Data and Goliath (56 page)

Read Data and Goliath Online

Authors: Bruce Schneier

BOOK: Data and Goliath
10.51Mb size Format: txt, pdf, ePub

Bill Gates learned this:
Elizabeth Wasserman (17 Nov 1998), “Gates deposition makes judge laugh in court,”
CNN, http://edition.cnn.com/TECH/computing/9811/17/judgelaugh.ms.idg.

100 female celebrities learned it:
Bill Hutchinson (31 Aug 2014), “Jennifer Lawrence, other celebrities have nude photos
leaked on Internet after massive hacking scandal,”
New York Daily News
, http://www.nydailynews.com/entertainment/gossip/jennifer-lawrence-celebrities-nude-photos-leaked-internet-article-1.1923369.

Some bars record the IDs:
The company Servall Biometrics markets driver’s license scanners for this purpose.
Servall Biometrics (2014), “ClubSecurity: ID scanners for bars and nightclubs,” http://www.servallbiometrics.com/index.php/products.

Charles Stross described this:
Charles Stross (14 May 2007), “Shaping the future,”
Charlie’s Diary
, http://www.antipope.org/charlie/blog-static/2007/05/shaping_the_future.html.

We won’t forget anything:
A Ted Chiang short story explores this idea. Ted Chiang (Fall 2013), “The truth of
fact, the truth of feeling,”
Subterranean Press Magazine
, http://subterraneanpress.com/magazine/fall_2013/the_truth_of_fact_the_truth_of_feeling_by_ted_chiang.

Having everything recorded:
Communication scholar Harold Innis first described the bias inherent in different
forms of communication. He noted that some mediums preserved communication in time,
while others worked across space. These properties led to different forms of control
and social engagement. Harold Innis (1951),
The Bias of Communication
, University of Toronto Press, http://books.google.com?id=egwZyS26booC.

We misremember:
The research here is fascinating. We even forget details of important events. Several
researchers studied people’s memories of where they were when the space shuttle exploded,
the O. J. Simpson verdict was announced, and the terrorist attacks of 9/11 occurred.
John Neil Bohannon III (Jul 1988), “Flashbulb memories for the space shuttle disaster:
A tale of two theories,”
Cognition
29, http://www.sciencedirect.com/science/article/pii/0010027788900364. Heike Schmolck,
Elizabeth A. Buffalo, and Larry R. Squire (Jan 2
000
), “Memory distortions develop over time: Recollections of the O. J. Simpson trial
verdict after 15 and 32 months,”
Psychological Science
11, http://psycnet.apa.org/psycinfo/2
000
-15144-007. Jennifer M. Talarico and David C. Rubin (Sep 2003), “Confidence, not consistency,
characterizes flashbulb memories,”
Psychological Science
14, http://911memory.nyu.edu/abstracts/talarico_rubin.pdf. Andrew R. A. Conway et
al. (Jul 2008), “Flashbulb memory for 11 September 2001,”
Applied Cognitive Psychology
23, http://onlinelibrary.wiley.com/doi/10.1002/acp.1497/abstract.

Even minor infractions:
Michelle Natividad Rodriguez and Maurice Emsellem (Mar 2011), “65 million need not
apply: The case for reforming criminal background checks for employment,”
National Employment Law Project, http://www.nelp.org/page/-/65_Million_Need_Not_Apply.pdf.

Losing the ephemeral:
Wendy Hui Kyong Chun (Autumn 2008), “The enduring ephemeral, or the future is a memory,”
Critical Inquiry
35, http://www.ucl.ac.uk/art-history/events/past-imperfect/chun-reading.

That’s just plain wrong:
Bruce Schneier (27 Feb 2014), “NSA robots are ‘collecting’ your data, too, and they’re
getting away with it,”
Guardian
, http://www.theguardian.com/commentisfree/2014/feb/27/nsa-robots-algorithm-surveillance-bruce-schneier.

all sorts of NSA word games:
Electronic Frontier Foundation (2013), “The government’s word games when talking
about NSA domestic spying,” https://www.eff.org/nsa-spying/wordgames. Trevor Timm
(14 Aug 2013), “A guide to the deceptions, misinformation, and word games officials
use to mislead the public about NSA surveillance,” Electronic Frontier Foundation,
https://www.eff.org/deeplinks/2013/08/guide-deceptions-word-games-obfuscations-officials-use-mislead-public-about-nsa.

The word “collect”:
A 1982 procedures manual says, “. . . information shall be considered as ‘collected’
only when it has been received for use by an employee of a DoD intelligence component
in the course of his official duties.” And “. . . data acquired by electronic means
is ‘collected’ only when it has been processed into intelligible form.” US Department
of Defense, Office of the Under Secretary of Defense for Policy (Dec 1982), “Procedures
governing the activities of DoD intelligence components that affect United States
persons,” DoD 5240-1R, p. 15, http://www.fas.org/irp/doddir/dod/d5240_1_r.pdf.

It doesn’t mean collect:
The DoD even cautions against thinking about and using words accurately. “Procedure
2 introduces the reader of DoD 5240.1-R to his or her first entry into the ‘maze’
of the regulation. To begin the journey, it is necessary to stop first and adjust
your vocabulary. The terms and words used in DoD 5240.1-R have very specific meanings,
and it is often the case that one can be led astray by relying on the generic or commonly
understood definition of a particular word.” US Defense Intelligence Agency, Defense
HUMINT Service (Aug 2004),
Intelligence Law Handbook
, Defense Intelligence Management Document CC-
000
0-181-95, https://www.aclu.org/files/assets/eo12333/DIA/Intelligence%20Law%20Handbook%20Defense%20HUMINT%20Service.pdf.

All those books are stored:
Andrea Mitchell (9 Jun 2013), “Transcript of Andrea Mitchell’s interview with Director
of National Intelligence James Clapper,”
NBC News
, http://www.nbcumv.com/mediavillage/networks/nbcnews/pressreleases?pr=contents/press-releases/2013/06/09/nbcnewsexclusiv1370799482417.xml.

Clapper asserts he didn’t lie:
Ron Wyden (12 Mar 2013), “Wyden in intelligence hearing on GPS surveillance & Nat’l
Security Agency collection,”
YouTube
, https://www.youtube.com/watch?v=QwiUVUJmGjs.

no human reads those Gmail messages:
Google (2014), “Ads in Gmail,” https://support.google.com/mail/answer/6603?hl=en.

You might be told:
In 2010, the TSA assured us that its full-body scanners were not saving data. Documents
released to the Electronic Privacy Information Center showed that the scanners were
shipped with hard drives and USB ports. Ginger McCall (3 Aug 2010), “Documents reveal
that body scanners routinely store and record images,” Electronic Privacy Information
Center, http://epic.org/press/EPIC_Body_Scanner_Press_Release_08_03_10.pdf. Declan
McCullagh (4 Aug 2010), “Feds admit storing
checkpoint body scan images,”
CNET
, http://www.cnet.com/news/feds-admit-storing-checkpoint-body-scan-images. US Transportation
Security Administration (6 Aug 2010), “TSA response to ‘Feds admit storing checkpoint
body scan images,’”
TSA Blog
, http://blog.tsa.gov/2010/08/tsa-response-to-feds-admit-storing.html.

The primary difference:
This is why we’re not worried about Furbies, but would be if they contained recording
devices. Although for a while, the NSA was worried. British Broadcasting Corporation
(13 Jan 1999), “Furby toy or Furby spy?”
BBC News
, http://news.bbc.co.uk/2/hi/americas/254094.stm.

If you do object:
Bruce Schneier (21 Oct 2013), “Why the NSA’s defense of mass data collection makes
no sense,”
Atlantic
, http://www.theatlantic.com/politics/archive/2013/10/why-the-nsas-defense-of-mass-data-collection-makes-no-sense/280715.

The means to perform identification:
Bruce Schneier (2
000
),
Secrets and Lies: Digital Security in a Networked World
, Wiley, chap. 9, http://www.wiley.com/WileyCDA/WileyTitle/productCd-0471453803.html.

We can’t even be sure:
Charles Glaser (1 Jun 2011), “Deterrence of cyber attacks and U.S. national security,”
Report GW-CSPRI-2011-5, George Washington University Cyber Security Policy and Research
Institute, http://www.cspri.seas.gwu.edu/uploads/2/1/3/2/21324690/2011-5_cyber_deterrence_and_security_glaser.pdf.
Joseph S. Nye Jr. (May 2010), “Cyber power,” Harvard Kennedy School, Belfer Center
for Science and International Affairs, http://belfercenter.ksg.harvard.edu/files/cyber-power.pdf.

The 2007 cyberattack against Estonia:
Charles Clover (11 Mar 2009), “Kremlin-backed group behind Estonia cyber blitz,”
Financial Times
, http://www.ft.com/cms/s/0/57536d5a-0ddc-11de-8ea3-
000
0779fd2ac.html. Christian Love (12 Mar 2009), “Kremlin loyalist says launched Estonia
cyber-attack,” Reuters, http://www.reuters.com/article/2009/03/12/us-russia-estonia-cyberspace-idUSTRE52B4D820090312.

It took analysts months:
Nicole Perlroth (31 Jan 2013), “Hackers in China attacked the Times for last 4 months,”
New York Times
, http://www.nytimes.com/2013/01/31/technology/chinese-hackers-infiltrate-new-york-times-computers.html.

who was behind Stuxnet:
William J. Broad, John Markoff, and David E. Sanger (15 Jan 2011), “Israeli test
on worm called crucial in Iran nuclear delay,”
New York Times
, http://www.nytimes.com/2011/01/16/world/middleeast/16stuxnet.html. David E. Sanger
(1 Jun 2012), “Obama order sped up wave of cyberattacks against Iran,”
New York Times
, http://www.nytimes.com/2012/06/01/world/middleeast/obama-ordered-wave-of-cyberattacks-against-iran.html.

proposals to eliminate anonymity:
Limiting anonymity doesn’t eliminate trolls. People’s behavior online is complicated,
and more a function of the loosening of social restrictions than of anonymity. John
Suler (Jun 2004), “The online disinhibition effect,”
Cyber Psychology and Behavior
7, http://online.liebertpub.com/doi/abs/10.1089/1094931041291295.

annoys countries like China:
Philipp Winter and Stefan Lindskog (6 Aug 2012), “How the Great Firewall of China
is blocking Tor,” Second USENIX Workshop on Free and Open Communications on the Internet,
Bellevue, Washington, https://www.usenix.org/system/files/conference/foci12/foci12-final2.pdf.

Leon Panetta said publicly:
Leon Panetta (11 Oct 2012), “Remarks by Secretary Panetta on cybersecurity to the
Business Executives for National Security, New York City,” US Department of Defense,
http://www.defense.gov/transcripts/transcript.aspx?transcriptid=5136.

11: Security

we tend to focus on rare:
Bruce Schneier (17 May 2007), “Virginia Tech lesson: Rare risks breed irrational
responses,”
Wired
, http://archive.wired.com/politics/security/commentary/securitymatters/2007/05/securitymatters_0517.

we fear terrorists more:
Washington’s Blog (15 Aug 2014), “You’re nine times more likely to be killed by a
police officer than a terrorist,”
Washington’s Blog
, http://www.washingtonsblog.com/2014/08/youre-nine-times-likely-killed-police-officer-terrorist.html.

connect-the-dots metaphor:
Spencer Ackerman (13 Dec 2013), “NSA review to leave spying programs largely unchanged,
reports say,”
Guardian
, http://www.theguardian.com/world/2013/dec/13/nsa-review-to-leave-spying-programs-largely-unchanged-reports-say.

That doesn’t stop us:
When we look back at an event and see all the evidence, we often believe we should
have connected the dots. There’s a name for that: hindsight bias. The useful bits
of data are obvious after the fact, but were only a few items in a sea of millions
of irrelevant data bits beforehand. And those data bits could have been assembled
to point in a million different directions.

the “narrative fallacy”:
Nassim Nicholas Taleb (2007), “The narrative fallacy,” in
The Black Swan: The Impact of the Highly Improbable,
Random House, chap. 6, http://www.fooledbyrandomness.com.

The TSA’s no-fly list:
Associated Press (2 Feb 2012), “U.S. no-fly list doubles in one year,”
USA Today
, http://usatoday30.usatoday.com/news/washington/story/2012-02-02/no-fly-list/52926968/1.

the watch list:
Eric Schmitt and Michael S. Schmidt (24 Apr 2013), “2 U.S. agencies added Boston
bomb suspect to watch list,”
New York Times
, https://www.nytimes.com/2013/04/25/us/tamerlan-tsarnaev-bomb-suspect-was-on-watch-lists.html.

Detecting credit card fraud:
E. W. T. Ngai et al. (Feb 2011), “The application of data mining techniques in financial
fraud detection: A classification framework and an academic review of literature,”
Decision Support Systems
50, https://www.sciencedirect.com/science/article/pii/S016792361
000
1302. Siddhartha Bhattacharyya et al. (Feb 2011), “Data mining for credit card fraud:
A comparative study,”
Decision Support Systems
50, https://www.sciencedirect.com/science/article/pii/S016792361
000
1326.

a billion active credit cards:
Erika Harrell and Lynn Langton (12 Dec 2013), “Victims of identity theft 2012,” US
Bureau of Justice Statistics, http://www.bjs.gov/index.cfm?ty=pbdetail&iid=4821.

the IRS uses data mining:
US Government Accountability Office (2013), “Offshore tax evasion: IRS has collected
billions of dollars, but may be missing continued evasion,” Report GAO-13-318, http://www.gao.gov/assets/660/653369.pdf.
IBM Corporation (2011), “New York State Tax: How predictive modeling improves tax
revenues and citizen equity,” https://www.ibm.com/smarterplanet/us/en/leadership/nystax/assets/pdf/0623-NYS-Tax_Paper.pdf.

Other books

The Key by Geraldine O'Hara
Makin' Whoopee by Billie Green
Dead Wrong by Mariah Stewart
Rich Man's Coffin by K Martin Gardner
Cryonic by Travis Bradberry
That Summer by Joan Wolf
The Almost Moon by Alice Sebold
Dirtbags by Pruitt, Eryk