Authors: Bruce Schneier
SIGINT Enabling Project, 147–49
Silk Road, 105
Skype, 84, 148
SmartFilter, 82
smartphones:
app-based surveillance on, 48
cameras on, 41
as computers, 14
GPS tracking in, 3, 14, 216–17
MAC addresses and Bluetooth IDs in, 29
Smith, Michael Lee, 67–68
Snowden, Edward, 177, 178, 217
e-mail of, 94
Espionage Act and, 101
EU Parliament testimony of, 76
NSA and GCHQ documents released by, 6, 20, 40–41, 62, 65, 66, 67, 72, 74, 78, 96,
99–100, 121, 129, 144, 149, 150, 160–61, 172, 175, 182, 207, 223, 234, 238
Sochi Olympics, 70, 77
Socialists, Socialism, 92–93
social networking:
apps for, 51
customer scores and, 111
customer tracking and, 123
data collected in, 200–201
government surveillance of, 295–96
see also
specific companies
social norms:
fear and, 227–30
liberty and, 227
mass surveillance and, 226–38
privacy and, 227, 230–33
security and, 227
software:
security of, 141, 146
subscription vs. purchase models for, 60
Solove, Daniel, 93
SOMALGET, 65
Sophos, 82
Sotomayor, Sonia, 95, 342
South Korea, cyberattack on, 75
spy gadgets, 25–26
SSL encryption, 85–86
SSL (TLS) protocol, 215
Standard Chartered Bank, 35–36
Staples, 110
Stasi, 23
Steinhafel, Gregg, 142
strategic oversight, 162, 172–77
StingRay surveillance system, 100, 165
Stross, Charles, 128
Stuxnet, 75, 132, 146
collateral damage from, 150
Supreme Court, US, 26, 180, 361–62
third-party doctrine and, 68
surveillance:
automatic, 31–32
benefits of, 8, 190
as business model, 50, 56, 113–14, 206
cell phones as devices for, 1–3, 14, 28, 39, 46–47, 62, 100, 216–17, 219, 339
constant, negative health effects of, 127
cost of, 23–26
espionage vs., 170, 183–84
government abuses of, 101–5
government-on-government, 63, 73, 74, 75, 76, 158
hidden, 28–30
legitimate needs for, 219–20
as loaded term, 4
mass,
see
mass surveillance
oversight and accountability in, 161–63, 169, 172–78
overt, 28, 30
perception of, 7–8
personal computers as devices for, 3–4, 5
politics and, 213
pre-Internet, 64, 71
principles of, 155–66
targeted,
see
targeted surveillance
transparency and, 159–61, 169, 170–71, 176
surveillance technology:
cameras, 14, 17, 31–32
cost of, 25–26
shrinking size of, 29
Suspicious Activity Reports (SAR), 138
Sweeney, Latanya, 44, 263–64
SWIFT banking system, 73
Swire, Peter, 160
Syria, 81
NSA penetration of Internet infrastructure in, 74, 150
System for Operative Investigative Measures (SORM; Russia), 70
tactical oversight, 162, 177–79
Tailored Access Operations group (TAO), 72, 85, 144, 149, 187
Taleb, Nassim, 136
Target, 33, 34, 55
security breach of, 142, 193
targeted advertising,
see
advertising, personalized
targeted surveillance:
mass surveillance vs., 5, 26, 139–40, 174, 179–80, 184, 186
PATRIOT Act and, 174
tax fraud, data mining and, 137
technology:
benefits of, 8, 190–91
political undermining of, 213
privacy enhancing (PETs), 215–16, 217
see also
surveillance technology
telephone companies:
FBI demands for databases of, 27, 67
historical data stored by, 37, 67
NSA surveillance and, 122
transparency reports of, 207–8
see also
cell phone metadata;
specific companies
Teletrack, 53
TEMPORA, 79
Terrorism Identities Datamart Environment, 68, 136
terrorists, terrorism:
civil liberties vs., 135
government databases of, 68–69
as justification for mass surveillance, 4, 7, 170–71, 226, 246
mass surveillance as ineffective tool for detection of, 137–40, 228
and NSA’s expanded mission, 63, 65–66
terrorists, terrorism (
continue
d
)
overly broad definition of, 92
relative risk of, 332
Uighur, 219, 287
uniqueness of, 138
see also
counterterrorism; security; September 11, 2001, terrorist attacks
thermostats, smart, 15
third-party doctrine, 67–68, 180
TLS (SSL) protocol, 215
TOM-Skype, 70
Tor browser, 158, 216, 217
Torch Concepts, 79
trade secrets, algorithms as, 196
transparency:
algorithmic surveillance and, 196
corporate surveillance and, 192, 194, 196, 202, 207–8
legitimate secrecy vs., 332–33
surveillance and, 159–61, 169, 170–71, 176
Transparent Society, The
(Brin), 231
Transportation Security Administration, US (TSA), screening by, 136, 137, 159, 231,
321
Treasury, US, 36
Truman, Harry, 62, 230
trust, government surveillance and, 181–83
truth in lending laws, 196
Tsarnaev, Tamerlan, 69, 77, 139
Turkey, 76
Turla, 72
Twitter, 42, 58, 199, 208–9
metadata collected by, 23
Uber, 57
Uighur terrorists, 219, 287
Ukraine, 2, 39
Ulbricht, Ross (Dread Pirate Roberts), 105
“uncanny valley” phenomenon, 54–55
Underwear Bomber, 136, 139
UN High Commissioner on Human Rights, 96
Unit 8200, 77
United Kingdom:
anti-discrimination laws in, 93
data retention law in, 222
GCHQ of,
see
Government Communications Headquarters
in international intelligence partnerships, 76
Internet censorship in, 95
license plate scanners in, 27
mission creep in, 105
Regulation of Investigatory Powers Act (2000) of, 175
United Nations:
digital privacy resolution of, 232, 363–64
NSA surveillance of, 102, 183
United States:
data protection laws as absent from, 200
economic espionage by, 73
Germany’s relations with, 151, 234
intelligence budget of, 64–65, 80
NSA surveillance as undermining global stature of, 151
Stuxnet cyberattack by, 75, 132, 146, 150
Universal Declaration of Human Rights, 232
USA PATRIOT Act (2001), 105, 221, 227
Section 215 of, 65, 173–74, 208
Section 505 of, 67
US Cellular, 177
Usenet, 189
VASTech, 81
Verint, 2–3, 182
Verizon, 49, 67, 122
transparency reports of, 207–8
Veterans for Peace, 104
Vigilant Solutions, 26, 40
Vodafone, 79
voiceprints, 30
vulnerabilities, 145–46
fixing of, 180–81
NSA stockpiling of, 146–47
w0rmer (Higinio Ochoa), 42–43
Wall Street Journal
, 110
Wanamaker, John, 53
“warrant canaries,” 208, 354
warrant process, 92, 165, 169, 177, 180, 183, 184, 342
Constitution and, 92, 179, 184
FBI and, 26, 67–68
NSA evasion of, 175, 177, 179
third-party doctrine and, 67–68, 180
Watson, Sara M., 55
Watts, Peter, 126–27
Waze, 27–28, 199
weapons of mass destruction, overly broad definition of, 92, 295
weblining, 109
WebMD, 29
whistleblowers:
as essential to democracy, 178
legal protections for, 162, 169, 178–79, 342
prosecution of, 100–101, 178, 179, 222
Wickr, 124
Wi-Fi networks, location data and, 3
Wi-Fi passwords, 31
Wilson, Woodrow, 229
Windows 8, 59–60
Wired
, 119
workplace surveillance, 112
World War I, 229
World War II, 229
World Wide Web, 119, 210
writers, government surveillance and, 96
“wrong,” changing definition of, 92–93
Wyden, Ron, 172, 339
XKEYSCORE, 36
Yahoo, 84, 207
Chinese surveillance and, 209
government demands for data from, 208
increased encryption by, 208
NSA hacking of, 85
Yosemite (OS), 59–60
YouTube, 50
Zappa, Frank, 98
zero-day vulnerabilities, 145–46
NSA stockpiling of, 146–47, 180–81
ZTE, 81
Zuckerberg, Mark, 107, 125, 126
Praise for
DATA
AND
GOLIATH
“
Data and Goliath
is sorely needed. On top of the ongoing avalanche of stories of cyberwarfare, data
breaches, and corporate snooping, the Snowden revelations have left many people confused
and cynical about protecting their own privacy. My hope is that Bruce Schneier’s new
book will empower people to join the conversation in the courts and elsewhere about
how to think seriously and honestly about our current digital surveillance state and
more importantly, how to build a digital society run by the consent of the governed.”
—Cindy Cohn, legal director for the Electronic Frontier Foundation
“Bruce Schneier has written a hugely insightful and important book about how big data
and its cousin, mass surveillance, affect our lives, and what to do about it. In characteristic
fashion, Schneier takes very complex and varied information and ideas and makes them
vivid, accessible, and compelling.”
—Jack Goldsmith, former head of the Office of Legal
Counsel of the Department of Justice under George W. Bush
“The internet is a surveillance state, and like any technology, surveillance has both
good and bad uses. Bruce Schneier draws on his vast range of technical and historical
skills to sort them out. He analyzes both the challenge of big brother and many little
brothers. Anyone interested in security, liberty, privacy, and justice in this cyber
age must read this book.”
—Joseph S. Nye Jr., Harvard University Distinguished
Service Professor and author of
The Future of Power
“Bruce Schneier is the most consistently sober, authoritative, and knowledgeable voice
on security and privacy issues in our time. This book brings his experience and sharp
analytical skills to important and fast-evolving technology and human rights issues.
Much has been said about the way our government, financial institutions, and online
entities gather data, but less is said about how that seemingly infinite ocean of
data is used, or might be used. In the face of a vast spectrum of possibility, clouded
in secrecy, Bruce’s book is a voice of steady reason.”
—Xeni Jardin, co-editor of BoingBoing
“
Data and Goliath
is the indispensable guide to understanding the most important current threat to
freedom in democratic market societies. Whether you worry about government surveillance
in the post-Snowden era, or about Facebook and Google manipulating you based on their
vast data collections, Schneier, the leading, truly independent expert writing about
these threats today, offers a rich overview of the technologies and practices leading
us toward surveillance society and the diverse solutions we must pursue to save us
from that fate.”
—Yochai Benkler, Berkman Professor of Entrepreneurial Legal
Studies at Harvard Law School and author of
The Wealth of Networks
“Data, algorithms, and thinking machines give our corporations and political institutions
immense and far reaching powers. Bruce Schneier has done a remarkable job of breaking
down their impact on our privacy, our lives, and our society.
Data and Goliath
should be on everyone’s must read list.”
—Om Malik, founder of Gigaom
ABOUT THE AUTHOR
Bruce Schneier is an internationally renowned security technologist, called a “security
guru” by
The Economist
. He is the author of twelve books—including
Liars and Outliers: Enabling the Trust Society Needs to Survive
—as well as hundreds of articles, essays, and academic papers. His influential newsletter
“Crypto-Gram” and blog “Schneier on Security” are read by over 250,000 people. Schneier
is a fellow at the Berkman Center for Internet and Society at Harvard Law School,
a program fellow at the New America Foundation’s Open Technology Institute, a board
member of the Electronic Frontier Foundation, and an Advisory Board member of the
Electronic Privacy Information Center. He is also the Chief Technology Officer of
Resilient Systems, Inc.
You can read his blog, essays, and academic papers at www.schneier.com. He tweets
at @schneierblog.
As of press time, the URLs displayed in this book link or refer to existing websites
on the Internet. W. W. Norton & Company is not responsible for, and should not be
deemed to endorse or recommend, any website other than its own or any content available
on the Internet (including without limitation at any website, blog page, information
page) not created or maintained by W. W. Norton.
Copyright © 2015 by Bruce Schneier
All rights reserved
First Edition
For information about permission to reproduce selections from this book,
write to Permissions, W. W. Norton & Company, Inc.,
500 Fifth Avenue, New York, NY 10110
For information about special discounts for bulk purchases, please contact
W. W. Norton Special Sales at [email protected] or 800-233-4830
Book design by Daniel Lagin
Production manager: Julia Druskin
ISBN 978-0-393-24481-6
ISBN 978-0-393-24482-3 (e-book)
W. W. Norton & Company, Inc.