Public spaces are dangerous, are they not? At least many cyber training programmes declare that coffee shops are the most dangerous when it comes to online security. If not considering many other real-life dangers a public space like a coffee shop may inhibit, the dangers of unencrypted, open and public Wi-Fi are real. People sipping their trendy cappuccino, latte or why not Java-espresso, might leak out a wide array of personal information and credentials to the network, that is to any rogue user connected to that very same network and sniffing out the data. While this danger is true to some extent, still the idea of general dangerousness of public in contrast to the safety of private or controlled is highly moralistic and something seen across the issues in society, not only regarding networks.
Indeed the question is also about what is cybersecurity essentially about, and what are the notions, discourses and metaphors used. For some, the study of leadership or cybersecurity is all down to obedience and control. A whole research school has been formed in the western world around the idea of “fear appeal framework”, that is trying to create theories about how to ensure maximal deterrence of the things the sovereign or regime does not want to be done. It is all about obedience towards some practices and conceptions to ensure that through their own mental processing, the subordinates do as they are expected to be doing.
On the more concrete level, some notions about the dangers of public Wi-Fi or privacy of consumer networks may be commercially backed up. For anyone selling security solutions, introducing vulnerabilities and even exaggerating them can bring about financial gain. Furthermore, some nationalistic motives may be supporting the discourse around dangers of public Wi-Fi, since as open, uncontrolled and available they may challenge the establishment. In fact, pubs, cafes and other free spaces have in history been subject to sovereigns attention because of their rebellious nature and platform for “free speech”.
However, freedom, randomness and chaos bring about security as much as it takes off. That is well known by the modern covert agents meeting up in a local hammam, where hardly one can stay wired up. Yet the public conception of security is largely tied up to the stability, control and fixed settings, rather than agility, unpredictability and publicity.
Coffee Shop Attack
In the history of cybersecurity, the coffee shop became a trademark for a specific type of attack. While many cafes provided unencrypted Wi-Fi, and at the early years of the popularity of the web, many users and applications were communicating over the air in unencrypted form. And indeed given the nature of coffee shops, where anyone can come and go, the network became very quickly to be considered a hostile one. As anyone can join the network, and as most of the traffic was unencrypted, it became obvious that just sitting in a cafe and recording all the network traffic could reveal many private details and even compromise user credentials.
While this still is a real danger, it does not surpass the general dangerousness of public spaces. Still, the famous name of coffee shop attack became a legend and symbol in application security as well, to highlight that even a primitive application should be immune to the coffee shop attack. That meaning that using the application in an unsecured network as coffee shop, would not leave the user and credentials vulnerable. To much extent, this has been achieved for many popular web applications, but still many are vulnerable.
Demonising the openness of the space, coffee shops actually shade out other relevant players. The likelihood to be in the same open network with some rogue customer listening to the Wi-Fi may be smaller than to meet a coffee shop where the management or administration of the company will exploit the vulnerability of the network. It is not even unheard of, that businesses or corrupt officials set up a honeypot Wi-Fi just for the need to collect details from innocent customers or bypassers.
Five Eyes in the Bar
Ensuring that people would feel the presence of surveillance, things like vouchers, names and numbers may be imposed in the public Wi-Fi. While these provide little to none improvement in terms of the security for the end-users, they tend to enforce the attachment to the sovereign. These means producing invalid conclusion that the presence of surveillance was somehow also providing protection to the subjects, people, themselves, while actually rather opposite is the more realistic conclusion. The attachment to the securitising role of the sovereign, hence the adoption of vouchers, names and numbers, will lead to a greater and systematic breach of end-users privacy and security.
So, given the terrorising threat of dangers and lack of security, and the introduction of theatrical security measures, the question stays for average Wi-Fi users that of how to avoid being taken away by the fear and how to respond without raising too many red flags. Furthermore, the issue is for end-users, indeed a cyber citizen, how to comply and please all the various sovereigns presenting their claims and demands. This is the very core characteristic of postmodern, post-industrial and indeed post-national cyber politics and cyber citizenship.
Hence the question expands from the free Wi-Fi at a cafe to something about modern securitising actors and peoples attachment to them. It is a struggle of power between the legacy nation-states, transnational entities and global nomads. As the legacy regimes won't advertise exit processes or generally consider it socially acceptable for the subordinates to choose their sovereigns, even when granted such theoretical privilege, it remains the only option for people to fall back to the basic human right of asylum and freedom of movement away from the persecutive actions of authoritarian regimes in the cyberspace. Yet many of these legacy states have declared themselves to be globally present and mandated, it is actually the case that these rogue sovereigns have invaded the coffee shops, not only inside their territory but around the globe.
It is good to remember that the system of sovereign nation-states has largely been a result of European wars and all its horrors. In order to reduce the likelihood for further confrontation and rise of nationalism, the modern states were confined into their territorial mandate. However, the globalisation, networks and indeed free Wi-Fi in coffee shops have all challenged that notion, rather silently though. This has led some legacy states to acquire a self-proclaimed global mandate, thus escaping from its confined space.
In this sense, the average coffee shops and free Wi-Fi are becoming rather dangerous places, as multiple states impose their global presence and mandate for operations therein. In order to overcome network surveillance, one might end up setting an encrypted tunnel, but as that tunnel has its exit point in some other largely unknown domain it quickly becomes a honeypot for the corrupted security organisations. Still tunnelling ones traffic can bring some means to choose one’s sovereign, while it still leaves much to hope for privacy and personal freedom.
The ongoing struggles of power in the cyberspace are producing some new models and institutions of global governance, which we are not even aware of yet. The process, however, is full of potential and its challenges should be seen in an optimistic sense. Some people are falling back to the pessimistic conservative approach, aiming to enforce revive and restructure the legacy institutions, which however may be inherently incompatible with the global settings.
So, take on and face the challenges of the world! The struggle of power won’t be easy, but that will be interesting and provide a lot of material for personal and social growth.
Kristo Helasvuo, Guest Author.