Data and Goliath, published in 2015, is Schneier's definitive statement on surveillance — its mechanisms, its costs, and its alternatives. The book was written in the immediate aftermath of the snowden-revelations and represents Schneier's most direct engagement with the surveillance state and surveillance capitalism as paired phenomena. It is the work of the trust-and-surveillance-era par excellence, synthesizing the trust-framework of liars-and-outliers with direct engagement with the policy and technical realities exposed by Snowden.
The Snowden Context
The snowden-revelations of 2013 documented the scope of NSA surveillance in detail that privacy advocates had suspected but could not prove. Schneier had a particular relationship to the Snowden materials — journalist Glenn Greenwald brought him in to help analyze the technical content of the NSA documents, giving Schneier direct exposure to the surveillance architecture the documents described. Data and Goliath is in significant part Schneier processing that experience and translating the technical reality of mass surveillance into terms that general audiences could understand and evaluate.
The book does not treat Snowden as its only source or framing; it situates NSA surveillance alongside commercial surveillance by Google, Facebook, and other technology companies. Schneier's argument is that government and corporate surveillance are not separate phenomena but interlocking ones — companies collect data for commercial purposes, governments obtain access to that data through legal compulsion or technical means, and the result is a surveillance infrastructure that neither sector could build alone.
The Core Argument
Data and Goliath makes three claims:
First, the scope and implications of surveillance are not well understood by the people being surveilled. The book documents what data is collected, by whom, under what legal authorities, and for what purposes — making the abstract concrete.
Second, surveillance imposes costs beyond the immediate privacy violation. It chills speech, enables discrimination and manipulation, creates power asymmetries between institutions and individuals, and undermines the trust infrastructure that civil society requires. Drawing on the trust-framework of liars-and-outliers, Schneier argues that pervasive surveillance distorts the mechanisms by which societies maintain cooperation.
Third, the tradeoff between surveillance and security is far less favorable than security agencies claim. Much of the surveillance apparatus produces noise rather than signal; the marginal security benefit of mass surveillance over targeted surveillance is small, while the costs — in civil liberties, in international relations, in democratic accountability — are large.
Relationship to data-and-goliath and Power
Data and Goliath represents Schneier's most direct engagement with power as a category. Earlier books treated security as primarily a technical challenge with political dimensions; this book treats it as primarily a political challenge with technical dimensions. The question of who has access to information about whom is not a technical question but a question about the distribution of power in society. This framing would deepen in click-here-to-kill-everybody and a-hackers-mind.
Policy Prescriptions
The book's final section offers specific policy recommendations — stronger legal protections for communications data, reform of court oversight of surveillance programs, transparency requirements, and technical standards for data minimization. Schneier is more prescriptive here than in most of his writing, reflecting both the urgency of the post-Snowden moment and his position at the harvard-kennedy-school during the period of the book's writing, where policy engagement was expected.
Legacy
Data and Goliath is Schneier's most commercially successful book after applied-cryptography and is the work that most directly positioned him as a leading voice on the politics of surveillance. Its synthesis of technical detail with policy analysis and civil liberties argumentation made it the reference work for the post-Snowden policy debates. The connection to electronic-frontier-foundation concerns — privacy, surveillance, government overreach — is explicit throughout, and organizations like epic that had been litigating and lobbying on these issues for years found in Data and Goliath a comprehensive public argument for their positions.