Prudence in the Wake of the FCC’s Ruling on Marriott Jamming WiFi
October 8, 2014 Leave a comment
- The FCC’s ruling finding Marriott guilty of jamming a conference goer’s hotspot will have a profound impact on companies of all stripes.
- Until there is clarification on when or if over-the-air WiFi management is acceptable, not using such management techniques would be prudent.
On October 3, the FCC found that Marriott International had jammed a personal hotspot in the Nashville Gaylord Opryland resort convention center. Marriott International countered, saying it “has a strong interest in ensuring that when our guests use our WiFi service, they will be protected from rogue wireless hotspots that can cause degraded service, insidious cyber-attacks and identity theft.” Marriott went on to say that many companies use containment features – on FCC approved devices, no less – to manage airspace, making it a common and accepted practice.
On the one hand, this ruling is being cheered by consumers, including companies that exhibit at conferences, due to the ridiculously high prices convention centers charge for everything, including WiFi access, which the consent decree said ranged from $250 to $1,000. You can buy APs at those prices. On the other hand, Marriott – and any organization running a WiFi network – has good reason to monitor its airspace in order to provide good service. If you look at the airspace at any public venue, it is a mess of access points overlapping channels and degrading WiFi access for everyone, and there is no way for a venue owner to provide good service in that environment. However, protecting unwitting guests from “insidious cyber-attacks and identity theft” is a specious argument and not one you should make unless you have tangible proof.
Industry experts such as Network Computing’s Lee Badman have pointed out that the FCC needs to clarify its ruling on when it’s acceptable for companies to manage their airspace by actively blocking WiFi connections. It’s not clear when it is acceptable or even if managing your own company’s airspace is legal. Experts have been dangling the dire consequences of this ruling in places such as hospitals which rely on WiFi for medical equipment, pagers and mobile communications devices, where rogue WiFi APs can impact performance and potentially people’s health and welfare. Yet, the broader impact could affect everyone from SOHO offices, coffee shops and community WiFi to large company campuses and entertainment venues. The FCC really needs to clarify this ruling.
In the meantime, if you or your customers are using active management techniques like Marriott used to keep unauthorized APs out of your airspace, are you at risk of a similar ruling? Not using over-the-air techniques for the time being is probably a prudent choice, but consult with your lawyers on how to proceed. It seems that using over-the-air mitigation techniques – in this case, sending 802.11 deauthentication frames to an unauthorized AP – constitutes jamming, but that’s only one way to manage the airspace. Your company could:
- Create and promulgate a policy defining acceptable use of portable hotspots to employees and guests;
- Use location applications to find rogue APs and have an employee investigate and turn them off;
- Use mitigation techniques on the LAN side – if the hotspot is connected to your LAN – to disable the port or quarantine the AP.
Until there is clarification on if or when over-the-air management techniques are acceptable, tread lightly.