© 2015 Bruce Schneier
400 pages, including 160 pgs of citations.
You're being watched -- all the time, no matter where you go or what you do. Not by mysterious men in trench coats, or even black suits, shades, and earwigs -- but by the very system you live in. Perhaps watched isn't the right word; monitored may be more apt. In virtually every moment of the day in the developed world, billions of people are passing on data about themselves, knowingly and unknowingly. Our phones report where we are, as do our cars if they are new enough; in-store cameras track and analyze our shopping patterns, or alert security if we act aberrant; and we add to the data stream ourselves by taking inexplicable photos of our lunch and sharing them on facebook. Bruce Schneier has been involved with cybersecurity from the early days of the internet, and in Data and Goliath he alerts lay audiences to the fact that in the last fifteen years, a giant infrastructure of observation has grown around them, the joint work of companies out to sell you and governments out to control (sorry, "protect") you. After reducing the reader to a wide-eyed paranoiac, he then offers suggestions as to regulation might rein in the government and corporations, and -- more practically -- gives the reader ideas of how to safeguard against the worst aspects of the All Seeing iWorld.
We live in a digital world, quite literally. Not only have computerized systems become nearly as ubiquitous as asphalt at this point – in our phones, our cars, our homes, our electric grid – but much of our live is now lived in a digital sphere. A decade ago that might have only been true for socially awkward teenagers who found online Starcraft more appealing than in-person awkwardness. These days, virtually everyone spends part of the day partially engrossed in the web, particularly through social media. Unlike communing in a café over the latest photographs or stories, our online connections are monitored and recorded. There’s no conspiracy involved; we pass our information through electronic portals, and the information is saved as part of the network’s very infrastructure before it can be transmitted. More deliberate monitoring and recording is also at work: online businesses track our activity to create better ads, and ever since 2001 the NSA has been obsessive about detecting terrorists through electronic data collection. A certain amount of this is tolerable in both instances, but questionable territory is reached when Facebook begins using users’ tagged photos to create sophisticated facial recognition software, or when NSA begins piling up information and filching emails en masse from people not accused of a crime, merely declared connected by software.
Data and Goliath contains a litany of alarming and unsettling accounts of digital innovation across the globe. Government practices in the United States, China, United Kingdom, and Iran all fall under fire, with the US taking the heaviest flak given its Wikileaks exposure. Have the multitude of stories about the NSA’s email abuses become commonplace? Consider their exciting proprietary tools that imitate a cell tower, allowing them to listen to whatever phone latches on to it – or their coercion of American companies to add in “backdoors” to their telecommunications systems, like Cisco’s routers. That’s not just an American problem: international traffic flows through American infrastructure, and as knowledge of Uncle Sam’s masterkey filters through the international community, sales for US equipment are struggling and criminals are learning to trip the backdoors themselves. Central to much of the abuse is the idea of collecting as much data as possible, then looking for the patterns.
In the interests of not driving readers into the ranks of the Amish, Schneier attempts to provide grounds for hope, suggesting regulation that might rein in government and business alike. He proposes, for instance, a reorganization of the NSA that would reduce its scope and shift the more likely-to-be-abused aspects into a military organization with harsher oversight, like the US Cyber Command. One regulatory idea for the private sector he has is forbidding companies from maintaining lengthy records of consumers without their consent: Apple may need to know where your iPhone is for it to connect to service providers, but it doesn’t need to record your movements. No branch of the government is likely to dismember the nascent surveillance state, not when they find it so useful – and find the prospect of public outrage after an attack so intimidating. More promising is the chapter on how people can minimize their own exposure to data collection. One relatively simple practice that I've adopted for years is using browser plugins like Disconnect to prevent facebook from tracking me across sites: even don't even have to be a member for that plugin to create a cookie for my computer and compile traffic data about it. If some agency is intent on finding you, being analyzed may be inevitable: even people who take pains to move in the shadows of the web can be caught, including trained Israeli intelligence agents.
Data and Goliath demonstrates superbly how information-gathering is not simply a matter of government overreach, but endemic to the way the internet has developed thus far. The danger lies in our growing so used to this passive surveillance that we forget what it was to live privately. It is an invaluable resource for realizing how exposed we are living in the digital world.
Related:
- The Internet Police: How Crime Went Online and the Cops Followed. More on the law and order side.
- 10 Don't On Your Digital Devices, Eric Rzesut, Daniel Bachrach. Covering your electronic caboose for beginners!
This has been on my 'watch' list for a while. I like the way he writes and he often has very useful advice. More of this sort of thing @ my place in the coming months..
ReplyDeleteSame here. I've got one already lined up, and in the months to come I plan to read a couple of pieces on cyberwar. One lessons that's sinking in is that the globe is wide-open. National borders, even distinctions between states and corporations, mean very little when it comes to cyber intrusions. They're all contenders on the same level.
ReplyDelete