If you're a business traveler looking to use your own WiFi hotspot on the road, the FCC has made your life a whole lot easier. If you're an IT or security executive at a commercial establishment looking to protect your guests, your life is now a lot more complicated.
The Federal Communications Commission made it clear that blocking people's WiFi hotspots will not be tolerated. "Willful or malicious interference with WiFi hotspots is illegal," the agency stated in an enforcement advisory on Tuesday, noting that doing so violated Section 333 of the Communications Act.
The agency characterized WiFi blocking as a "disturbing trend in which hotels and other commercial establishments block wireless consumers from using their own personal WiFi hotspots on the commercial establishment's premises."
[ Check out what Google has planned for its new wireless service. Read Google's Wireless Service Taps WiFi and Cellular. ]
To date, this trend consists of one recent public case involving Marriott International. In an email to InformationWeek, an FCC spokesperson declined to discuss the number of WiFi blocking complaints the agency has received or the number of such cases, if any, the agency is investigating.
In October 2014, Marriott International agreed to pay $600,000 to settle an FCC complaint that it jammed guests' mobile WiFi hotspots at its Gaylord Opryland hotel and conference facility in Nashville, Tenn.
Initially, Marriott argued that it did so to protect guests "from rogue wireless hotspots that can cause degraded service, insidious cyber-attacks and identity theft," noting that it employed common FCC-authorized equipment to do so.
After widespread outcry over the company's actions, Marriott stopped insisting that WiFi blocking is lawful. "Marriott International listens to its customers, and we will not block guests from using their personal WiFi devices at any of our managed hotels," the company said in a statement in mid-January. At the same time, the company added that it wants clarification from the FCC about allowable network security measures. (In its October 2014 consent decree with the FCC, Marriott conceded that personal WiFi usage didn't represent a security threat.)
The clarification that's required is whether deauthentication always represents unlawful jamming.
Wireless network management systems from vendors such as Cisco often include options like the ability to send deauthentication ("deauth") packets to boot unauthorized users from a network, including a rogue network operated by someone else.
An FCC spokesperson said in an email that Section 333 of the Communications Act applies "to willful or malicious interference with WiFi hotspots" and that the statutory term "interfere with" includes de-authentication as well as the electromagnetic interference emitted from a jamming device.
The term doesn't include unintentional interference, so deauthentication done for the purpose of load balancing appears to be acceptable. Nor does it include use of de-authentication on one's own network.
Attend Interop Las Vegas, the leading independent technology conference and expo series designed to inspire, inform, and connect the world's IT community. In 2015, look for all new programs, networking opportunities, and classes that will help you set your organization’s IT action plan. It happens April 27 to May 1. Register with Discount Code MPOIWK for $200 off Total Access & Conference Passes.