Data and Goliath (71 page)

Read Data and Goliath Online

Authors: Bruce Schneier

BOOK: Data and Goliath
2.52Mb size Format: txt, pdf, ePub

SIGINT Enabling Project, 147–49

Silk Road, 105

Skype, 84, 148

SmartFilter, 82

smartphones:

app-based surveillance on, 48

cameras on, 41

as computers, 14

GPS tracking in, 3, 14, 216–17

MAC addresses and Bluetooth IDs in, 29

Smith, Michael Lee, 67–68

Snowden, Edward, 177, 178, 217

e-mail of, 94

Espionage Act and, 101

EU Parliament testimony of, 76

NSA and GCHQ documents released by, 6, 20, 40–41, 62, 65, 66, 67, 72, 74, 78, 96,
99–100, 121, 129, 144, 149, 150, 160–61, 172, 175, 182, 207, 223, 234, 238

Sochi Olympics, 70, 77

Socialists, Socialism, 92–93

social networking:

apps for, 51

customer scores and, 111

customer tracking and, 123

data collected in, 200–201

government surveillance of, 295–96

see also
specific companies

social norms:

fear and, 227–30

liberty and, 227

mass surveillance and, 226–38

privacy and, 227, 230–33

security and, 227

software:

security of, 141, 146

subscription vs. purchase models for, 60

Solove, Daniel, 93

SOMALGET, 65

Sophos, 82

Sotomayor, Sonia, 95, 342

South Korea, cyberattack on, 75

spy gadgets, 25–26

SSL encryption, 85–86

SSL (TLS) protocol, 215

Standard Chartered Bank, 35–36

Staples, 110

Stasi, 23

Steinhafel, Gregg, 142

strategic oversight, 162, 172–77

StingRay surveillance system, 100, 165

Stross, Charles, 128

Stuxnet, 75, 132, 146

collateral damage from, 150

Supreme Court, US, 26, 180, 361–62

third-party doctrine and, 68

surveillance:

automatic, 31–32

benefits of, 8, 190

as business model, 50, 56, 113–14, 206

cell phones as devices for, 1–3, 14, 28, 39, 46–47, 62, 100, 216–17, 219, 339

constant, negative health effects of, 127

cost of, 23–26

espionage vs., 170, 183–84

government abuses of, 101–5

government-on-government, 63, 73, 74, 75, 76, 158

hidden, 28–30

legitimate needs for, 219–20

as loaded term, 4

mass,
see
mass surveillance

oversight and accountability in, 161–63, 169, 172–78

overt, 28, 30

perception of, 7–8

personal computers as devices for, 3–4, 5

politics and, 213

pre-Internet, 64, 71

principles of, 155–66

targeted,
see
targeted surveillance

transparency and, 159–61, 169, 170–71, 176

surveillance technology:

cameras, 14, 17, 31–32

cost of, 25–26

shrinking size of, 29

Suspicious Activity Reports (SAR), 138

Sweeney, Latanya, 44, 263–64

SWIFT banking system, 73

Swire, Peter, 160

Syria, 81

NSA penetration of Internet infrastructure in, 74, 150

System for Operative Investigative Measures (SORM; Russia), 70

tactical oversight, 162, 177–79

Tailored Access Operations group (TAO), 72, 85, 144, 149, 187

Taleb, Nassim, 136

Target, 33, 34, 55

security breach of, 142, 193

targeted advertising,
see
advertising, personalized

targeted surveillance:

mass surveillance vs., 5, 26, 139–40, 174, 179–80, 184, 186

PATRIOT Act and, 174

tax fraud, data mining and, 137

technology:

benefits of, 8, 190–91

political undermining of, 213

privacy enhancing (PETs), 215–16, 217

see also
surveillance technology

telephone companies:

FBI demands for databases of, 27, 67

historical data stored by, 37, 67

NSA surveillance and, 122

transparency reports of, 207–8

see also
cell phone metadata;
specific companies

Teletrack, 53

TEMPORA, 79

Terrorism Identities Datamart Environment, 68, 136

terrorists, terrorism:

civil liberties vs., 135

government databases of, 68–69

as justification for mass surveillance, 4, 7, 170–71, 226, 246

mass surveillance as ineffective tool for detection of, 137–40, 228

and NSA’s expanded mission, 63, 65–66

terrorists, terrorism (
continue
d
)

overly broad definition of, 92

relative risk of, 332

Uighur, 219, 287

uniqueness of, 138

see also
counterterrorism; security; September 11, 2001, terrorist attacks

thermostats, smart, 15

third-party doctrine, 67–68, 180

TLS (SSL) protocol, 215

TOM-Skype, 70

Tor browser, 158, 216, 217

Torch Concepts, 79

trade secrets, algorithms as, 196

transparency:

algorithmic surveillance and, 196

corporate surveillance and, 192, 194, 196, 202, 207–8

legitimate secrecy vs., 332–33

surveillance and, 159–61, 169, 170–71, 176

Transparent Society, The
(Brin), 231

Transportation Security Administration, US (TSA), screening by, 136, 137, 159, 231,
321

Treasury, US, 36

Truman, Harry, 62, 230

trust, government surveillance and, 181–83

truth in lending laws, 196

Tsarnaev, Tamerlan, 69, 77, 139

Turkey, 76

Turla, 72

Twitter, 42, 58, 199, 208–9

metadata collected by, 23

Uber, 57

Uighur terrorists, 219, 287

Ukraine, 2, 39

Ulbricht, Ross (Dread Pirate Roberts), 105

“uncanny valley” phenomenon, 54–55

Underwear Bomber, 136, 139

UN High Commissioner on Human Rights, 96

Unit 8200, 77

United Kingdom:

anti-discrimination laws in, 93

data retention law in, 222

GCHQ of,
see
Government Communications Headquarters

in international intelligence partnerships, 76

Internet censorship in, 95

license plate scanners in, 27

mission creep in, 105

Regulation of Investigatory Powers Act (2000) of, 175

United Nations:

digital privacy resolution of, 232, 363–64

NSA surveillance of, 102, 183

United States:

data protection laws as absent from, 200

economic espionage by, 73

Germany’s relations with, 151, 234

intelligence budget of, 64–65, 80

NSA surveillance as undermining global stature of, 151

Stuxnet cyberattack by, 75, 132, 146, 150

Universal Declaration of Human Rights, 232

USA PATRIOT Act (2001), 105, 221, 227

Section 215 of, 65, 173–74, 208

Section 505 of, 67

US Cellular, 177

Usenet, 189

VASTech, 81

Verint, 2–3, 182

Verizon, 49, 67, 122

transparency reports of, 207–8

Veterans for Peace, 104

Vigilant Solutions, 26, 40

Vodafone, 79

voiceprints, 30

vulnerabilities, 145–46

fixing of, 180–81

NSA stockpiling of, 146–47

w0rmer (Higinio Ochoa), 42–43

Wall Street Journal
, 110

Wanamaker, John, 53

“warrant canaries,” 208, 354

warrant process, 92, 165, 169, 177, 180, 183, 184, 342

Constitution and, 92, 179, 184

FBI and, 26, 67–68

NSA evasion of, 175, 177, 179

third-party doctrine and, 67–68, 180

Watson, Sara M., 55

Watts, Peter, 126–27

Waze, 27–28, 199

weapons of mass destruction, overly broad definition of, 92, 295

weblining, 109

WebMD, 29

whistleblowers:

as essential to democracy, 178

legal protections for, 162, 169, 178–79, 342

prosecution of, 100–101, 178, 179, 222

Wickr, 124

Wi-Fi networks, location data and, 3

Wi-Fi passwords, 31

Wilson, Woodrow, 229

Windows 8, 59–60

Wired
, 119

workplace surveillance, 112

World War I, 229

World War II, 229

World Wide Web, 119, 210

writers, government surveillance and, 96

“wrong,” changing definition of, 92–93

Wyden, Ron, 172, 339

XKEYSCORE, 36

Yahoo, 84, 207

Chinese surveillance and, 209

government demands for data from, 208

increased encryption by, 208

NSA hacking of, 85

Yosemite (OS), 59–60

YouTube, 50

Zappa, Frank, 98

zero-day vulnerabilities, 145–46

NSA stockpiling of, 146–47, 180–81

ZTE, 81

Zuckerberg, Mark, 107, 125, 126

Praise for

DATA
AND
GOLIATH


Data and Goliath
is sorely needed. On top of the ongoing avalanche of stories of cyberwarfare, data
breaches, and corporate snooping, the Snowden revelations have left many people confused
and cynical about protecting their own privacy. My hope is that Bruce Schneier’s new
book will empower people to join the conversation in the courts and elsewhere about
how to think seriously and honestly about our current digital surveillance state and
more importantly, how to build a digital society run by the consent of the governed.”

—Cindy Cohn, legal director for the Electronic Frontier Foundation

“Bruce Schneier has written a hugely insightful and important book about how big data
and its cousin, mass surveillance, affect our lives, and what to do about it. In characteristic
fashion, Schneier takes very complex and varied information and ideas and makes them
vivid, accessible, and compelling.”

—Jack Goldsmith, former head of the Office of Legal
Counsel of the Department of Justice under George W. Bush

“The internet is a surveillance state, and like any technology, surveillance has both
good and bad uses. Bruce Schneier draws on his vast range of technical and historical
skills to sort them out. He analyzes both the challenge of big brother and many little
brothers. Anyone interested in security, liberty, privacy, and justice in this cyber
age must read this book.”

—Joseph S. Nye Jr., Harvard University Distinguished
Service Professor and author of
The Future of Power

“Bruce Schneier is the most consistently sober, authoritative, and knowledgeable voice
on security and privacy issues in our time. This book brings his experience and sharp
analytical skills to important and fast-evolving technology and human rights issues.
Much has been said about the way our government, financial institutions, and online
entities gather data, but less is said about how that seemingly infinite ocean of
data is used, or might be used. In the face of a vast spectrum of possibility, clouded
in secrecy, Bruce’s book is a voice of steady reason.”

—Xeni Jardin, co-editor of BoingBoing


Data and Goliath
is the indispensable guide to understanding the most important current threat to
freedom in democratic market societies. Whether you worry about government surveillance
in the post-Snowden era, or about Facebook and Google manipulating you based on their
vast data collections, Schneier, the leading, truly independent expert writing about
these threats today, offers a rich overview of the technologies and practices leading
us toward surveillance society and the diverse solutions we must pursue to save us
from that fate.”

—Yochai Benkler, Berkman Professor of Entrepreneurial Legal
Studies at Harvard Law School and author of
The Wealth of Networks

“Data, algorithms, and thinking machines give our corporations and political institutions
immense and far reaching powers. Bruce Schneier has done a remarkable job of breaking
down their impact on our privacy, our lives, and our society.
Data and Goliath
should be on everyone’s must read list.”

—Om Malik, founder of Gigaom

ABOUT THE AUTHOR

Bruce Schneier is an internationally renowned security technologist, called a “security
guru” by
The Economist
. He is the author of twelve books—including
Liars and Outliers: Enabling the Trust Society Needs to Survive
—as well as hundreds of articles, essays, and academic papers. His influential newsletter
“Crypto-Gram” and blog “Schneier on Security” are read by over 250,000 people. Schneier
is a fellow at the Berkman Center for Internet and Society at Harvard Law School,
a program fellow at the New America Foundation’s Open Technology Institute, a board
member of the Electronic Frontier Foundation, and an Advisory Board member of the
Electronic Privacy Information Center. He is also the Chief Technology Officer of
Resilient Systems, Inc.

You can read his blog, essays, and academic papers at www.schneier.com. He tweets
at @schneierblog.

As of press time, the URLs displayed in this book link or refer to existing websites
on the Internet. W. W. Norton & Company is not responsible for, and should not be
deemed to endorse or recommend, any website other than its own or any content available
on the Internet (including without limitation at any website, blog page, information
page) not created or maintained by W. W. Norton.

Copyright © 2015 by Bruce Schneier

All rights reserved

First Edition

For information about permission to reproduce selections from this book,

write to Permissions, W. W. Norton & Company, Inc.,

500 Fifth Avenue, New York, NY 10110

For information about special discounts for bulk purchases, please contact
W. W. Norton Special Sales at [email protected] or 800-233-4830

Book design by Daniel Lagin

Production manager: Julia Druskin

ISBN 978-0-393-24481-6
ISBN 978-0-393-24482-3 (e-book)

W. W. Norton & Company, Inc.

Other books

Death's Shadow by Jon Wells
A Different Kind of Despair by Nicole Martinsen
Death of a Gentle Lady by M. C. Beaton
The Good Die Twice by Lee Driver
Hitting Back by Andy Murray
Woman of Valor by Ellen Chesler
Her Doctor's Orders by Tilton, Emily
Wrestling With Love by Wrestling, Love
Shaman, Healer, Heretic by Green, M. Terry