is just understanding the situation and this book is good for that. Every chapter is clear, informative, and concise. And it does offer up a heap of solutions at the end. But I feel like a path forward is perhaps a whole other book. I'd be curious to know what's possible and what other countries do/have tried.
But man. Yeah. It's not good.
I think one of the best solutions he recommended is coming up with better ways for governments to find bad actors so they don't have a good excuse for mass surveillance. And he made a good point about how ineffective mass surveillance is because it's a sea of false positives. I don't know what the solution is, but I feel like if we could come up with one then we'd be half way toward being able to have privacy and security. I think he's right that it's a false choice we're being tricked into making.
Of course, I don't know what we do about undoing the damage that's already been done. I don't really understand the logistics of demanding that companies delete data which is something he mentions several times. It seems to me like it would be easy for them to just...not do that. I would think it would be better to stop them from being able to collect it in the first place. I imagine it's easier to track what's being collected in a lot of situations or to put more blocks in place to stop collection. And then there's the whole matter of passing laws which sounds like the hardest part.
I don't know. I feel like step one is just understanding the situation and this book is good for that. Every chapter is clear, informative, and concise. And it does offer up a heap of solutions at the end. But I feel like a path forward is perhaps a whole other book. I'd be curious to know what's possible and what other countries do/have tried.
June 3, 2015
If you’d asked me a year ago, “do you worry about government surveillance?”, I would have said no. But today, my answer would be an empathic YES.
The scary part is that, like most Canadians, I hadn’t worried about that kind of surveillance until the current debate around C-51. (If you don’t know what that is, check it out here.) This terrifying bill would, among many other things, make it illegal to talk positively of terrorism on the internet. Just look at the news in Canada on any day lately, and you’ll see a report or an opinion on it. I personally like iPolitics and Rabble.
Reading Bruce Schneier’s Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World in this very sensitive time reinforced and confirmed my vehement disagreement with the bill, and with ubiquitous, mass digital surveillance in general.
Ubiquitous surveillance means that anyone could be convicted of lawbreaking, once the police set their minds to it. It is incredibly dangerous to live in a world where everything you do can be stored and brought forward as evidence against you at a later date.
In a sense, this book is the social and political companion to Dragnet Nation. It also lays out the theoretical, real-world basis for understanding the concerns brought up in The Circle. So if you were going to read these three books, I suggest you start with this one.
Schneier’s writing is crystal clear and compelling. The arguments he presents are strong and supported by about 100 pages of notes and sources–almost half the length of the book itself.
But what is his argument, really?
"Data is the pollution problem of the information age, and protecting privacy is the environmental challenge. Almost all computers produce personal information. It stays around, festering. How we deal with it–how we contain it and how we dispose of it–is central to the health of our information society."
Schneier argues that privacy can be protected alongside security. As he shows, through numerous examples of how mass electronic surveillance has not done much to protect us against terrorist attacks (but how traditional investigation techniques actually have), there is no need to choose one over the other. In fact, more privacy reinforces security:
"It’s a false trade-off. First, some security measures require people to give up privacy, but others don’t impinge on privacy at all: door locks, tall fences, guards, reinforced cockpit doors on airplanes. And second, privacy and security are fundamentally aligned. When we have no privacy, we feel exposed and vulnerable; we feel less secure. Similarly, if our personal spaces and records are not secure, we have less privacy. … Privacy is fundamental to the security of the individual."
Schneier does a particularly good job of two things: exposing the harms to individuals, society and democracy that mass surveillance causes, and delineating a framework for protecting privacy on an global scale.
The work of putting privacy back into the forefront of the discussion requires more than just a few articles and books, though. It demands a questioning of the fear culture we have been building up since 9/11. You can see it every day expressed in so many different ways: parents being arrested for letting their children go to the park and walking home alone; the pervasive Islamophobia in civil society and some media outlets; I’m sure you can think of your own examples.
I was a child in the 80s, and at 7 I went to the park with my friends, no parents around. I walked to school every day–again, no parents around. At 11, I was babysitting for the neighbours. Today, these things would be unthinkable–and I don’t understand why. Is the world fundamentally more dangerous than it was 30 years ago? According to crime data, in fact, the world is safer. Crime rates, at least in Canada, are at their lowest level since the 60s.
We’re only scared because we let ourselves be scared… and we give up our privacy to offset that fear. But Schneier argues, and convincingly so, that giving in to irrational fear will only give the government more power to impose a true reign of terror–like East Germany after WWII–on all its citizens.
The Snowden revelations, which underpin most of the book, were the first real crack in the wall of NSA-sponsored mass surveillance. If Orwell could walk our streets and visit our internet, read our laws and see the secret machinations of data around the world, he would find our world has gone way, way beyond the wildest spurs of his dark imagination.
I’ve added a bunch of extensions on my browser to block tracking and ads. I’m considering getting TOR. I’m looking into getting encryption for my email. My location tracking has been off my phone for months because it killed my battery life, but if it hadn’t, I would turn it off now. I don’t want to be tracked, not because I have something to hide, but because I have a right to the government and corporations not knowing everything about me.
If you want to introduce your friends and family to the issues and harms around mass electronic surveillance, get them this book. (I suggest the library–support free access to information!) It’s an alarm bell that rationally counters every single pro-surveillance, anti-privacy argument that any lobby or PR campaign could make.
The scary part is that, like most Canadians, I hadn’t worried about that kind of surveillance until the current debate around C-51. (If you don’t know what that is, check it out here.) This terrifying bill would, among many other things, make it illegal to talk positively of terrorism on the internet. Just look at the news in Canada on any day lately, and you’ll see a report or an opinion on it. I personally like iPolitics and Rabble.
Reading Bruce Schneier’s Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World in this very sensitive time reinforced and confirmed my vehement disagreement with the bill, and with ubiquitous, mass digital surveillance in general.
Ubiquitous surveillance means that anyone could be convicted of lawbreaking, once the police set their minds to it. It is incredibly dangerous to live in a world where everything you do can be stored and brought forward as evidence against you at a later date.
In a sense, this book is the social and political companion to Dragnet Nation. It also lays out the theoretical, real-world basis for understanding the concerns brought up in The Circle. So if you were going to read these three books, I suggest you start with this one.
Schneier’s writing is crystal clear and compelling. The arguments he presents are strong and supported by about 100 pages of notes and sources–almost half the length of the book itself.
But what is his argument, really?
"Data is the pollution problem of the information age, and protecting privacy is the environmental challenge. Almost all computers produce personal information. It stays around, festering. How we deal with it–how we contain it and how we dispose of it–is central to the health of our information society."
Schneier argues that privacy can be protected alongside security. As he shows, through numerous examples of how mass electronic surveillance has not done much to protect us against terrorist attacks (but how traditional investigation techniques actually have), there is no need to choose one over the other. In fact, more privacy reinforces security:
"It’s a false trade-off. First, some security measures require people to give up privacy, but others don’t impinge on privacy at all: door locks, tall fences, guards, reinforced cockpit doors on airplanes. And second, privacy and security are fundamentally aligned. When we have no privacy, we feel exposed and vulnerable; we feel less secure. Similarly, if our personal spaces and records are not secure, we have less privacy. … Privacy is fundamental to the security of the individual."
Schneier does a particularly good job of two things: exposing the harms to individuals, society and democracy that mass surveillance causes, and delineating a framework for protecting privacy on an global scale.
The work of putting privacy back into the forefront of the discussion requires more than just a few articles and books, though. It demands a questioning of the fear culture we have been building up since 9/11. You can see it every day expressed in so many different ways: parents being arrested for letting their children go to the park and walking home alone; the pervasive Islamophobia in civil society and some media outlets; I’m sure you can think of your own examples.
I was a child in the 80s, and at 7 I went to the park with my friends, no parents around. I walked to school every day–again, no parents around. At 11, I was babysitting for the neighbours. Today, these things would be unthinkable–and I don’t understand why. Is the world fundamentally more dangerous than it was 30 years ago? According to crime data, in fact, the world is safer. Crime rates, at least in Canada, are at their lowest level since the 60s.
We’re only scared because we let ourselves be scared… and we give up our privacy to offset that fear. But Schneier argues, and convincingly so, that giving in to irrational fear will only give the government more power to impose a true reign of terror–like East Germany after WWII–on all its citizens.
The Snowden revelations, which underpin most of the book, were the first real crack in the wall of NSA-sponsored mass surveillance. If Orwell could walk our streets and visit our internet, read our laws and see the secret machinations of data around the world, he would find our world has gone way, way beyond the wildest spurs of his dark imagination.
I’ve added a bunch of extensions on my browser to block tracking and ads. I’m considering getting TOR. I’m looking into getting encryption for my email. My location tracking has been off my phone for months because it killed my battery life, but if it hadn’t, I would turn it off now. I don’t want to be tracked, not because I have something to hide, but because I have a right to the government and corporations not knowing everything about me.
If you want to introduce your friends and family to the issues and harms around mass electronic surveillance, get them this book. (I suggest the library–support free access to information!) It’s an alarm bell that rationally counters every single pro-surveillance, anti-privacy argument that any lobby or PR campaign could make.
February 1, 2021
Molte cose le sapevo già, essendo un argomento che ho sempre seguito con attenzione, ma Schneier mostra un indubbio talento per a ricerca e la spiegazione dei dati. Utilissimo per chi è interessato al tema.
did-not-finish
December 21, 2020I have already read one really boring book about technology this year. I don't need to add a second one.
December 26, 2022
Overview:
Technology has provided enormous benefits. Devices containing lots of personal data has been life-transforming. The problem are the threats possessed by their surveillance. Technology has enabled governments and corporations with the capacity for mass surveillance. An intimate form of continuous surveillance. Governments, and corporations gather, store, and analyze a lot of data. Often without consent, or knowledge that they are doing that. Profiles of individual attributes are built from the data. When data is collected and used within its service, to provide a better serve, people do not mind. Using data within the context of collection and is transparent makes it acceptable. Data collection is objected when the data is bought and sold without knowledge or consent, and used outside their context.
Mass surveillance has dangerous implications for it allows discrimination on any criteria, and can be used to control what is seen, what can be done, and what is said. Digital mass surveillance created a panopticon. When individuals think they are being monitored, they change their behavior. Data from surveillance is stored forever, which can be used as evidence against the individual later. Even the contemporary legally accepted values, can change their status in the future. In this way, many governments have persecuted people based on their past views and values, even if they have changed them. This surveillance comes without giving citizens an effect means of opting out, and without meaningful checks and balances. Making people less safe, and less free.
Tracking Technology:
It used to be difficult to retain a lot of data, and too difficult to sift through the data to find meaningful information. Early digital information products threw away most of the metadata that was created. But with technological improvements, the ability to save and sift data have improved. Reducing their costs, and increasing their effectiveness.
Communication devices connect individuals to a variety of people with ease and speed. To do that, the device needs to be tracked. Tracked everywhere. Which means that the device knows more about the individual than the individual, because the device does not rely on human memory.
To obtain the intimate data before cell phones required the use of private investigators. An obsolete profession because of the data tracking on the phone. Cell phone data can be used by a variety of professions, and can obtain historic use of that cell phone. To know where the phone has been, where it was, and who was around it.
Data is a byproduct of everything a computer does. Recording their every operation. Even without using the device, the device creates data about where the individual is, those near the individual, recording the interactions with others.
It is uncertain which technology products will make it, but what is certain is that they will create a lot of data. They can be used to provide a variety of life and world changing applications, but will record everything about the individual. Due to technological ability, secrets are harder to keep.
Intrusive surveillance systems tend to be hidden. They tend to be in the background, which makes them easier to ignore. Even if an individual tries to opt out of services that have surveillance, data is still being collected on them when they interact with others who are being monitored.
Internet anonymity is nearly impossible against ubiquitous surveillance. A single mistake in protecting the identity, permanently attaches the identity to the anonymous provider. Even trained government agents with resources have a hard time maintaining privacy and anonymity.
Governments:
Government went from collecting data on a few necessary people to as many people as possible. This was due to the reduction in expense of surveillance. Limited resources and risk of discovery limited surveillance.
Part of the reason why cell phone data is being taken by governments, is claim about protecting everyone from a variety of dangerous elements. Mass-surveillance programs are justified by trying to relieve the fear. In an effort to protect against various malicious actors such as terrorist, should not come at ignoring the costs of police or government tyranny. Just as bad would be to ignore malicious actors when trying to protect against government overreach. The problem is trying to focus on a single threat, especially the rare but dramatic threats, while not considering the many more frequent banal threats.
There are situations and contexts in which governments should conduct surveillance or sabotage. There are cases in which access to citizen’s private data is used to solve crimes and make people safer. This power should be given, but without the ability to abuse it. People need security provided by government, and security from government.
Another government defense for collecting the data, is that they collect only metadata. Not the words spoken, but the numbers of the interacting individuals, including the date, time, and duration of the call. While data provides the content, metadata provides context. Metadata can be very revealing, especially in aggregate. Targeting a single individual makes the contents important, but a population makes context important. With enough metadata on an individual, contend is not needed.
NSA successful surveillance comes from targeted surveillance rather than mass surveillance. With mass surveillance, there are many false positive threats that are flagged by the system. Each threat requires massive efforts in investigation, time, and money. Which prevents searching for actual threats. By trying to seek out all threats, very few threat are actually prevented. Ubiquitous surveillance and data mining cost taxpayers’ money without rewards of finding the dangerous criminals. Money that is not being spent on more proven surveillance programs. Surveillance and data collection are valuable tools, but needs to be limited and targeted.
Mass surveillance and data mining are more suitable for social control, as governments can discriminate between individuals and groups based on their various beliefs and associations. Data mining works with well-denied criminal profiles, such as credit card fraudsters and political dissidents. False alarms under authoritarian rules are not as costly, because of the fear instilled by charging innocent people.
Espionage used to be about spying of government on government. As perpetrators no longer belong to any particular government, and can be anywhere, governments monitor everyone. Domestic and international surveillance. Government espionage on other governments is a military mission during peacetime and wartime which is target and can act as a stabilizer by reducing uncertainties about other governments intentions.
As different countries are using cyberweapons against others, makes it important to remove vulnerabilities. Vulnerabilities risks that others can discover it, and use it against the users. The difference between cyberespionage and a cyberattack depends on their disruptions. Both require breaking into another country’s network. That is illegal under each country’s laws, but countries are doing that to each other constantly. Cyber-attacks on infrastructure should be recognized as an attack on the country, and subject to international law standards.
Everyone uses the same networks, which means that perpetrator communications use the same circuits as social media. Companies store the data in various places internationally. Difficult not to collect information on the innocent, non-targets, because of these networks. As everyone uses the same networks and with similar capabilities, it is not possible to choose to weaken or protect specific networks of enemies or allies. Vulnerabilities used by intelligence agencies to spy, is also used by criminals to steal information.
US feared purchases of technology equipment from international suppliers because of a security threat, that the foreign government created a backdoor to the equipment. It turned out that the NSA has been doing that to other governments.
Within the US, there is no legal defense for intelligence-related whistleblowing. Those on trial for leaking classified information, are even prevented from using terms and claims during the trial. Those on trial are not allowed to make their case. Government whistleblowers should be protected, just like corporate whistleblowers, as they provide an additional oversight mechanism.
NSA has made sure that nobody understands its legal authorization, while purposely misrepresenting themselves in court. Those who can access the documents, and the expertise to understand them, are lobbied by the NSA. The NSA uses different definitions for surveillance. NSA claims not to collect data on myriads of Americans, because the data is not seen by human beings. Even though algorithms go through the data in various ways, and are used for policy implementation.
Corporations:
Private corporations control where people gather online, and are gathering information about the individuals for their own benefit. Companies can categorize and manipulate people based on all the information they gather. Manipulation that is mostly hidden and unregulated. Much of the invisible surveillance is allowed because laws have not kept up with changes in business practices.
Corporate surveillance tends to be agreed with. Not because it was an informed decision, but because the product offered has value but is attached to the surveillance. That is not really a choice, because its either surveillance or nothing. Surveillance has become a business model because people get free content, and it’s convenient. Opting out of many of the digital tools is not possible, because they have become necessary for career and social life. The choice is not between surveillance or no surveillance, but who gets to spy on the individual.
Companies and data brokers track what individuals do on the internet. Companies can get permission to track you in other websites through third-party cookies. Giving access to third-party used to have limited applicability, and laws that enabled the loss of privacy when sharing the data were acceptable. But third-party parties now have access to a variety of information, while the same laws allow the lack of privacy.
Many companies make their business through selling advertisement space. As companies have made their customer into a commodity through data that is bought and sold. The consumer has changed, to those willing to buy the data. Individuals have become products. Companies need to collect far more data than before because the value of the data has been reduced, effecting advertising. Detailed consumer profiles were valuable, but have become common. To keep the value of the data, companies need to collect far more data than before, which is an increased cost to users of the interest.
Users of digital content providers cannot request more security for their content. They have no rights to do so. Users do not even have the right to find out what outsourcing companies that the content provider is using. There is no recourse to companies deleting data, and giving government access to the data. No way to take the data to another service.
Technological progress should not be inhibited for they provide many benefits, but the harms should be minimized. Liabilities for privacy violations would provide more responsibility for companies to protect customer data. Businesses use surveillance because of profit and lack of regulations. Collection and use of data should be regulated, and data retention costs increased.
Government and Corporations:
NSA utilized the surveillance networks of corporations. NSA even forces internet companies to give the NSA data on many people, in secret. To obtain the data, the NSA sometimes hacks corporations without permission, sometimes corporations work willingly with the NSA, sometimes the corporations are legally compelled to cooperate.
Running a business means that the FBI and NSA can use the business as a tool for mass surveillance. The NSA can even force the business to change the business’s security system. All this is done in secret, which the business is forced to keep secret. As it is difficult to shut down large businesses or parts of the business, the NSA basically control the business. Governments and corporations tend to resist transparency laws.
The NSA has even purposely weakened American companies; security, for NSA surveillance. NSA has deliberately created backdoors into encrypted software. Creating backdoors makes the software very vulnerable because there is no security in only the government utilizing it.
US companies are harmed competitively by NSA surveillance. US companies are less trusted, and therefore do not purchase US technology and network equipment.
Psychology, Liberty, and Ubiquitous Surveillance:
The cost of the invasiveness and pervasiveness of the surveillance system is liberty. Without any privacy, there is a lack of liberty. There are many examples of authority figures using some pieces of information about a disapproved individual, or group, to have them arrested or worse. With enough data, evidence of guilt can be found on everyone. Ubiquitous surveillance means everyone has the capacity to be considered a lawbreaker, depending on police inclination. Where everything that the individual has done is stored, which can be used as evidence against the individual later. Especially in countries with vague laws, such as the US.
Police are usually prohibited from using general warrants that allow them to search for anything. General warrants can become extremely abusive, and used for social control.
What is wrong changes over time. Surveillance can be misused by the authority in power, even if nothing wrong is being done. Fashionable political claims during a time when they acceptable, can be used against those individuals in the future. Any action can be used against the individual at an indefinite future, because the evidence is stored indefinitely. Records have become permanent.
Government censorship enabled by surveillance stifles freedom and the circulation of ideas. When people know that someone, like the government is watching, they self-censor. People are less likely to discuss seemingly forbidden topics. Not only can government technology provide surveillance, but also citizens. As citizens can discover and report others, as they might obtain penalties if they do not report.
Hard to think and act individualistic when the individual is being monitored. Fear and threat of reprisal, even potential future reprisals, makes people conformist and compliant. Society stagnates when individuality cannot be expressed, when nothing outside the norm is acceptable, when power is not questioned. Lack of individuality means less freedom.
Democracy, liberty, freedom, and progress are lost under ubiquitous mass surveillance. Dissent and forms of lawbreaking can be ways to improve society. There were many activities that were once considered terrible, but have become socially acceptable. Perfectly enforcing prior laws using mass surveillance would have meant that there would have been no time for citizens to consider those prior wrong acts as acceptable. There would have been no period when those acts would have been illegal, but become tolerable, and then acceptable and legal. A process that takes a lot of time. Deviation creates progress. Creativity is fostered by the lack of inhibitions in interactions not on the record.
Privacy is needed, even for those who have nothing to hide. Nothing wrong is done during the routine daily basic tasks. Privacy enables the individual have a choice, the power to select what information can be shared with whom. Nothing wrong with not sharing information given the context, such as seeking alternative employment without advising current employer. Nothing wrong in seeking private places for reflection and conversation. Privacy is a human right that gives humans dignity and respect. Ubiquitous surveillance means that the individuals has not power to control what and how their information is shared.
Research indicates that those under even the perception of constant surveillance makes people less physically and emotionally healthy. Surveillance that threatens the sense of oneself. Context matters for violations of privacy, for depending on what is found and by whom determines the damage done. The damage for privacy violations is higher for marginalized groups, and those in the public’s attention. Surveillance effects more those who are not in favor with those in power.
Security and privacy is usually associated by a trade-off, but that precipitates in inappropriate evaluations. That to get either security or privacy, the other must be sacrificed. This is a false trade-off. Costs of insecurity tend to be real and visceral, while costs of privacy loss are vague until faced with its aftereffects. There are security measures that do require a reduction in privacy, but others do not. Door locks and fences are for security and privacy. People become vulnerable without privacy, making people feel less secure. Privacy is enabled by the security of personal spaces and records. Even the U.S. constitution recognizes privacy as a fundamental right along with security.
Security and surveillance do have conflicting designs requirements. Making a system more secure, makes it harder to surveil, and vice versa. Not possible to create surveillance capacity for only appropriate people. Security protects information flow from damaging attacks of theft and destruction, of all users.
Caveats?
The book acknowledges a paradox within tracking. Referencing the ability to track every individual continuously, but also with government’s inability to catch threats using mass data. A resolution to this paradox might be practice, as it takes time and practice using the algorithms to find the threats. But this ability then leads to the threats against innocent people.
Technology has provided enormous benefits. Devices containing lots of personal data has been life-transforming. The problem are the threats possessed by their surveillance. Technology has enabled governments and corporations with the capacity for mass surveillance. An intimate form of continuous surveillance. Governments, and corporations gather, store, and analyze a lot of data. Often without consent, or knowledge that they are doing that. Profiles of individual attributes are built from the data. When data is collected and used within its service, to provide a better serve, people do not mind. Using data within the context of collection and is transparent makes it acceptable. Data collection is objected when the data is bought and sold without knowledge or consent, and used outside their context.
Mass surveillance has dangerous implications for it allows discrimination on any criteria, and can be used to control what is seen, what can be done, and what is said. Digital mass surveillance created a panopticon. When individuals think they are being monitored, they change their behavior. Data from surveillance is stored forever, which can be used as evidence against the individual later. Even the contemporary legally accepted values, can change their status in the future. In this way, many governments have persecuted people based on their past views and values, even if they have changed them. This surveillance comes without giving citizens an effect means of opting out, and without meaningful checks and balances. Making people less safe, and less free.
Tracking Technology:
It used to be difficult to retain a lot of data, and too difficult to sift through the data to find meaningful information. Early digital information products threw away most of the metadata that was created. But with technological improvements, the ability to save and sift data have improved. Reducing their costs, and increasing their effectiveness.
Communication devices connect individuals to a variety of people with ease and speed. To do that, the device needs to be tracked. Tracked everywhere. Which means that the device knows more about the individual than the individual, because the device does not rely on human memory.
To obtain the intimate data before cell phones required the use of private investigators. An obsolete profession because of the data tracking on the phone. Cell phone data can be used by a variety of professions, and can obtain historic use of that cell phone. To know where the phone has been, where it was, and who was around it.
Data is a byproduct of everything a computer does. Recording their every operation. Even without using the device, the device creates data about where the individual is, those near the individual, recording the interactions with others.
It is uncertain which technology products will make it, but what is certain is that they will create a lot of data. They can be used to provide a variety of life and world changing applications, but will record everything about the individual. Due to technological ability, secrets are harder to keep.
Intrusive surveillance systems tend to be hidden. They tend to be in the background, which makes them easier to ignore. Even if an individual tries to opt out of services that have surveillance, data is still being collected on them when they interact with others who are being monitored.
Internet anonymity is nearly impossible against ubiquitous surveillance. A single mistake in protecting the identity, permanently attaches the identity to the anonymous provider. Even trained government agents with resources have a hard time maintaining privacy and anonymity.
Governments:
Government went from collecting data on a few necessary people to as many people as possible. This was due to the reduction in expense of surveillance. Limited resources and risk of discovery limited surveillance.
Part of the reason why cell phone data is being taken by governments, is claim about protecting everyone from a variety of dangerous elements. Mass-surveillance programs are justified by trying to relieve the fear. In an effort to protect against various malicious actors such as terrorist, should not come at ignoring the costs of police or government tyranny. Just as bad would be to ignore malicious actors when trying to protect against government overreach. The problem is trying to focus on a single threat, especially the rare but dramatic threats, while not considering the many more frequent banal threats.
There are situations and contexts in which governments should conduct surveillance or sabotage. There are cases in which access to citizen’s private data is used to solve crimes and make people safer. This power should be given, but without the ability to abuse it. People need security provided by government, and security from government.
Another government defense for collecting the data, is that they collect only metadata. Not the words spoken, but the numbers of the interacting individuals, including the date, time, and duration of the call. While data provides the content, metadata provides context. Metadata can be very revealing, especially in aggregate. Targeting a single individual makes the contents important, but a population makes context important. With enough metadata on an individual, contend is not needed.
NSA successful surveillance comes from targeted surveillance rather than mass surveillance. With mass surveillance, there are many false positive threats that are flagged by the system. Each threat requires massive efforts in investigation, time, and money. Which prevents searching for actual threats. By trying to seek out all threats, very few threat are actually prevented. Ubiquitous surveillance and data mining cost taxpayers’ money without rewards of finding the dangerous criminals. Money that is not being spent on more proven surveillance programs. Surveillance and data collection are valuable tools, but needs to be limited and targeted.
Mass surveillance and data mining are more suitable for social control, as governments can discriminate between individuals and groups based on their various beliefs and associations. Data mining works with well-denied criminal profiles, such as credit card fraudsters and political dissidents. False alarms under authoritarian rules are not as costly, because of the fear instilled by charging innocent people.
Espionage used to be about spying of government on government. As perpetrators no longer belong to any particular government, and can be anywhere, governments monitor everyone. Domestic and international surveillance. Government espionage on other governments is a military mission during peacetime and wartime which is target and can act as a stabilizer by reducing uncertainties about other governments intentions.
As different countries are using cyberweapons against others, makes it important to remove vulnerabilities. Vulnerabilities risks that others can discover it, and use it against the users. The difference between cyberespionage and a cyberattack depends on their disruptions. Both require breaking into another country’s network. That is illegal under each country’s laws, but countries are doing that to each other constantly. Cyber-attacks on infrastructure should be recognized as an attack on the country, and subject to international law standards.
Everyone uses the same networks, which means that perpetrator communications use the same circuits as social media. Companies store the data in various places internationally. Difficult not to collect information on the innocent, non-targets, because of these networks. As everyone uses the same networks and with similar capabilities, it is not possible to choose to weaken or protect specific networks of enemies or allies. Vulnerabilities used by intelligence agencies to spy, is also used by criminals to steal information.
US feared purchases of technology equipment from international suppliers because of a security threat, that the foreign government created a backdoor to the equipment. It turned out that the NSA has been doing that to other governments.
Within the US, there is no legal defense for intelligence-related whistleblowing. Those on trial for leaking classified information, are even prevented from using terms and claims during the trial. Those on trial are not allowed to make their case. Government whistleblowers should be protected, just like corporate whistleblowers, as they provide an additional oversight mechanism.
NSA has made sure that nobody understands its legal authorization, while purposely misrepresenting themselves in court. Those who can access the documents, and the expertise to understand them, are lobbied by the NSA. The NSA uses different definitions for surveillance. NSA claims not to collect data on myriads of Americans, because the data is not seen by human beings. Even though algorithms go through the data in various ways, and are used for policy implementation.
Corporations:
Private corporations control where people gather online, and are gathering information about the individuals for their own benefit. Companies can categorize and manipulate people based on all the information they gather. Manipulation that is mostly hidden and unregulated. Much of the invisible surveillance is allowed because laws have not kept up with changes in business practices.
Corporate surveillance tends to be agreed with. Not because it was an informed decision, but because the product offered has value but is attached to the surveillance. That is not really a choice, because its either surveillance or nothing. Surveillance has become a business model because people get free content, and it’s convenient. Opting out of many of the digital tools is not possible, because they have become necessary for career and social life. The choice is not between surveillance or no surveillance, but who gets to spy on the individual.
Companies and data brokers track what individuals do on the internet. Companies can get permission to track you in other websites through third-party cookies. Giving access to third-party used to have limited applicability, and laws that enabled the loss of privacy when sharing the data were acceptable. But third-party parties now have access to a variety of information, while the same laws allow the lack of privacy.
Many companies make their business through selling advertisement space. As companies have made their customer into a commodity through data that is bought and sold. The consumer has changed, to those willing to buy the data. Individuals have become products. Companies need to collect far more data than before because the value of the data has been reduced, effecting advertising. Detailed consumer profiles were valuable, but have become common. To keep the value of the data, companies need to collect far more data than before, which is an increased cost to users of the interest.
Users of digital content providers cannot request more security for their content. They have no rights to do so. Users do not even have the right to find out what outsourcing companies that the content provider is using. There is no recourse to companies deleting data, and giving government access to the data. No way to take the data to another service.
Technological progress should not be inhibited for they provide many benefits, but the harms should be minimized. Liabilities for privacy violations would provide more responsibility for companies to protect customer data. Businesses use surveillance because of profit and lack of regulations. Collection and use of data should be regulated, and data retention costs increased.
Government and Corporations:
NSA utilized the surveillance networks of corporations. NSA even forces internet companies to give the NSA data on many people, in secret. To obtain the data, the NSA sometimes hacks corporations without permission, sometimes corporations work willingly with the NSA, sometimes the corporations are legally compelled to cooperate.
Running a business means that the FBI and NSA can use the business as a tool for mass surveillance. The NSA can even force the business to change the business’s security system. All this is done in secret, which the business is forced to keep secret. As it is difficult to shut down large businesses or parts of the business, the NSA basically control the business. Governments and corporations tend to resist transparency laws.
The NSA has even purposely weakened American companies; security, for NSA surveillance. NSA has deliberately created backdoors into encrypted software. Creating backdoors makes the software very vulnerable because there is no security in only the government utilizing it.
US companies are harmed competitively by NSA surveillance. US companies are less trusted, and therefore do not purchase US technology and network equipment.
Psychology, Liberty, and Ubiquitous Surveillance:
The cost of the invasiveness and pervasiveness of the surveillance system is liberty. Without any privacy, there is a lack of liberty. There are many examples of authority figures using some pieces of information about a disapproved individual, or group, to have them arrested or worse. With enough data, evidence of guilt can be found on everyone. Ubiquitous surveillance means everyone has the capacity to be considered a lawbreaker, depending on police inclination. Where everything that the individual has done is stored, which can be used as evidence against the individual later. Especially in countries with vague laws, such as the US.
Police are usually prohibited from using general warrants that allow them to search for anything. General warrants can become extremely abusive, and used for social control.
What is wrong changes over time. Surveillance can be misused by the authority in power, even if nothing wrong is being done. Fashionable political claims during a time when they acceptable, can be used against those individuals in the future. Any action can be used against the individual at an indefinite future, because the evidence is stored indefinitely. Records have become permanent.
Government censorship enabled by surveillance stifles freedom and the circulation of ideas. When people know that someone, like the government is watching, they self-censor. People are less likely to discuss seemingly forbidden topics. Not only can government technology provide surveillance, but also citizens. As citizens can discover and report others, as they might obtain penalties if they do not report.
Hard to think and act individualistic when the individual is being monitored. Fear and threat of reprisal, even potential future reprisals, makes people conformist and compliant. Society stagnates when individuality cannot be expressed, when nothing outside the norm is acceptable, when power is not questioned. Lack of individuality means less freedom.
Democracy, liberty, freedom, and progress are lost under ubiquitous mass surveillance. Dissent and forms of lawbreaking can be ways to improve society. There were many activities that were once considered terrible, but have become socially acceptable. Perfectly enforcing prior laws using mass surveillance would have meant that there would have been no time for citizens to consider those prior wrong acts as acceptable. There would have been no period when those acts would have been illegal, but become tolerable, and then acceptable and legal. A process that takes a lot of time. Deviation creates progress. Creativity is fostered by the lack of inhibitions in interactions not on the record.
Privacy is needed, even for those who have nothing to hide. Nothing wrong is done during the routine daily basic tasks. Privacy enables the individual have a choice, the power to select what information can be shared with whom. Nothing wrong with not sharing information given the context, such as seeking alternative employment without advising current employer. Nothing wrong in seeking private places for reflection and conversation. Privacy is a human right that gives humans dignity and respect. Ubiquitous surveillance means that the individuals has not power to control what and how their information is shared.
Research indicates that those under even the perception of constant surveillance makes people less physically and emotionally healthy. Surveillance that threatens the sense of oneself. Context matters for violations of privacy, for depending on what is found and by whom determines the damage done. The damage for privacy violations is higher for marginalized groups, and those in the public’s attention. Surveillance effects more those who are not in favor with those in power.
Security and privacy is usually associated by a trade-off, but that precipitates in inappropriate evaluations. That to get either security or privacy, the other must be sacrificed. This is a false trade-off. Costs of insecurity tend to be real and visceral, while costs of privacy loss are vague until faced with its aftereffects. There are security measures that do require a reduction in privacy, but others do not. Door locks and fences are for security and privacy. People become vulnerable without privacy, making people feel less secure. Privacy is enabled by the security of personal spaces and records. Even the U.S. constitution recognizes privacy as a fundamental right along with security.
Security and surveillance do have conflicting designs requirements. Making a system more secure, makes it harder to surveil, and vice versa. Not possible to create surveillance capacity for only appropriate people. Security protects information flow from damaging attacks of theft and destruction, of all users.
Caveats?
The book acknowledges a paradox within tracking. Referencing the ability to track every individual continuously, but also with government’s inability to catch threats using mass data. A resolution to this paradox might be practice, as it takes time and practice using the algorithms to find the threats. But this ability then leads to the threats against innocent people.
July 27, 2023
Nothing too new here, but in most cases in the book, that is because I'm late to reading it and picked up the storyline on some website or another.
Schneier's forced optimism towards the end felt like the coach of a last place team trying to rally us at halftime of the last game of the season when we're already down 34-0.
I had about 36 hours of hope that one of Trump's middle fingers to the establishment on his way out the door would be to pardon Snowden, but no luck there.
No doubt this review will be deanonymized and catalogued at several data centers and added to my digital file. So to that I say to the NSA - gosh, I love the United States or something.
WTR-582
Schneier's forced optimism towards the end felt like the coach of a last place team trying to rally us at halftime of the last game of the season when we're already down 34-0.
I had about 36 hours of hope that one of Trump's middle fingers to the establishment on his way out the door would be to pardon Snowden, but no luck there.
No doubt this review will be deanonymized and catalogued at several data centers and added to my digital file. So to that I say to the NSA - gosh, I love the United States or something.
WTR-582
August 28, 2018
Schneier brilliance and razor sharp thinking are perfectly apparent in this expertly crafted, concise, practical book. Every assertion is supported by copious endnotes, in a format every non-fiction book should immediately emulate — it powerfully encourages deeper investigation and openness. Refreshingly, more that a full third of the book is dedicated to Solutions. “We need to reaffirm our support for a free, open, and global Internet, and then work to ensure its continued existence.” (p221)
And his strong conclusion proved that this is the critical moment to set the correct technological and legal foundations.
“We fear terrorists more than the police, even though in the US you’re nine times more likely to be killed by a police officer than a terrorist” (p158)
http://washingtonsblog.com/2014/08/yo...
And this ratio is massively understated, at 155 deaths in 2011.
Obviously these 17 terrorism deaths don’t include mass shootings violence in the US…
“When you’re watching everything, you’re not seeing anything” (p161)
So much of the solutions are common sense, but amazingly, in many cases common sense is not what we’ve had, certainly since 9-11 but perhaps much longer. “The police should need a warrant to access my mail, whether it is on paper in my home, on a computer at work, or on Google’s servers somewhere in the world.” (p211) Obviously true, isn’t it? Yet only the first one is in any way secure. Especially his call for being the good guys in establishing trust for the internet, which we need more than others, is poignant and powerfully written. “Once we stop playing the subversion game, we can credibly devote our resources to detecting and preventing subversion by others — thereby increasing trust worldwide.” (p215)
Did you know that every three months Verizon turns over all of the metadata of it’s 290 million customers to the NSA, or at least did in 2013? Stunning. p244
Schneier is sometimes intentionally hilarious: “The legal regime justifying [your] defense depends on two things: who’s attacking you, and why. Unfortunately, when you’re being attacked in cyberspace, the two things you don’t know are who’s attacking you, and why.” (p217). Or on page 256 where he divulges that he enters the NSA’s physical address when queried for his own on pointless forms.
Not sure I know what to make of the author’s call for a “public commons” on pg 222.. As with Lanier’s remuneration of attention, I find this idea unrealistic, but also feel most of what Schneier writes is profoundly sensible. Have I forgotten that government can create public spaces? As I laugh at Corbyn’s ridiculous idea to have a government built Facebook.. which few would trust anyway. And how could any public space be kept free from anonymity empowered perverts and trolls, which sully and ruin most comment forums? Sometimes even paid for by Russia.
The idea of a having a class of corps/entities licensed as “information fiduciaries” is brilliant and novel.
Similarly, on p259, this call out is against popular perception/opinion: “if we want organizations like the NSA to protect our privacy, we’re going to have to give them new ways to perform their intelligence jobs.“
And just to demonstrate his ability to predict the future, here in 2014 before Cambridge Analytics he writes “ for Pete’s sake, don’t take those silly online surveys unless you know where your data is going to end up.” (P257)
And his strong conclusion proved that this is the critical moment to set the correct technological and legal foundations.
“We fear terrorists more than the police, even though in the US you’re nine times more likely to be killed by a police officer than a terrorist” (p158)
http://washingtonsblog.com/2014/08/yo...
And this ratio is massively understated, at 155 deaths in 2011.
Obviously these 17 terrorism deaths don’t include mass shootings violence in the US…
“When you’re watching everything, you’re not seeing anything” (p161)
So much of the solutions are common sense, but amazingly, in many cases common sense is not what we’ve had, certainly since 9-11 but perhaps much longer. “The police should need a warrant to access my mail, whether it is on paper in my home, on a computer at work, or on Google’s servers somewhere in the world.” (p211) Obviously true, isn’t it? Yet only the first one is in any way secure. Especially his call for being the good guys in establishing trust for the internet, which we need more than others, is poignant and powerfully written. “Once we stop playing the subversion game, we can credibly devote our resources to detecting and preventing subversion by others — thereby increasing trust worldwide.” (p215)
Did you know that every three months Verizon turns over all of the metadata of it’s 290 million customers to the NSA, or at least did in 2013? Stunning. p244
Schneier is sometimes intentionally hilarious: “The legal regime justifying [your] defense depends on two things: who’s attacking you, and why. Unfortunately, when you’re being attacked in cyberspace, the two things you don’t know are who’s attacking you, and why.” (p217). Or on page 256 where he divulges that he enters the NSA’s physical address when queried for his own on pointless forms.
Not sure I know what to make of the author’s call for a “public commons” on pg 222.. As with Lanier’s remuneration of attention, I find this idea unrealistic, but also feel most of what Schneier writes is profoundly sensible. Have I forgotten that government can create public spaces? As I laugh at Corbyn’s ridiculous idea to have a government built Facebook.. which few would trust anyway. And how could any public space be kept free from anonymity empowered perverts and trolls, which sully and ruin most comment forums? Sometimes even paid for by Russia.
The idea of a having a class of corps/entities licensed as “information fiduciaries” is brilliant and novel.
Similarly, on p259, this call out is against popular perception/opinion: “if we want organizations like the NSA to protect our privacy, we’re going to have to give them new ways to perform their intelligence jobs.“
And just to demonstrate his ability to predict the future, here in 2014 before Cambridge Analytics he writes “ for Pete’s sake, don’t take those silly online surveys unless you know where your data is going to end up.” (P257)
January 20, 2016
I work with data, and I am hopeful about the power of data to address human needs, especially in health care. But I am even more fearful that current abuses of personal data and privacy, with the inevitable backlash, will undermine these possibilities.
Schneiner's book, though not short, is the best, briefest, most readable summary of key debates and solutions in this domain. If I could give it six stars, I would.
This is how he presents the key question:
“How do we design systems that make use of our data collectively to benefit society as a whole, while at the same time protecting people individually?…This is it: this is the fundamental issue of the information age.”
The first chapters describe in detail (but not too technically) the kinds of data surveillance and collection that is routine now. There are systems that can send a blind call to a phone, no ring. It forces the phone to return a frequency, allowing the sender to learn the location of that phone to one meter.
He takes on some key arguments, such as "I have nothing to hide," saying privacy is an essential human need, it is not about hiding. He also challenges the argument that we can just "opt out" and not use social media. Not using any one tool may be an option, but some minimal engagement with these tools is now essential for one's career and social life.
He also disagrees that data collection does no harm if the data are not looked at. Surveillance is harmful, specifically mass, non-targeted surveillance, because of the chilling effect it has on human behaviour.
The book covers corporate and government surveillance, and their intersection in what he calls the "public-private surveillance partnership" (yes, the parallel with military-industrial complex is deliberate).
There are gems of examples, statistics and vocabulary here. He says there should be basic principles for personal data: Collect minimal data, keep data for a minimum time, and store it securely. In German, there is one word that captures all those principles:
Datensparsamkeit. 70% of the US govt intelligence budget is spent on purchases from private firms-data, equipment, services, etc.
He is also clear about what kind of right privacy is. "The more fundamental problem is the conception of privacy as something that should be subjected to commerce in this way. Privacy needs to be a fundamental right, not a property right."
Because I am an American living in Europe, I took note of his comments on privacy and data protection in the US vs the EU. We are at unique moment in the relationship between the US and the EU- both want harmonisation of data laws, mostly to make life easier for business. The debate could tip toward the US with its more permissive law, or toward the EU's more restrictive legal regime. He hopes the EU regime wins, and I agree with him. The EU's approach is not perfect, but its foundation is privacy as a fundamental right, and that is something we cannot give up.
Schneiner's book, though not short, is the best, briefest, most readable summary of key debates and solutions in this domain. If I could give it six stars, I would.
This is how he presents the key question:
“How do we design systems that make use of our data collectively to benefit society as a whole, while at the same time protecting people individually?…This is it: this is the fundamental issue of the information age.”
The first chapters describe in detail (but not too technically) the kinds of data surveillance and collection that is routine now. There are systems that can send a blind call to a phone, no ring. It forces the phone to return a frequency, allowing the sender to learn the location of that phone to one meter.
He takes on some key arguments, such as "I have nothing to hide," saying privacy is an essential human need, it is not about hiding. He also challenges the argument that we can just "opt out" and not use social media. Not using any one tool may be an option, but some minimal engagement with these tools is now essential for one's career and social life.
He also disagrees that data collection does no harm if the data are not looked at. Surveillance is harmful, specifically mass, non-targeted surveillance, because of the chilling effect it has on human behaviour.
The book covers corporate and government surveillance, and their intersection in what he calls the "public-private surveillance partnership" (yes, the parallel with military-industrial complex is deliberate).
There are gems of examples, statistics and vocabulary here. He says there should be basic principles for personal data: Collect minimal data, keep data for a minimum time, and store it securely. In German, there is one word that captures all those principles:
Datensparsamkeit. 70% of the US govt intelligence budget is spent on purchases from private firms-data, equipment, services, etc.
He is also clear about what kind of right privacy is. "The more fundamental problem is the conception of privacy as something that should be subjected to commerce in this way. Privacy needs to be a fundamental right, not a property right."
Because I am an American living in Europe, I took note of his comments on privacy and data protection in the US vs the EU. We are at unique moment in the relationship between the US and the EU- both want harmonisation of data laws, mostly to make life easier for business. The debate could tip toward the US with its more permissive law, or toward the EU's more restrictive legal regime. He hopes the EU regime wins, and I agree with him. The EU's approach is not perfect, but its foundation is privacy as a fundamental right, and that is something we cannot give up.
October 26, 2018
In an increasingly digital-oriented world, the lines of privacy and security have become blurred. With this rise in digital technology, computers constantly produce data about people's social lives, interests, physical well-being, and more. The shocking fact about it: Governments and corporations use this data to survey people's lives. Bruce Schneier expands on this reality and explains how a mass surveillance society has taken over our world. Schneier discusses what all is at stake, including our inherent right to privacy, when it comes to the harms mass surveillance has caused. Furthermore, Schneier proposes principles and policy recommendations that governments and corporations must apply to turn the tide of this phenomenon.
If I had to use one phrase to explain this read, I would say this book was "eye-opening." Technology has tremendous value and can accomplish great feats; however, it has the capability to harm others if abused. I really liked how Schneier concludes the book by giving practical advice to the general public on how to defend against surveillance. Overall, I would recommend this book to everyone because our world is becoming more and more digital and we should all be aware of the risks that come along with it.
If I had to use one phrase to explain this read, I would say this book was "eye-opening." Technology has tremendous value and can accomplish great feats; however, it has the capability to harm others if abused. I really liked how Schneier concludes the book by giving practical advice to the general public on how to defend against surveillance. Overall, I would recommend this book to everyone because our world is becoming more and more digital and we should all be aware of the risks that come along with it.
Displaying 1 - 30 of 403 reviews