After sitting in my reading list for years, I finally got to read “Data and Goliath” by Bruce Schneier. Overall, this book is as well written as all of Schneier’s books, and is just as scientifically accurate (to the best that I could tell). However, whoever the audience for his book is, they may find it missing essential parts that make it not just a pleasant read, but also a useful one.
This book is written so clearly that reading it will flow well for security professionals and the general public alike. I recommended it to a few acquaintances who are not security savvy nor even technologists, but who should know more about the information exchange ecosystem that they fuel with their personal data.
The book is an essay of sheer activism. It is a bit militant and political, as the topic is and as would be necessary for getting its point across. As interesting and engaging as it is, however, some readers will note key parts that are insufficiently covered. People who engage daily with the security and privacy industries will find
that the book preaches to the converted with little new information. People who are not familiar with the claims and their context, will find little or no counter arguments to the personal opinion of the author.
There is also one omission that disappointed me personally the most, and it is an omission that is common to almost all privacy-promoting texts. It does not clearly and directly answer the question of what the individual has to lose at present by improperly safeguarding his/her personal data. It is very clear why privacy is essential at the macro level and for society as a whole; it is less evident why privacy and data-control is essential at the present and micro level, that is, the question: “what concrete harm might be caused to me by improperly safeguarding my personal data?” – is in my opinion inadequately answered. I suspect it will be extremely difficult to convince people to be more careful with their personal data until we can demonstrate some direct harm to the individual by failing to do so.
So should one read this book? Most likely, yes. It gives an excellent overview with tons of eye-opening facts. It certainly is an engaging book that instills a lot of motivation in deploying proper controls on data collection. One shall just keep in mind that this book is one-sided and leaves some questions unanswered.