Superb review of the present problem in all its complexity.
Reviewed in the United States on September 21, 2022
Another book about the sea of data about us and the inadequacy of the regulatory environment surrounding it. I’ve read and reviewed a number of these, this one is interesting because Mr. Chertoff served as secretary of the Department of Homeland Security from 2005-2009 and understands the dark side of the Internet. To begin, he briefly contrasts the present matter (what he calls “data 3.0”) with the first electronic data revolutions – everything from the telegraph to the modern world’s connectivity prior to the advent of the public internet and then, and especially, the capacity of modern computers to aggregate all or parts of it into a record of an individual life. His focus is not on the technology as such but on how the regulatory environment evolved to handle novel issues that emerged alongside the technology.
From the hundred-mile viewpoint, the matter is thus: in the aggregate present, we users of smartphones, tablets, laptops, and the “internet of things” generate yottabytes of data about ourselves, our preferences, locations, friends, and so on. Government (at various levels) finds it useful to mine this data (something made possible with the evolution of “big data analytics” since roughly 2005) to find criminals, terrorists, and spies, but also to target propaganda and keep tabs on political opposition. Corporations like Google, Facebook, and so on discovered they can provide free services to users because the data flowing into corporate networks has value to advertisers and other parties for various purposes, legitimate (research, sales) and nefarious (political manipulation, fraud, extortion).
Yet as complex as all of this is, it is only one side of things. Governments and corporations may or may not use our data for nefarious purposes, but criminal attackers, and hackers (individual or State sponsored), always have something nefarious in mind, whether it be theft for financial gain (including various extortion themes), destruction of assets, or both. Chertoff succeeds in covering all of this ground and describing the interactions between each facet and all the others. As he does this, he returns again and again to the inadequacy of the statutory environment regulating all of this behavior at the government, corporate levels (the use of our data), and also the individual level, the data originators – that would be us. In all of this, the author does well.
To his credit, Chertoff also makes a few concrete (if very broad) suggestions for updating various regulations to deal with issues raised. I commend Chertoff for trying, but in the end, this is the weakest part of his effort because, to put it bluntly, the potential conflicts have become so complex and, in most cases, their requirements so inherently contradictory that no amount or kind of regulation will ever deal with it all without leaving something out. Every regulation will have some unintended consequence, new gray areas will endlessly emerge. I believe Chertoff knows this. Pandora’s box is open, but he is right that any well-conceived effort to streamline the endlessly morphing relationship between government, industry, and the vast sea of interfaces through which the data enters the world’s server farms, will help us to think about inevitable future conflicts and contribute to resolving them.