Book Reviews: Information Security Books and Product Reviews – Privacy and Big Data

Book Title:   Privacy and Big Data

Subtitle: The Players, Regulators, and Stakeholders

Author(s): Terence Craig and Mary E. Ludloff

Publisher: O’Reilly

Date of Publishing: 2011

ISBN(13): 9781449305000

Price (UK&US price – full price, not discounted price): £15.50,   $19.99

Kindle e-book: £12.25,  $8.49  [note: O’Reilly are offering a publisher’s discounted e-book price that is less than the Amazon US price]

URL of Publisher Site: O’Reilly

URL of Amazon UK web page:  Privacy and Big Data

URL of Amazon UK (Kindle) web page: Privacy and Big Data

URL of Amazon US web page:  Privacy and Big Data

URL of Amazon US (Kindle) web page: Privacy and Big Data

This is a very ambitious book. In a mere 91 pages it attempts to present a panoramic view of the global commercial exploitation of personal data – a subject encompassing legislation, ethics, business management, finance, technologies and human psychology. It is all the more ambitious in that almost a third of the content consists of bibliography and references. Whether it succeeds or not depends very much on the reader’s expectations. From a privacy professional’s perspective, it essentially says nothing new and is very sketchy on detail. But for a general, non-specialist readership, it could contain one or two interesting surprises.I must admit to wondering why two senior executives of a data analytics company should write a book that takes a largely negative view of the growth in commercial exploitation of personal data. Their own justification of this occupies a whole page but is not very focused, so the question remains essentially unanswered.One of the book’s strong points is pretty much equal attention afforded to privacy in the US and Europe, the latter usually finishing up as a country cousin in books published in the United States. Even more unusually, it goes further by touching, albeit very briefly, on privacy in other economic regions as well. However, its readability does leave a bit to be desired. Although it is divided into distinct sections – an  overview, separate sections on privacy rights, regulators and data processors, and a final summing up – there is considerable repetition and overlap, so the text seems in places rather repetitive. This is exacerbated by the shallowness of some of the content, leaving me with the impression that quite a lot of text has been copied and pasted between sections with minor adjustments. The text is also liberally scattered with URLs. Except that the transient nature of web documents could limit the book’s shelf life, I would have no objection to this if many of the URLs were not three to five text lines in length. As the majority of these massive URLs consist largely of complex path specifiers and cryptic hash strings, they’re essentially unusable by the general reader of a printed edition, and they break the thread of the text, making reading difficult; in an e-book they could be a big bonus but in a printed text they are an annoyance, all the more as each section ends with an extensive bibliography where they would more usefully have been placed, if at all. These massive URLs also wreck the auto-justification of some pages, making the text yet more difficult to read by isolating one or two words from the general text flow in acres of white space.This book has some signs of being a bit of a rush job – not least containing a few unchecked inaccuracies. The most obvious of these, albeit a minor issue, is a reported assertion that the 800 exabytes of data ostensibly held worldwide would fill a stack of DVDs reaching to the moon and back. I calculate the stack height at roughly 204255 km, which is a bit over half way to the moon. The “moon and back” stack would have to be made of CDs. This is admittedly not very important, but as it is specifically included to emphasise the scale of the potential privacy problem, I do feel it should have been checked.There are however some much more serious issues to me as a practitioner. The most egregious of these is a lack of consistency concerning the nature of privacy, which is of course the ostensible essence of the book. The pre-eminence of personal control over one’s own data is hardly stressed, despite such control being the primary emphasis of many legally accepted definitions of privacy. Privacy and secrecy are widely, if diffusely, conflated throughout the text. Indeed, in his summing up, Mr. Craig asserts that, “Privacy erosion is a subset of secrecy erosion,” which is patently the inverse of the reality. General personal control over one’s own data is a superset of any specific control over its secrecy. Secrecy is only one attribute of privacy –a freedom you may choose to exercise or not in respect of all or part of your personal data if you control it. My other main gripe is the lack of an index, which would have been useful even in a book of this size.

Overall, this is a book for light reading rather than for concerted study and, in my opinion, should not be relied on too much as an authority. It is, however, an entertaining read if you can come to terms with the presentation. If you are able to follow the numerous URLs in the text and bibliographies it could serve as a starting point for deeper research, but for that purpose, an electronic version would be vastly easier to use than the printed edition. Indeed, the text has all the signs of having prepared primarily for e-publication, and the print edition would have benefited from tailoring to suit the medium better. Nevertheless, due to its significant reliance on third-party web documents, even an electronic edition could have a rather short useful shelf life

A lightweight introduction to online privacy, this book is best suited to the non-specialist, casual reader, although for the price of the print edition, more exhaustive texts may be available. The e-book would be more convenient than the print edition due to the liberal use of URLs throughout the text.

Marks: 2 out of 5 for paper edition (possible 3 out of 5 for e-book)

**