Full Circle Magazine FR

Data and Goliath by Bruce Schneier W. W. Norton & Company 320 Pages Hardcover ISBN: 978-0393244816 If you have any interest in computer/data security, you probably already know the name Bruce Schneier. You may have visited his blog, Schneier on Security, or read one of his previous books – which number in double digits – attesting to both his knowledge and longevity in the field. You can find him in many YouTube videos such as NSA Surveillance and What To Do About It - Bruce Schneier. Or maybe take a look at The Schneier Model (Kevin O'Brien, Full Circle Magazine #101, p48). His most recent written offering is Data and Goliath, and will be of interest to those with a need to know, but will likely interest many more – given the growing fear of our Internet-connected world. With an almost daily calamity, exploit or cause for concern, the entire planet knows there is a problem with big data even if we can't articulate its nature. Big doesn't begin to describe how extensive and overwhelming it is, and, more importantly, what it will enable in the future. When machines can predict your actions and reactions better than you can, at what point do we lose control?

Data and Goliath par Bruce Schneier W. W. Norton & Company 320 Pages Livre relié ISBN: 978-0393244816

Si la sécurité informatique et celle des données vous intéresse au moins un peu, il est probable que vous connaissez déjà le nom de Bruce Schneier. Vous avez peut-être regardé son blog, Schneier on Security, ou lu un de ses livres - il y en a au moins une dizaine - ce qui démontre à la fois ses connaissances et sa longévité dans le domaine. Vous le trouverez dans beaucoup de vidéos sur YouTube, telle que NSA Surveillance and What To Do About It - Bruce Schneier. (Surveillance par la NSA et ce qu'il faut faire) Ou regardez Le modèle Schneier (Kevin O'Brien, le FCM n° 101, p. 48). Sa dernière œuvre écrite est Data and Goliath ; elle intéressera ceux qui ont besoin de ces connaissances-là, mais aussi plein d'autres personnes, étant donné la peur croissante de notre monde connecté à l'Internet.

Étant donné les calamités, les exploits, les raisons d'inquiétude quasi quotidiens, la planète entière sait qu'il y a un problème avec l'avalanche de données (« big data »), même si nous n'arrivons pas vraiment à cerner et à exprimer sa nature. « Big » ne décrit que faiblement son importance et son implacabilité ; ni, surtout, ce qu'il rendra possible à l'avenir. Quand des machines savent prédire nos actions et réactions mieux que nous-mêmes, à quel moment perdons-nous le contrôle ?

Nevertheless, Data and Goliath is here to save the day, albeit with some strings attached. His approach is divided into three sections: • The world we're creating • What's at stake • What to do about it. There is no doubt about the immense potential good that this represents, but he asks about the costs and security consequences. Of course plenty of facts are cited but the importance of this book is that he questions everything with the careful eye of someone who knows the field and has the experience to recognize where real balance is needed. For example, he notes that the U.S. National Security Agency does in fact purchase zero-day exploits, and the whole world would be better off if they simply released them to the computer industry for patching. But, he recognizes that a security offense capability may at times be the only viable option, and should exist along with a palpable defense. Thus he suggests the NSA release most exploits and keep a select few for when they are demonstrably needed.

Néanmoins, Data and Goliath est arrivé à notre rescousse, avec toutefois

While the U.S. has the capacity to arbitrarily save all data, it makes as much sense as the ill-conceived military philosophy expressed as: Kill them all, let God decide. First and foremost, it turns a democracy into a surveilled society which inhibits progress and suppresses conversations considering change. Unfortunately, this tactic is used with purposeful effect on populations around the globe. Schneier explains all facets of this issue including impacts on human rights and liberty. And it's costly. At $72 Billion a year for the U.S., it impacts both domestically and internationally. If you can't trust a country’s security policies and laws, why would you think you can trust software or data security therefrom? Thus the NSA in the U.S. has been likened to “an autoimmune disease, because it attacks all other systems.” And most obvious, if apparently unappreciated, is that the more we save, the more difficult it is to keep it all secure, a problem for which we need no reminders. As noted above, this book can save the day, but only if we are willing to do something about it. Politicians are unwilling to control excess surveillance because without push-back from the electorate, they respond like David Cameron. He said “I am simply not prepared to be a prime minister who has to address the people after a terrorist incident and explain that I could have done more to prevent it.” Schneier makes a critical comparison with organized crime, saying “Terrorists don't cause more damage or kill more people; we just fear them more.”

Likewise, corporations should be more accountable and not let “Externalities limit the incentive for companies to improve their security.” Without fiscal responsibility, the only ones hurt are those providing the data – who are usually paying for the privilege in one fashion or another. Poor decisions by the very large automotive, air transportation or food processing industries to name a few are nevertheless liable, so why should big data and related industries be any different? Finally, the individual also has to play a larger role until much better security is baked into the industry as a whole. A variety of specific options are noted and worth considering/using by individuals wanting to have an impact. The book is much more than an insightful comprehensive look at the problem, it's also a call to virtual arms with Schneier identifying what Government, Corporations and the Rest of us need to do. Near-term, it can only get worse, but if it doesn’t get better, we have only ourselves to blame.