We modeled the Cybersecurity Canon after the Baseball or Rock & Roll Hall-of-Fame, except for cybersecurity books. We have more than 25 books on the initial candidate list, but we are soliciting help from the cybersecurity community to increase the number to be much more than that. Please write a review and nominate your favorite.
The Cybersecurity Canon is a real thing for our community. We have designed it so that you can directly participate in the process. Please do so!
Two tectonic shifts that helped create the data-rich Dragnet Nation where we live today both date back to 2001, argues Julia Angwin in her powerful treatise on privacy.
The U.S. government began its mass data collection efforts in earnest after the terrorist attacks of September 11, 2001, when traditional surveillance methods failed. Meanwhile, technology companies, reeling from the dotcom crash, turned to data as their hope for more sustainable revenue and profits.
In Dragnet Nation, the author, an award-winning investigative journalist, tackles both government and corporate mass surveillance, stressing that they are “deeply intertwined”. “Government data are the lifeblood of commercial data brokers. And government dragnets rely on obtaining information from the private sector,” she writes.
Fifteen years on, we now live in a world where billions of dollars are made off the back of data collected from sites and apps where we read, chat and shop online, and hundreds of thousands of jobs depend on it. What would once have horrified – a newspaper filled with gay interest ads delivered only to a homosexual reader – is now expected on sites such as Google and Facebook.
Angwin excels at putting this new race for data dominance in historical context. She shows how even the most benign data collection tools, such as the census, were used for ill during both world wars, tracing draft violators and tracking down Japanese Americans.
She travels to Berlin to examine the records of the world’s most pervasive secret police, who had 1 in 4 East Germans working as informants for them. While there, she shows an administrator in the Stasi archives how easy it is to build a picture of an individual’s social connections using sites such as LinkedIn – far easier than it was for the Stasi.
The bulk of the book is a tale of Angwin’s journey to reduce her online footprints, to escape the dragnet by minimising tracking of her location, her contacts, and her shopping habits. She meets characters and companies trying to create technologies that could help her and others evade the data trawl of corporations and the government.
For a reader with little knowledge of the privacy tools she describes, the book could almost function as a how-to guide. In particular, the chapter where she finally manages to peak her children's interest in privacy would be engaging for many parents struggling to make keeping safe online as fun as sharing everything with friends on social networks.
But this is a guide accompanied with heavy doses of disappointment as Angwin finds even experts struggle to create effective technologies and make them usable.
This is a New York Times bestseller aimed at making privacy accessible, not providing in-depth knowledge for cybersecurity professionals. Angwin’s descriptions of her debates about using PGP and other encryption types may not be particularly relevant within the industry.
However, for those wishing to better understand the behaviour of people who profess to care deeply about privacy but struggle to act, Angwin is bracingly honest. She explains how frustration led her to bad passwords, her struggle to balance disconnecting with having to be available for work and childcare emergencies, and how she felt she lost more than she gained when she took herself off major social networks, even having to cancel a birthday party when few bothered to decrypt her invite.
Dragnet Nation is also worth reading for its conclusion. After a year investigating how to keep away from ever-watching eyes as an individual, Angwin concludes that collective action is necessary to rewrite the rules of the digital data game.
She believes that mass efforts to evade surveillance could spark a conversation and a campaign akin to the protests that helped lead to a reduction in pollution in the U.S. Comparing better rights to privacy to improved air and water quality, she tries to give hope that using the Internet will not always have to mean giving up the right to a private life.
Angwin points to the idea of “sousveillance”, or surveilling the surveillors, as one nascent movement that has changed the balance of power in some situations, for example, with more police violence caught on video by cell phones.
Dragnet Nation is a fair and even-handed look at the problems of living in a state and a market where data has become the primary currency. Angwin does not even completely dismiss the idea that mass surveillance can sometimes be necessary; instead she encourages readers to question each “dragnet” they encounter, asking questions such as, “Can it withstand public scrutiny?” and “Are the operators held accountable for the way it is used?”
I would recommend Dragnet Nation for the Canon as an early stop on the journey for any cybersecurity professional to understand the challenges posed by mass data collection.