We should try to make them proud.
Acknowledgments
For me, writing a book is an exploration of a topic. I don’t know where I’ll end up until I’m done writing. This makes it very hard for me to sell a book. I can’t provide an outline. I can’t even say for sure what the book is about. Publishers don’t tend to go for that.
First, I need to thank my agent, Eric Nelson at the Susan Rabiner Literary Agency, for representing my book before there was a book. He believed that he could sell “the next Schneier book” to a mainstream publisher, and believed it so much that he didn’t ask for any formal agreement before he started.
Second, I need to thank my editor, Jeff Shreve, at Norton. He was willing to buy “the next Schneier book” with only vague assurances as to what it was about. And he was willing to accept my writing process.
I don’t write books from beginning to end. I write them from bottom to top. What I mean is that at every moment I am working on the entire book at once. This has two curious effects. One, the book is complete very soon after I start writing. It’s just not very good, and improves as I keep writing. It just continues to improve as I keep writing. And two, I would keep writing and improving the book forever if allowed to. What I do is arbitrarily define “done” as the moment the book is due.
This process allows me to get detailed feedback on the book throughout the process. Many people read all or parts of the manuscript: Ross Anderson, Steve Bass, Caspar Bowden, Cody Charette, David Campbell, Karen Cooper, Dorothy Denning, Cory Doctorow, Ryan Ellis, Addison Fischer, Camille François, Naomi Gilens, John Gilmore, Jack Goldsmith, Bob Gourley, Bill Herdle, Deborah Hurley, Chrisma Jackson, Reynol Junco, John Kelsey, Alexander Klimburg, David Levari, Stephen Leigh, Harry Lewis, Jun Li, Ken Liu, Alex Loomis, Sascha Meinrath, Aleecia M. McDonald, Pablo Molina, Ramez Naam, Peter Neumann, Joseph Nye, Cirsten Paine, David M. Perry, Leah Plunkett, David Prentiss, Barath Raghavan, Marc Rotenberg, Martin Schneier, Seth David Schoen, Adam Shostack, Peter Swire, Kit Walsh, Sara M. Watson, David Weinberger, Dustin Wenzel, Marcy Wheeler, Richard Willey, Ben Wizner, Josephine Wolff, Jonathan Zittrain, and Shoshana Zuboff. Every one of these people gave me suggestions that I incorporated into the book.
A few people were invaluable in writing this book. Kathleen Seidel is the best researcher I have ever found, and I can no longer imagine writing a book without her help. Same with Rebecca Kessler, who edited the book twice during my writing process and gave me critical suggestions each time. Beth Friedman, who has copyedited everything I have written for over a decade, continues to be irreplaceable.
I would also like to thank Edward Snowden, whose courageous actions resulted in the global conversation we are now having about surveillance. It’s not an exaggeration to say that I would not have written this book had he not done what he did. Also, as a longtime NSA watcher, reading those top-secret documents is pretty cool.
A note about the title. Both my editor and I immediately liked Data and Goliath, but there was a problem. Malcolm Gladwell had recently published a book titled David and Goliath. That wasn’t so bad, but my previous book was titled Liars and Outliers; it was published immediately after Gladwell’s previous book Outliers. Aping him twice seemed too much. In April, I explained my dilemma on my blog, and received an e-mail out of the blue from Gladwell, saying, “i LOVE data and goliath! :-)” So with his blessing—and blurb—the title stayed.
I wrote this book while a fellow at the Berkman Institute for Internet and Society at Harvard Law School, and I can’t thank everyone there enough. The other fellows and the various Harvard professors I spent time with helped me think through these issues, as did the students in the reading group I led in Spring 2014. Also, since January 2014, I have been the Chief Technology Officer at Resilient Systems, and I must thank them as well. Even though the book isn’t directly related to what we do at the company, I was given free rein to write it.
Finally, I would like to thank my friends, and especially my spouse, Karen Cooper, for putting up with me in “book writing” mode. This one was easier than the last, I know, but it was still hard.
Thank you all.
NOTES
INTRODUCTION
It tracks where: David J. Crandall et al. (8 Dec 2010), “Inferring social ties from geographic coincidences,” Proceedings of the National Academy of Sciences of the United States of America 107, http://www.pnas.org/content/107/52/22436.short.
The accumulated data: German politician Malte Spitz demonstrated the power of geolocation data by making six months of his daily whereabouts available to journalists. Zeit Online (Mar 2011), “Tell-all telephone,” Zeit Online, http://www.zeit.de/datenschutz/malte-spitz-data-retention.
researchers were able: Manlio De Domenico, Antonio Lima, and Mirco Musolesi (18–19 Jun 2012), “Interdependence and predictability of human mobility and social interactions,” Nokia Mobile Data Challenge Workshop, Newcastle, UK, http://www.cs.bham.ac.uk/research/projects/nsl/mobility-prediction.
Cell phone location analysis: Coordinating cell phone tower data with actual recorded wiretap audio is very strong evidence in court that a defendant is not credible, as he can be shown to be lying by his own words. This type of evidence was instrumental in convicting Scott Peterson of murdering his wife in 2002 after his mistress, Amber Frey, cooperated with police. Associated Press (27 Aug 2004), “Testimony in Peterson trial turns to evidence from computers,” USA Today, http://usatoday30.usatoday.com/news/nation/2004-08-27-peterson_x.htm.
The police can “ping”: Evan Perez and Siobhan Gorman (15 Jun 2013), “Phones leave a telltale trail,” Wall Street Journal, http://online.wsj.com/news/articles/SB10001424127887324049504578545352803220058. Trevor Hughes (7 Dec 2013), “Cellphone data aided in solving two Larimer County murders,” Coloradoan, http://archive.coloradoan.com/article/20131207/NEWS01/312070068/Cellphone-data-aided-solving-two-Larimer-County-murders.
police are using this data: They are overstating its accuracy, though, and convicting innocent people on the basis of the data. Economist (6 Sep 2014), “The two towers,” Economist, http://www.economist.com/news/united-states/21615622-junk-science-putting-innocent-people-jail-two-towers. Mike Masnick (9 Sep 2014), “Turns out cell phone location data is not even close to accurate, but everyone falls for it,” Tech Dirt, https://www.techdirt.com/articles/20140908/04435128452/turns-out-cell-phone-location-data-is-not-even-close-to-accurate-everyone-falls-it.shtml.
the government of Ukraine: Heather Murphy (22 Jan 2014), “Ominous text message sent to protesters in Kiev sends chills around the Internet,” The Lede, New York Times, http://thelede.blogs.nytimes.com/2014/01/22/ominous-text-message-sent-to-protesters-in-kiev-sends-chills-around-the-internet.
Michigan police sought information: Michael Isikoff (18 Feb 2010), “FBI tracks suspects’ cell phones without a warrant,” Newsweek, http://www.newsweek.com/fbi-tracks-suspects-cell-phones-without-warrant-75099.
Companies use your phone: Steve Olenski (17 Jan 2013), “Is location based advertising the future of mobile marketing and mobile advertising?” Forbes, http://www.forbes.com/sites/marketshare/2013/01/17/is-location-based-advertising-the-future-of-mobile-marketing-and-mobile-advertising. John McDermott (20 Feb 2014), “Why the Web’s biggest players are gobbling up location-based apps,” Digiday, http://digiday.com/platforms/apple-google-microsoft-yahoo-are-betting-on-mobile.
location data is so valuable: Anton Troianovski (21 May 2013), “Phone firms sell data on customers,” Wall Street Journal, http://online.wsj.com/news/articles/SB10001424127887323463704578497153556847658. Rachel King (13 Jul 2013), “ACLU: AT&T customer privacy at risk,” CIO Journal, Wall Street Journal Blogs, http://blogs.wsj.com/cio/2013/07/13/aclu-att-customer-privacy-at-risk.
Companies like Sense Networks: Hiawatha Bray (8 Jul 2013), “Cellphone data mined to create personal profiles,” Boston Globe, http://www.bostonglobe.com/business/2013/07/07/your-cellphone-yourself/eSvTK1UCqNOE7D4qbAcWPL/story.html.
Verint sells cell phone tra
cking systems: Craig Timberg (24 Aug 2014), “For sale: Systems that can secretly track where cellphone users go around the globe,” Washington Post, http://www.washingtonpost.com/business/technology/for-sale-systems-that-can-secretly-track-where-cellphone-users-go-around-the-globe/2014/08/24/f0700e8a-f003-11e3-bf76-447a5df6411f_story.html.
The company’s website: Verint (2014), “About Verint,” http://www.verint.com/about.
“blind” call to a phone: Privacy International (2012), “Cobham sells monitoring centres, phone monitoring, technical surveillance and location monitoring technology. British export law doesn’t specifically regulate these technologies, so they can easily end up in the wrong hands,” https://www.privacyinternational.org/sii/cobham.
The company boasts: The full list as of 2011 is Algeria, Australia, Austria, Belgium, Brunei, the Czech Republic, Georgia, Ghana, Ireland, Kuwait, Libya, Norway, Pakistan, Saudi Arabia, Singapore, the Slovak Republic, Spain, Sweden, Taiwan, Turkey, the United Kingdom, and the United States. Cobham (2011), “Tactical C4I systems: Eagle–Close Combat Radio (CCR),” https://s3.amazonaws.com/s3.documentcloud.org/documents/409237/115-cobham-tactical-c4i.pdf.
Defentek . . . sells a system: Craig Timberg (24 Aug 2014), “For sale: Systems that can secretly track where cellphone users go around the globe,” Washington Post, http://www.washingtonpost.com/business/technology/for-sale-systems-that-can-secretly-track-where-cellphone-users-go-around-the-globe/2014/08/24/f0700e8a-f003-11e3-bf76-447a5df6411f_story.html.
Tobias Engel demonstrated: Tobias Engel (9 Jan 2009), “Locating mobile phones using Signalling System #7,” Chaos Computer Club, http://berlin.ccc.de/~tobias/25c3-locating-mobile-phones.pdf.
collect and sell it: Kevin J. O’Brien (28 Oct 2012), “Data-gathering via apps presents a gray legal area,” New York Times, http://www.nytimes.com/2012/10/29/technology/mobile-apps-have-a-ravenous-ability-to-collect-personal-data.html.
HelloSpy is an app: There are quite a few of these tracking apps out there. HelloSpy is particularly blatant. Although the disclaimer on the home page states that it is designed for “ethical spying for parents,” or use on a “mobile device that you own or have proper consent to monitor,” the literature also trumpets its ability to operate in “stealth mode,” and has a page dedicated to marital infidelity. See http://hellospy.com.
spy on his wife or girlfriend: StealthGenie is another spyware app. In 2014, its CEO was indicted and arrested for selling it in the US. Craig Timberg and Matt Zapatosly (29 Sep 2014), “Maker of StealthGenie, an app used for spying, is indicted in Virginia,” Washington Post, http://www.washingtonpost.com/business/technology/make-of-app-used-for-spying-indicted-in-virginia/2014/09/29/816b45b8-4805-11e4-a046-120a8a855cca_story.html.
spy on their employees: Spencer E. Ange and Lauren Weber (22 Oct 2013), “Memo to workers: The boss is watching,” Wall Street Journal, http://online.wsj.com/news/articles/SB10001424052702303672404579151440488919138.
cell phone location data: Barton Gellman and Ashkan Soltani (4 Dec 2013), “NSA tracking cellphone locations worldwide, Snowden documents show,” Washington Post, http://www.washingtonpost.com/world/national-security/nsa-tracking-cellphone-locations-worldwide-snowden-documents-show/2013/12/04/5492873a-5cf2-11e3-bc56-c6ca94801fac_story.html. Ashkan Soltani and Barton Gellman (10 Dec 2013), “New documents show how the NSA infers relationships based on mobile location data,” Washington Post, http://www.washingtonpost.com/blogs/the-switch/wp/2013/12/10/new-documents-show-how-the-nsa-infers-relationships-based-on-mobile-location-data. James Glanz, Jeff Larson, and Andrew W. Lehren (27 Jan 2014), “Spy agencies tap data streaming from phone apps,” New York Times, http://www.nytimes.com/2014/01/28/world/spy-agencies-scour-phone-apps-for-personal-data.html.
even when they are turned off: We don’t know definitively whether this is true or not. Dana Priest (21 Jul 2013), “NSA growth fueled by need to target terrorists,” Washington Post, http://www.washingtonpost.com/world/national-security/nsa-growth-fueled-by-need-to-target-terrorists/2013/07/21/24c93cf4-f0b1-11e2-bed3-b9b6fe264871_story.html. Ryan Gallagher (22 Jul 2013), “NSA can reportedly track phones even when they’re turned off,” Slate, http://www.slate.com/blogs/future_tense/2013/07/22/nsa_can_reportedly_track_cellphones_even_when_they_re_turned_off.html.
golden age of surveillance: As far as I know, this is Peter Swire’s term. Peter Swire and Kenesa Ahmad (28 Nov 2011), “‘Going dark’ versus a ‘golden age for surveillance,’” Center for Democracy and Technology, http://www.futureofprivacy.org/wp-content/uploads/Going-Dark-Versus-a-Golden-Age-for-Surveillance-Peter-Swire-and-Kenesa-A.pdf.
“You have zero privacy anyway.”: Polly Sprenger (26 Jan 1999), “Sun on privacy: ‘Get over it,’” Wired, http://archive.wired.com/politics/law/news/1999/01/17538.
US military defines surveillance: US Joint Chiefs of Staff (11 Aug 2011), “Joint Operations,” Joint Publication 3-0, http://fas.org/irp/doddir/dod/jp3_0.pdf.
if you let us have all your data: Eric Schmidt and Jared Cohen (2013), The New Digital Age: Reshaping the Future of People, Nations and Business, Knopf, http://www.newdigitalage.com.
That’s the NSA’s justification: No one ever explicitly refers to the bargain, but everyone argues that surveillance is necessary to keep us safe. Patricia Zengerle and Tabassum Zakaria (18 Jun 2013), “NSA head, lawmakers defend surveillance programs,” Reuters, http://www.reuters.com/article/2013/06/18/us-usa-security-idUSBRE95H15O20130618. Al Jazeera (29 Oct 2013), “NSA chief defends spy program in face of protest from allies,” Al Jazeera, http://america.aljazeera.com/articles/2013/10/29/nsa-chief-defendsspyprogramamidusriftwitheurope.html.
We need to think: Technology critic Evgeny Morozov makes this point. Evgeny Morozov (22 Oct 2013), “The real privacy problem,” MIT Technology Review, http://www.technologyreview.com/featuredstory/520426/the-real-privacy-problem.
1: DATA AS A BY-PRODUCT OF COMPUTING
uniquely identify your computer: Peter Eckersley (Jul 2010), “How unique is your web browser?” Proceedings of the 10th International Conference on Privacy Enhancing Technologies, Berlin, https://panopticlick.eff.org/browser-uniqueness.pdf.
your smartphone pinpoints you: Paul A. Zandbergen (26 Jun 2009), “Accuracy of iPhone locations: A comparison of assisted GPS, WiFi and cellular positioning,” Transactions in GIS 13, http://onlinelibrary.wiley.com/doi/10.1111/j.1467-9671.2009.01152.x/abstract. Paul A. Zandbergen and Sean J. Barbeau (Jul 2011), “Positional accuracy of assisted GPS data from high-sensitivity GPS-enabled mobile phones,” Journal of Navigation 64, http://www.paulzandbergen.com/files/Zandbergen_Barbeau_JON_2011.pdf.
Modern cars are loaded with computers: Ben Wojdyla (21 Feb 2012), “How it works: The computer inside your car,” Popular Mechanics, http://www.popularmechanics.com/cars/how-to/repair/how-it-works-the-computer-inside-your-car.
Much of that is automatically recorded: Nate Cardozo (11 Feb 2013), “Mandatory black boxes in cars raise privacy questions,” Electronic Frontier Foundation, https://www.eff.org/press/releases/mandatory-black-boxes-cars-raise-privacy-questions.
A self-driving car: Lucas Mearian (23 Jul 2013), “Self-driving cars could create 1GB of data a second,” Computer World, http://www.computerworld.com/s/article/9240992/Self_driving_cars_could_create_1GB_of_data_a_second.
Embedded in digital photos: Benjamin Henne, Maximilian Koch, and Matthew Smith (3–7 Mar 2014), “On the awareness, control and privacy of shared photo metadata,” Distributed Computing & Security Group, Leibniz University, presented at the Eighteenth International Conference for Financial Cryptography and Data Security, Barbados, http://ifca.ai/fc14/papers/fc14_submission_117.pdf.
15 If you upload the photo: This is a particularly creepy story about camera metadata. Mathew Honan (19 Jan 2009), “I am here: One man’s experiment with the location-aware lifestyle,” Wired, http://www.wired.com/gadgets/wireless/magazine/17-02/lp_guineapig.
automatic payment systems, such as EZPass: Increasingly, governments are removing the anonymous cash option. Adrianne Jef
fries (27 Mar 2013), “Golden Gate Bridge’s new cashless tollway promises convenience in exchange for privacy,” Verge, http://www.theverge.com/2013/3/27/4150702/golden-gate-bridges-new-cashless-tollway-promises-convenience-for-privacy. Anh Do (20 Mar 2014), “Orange County’s toll roads going cashless,” Los Angeles Times, http://www.latimes.com/local/lanow/la-me-ln-cashless-toll-roads-20140320-story.html. Trevor Pettiford (13 Jun 2014), “Veterans Expressway tolls to start going cashless,” Bay News 9, http://www.baynews9.com/content/news/baynews9/news/article.html/content/news/articles/bn9/2014/6/13/veterans_expressway_.html. Martine Powers (17 Jul 2014), “Starting Monday, no more cash at Tobin tolls,” Boston Globe, http://www.bostonglobe.com/metro/2014/07/16/starting-monday-more-cash-tobin/WZKMDilsfLULQtYiGZCrEK/story.html.
The smart thermostat: Nest (2012), “Nest Learning Thermostat,” http://certified.nest.com/resources/NEST_POS_brochure_r7_300.pdf.
a smart refrigerator: Eliza Barclay (4 May 2012), “The ‘smart fridge’ finds the lost lettuce, for a price,” The Salt: What’s On Your Plate, NPR, http://www.npr.org/blogs/thesalt/2012/05/03/151968878/the-smart-fridge-finds-the-lost-lettuce-for-a-price.
a smart air conditioner: Ry Crist (8 Jan 2014), “Haier’s new air conditioner is the first Apple-certified home appliance,” CNET, http://ces.cnet.com/8301-35306_1-57616915/haiers-new-air-conditioner-is-the-first-apple-certified-home-appliance.
smart smoke and carbon monoxide detector: Heather Kelley (15 Jan 2014), “Google wants to run your home with Nest,” CNN, http://www.cnn.com/2014/01/15/tech/innovation/google-connect-home-nest.
Data and Goliath Page 27