Does Marriott want to block your wifi hotspots?


Back in October Marriott was fined $600,000 by the FCC for implementing systems which essentially blocked personal wifi hotspots at some of the chain’s properties. Marriott claimed that the personal devices were interfering with the larger systems it implemented to support conference centers and such. At the time the FCC made it clear that blocking the personal devices is unacceptable:

Consumers who purchase cellular data plans should be able to use them without fear that their personal Internet connection will be blocked by their hotel or conference center.

I Got Me Some WiFi via MiFi

Marriott paid the fine but also petitioned the FCC for clarification on the rules (the filing was made before the fine was announced, though presumably Marriott was aware at the time that the investigation was ongoing).

Specifically, Petitioners request that the Commission declare that the operator of a Wi-Fi network does not violate Section 333 by using FCC-authorized equipment to monitor and mitigate threats to the security and reliability of its network, even when doing so may result in “interference” to a Part 15 device being operated by a guest on its property.

Any access point can be used to launch an attack against an operator’s network or threaten its guests’ privacy (for example, by attempting to obtain guests’ credit card or other personal information). Likewise, multiple Wi-Fi access points operating in a meeting room or on a convention floor of a· hotel can adversely affect the performance of the hotel’s Wi-Fi network. If a hotel is powerless to address such activities to ensure the security and reliability of its Wi-Fi network on its premises, both the hotel and its guests would suffer.

Like many similar claims security is the leading argument. Surely Marriott must be allowed to safeguard customer credit card data, right? Except that it is unclear how that issue plays in to hotspot blocking.

Eventually the claim gets to the real point: the additional individual hotspots might cause performance issues with the system the hotel has installed. Wifi operates in unlicensed spectrum and all compliant devices are required to accept that interference may occur and account for it. And they do. But increasing the number of signals in any one area does have an adverse impact on the performance of any one system.

At its core the petition is based on the premise that the systems in question are licensed and approved by the FCC and therefore they should be legal to operate.

As far as Petitioners are aware, the FCC has authorized these types of network management equipment pursuant to its equipment authorization rules.

The main difference between the claims made in the Petition and the scenario which saw the hotelier fined is that all of the examples in the Petition involve a user connecting to the provider’s network or pretending to be the provider in some sort of spoofing scenario. And it is not hard to recognize that such instances should be defensible. But that’s not what Marriott was fined for doing. Forcibly blocking people from using a personal access point to connect to a paid data service which does not directly create an attack on a different network is an egregious distortion of the regulations.

The Petition is also interesting in its efforts to define interference for wifi devices.

A primary operating condition for unlicensed devices under Part 15 is that the operator “must not cause harmful interference” and must “immediately correct the interference problem or to cease operation” should such harmful interference occur. In relevant part, “harmful interference” requires interruption to a “radiocommunications service” – a defined term the FCC has never construed to encompass Wi-Fi or any other Part 15 device. It would be anomalous – and legally suspect – for the Commission to interpret Section 333 to prohibit interference to a Part 15 device when such interference is not prohibited by the Part 15 rules under which the device is authorized to operate.

The Petition here is attempting to suggest that prohibiting the management systems used to block the personal hotspots makes no sense because it is impossible for that circumstance to be met with these device types. At the same time, however, the companies are arguing that the consumer devices covered under the same code are interfering with the hotel-operated network. In other words, the rules shouldn’t apply unless they adversely affect the hotel and its ability to charge for wifi services.

Presenting this argument against the backdrop of so many hotels – including Marriott – recently announcing plans to simply give away wifi for free to guests is quite interesting, to say the least. That juxtaposition suggests that this move is much more about the high yielding corporate/conference wifi networks rather than the service in the guest rooms.

Both Microsoft and Google, among others, have also argued that the hotel groups are attempting to misappropriate the rules (interesting reading here, here and here). Cisco is siding with the hotels; this is not particularly surprising since the company manufactures hardware which is used for such “management” systems.

As for what the FCC will decide, well, I suppose we’ll find out eventually. Clearly the financial impact of the decision is big business to the hotels. But is that big enough business to outweigh the many, many individuals with smaller business decisions being made along the way?

I Got Me Some WiFi via MiFi by Jeff Golden, on Flickr via CC BY-SA 2.0

 

Never miss another post: Sign up for email alerts and get only the content you want direct to your inbox.


Seth Miller

I'm Seth, also known as the Wandering Aramean. I was bit by the travel bug 30 years ago and there's no sign of a cure. I fly ~200,000 miles annually; these are my stories. You can connect with me on Twitter, Facebook, LinkedIn and .

6 Comments

  1. Interesting article. I actually design and implement these Cisco controller based wireless networks and kind of understand why they want to do this. In order to optimize channel and power selection of the installed access points, the system has to “own” the spectrum to a certain degree in order to adjust and determine the optional allocation. If you have too many “rouge” access points especially in the middle of the network the system will have trouble adjusting these parameters and possibly not be able to provide the promised performance, or QoS for the installed wireless network. Not surprised at all why Cisco is backing the hotels at all since their customer base is enterprise.

    I see the arguments on both sides and not even sure whose side to take. The problem is that if personal wifi will be this popular, FCC will have to give some of the spectrum to the property owners so they could guarantee QoS on their own properties.

    1. I’ve worked in the industry for a while as well, albeit on the systems integration side of things. I fully understand the contention issues with too many access points in a confined space. And that’s a pain in the arse to deal with for everyone. But it seems quite unreasonable to me for the FCC to say that it is all unlicensed spectrum which must tolerate interference and then also give permission for some operators to override that rule and “safeguard” a network rather than accepting the interference which is coming in.

      It is a delicate balance to strike, for sure.

  2. LOL

    Looks like we’ve all got some cred’s to tout. I’m responsible for the internet connections of 2500 students and staff at a liberal arts university on a day to day basis. As far as interference goes, I’d tell the purchaser of Wi-Fi services the truth: I don’t have any control over your attendees’ experiences beyond providing the best equipment money can buy. If everyone brings their own hotspot, no one’s is likely to work, so tell your attendees to leave it at home when they’re at the conference.

    Of course, that doesn’t address the “security concerns” of spoofed access points or rogue access points. Spoofed is not impossible, though not necessarily easy, either; use certificates. Clients can be configured to reject connecting to an AP without the proper cert. Rogues are ridiculously easy to target, because by definition they must be on your wired network. Check your BSSID’s against your local MAC address tables on the wired network and BAM! You’ve identified a port that you should shut down. Neither of these approaches requires interfering with government licensed and managed spectrum that you do not own.

    The NANOG mailing list archive has plenty of interesting posts on the topic from both viewpoints, if you want to dive deeper.

Comments are closed.

BoardingArea