[review] Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World

Bruce Schneier has recently released his latest book covering the use of data in our modern day world. Taking a deep dive into the world of privacy, surveilence and encryption this was a real page turner, resulting in it really difficult to put down. I had to keep reminding myself this was not fiction. This was real life. This is now. We’ve sold our digital souls, yet most have not yet realized this and are happily ignorant of the consequences that we are willfully handing over.

Schneier starts off by painting a picture of our digital lives, noting just how much data we generate daily, by simply interacting in the world. This is before we even get to the data that your smartphone is betraying on your behalf. Remember that nifty little free torchlight app you installed to turn on your camera flash permanently? Well it is collecting your location data and selling it to a data bureau. Even Angry Birds as at it – why does a game need to know your location?

Sun Microsystems’ CEO Scott McNealy said it plainly way back in 1999: “You have zero privacy anyway. Get over it.” He’s wrong about how we should react to surveillance, of course, but he’s right that it’s becoming harder and harder to avoid surveillance and maintain privacy.

He continues to paint the picture, “The bargain you make, again and again, with various companies is surveillance in exchange for free service” and the price we are really paying for this. Everything we do is recorded for later use. It wasn’t always like this. In the old days we could read newspapers, listen to the radio, watch the TV without any log file being generated recording the event.

“If you have nothing to hide, then you have nothing to fear.” This is a dangerously narrow conception of the value of privacy.

Privacy is a key human right and Schneier delves deep into what privacy means to human beings and how we as a species requires a level of privacy to maintain our social interactions. We need our curtains and our locks on the doors. We interact differently when we know we are being recorded. Think you how different you feel and interact when a friend is recording you on video. He notes Think of how you act when a police car is driving next to you, or how an entire country acts when state agents are listening to phone calls. When we know everything is being recorded, we are less likely to speak freely and act individually.

He highlights something that had me pause for quite some time to have a good think.

We don’t lie to our search engine. We’re more intimate with it than with our friends, lovers, or family members. We always tell it exactly what we’re thinking about, in words as clear as possible. Google knows what kind of porn each of us searches for, which old lovers we still think about, our shames, our concerns, and our secrets.

We are telling private companies, with no public or government oversight our most intimate secrets. They in return are piecing together all these snippets and shaping adverts and services in return. Think for a minute of all the things you have searched for in the past 20 years. Looking at it cold, what sort of personality does that paint? Scary eh?

Using public anonymous data from the 1990 census, computer scientist Latanya Sweeney found that 87% of the population in the United States, 216 million of 248 million people, could likely be uniquely identified by their five-digit ZIP code combined with their gender and date of birth. For about half, just a city, town, or municipality name was sufficient.

But all the data is anonymized isn’t it? We’re just a sequence of numbers with no real information attached to it? You would be wrong. Schneier details how bringing together data sets can bring a huge amount of clarity. He cites the Netflix example. Netflix released a whole bunch of anonymized data of peoples viewing and rating habits. They did this to promote a competition for people to attempt to better tune their recommendation engine. However, by smashing this data up against public data sets, like IMDB, they were able to identify a large percentage of this data set. Apparently, when you watch a Netflix movie, you are very likely to be looking it up and rating it on IMDB. Simple and effective. “It turns out that if you eliminate the top 100 movies everyone watches, our movie-watching habits are all pretty individual.

Researchers at Carnegie Mellon University did something similar. They put a camera in a public place, captured images of people walking past, identified them with facial recognition software and Facebook’s public tagged photo database, and correlated the names with other databases. The result was that they were able to display personal information about a person in real time as he or she was walking by.

He talks about the law, both past, present and the future. He contrasts the US system with the European system, with an interesting tidbit popping out – “Unlike in the EU, in the US today personal information about you is not your property; it’s owned by the collector.

Our relationship with many of the Internet companies we rely on is not a traditional company–customer relationship. That’s primarily because we’re not customers. We’re products those companies sell to their real customers. [..] For example, marketers know that women feel less attractive on Mondays, and that that’s the best time to advertise cosmetics to them.

There is a chapter on what we can do to stem this flood of information we are willingly handing over. For example, you can install a browser extension to delete all the tracking cookies/beacons. You can make sure you are always using https to avoid man-in-the-middle attacks. Even in the real world, when a cashier asks for your address, and you feel socially guilted into giving it, then use this one: “9800 Savage Road, Columbia, MD, 20755”: the address of the NSA.

This book is not a scaremongering tin foil hat fodder. It is filled with real stories, extensive discussion on the Edward Snowden revelations (he was one of the original journalists that went through the initial hail) and practical thoughts on how we as a society can combat this and get some perspective on the current situation.

Personally, I have installed the Ghostery Chrome Plugin and was shocked at just the amount of data I was leaking as I surfed around. Definitely worth a read and definitely worth a conversation with someone afterwards.

Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World