Those of us with technical backgrounds often have a hard time explaining technical facts to the general public, which is exactly what this book attempts to do in the domains of data security, personal privacy, and surveillance. Bruce Schneier should be familiar to Computing Reviews (CR) readers as the author of excellent texts on computer security [1,2]. This is his latest attempt to address a general audience.

The format is designed for the audience: three parts frame the discussion of “The World We’re Creating,” “What’s at Stake,” and “What to Do About It.”

In Schneier’s view, we seem to be creating a world in which everything we do, every move we make, every interaction we have, every search we enter, all result in data. Data is a by-product of every facet of computing. Data, yes, is “big.” It can be analyzed and sold, and can result in control. Analysis and surveillance are both businesses. Governmental surveillance results in control, even if in a sense internalized subliminally, and institutional control is being consolidated both inside of government and outside in the commercial sphere.

What’s at stake is said to be almost everything a free society values about life: political liberty, justice for all, commercial fairness, equality, and even open competition between businesses. We’re in danger, perhaps, of diminishing both privacy and security. Much of the broader themed ideas here are thought-provoking, although somewhat superficial at times. Those who might want to pursue these broad ideas would be best served by the further readings suggested in the references at the end of the book.

Part 3, “What to Do About It,” is the weakest section of the book. Given my love for Schneier’s Applied cryptography [1], this is disappointing. This part has a brief overview chapter, “Principles,” followed by three potentially important chapters on “Solutions for Government,” “Solutions for Corporations,” and “Solutions for the Rest of Us.” The final chapter is “Social Norms and the Big Data Trade-Off.” The macro-level solutions for governments and corporations are thoughtful, but don’t suggest what a mid-level official or manager would be able to implement specifically (and perhaps a title like this cannot say). The chapter on “the rest of us” lacked details that could--should--have been included (for example, [3]). However, to his credit, Schneier does include the decisions he has made in his day-to-day life to balance privacy, security, and convenience. As I do recommend reading the book, I’m not giving a “spoiler” with that information here.

The main text of 241 pages is followed by 124 pages of extensive and detailed notes, which provide excellent starting points for readers who seek more detail. As the review copy was a publisher’s advance copy, no index was included for review. Those interested in more detailed practical steps than those outlined in Part 3 would be advised to consult the Electronic Frontier Foundation’s “Surveillance Self-Defense” web pages as they continue to evolve [3].