Authors: Bruce Schneier
We should try to make them proud.
For me, writing a book is an exploration of a topic. I don’t know where I’ll end up
until I’m done writing. This makes it very hard for me to sell a book. I can’t provide
an outline. I can’t even say for sure what the book is about. Publishers don’t tend
to go for that.
First, I need to thank my agent, Eric Nelson at the Susan Rabiner Literary Agency,
for representing my book before there was a book. He believed that he could sell “the
next Schneier book” to a mainstream publisher, and believed it so much that he didn’t
ask for any formal agreement before he started.
Second, I need to thank my editor, Jeff Shreve, at Norton. He was willing to buy “the
next Schneier book” with only vague assurances as to what it was about. And he was
willing to accept my writing process.
I don’t write books from beginning to end. I write them from bottom to top. What I
mean is that at every moment I am working on the entire book at once. This has two
curious effects. One, the book is complete very soon after I start writing. It’s just
not very good, and improves as I keep writing. It just continues to improve as I keep
writing. And two, I would keep writing and improving the book forever if allowed to.
What I do is arbitrarily define “done” as the moment the book is due.
This process allows me to get detailed feedback on the book throughout the
process. Many people read all or parts of the manuscript: Ross Anderson, Steve Bass,
Caspar Bowden, Cody Charette, David Campbell, Karen Cooper, Dorothy Denning, Cory
Doctorow, Ryan Ellis, Addison Fischer, Camille François, Naomi Gilens, John Gilmore,
Jack Goldsmith, Bob Gourley, Bill Herdle, Deborah Hurley, Chrisma Jackson, Reynol
Junco, John Kelsey, Alexander Klimburg, David Levari, Stephen Leigh, Harry Lewis,
Jun Li, Ken Liu, Alex Loomis, Sascha Meinrath, Aleecia M. McDonald, Pablo Molina,
Ramez Naam, Peter Neumann, Joseph Nye, Cirsten Paine, David M. Perry, Leah Plunkett,
David Prentiss, Barath Raghavan, Marc Rotenberg, Martin Schneier, Seth David Schoen,
Adam Shostack, Peter Swire, Kit Walsh, Sara M. Watson, David Weinberger, Dustin Wenzel,
Marcy Wheeler, Richard Willey, Ben Wizner, Josephine Wolff, Jonathan Zittrain, and
Shoshana Zuboff. Every one of these people gave me suggestions that I incorporated
into the book.
A few people were invaluable in writing this book. Kathleen Seidel is the best researcher
I have ever found, and I can no longer imagine writing a book without her help. Same
with Rebecca Kessler, who edited the book twice during my writing process and gave
me critical suggestions each time. Beth Friedman, who has copyedited everything I
have written for over a decade, continues to be irreplaceable.
I would also like to thank Edward Snowden, whose courageous actions resulted in the
global conversation we are now having about surveillance. It’s not an exaggeration
to say that I would not have written this book had he not done what he did. Also,
as a longtime NSA watcher, reading those top-secret documents is pretty cool.
A note about the title. Both my editor and I immediately liked
Data and Goliath
, but there was a problem. Malcolm Gladwell had recently published a book titled
David and Goliath
. That wasn’t so bad, but my previous book was titled
Liars and Outliers
; it was published immediately after Gladwell’s previous book
Outliers
. Aping him twice seemed too much. In April, I explained my dilemma on my blog, and
received an e-mail out of the blue from Gladwell, saying, “i LOVE data and goliath!
:-)” So with his blessing—and blurb—the title stayed.
I wrote this book while a fellow at the Berkman Institute for Internet and Society
at Harvard Law School, and I can’t thank everyone there enough. The other fellows
and the various Harvard professors I spent time with
helped me think through these issues, as did the students in the reading group I led
in Spring 2014. Also, since January 2014, I have been the Chief Technology Officer
at Resilient Systems, and I must thank them as well. Even though the book isn’t directly
related to what we do at the company, I was given free rein to write it.
Finally, I would like to thank my friends, and especially my spouse, Karen Cooper,
for putting up with me in “book writing” mode. This one was easier than the last,
I know, but it was still hard.
Thank you all.
INTRODUCTION
It tracks where:
David J. Crandall et al. (8 Dec 2010), “Inferring social ties from geographic coincidences,”
Proceedings of the National Academy of Sciences of the United States of America
107, http://www.pnas.org/content/107/52/22436.short.
The accumulated data:
German politician Malte Spitz demonstrated the power of geolocation data by making
six months of his daily whereabouts available to journalists. Zeit Online (Mar 2011),
“Tell-all telephone,”
Zeit Online
, http://www.zeit.de/datenschutz/malte-spitz-data-retention.
researchers were able:
Manlio De Domenico, Antonio Lima, and Mirco Musolesi (18–19 Jun 2012), “Interdependence
and predictability of human mobility and social interactions,” Nokia Mobile Data Challenge
Workshop, Newcastle, UK, http://www.cs.bham.ac.uk/research/projects/nsl/mobility-prediction.
Cell phone location analysis:
Coordinating cell phone tower data with actual recorded wiretap audio is very strong
evidence in court that a defendant is not credible, as he can be shown to be lying
by his own words. This type of evidence was instrumental in convicting Scott Peterson
of murdering his wife in 2002 after his mistress, Amber Frey, cooperated with police.
Associated Press (27 Aug 2004), “Testimony in Peterson trial turns to evidence from
computers,”
USA Today
, http://usatoday30.usatoday.com/news/nation/2004-08-27-peterson_x.htm.
The police can “ping”:
Evan Perez and Siobhan Gorman (15 Jun 2013), “Phones leave a telltale trail,”
Wall Street Journal
, http://online.wsj.com/news/articles/SB1
000
1424127887324049504578545352803220058. Trevor Hughes (7 Dec 2013), “Cellphone data
aided in solving two Larimer County murders,”
Coloradoan
, http://archive.coloradoan.com/article/20131207/NEWS01/312070068/Cellphone-data-aided-solving-two-Larimer-County-murders.
police are using this data:
They are overstating its accuracy, though, and convicting innocent people on the
basis of the data.
Economist
(6 Sep 2014), “The two towers,”
Economist
,
http://www.economist.com/news/united-states/21615622-junk-science-putting-innocent-people-jail-two-towers.
Mike Masnick (9 Sep 2014), “Turns out cell phone location data is not even close to
accurate, but everyone falls for it,”
Tech Dirt
, https://www.techdirt.com/articles/20140908/04435128452/turns-out-cell-phone-location-data-is-not-even-close-to-accurate-everyone-falls-it.shtml.
the government of Ukraine:
Heather Murphy (22 Jan 2014), “Ominous text message sent to protesters in Kiev sends
chills around the Internet,”
The Lede
,
New York Times
, http://thelede.blogs.nytimes.com/2014/01/22/ominous-text-message-sent-to-protesters-in-kiev-sends-chills-around-the-internet.
Michigan police sought information:
Michael Isikoff (18 Feb 2010), “FBI tracks suspects’ cell phones without a warrant,”
Newsweek
, http://www.newsweek.com/fbi-tracks-suspects-cell-phones-without-warrant-75099.
Companies use your phone:
Steve Olenski (17 Jan 2013), “Is location based advertising the future of mobile
marketing and mobile advertising?”
Forbes
, http://www.forbes.com/sites/marketshare/2013/01/17/is-location-based-advertising-the-future-of-mobile-marketing-and-mobile-advertising.
John McDermott (20 Feb 2014), “Why the Web’s biggest players are gobbling up location-based
apps,”
Digiday
, http://digiday.com/platforms/apple-google-microsoft-yahoo-are-betting-on-mobile.
location data is so valuable:
Anton Troianovski (21 May 2013), “Phone firms sell data on customers,”
Wall Street Journal
, http://online.wsj.com/news/articles/SB1
000
1424127887323463704578497153556847658. Rachel King (13 Jul 2013), “ACLU: AT&T customer
privacy at risk,”
CIO Journal, Wall Street Journal
Blogs
, http://blogs.wsj.com/cio/2013/07/13/aclu-att-customer-privacy-at-risk.
Companies like Sense Networks:
Hiawatha Bray (8 Jul 2013), “Cellphone data mined to create personal profiles,”
Boston Globe
, http://www.bostonglobe.com/business/2013/07/07/your-cellphone-yourself/eSvTK1UCqNOE7D4qbAcWPL/story.html.
Verint sells cell phone tracking systems:
Craig Timberg (24 Aug 2014), “For sale: Systems that can secretly track where cellphone
users go around the globe,”
Washington Post
, http://www.washingtonpost.com/business/technology/for-sale-systems-that-can-secretly-track-where-cellphone-users-go-around-the-globe/2014/08/24/f0700e8a-f003-11e3-bf76-447a5df6411f_story.html.
The company’s website:
Verint (2014), “About Verint,” http://www.verint.com/about.
“blind” call to a phone:
Privacy International (2012), “Cobham sells monitoring centres, phone monitoring,
technical surveillance and location monitoring technology. British export law doesn’t
specifically regulate these technologies, so they can easily end up in the wrong hands,”
https://www.privacyinternational.org/sii/cobham.
The company boasts:
The full list as of 2011 is Algeria, Australia, Austria, Belgium, Brunei, the Czech
Republic, Georgia, Ghana, Ireland, Kuwait, Libya, Norway, Pakistan, Saudi Arabia,
Singapore, the Slovak Republic, Spain, Sweden, Taiwan, Turkey, the United Kingdom,
and the United States. Cobham (2011), “Tactical C4I systems: Eagle–Close Combat Radio
(CCR),” https://s3.amazonaws.com/s3.documentcloud.org/documents/409237/115-cobham-tactical-c4i.pdf.
Defentek . . . sells a system:
Craig Timberg (24 Aug 2014), “For sale: Systems that can secretly track where cellphone
users go around the globe,”
Washington Post
, http://www.washingtonpost.com/business/technology/for-sale-systems-that-can-secretly-track-where-cellphone-users-go-around-the-globe/2014/08/24/f0700e8a-f003-11e3-bf76-447a5df6411f_story.html.
Tobias Engel demonstrated:
Tobias Engel (9 Jan 2009), “Locating mobile phones using Signalling System #7,”
Chaos Computer Club
, http://berlin.ccc.de/~tobias/25c3-locating-mobile-phones.pdf.
collect and sell it:
Kevin J. O’Brien (28 Oct 2012), “Data-gathering via apps presents a gray legal area,”
New York Times
, http://www.nytimes.com/2012/10/29/technology/mobile-apps-have-a-ravenous-ability-to-collect-personal-data.html.
HelloSpy is an app:
There are quite a few of these tracking apps out there. HelloSpy is particularly
blatant. Although the disclaimer on the home page states that it is designed for “ethical
spying for parents,” or use on a “mobile device that you own or have proper consent
to monitor,” the literature also trumpets its ability to operate in “stealth mode,”
and has a page dedicated to marital infidelity. See http://hellospy.com.
spy on his wife or girlfriend:
StealthGenie is another spyware app. In 2014, its CEO was indicted and arrested for
selling it in the US. Craig Timberg and Matt Zapatosly (29 Sep 2014), “Maker of StealthGenie,
an app used for spying, is indicted in Virginia,”
Washington Post
, http://www.washingtonpost.com/business/technology/make-of-app-used-for-spying-indicted-in-virginia/2014/09/29/816b45b8-4805-11e4-a046-120a8a855cca_story.html.
spy on their employees:
Spencer E. Ange and Lauren Weber (22 Oct 2013), “Memo to workers: The boss is watching,”
Wall Street Journal
, http://online.wsj.com/news/articles/SB1
000
1424052702303672404579151440488919138.
cell phone location data:
Barton Gellman and Ashkan Soltani (4 Dec 2013), “NSA tracking cellphone locations
worldwide, Snowden documents show,”
Washington Post
, http://www.washingtonpost.com/world/national-security/nsa-tracking-cellphone-locations-worldwide-snowden-documents-show/2013/12/04/5492873a-5cf2-11e3-bc56-c6ca94801fac_story.html.
Ashkan Soltani and Barton Gellman (10 Dec 2013), “New documents show how the NSA infers
relationships based on mobile location data,”
Washington Post
, http://www.washingtonpost.com/blogs/the-switch/wp/2013/12/10/new-documents-show-how-the-nsa-infers-relationships-based-on-mobile-location-data.
James Glanz, Jeff Larson, and Andrew W. Lehren (27 Jan 2014), “Spy agencies tap data
streaming from phone apps,”
New York Times
, http://www.nytimes.com/2014/01/28/world/spy-agencies-scour-phone-apps-for-personal-data.html.
even when they are turned off:
We don’t know definitively whether this is true or not. Dana Priest (21 Jul 2013),
“NSA growth fueled by need to target terrorists,”
Washington Post
, http://www.washingtonpost.com/world/national-security/nsa-growth-fueled-by-need-to-target-terrorists/2013/07/21/24c93cf4-f0b1-11e2-bed3-b9b6fe264871_story.html.
Ryan Gallagher (22 Jul 2013), “NSA can reportedly track phones even when they’re turned
off,”
Slate
, http://www.slate.com/blogs/future_tense/2013/07/22/nsa_can_reportedly_track_cellphones_even_when_they_re_turned_off.html.
golden age of surveillance:
As far as I know, this is Peter Swire’s term. Peter Swire and Kenesa Ahmad (28 Nov
2011), “‘Going dark’ versus a ‘golden age for surveillance,’” Center for Democracy
and Technology, http://www.futureofprivacy.org/wp-content/uploads/Going-Dark-Versus-a-Golden-Age-for-Surveillance-Peter-Swire-and-Kenesa-A.pdf.