// Comparison

Permanent Record vs The Hacker and the State: Which Should You Read?

Two cybersecurity books on Narrative, compared honestly: who each is for, what each does best, and which to read first.

Beginner

4/52019

Edward Snowden

Edward Snowden's first-person memoir: the technical work that led him into the NSA's mass-surveillance programs, his reasoning for disclosure, and the Hong Kong handoff to the journalists who broke the story.

Beginner

5/52020

The Hacker and the State

Cyber Attacks and the New Normal of Geopolitics

Ben Buchanan

Ben Buchanan's argument that state-on-state cyber operations are not deterrence-shaped (like nuclear) but signaling-shaped: countries use cyber to shape the environment, not to threaten escalation. Builds the case from declassified incidents.

Read this if

Anyone who wants the inside view of the 2013 NSA disclosures from the source rather than the press coverage. Also a useful read for engineers thinking about institutional ethics — Snowden's argument is technical and procedural, not abstract.

Anyone trying to think clearly about state-sponsored cyber: policy staff, threat-intel analysts, journalists, and security leaders who have to brief on "the cyber threat" without resorting to vendor decks. The single best academic-grade synthesis of the last twenty years of state cyber operations.

Skip this if

Readers wanting an unvarnished, multi-perspective account of the disclosures; this is Snowden's narrative on his terms. Pair with Glenn Greenwald's No Place to Hide and Bart Gellman's Dark Mirror for the journalism-side counterweight.

Readers wanting forensic detail on specific operations. Buchanan synthesizes; for the procedural blow-by-blow on Stuxnet, NotPetya, or the SolarWinds incident, go to Zetter, Greenberg, and the post-incident reports respectively.

Key takeaways

The technical case for the disclosures is sharper than the political coverage ever made it: Snowden walks through the specific architectures and capabilities that violated his oath.
The personal-cost chapters are the underrated half of the book; whistleblowing is structurally discouraged because the pipeline is set up to make life miserable for the person who goes through it.
Operational privacy is illustrated, not preached — the book is itself an artifact of careful OPSEC, and that lesson is worth more than any single chapter.

Cyber is poorly modeled by deterrence theory: states use it constantly, below the threshold of war, to shape the environment rather than to threaten escalation.
The signaling/shaping distinction (espionage, sabotage, destabilization, election interference) is the right taxonomy for analyzing modern campaigns and is the book's most reused contribution.
Attribution and accountability remain genuinely hard, and that asymmetry is itself a structural feature of cyber statecraft, not a temporary condition awaiting better tools.

How they compare

We rate The Hacker and the State higher (5/5 against 4/5 for Permanent Record). For most readers, that means The Hacker and the State is the primary pick and Permanent Record is a useful follow-up.

Both books target beginner-level readers, so the choice is about topic, not difficulty.

Permanent Record and The Hacker and the State both cover Narrative, so reading them in sequence reinforces the same material from different angles.

Keep reading

Permanent Record

→ Alternatives to Permanent Record → What to read after Permanent Record