[Book review] Data and Goliath by Bruce Schneier
Wed, 09 May 2018 || By Faiz Rahman

With today’s rapid technological advancement, almost every activity such as communication, work, and business can be done easily and efficiently through the many available devices and applications. Although it seems that we have so many benefits of the rapid development of technologies, many unseen threats also await. One of the most serious issues in this digital era is concerning our privacy and data protection. Today, in this big data era, governments and private companies can easily obtain our data from various media – such as devices and applications developed by the governments and private companies – and use these data to ‘surveil’ us. Bruce Schneier, one of the world’s foremost security experts, elaborates “surveillance in the digital era” issue comprehensively in his book Data and Goliath. Just like what it states on the book cover, Data and Goliath shows us intriguing stories and staggering facts about the hidden battles in collecting people’s data and how to control their world, which are conducted by governments and private corporations.

The author introduces the topic with an illustration on how governments and companies can keep us under their surveillance by using only one kind of data from one machine, which is the location data from our cell phone. As it is known, to use the services provided by the cell phone companies, we should (indirectly) allow them to know where we are, as we cannot use the services if there is no signal or connection available. By having our location data, they can track our daily activities and even our habits based on the analysis of our location information. In addition, this information are also used by the police, for instance, in criminal investigations to trail criminals using their cell phone location data history or by analyzing cell phone data from a specific area. However, what makes it more terrifying today, criminals can also adopt this kind of mechanism. We must admit that recently, more and more devices and applications are being developed and used widely. Imagine the amount of data produced by these devices and applications. These data can be easily obtained and utilized by either the governments or private companies—often for their own interests.

The discussion in this book is divided into three big parts. The first part looks into “the world we’re creating”, the second part about “what’s at stake”, and the last part “what to do about it”. The first part of the book tells us a narrative about the surveillance society that we are living in. Schneier shows that humans today are surrounded by computers, because we use many devices and applications daily. These so-called computers can record our activities too. For instance, internet browsers can record our browsing history, social media applications are able to document our interactions, and cameras can produce a photo embedded with some data-like date, time, and location. Schneier mentions that by 2015, approximately 76 Exabytes data travel across the Internet every year, of which partly gathered and used by governments and corporations for their interests. This is what a surveillance society or an information-age surveillance state looks like. It is ubiquitous, and it can be done using algorithms.

Furthermore, in the second part, as the title indicates, Schneier explains the harms that arise from this ubiquitous mass surveillance. Schneier discusses the five most apparent aspects which are harmed by the ubiquitous surveillance: (1) political liberty and justice; (2) commercial fairness and equality; (3) business competitiveness; (4) privacy; and (5) security. He elaborates the issues by giving a concrete example in each aspect. For instance, the ubiquitous surveillance can be used to accuse people based on data, where in the UK, people are sent to jail because of racist tweets. In Hawaii, a man was arrested because he posted a video on Facebook showing himself drinking while driving.

In addition, data can be manipulated through this ubiquitous surveillance. This kind of manipulation is later called as “filter bubble”, which is an algorithm that is able to ‘manipulate’ what we see according to our interests indicated by our profile. Also, even if we published minimum information about us on the internet, they can still identify who we are by analyzing data from the people we have contacted. There are many more interesting, yet staggering examples discussed by Schneier on the harms which arise from the use of such ubiquitous mass surveillance. Nevertheless, these examples demonstrate that maybe today we live in an era where privacy does not exist anymore, as surveillance are done automatically by the algorithms, not by people. It also shows that the harms from mass surveillance disproportionately outweigh the benefits.

Finally, the last part of the book outlines some solutions for governments, corporations, and for people in general about the surveillance issues raised in this book. As the book’s perspective is reflected from the practice in the US, most of the solutions are only applicable to the US. However, there are still several solutions that could be adopted by other countries too. Principally, the proposed solutions are based on general principles such as transparency, oversight, and accountability. For example, the government needs to be more transparent and accountable for their surveillance activities. Schneier also suggest that to prevent abuse, it is necessary to have transparency laws for surveillance and legislation for intelligence. Besides, he also indicates that some other regulations such as (personal) data use regulation are also deemed needed. Such regulation exists in the EU – regulation concerning data collection for both government and private sector – as well as “truth in product” laws[i] that regulate corporations. These regulations are needed, at least, to give formal and technical protection to citizens’ privacy rights. As for people in general, to protect our data and identities in this internet era, we can use numerous privacy and anonymity technologies that are available. The last chapter of this book demonstrates that, although many harms arise, our data are valuable assets to society, especially in this big data era. It is useful for aspects such as urban planning, as well as preventing fraud and money laundering. In the end, Schneier re-emphasizes that protecting privacy is one of the biggest challenges in this information age.

To conclude, this book gives a comprehensive yet understandable narrative on the reality of the information age, the age where we are living in the surveillance society. However, most of the discussions are based on US practices, which may be irrelevant and not applicable in other countries, including Indonesia. Nevertheless, this book is interesting to read as it broadens our perspective on the other side of technological development, and how ‘surveillance’ in the digital age works. Schneier provides many examples that are really happening around us, which make his explanations easier to understand. The references used are extensive and well-documented. Thus, anyone who wants to elaborate the issue raised in this book deeply can access those references.

Editors: Diah Ratna Pratiwi, M.Dev & Viyasa Rahyaputra, S.IP

 


                Schneier, B. (2015). Data and Goliath. New York: W.W. Norton & Company, Inc.

[i]      It means that corporations required to disclose what they are tracking their visitors or recording their users. As there are so many places where surveillance is hidden, it needs to be salient as well. (See Ibid, 204).