FCC fines Marriott $600,000 for jamming hotel Wi-Fi

Discussion in 'Wireless Internet' started by Jeff Liebermann, Oct 4, 2014.

    1. Advertisements

  1. Jeff Liebermann

    amdx Guest

    amdx, Oct 4, 2014
    #2
    1. Advertisements

  2. Jeff Liebermann

    Kurt Ullman Guest

    This was Marriott's response:
    Marriott International's Statement on FCC Ruling
    Marriott has a strong interest in ensuring that when our guests use our
    Wi-Fi service, they will be protected from rogue wireless hotspots that
    can cause degraded service, insidious cyber-attacks and identity theft.
    Like many other institutions and companies in a wide variety of
    industries, including hospitals and universities, the Gaylord Opryland
    protected its Wi-Fi network by using FCC-authorized equipment provided
    by well-known, reputable manufacturers. We believe that the Gaylord
    Opryland's actions were lawful. We will continue to encourage the FCC
    to pursue a rulemaking in order to eliminate the ongoing confusion
    resulting from today's action and to assess the merits of its underlying
    policy.


    So how much of this is real and how much (other than the obvious that
    they are concerned about rogue hotspots) is BS?
     
    Kurt Ullman, Oct 5, 2014
    #3
  3. Jeff Liebermann

    amdx Guest

    What do you mean "only benefit the attorneys involved",
    I have got some coupons for discounts I never used over the years.

    Mikek
     
    amdx, Oct 5, 2014
    #4
  4. All of it is public relations department steer manure.

    If Marriott was concerned about wi-fi service, they should use more
    dual band wireless access points instead of 2.4GHz only and perhaps
    they might deliver decent performance:
    <http://www.mywifirouter.me/blog/the-best-chains-for-free-and-fast-hotel-wifi/>

    The rogue hotspots in question were using 4G cellular wireless data
    for the backhaul, not the hotel system which was allegedly useless. If
    anything, the rogue hotspots reduced the load on the Marriott backhaul
    and wi-fi system, thus improving service.

    I must admit that they are correct that their system does protect
    against cyber-attacks and identity theft. If users find the system so
    slow that it can't be used effectively, they are unlikely to be
    attacked via wi-fi.

    The FCC clearly indicated that jamming for profit is not lawful.
    <http://www.fcc.gov/encyclopedia/jammer-enforcement>
    If Marriott wants to contest that, there's a very expensive appeals
    process available. Or, they can buy a lobbyist and try to change the
    rules as the press release suggests.

    I would be interested in knowing the name of the "well-known reputable
    manufacturer" that supplied Marriott with the jamming equipment.

    More, from 2007.
    <http://www.blogs.marriott.com/marriott-on-the-move/2007/08/getting-access.html>
    Soon, we'll begin replacing high-speed connection boxes in
    our hotels. They'll be more reliable and they'll reduce
    guest complaints. But providing high-speed connections and
    service improvements must be paid for by each hotel, and it's
    very costly. It affects the bottom lines of our hotel
    investors-and, as I have mentioned in the past, we don't own
    our hotels, we manage them for their investor owners.

    "How Some of Marriott's Hotels are Making Free and Working WiFi a
    Priority "
    <http://www.hotelchatter.com/story/2..._are_Making_Free_and_Working_WiFi_a_Priority>
     
    Jeff Liebermann, Oct 5, 2014
    #5
  5. Jeff Liebermann

    Sqwertz Guest

    Yabbut, how much did Marriot profit off of the jamming? Many times
    the fines are less than the company made in revenue from their illegal
    actions. So it's in their best interest to do it again. It's a
    win-win for everybody except the consumer and encourages companies to
    break the law - as long as the government and lawyers can get a cut of
    it, too.

    $600,000 is only 240 vendors at $2,500/pop for broadband fees. Heck,
    that's one large 3-day technical convention out of ... how many they
    held? (and not just at that one jammed location). That's chicken feed
    to them.

    -sw
     
    Sqwertz, Oct 7, 2014
    #6
  6. Jeff Liebermann

    News Guest


    Being called out on it is likely to cause future conference bookers to
    demand free wifi "or else"
     
    News, Oct 7, 2014
    #7
  7. Jeff Liebermann

    aaron Guest

    I would be interested in knowing the name of the "well-known reputable
    I don't know for a fact who that is, and I wouldn't say if I did. But here's
    my absolutely unofficial (and perhaps imprudent) take on some of the issues
    involved here.

    1. As I read the stories, Marriott's wireless infrastructure was *not* actually
    "jamming" their customers' hotspots. It was *containing* the hotspots.

    Jamming (at least as defined by Wikipedia, http://en.wikipedia.org/wiki/Radio_jamming),
    whom I actually trust) involves emitting RF energy that impacts the victim radio
    in the analog domain, by reducing SNR. It would be self-defeating for any
    802.11 network operator to do this, because jamming the victim radio's cell would
    thereby also jam the network operator's production radios' cell - because the cell
    is one and the same.

    Containment does not "jam" the cell. Rather, it attempts to DoS the victim
    802.11 radios, typically by sending 802.11 Deauth frames using a forged source
    MAC address. See for example http://www.cisco.com/c/en/us/suppor...rollers/112045-handling-rogue-cuwn-00.html#RM

    2. My personal view is that the owner of a property has every right to contain
    radios that are on that property. (Apparently the FCC, or at
    any rate some people who work for the FCC, disagree.)

    (I do not believe that a network operator has any right to contain radios
    that are *outside* of their property [for example, across the street] - and in fact,
    such a containment operation, IMO, should be considered as illegal trespass, or
    something like that.)

    3. In this discussion, we see a distinction made between on-premises rogue APs that backhaul into the property owner's internal network (which presumably the property
    owner has a right to contain), and on-premises rogue APs that backhaul e.g. via
    a public carrier's 4G network, bypassing the property owner's wired network, which APs the property owner putatively does not have a right to contain.

    This is a significant distinction, however one that, in practice, the 802.11
    network operator may have great difficulty in making. Most rogue APs nowadays
    use WPA2/AES-PSK security, which (given a strong passphrase) prevents examining
    the user data to determine whether it involves the operator's network. And these
    APs typically use NAT routing, which prevents matching up the clients' MAC addresses with the on-wire addresses.

    Moreover, the assumption that, as long as the rogue hotspot uses 4G backhaul, it
    cannot not significantly impact the operator's 802.11 network, is quite flawed.
    Especially in 2.4GHz, cell capacity is *severely* constrained - especially in a conference, this capacity is an extremely scarce and valuable resource. Any rogue hotspot absolutely can and will directly impact the operator's network capacity.

    None of the above should be construed as implying that I think it is *nice* for a
    network operator to charge for Wi-Fi access and to contain hotspots. If I were,
    as a conference attendee or hotel room guest, to encounter such behavior myself,
    I would be extremely irritated. But I do not believe that not-nice behavior
    should necessarily always be treated as illegal. (Admittedly, in this regard, my
    views seem to be increasingly divergent from those held by the Executive Branch in
    DC.)

    Again, the options above are mine alone, uninformed by any legal status or corporate
    guidance.

    Cheers,

    Aaron
     
    aaron, Oct 7, 2014
    #8
  8. www.law.cornell.edu/uscode/text/47/333

    No person shall willfully or maliciously interfere with or cause interference to
    any radio communications of any station licensed or authorized by or under this
    chapter or operated by the United States Government.

    Note that the words "interefere with" do not just mean jam or cause to fail by
    RF transmission.
     
    Arthur Conan Doyle, Oct 8, 2014
    #9
  9. Yep. That came out after the original story was released and I added
    my guesswork. This covers the issues fairly well.
    <http://blog.erratasec.com/2014/10/two-minutes-of-hate-marriot-deauthing.html#.VDSowFf0d9s>
    The problem is that Marriott's was apparently using Allot NetEnforcer
    <http://www.allot.com>
    to purge the area of any non-Marriott communications using
    "deauthing". It's not exactly jamming in the traditional sense of the
    term, but the effects on its victims communications are very similar.

    There's also the matter of Marriott applying enforcement when there
    was no direct or obvious damage to the Marriott network. The personal
    hot spots in question all used 3G/4G cellular backhauls and never even
    touched the Marriott network. How can Marriott claim that they were
    protecting their network?

    More:
    That was settled long ago, when it was decided that since the radio
    waves cannot be stopped at the border of a country, state, county, or
    city, then regional jurisdiction does not apply to rules governing
    radio transmissions. All your argument does is attempt to extend the
    border jurisdiction principle to individually property borders. Are
    you saying that the FCC does not have jurisdiction over RF related
    issues when on private property?
    The 3G/4G cell sites used as a backhaul were probably not on Marriott
    property. Since many data plans charge by the megabyte, Marriott
    would concievably be interfering with the revenue of the cellular
    provider, which is NOT located on Marriott property.
    Yep. Unfortunately, Marriott failed to make that distinction as it
    jammed or deauthed everything that was not Marriott supplied. Were
    the hotel not as isolated, I'm sure the deauthing would have had an
    effect on nearby residences and businesses as it had no mechanism for
    distinguishing between exhibitor hot spots and the neighbors wireless
    access points.
    My understanding is that these rogue access points were only used to
    circumvent exorbitant exhibitor connection rates via a constipated
    Marriott network. I would guess(tm) that the exhibitors would have
    paid the asking price, if the network worked as expected.
    Unfortunately, an individual or exhibitor does not have the right to
    supply their own services, even if the hotel's services suck. For
    example, bringing your own catering service into the hotel is not
    generally appreciated. Same with bringing your own plumber,
    electrician, housekeeper, etc. Whether wireless is an exception is
    probably going to require the services of a court of law to decide.
    Yep. But I've also seen community and hotel networks where half the
    traffic is ARP requests. Badly configured would be generous. However,
    if what you say is true, then the exhibitors private wi-fi network
    should have been as useless as the hotel wi-fi network. Apparently,
    from rumors and anecdotes, that was not the case. The hotel network
    was bottlenecked, while the personal hot spots worked quite nicely.
    Besides, if the exhibitors discovered that personal hot spots didn't
    work, they would have given up using them and tried something else. I
    still recall the days of dragging DS0 and T1 lines into conventions.
    Thanks for your views.
     
    Jeff Liebermann, Oct 8, 2014
    #10
  10. Jeff Liebermann

    scarecrow Guest

    How would that be any different from bringing your own (cell) phone
    service on the property to avoid paying the hotel's exorbitant phone
    rates?
     
    scarecrow, Oct 8, 2014
    #11
  11. Jeff Liebermann

    aaron Guest

    Well if the FCC were to declare that 802.11 containment (deauthing) is a violation
    of this rule, and is therefore inherently illegitimate everywhere, I'd be fine with it.
    I've been called upon several times to help customers whose Wi-Fi networks were being
    DoS'd (inadvertently) by their neighbors (e.g. in a shopping mall or multi-tenant
    office building) whose wireless infrastructure had - perhaps unwittingly - been
    configured to do "rogue containment". It's a very nasty practice and brutal to
    troubleshoot.

    Aaron
     
    aaron, Oct 8, 2014
    #12
  12. They're very similar, but not exactly the same. One difference is
    that it's more difficult to enforce a no cell phone policy than a no
    personal hot spot policy. The technology behind enforcing both
    (deauthing) is also very similar to generating a cellular "no service"
    signal. Another difference is that cellular jamming is considered
    "theft of service" because the cellular providers have paid for the
    spectrum and the right to use it. No such payments have been made for
    unlicensed wi-fi.

    Oddly, the FCC has yet to prosecute anyone for cellular jamming. There
    have been plenty of NAL's (notice of apparent liability) for the sale
    of cellular jammers, but no prosecution for their use. That's mostly
    because the major users of jammers are law enforcement agencies.
    Meanwhile, the FCC finds it necessary to prosecute Marriotts for what
    might be considered "denial of service" of unlicensed spectrum. I
    guess(tm) that one can consider all this "selective enforcement" on
    the part of the FCC.
     
    Jeff Liebermann, Oct 9, 2014
    #13
  13. Jeff Liebermann

    scarecrow Guest

    If you mean enforcement of hotel policy (no hotspots allowed) then the
    offender could be asked to leave and if he refused he could be
    arrested under the trespass laws.

    But he certainly could not be arrested for theft for just using a
    hotspot on hotel property, even if they had a policy against it.
    Theft of service is a criminal law that would be used for someone
    *stealing a service* such as using unauthorized equipment like a
    hacked phone or cable box to obtain a service without paying for it.

    Cell phone jamming and the equipment used to do it would be covered
    under the Communications Act of 1934.

    https://www.fcc.gov/encyclopedia/jammer-enforcement
    NALs are a form of prosecution. As I'm sure you're aware many have
    paid big bucks for NALs over the years.

    This guy may be sweating a bit. The link also shows the applicable
    federal law used for cell jamming.

    http://transition.fcc.gov/eb/Orders/2014/FCC-14-55A1.html
    Why would that be? The Feds (and local cops) can, in many cases,
    legally ignore the law when necessary in the furtherance of their
    official duty.
    My hats off to the FCC. The Marriott was IMO screwing its customers
    royally. I'm glad to see that they were caught. The fine's probably a
    drop in the bucket for them but the bad publicity is priceless. I'm
    never going back and I'm not even involved.
     
    scarecrow, Oct 9, 2014
    #14
  14. Jeff Liebermann

    Kurt Ullman Guest

    Correct me if I am wrong, or if things have changed recently, but the
    FCC has come down hard (although not the level of prosecution yet) when
    prisons tried to jam cell signals on their property because of phones
    being smuggled in. Even if the jamming was on the prison's property.
     
    Kurt Ullman, Oct 9, 2014
    #15
  15. No jamming allowed, period. This became a high profile issue when a
    cell phone was found in Charles Manson's prison cell. The FCC's
    attitude is that jamming wrecks police and fire communications, and
    that there's an effective alternative. The FCC recommends that
    prisons use various types of monitoring systems that will disclose
    call details including the phone's GPS position. Some prisons have
    installed femto cell and small cell base stations to do the same
    thing. Officers can then go directly to the reported position, and
    confiscate the phone. It seems to work:
    <http://www.fcc.gov/blog/solutions-stop-use-contraband-cell-phones-prisoners>
    Power Point presentation:
    <http://transition.fcc.gov/pshs/docs...-to-Contraband-Cell-Phone-Use-in-Prisons.ppt>
    <http://gcn.com/Articles/2013/09/05/prison-cell-phones.aspx>
     
    Jeff Liebermann, Oct 9, 2014
    #16
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.