Source: http://www.slashgear.com/marriott-fined-600000-for-jamming-g...

And how about refund everyone?

Most folks are not aware they are in a class until they get a letter from the losing company with their $9 check or whatever is left over after lawyer's fees.

Edit: forgot a word

Their rationale/justification was that because WiFi at scale (40k attendees, couple hundred exhibitors) the MiFis and other hotspots are using the bandwidth that the exhibitors have paid (a lot of money) for and caused issues with their demos (which the attendees paid entry fees to see).

Convention centers operate in the world of unrealistically high pricing that is rarely seen outside of airport newsstands . For example, they wanted to charge us $3k for renting a 42" TV for 3 days. We ended up just buying a 27" Thunderbolt display and saved a ton (and had a nice monitor to give to one of our devs after the show).

EDITED: In the U.S., all RF bandwidth is administered by the FCC for the benefit of the public. AFAIK, even if there's a "traffic jam" in the local WiFi spectrum, private parties don't get to unilaterally block off the WiFi bandwidth and charge for access. That'd be like a shopping mall's dealing with its Black-Friday traffic jams by setting up toll booths to block the adjoining public highways and charging vehicles to go through.

(My original comment referred to cell-service bandwidth, which of course isn't the only problem, as @coleca correctly points out.)

It is the right of universities and employers to disallow WiFi hotspots as a condition of being on the property. Why shouldn't this apply to hotels?

The first one is perfectly okay, your private property, your rules, the second is in violation of the law.

  This device complies with part 15 of FCC Rules.
  
  1) This device may not cause harmful interference.

  2) This device must accept any interference received,  
  including interference that may cause undesired operation.

My understanding of #2 in rule is that it's meant to protect against incidental interference causing complaints to the FCC. If the ham operator across the street makes your TV/dental fillings act weird, you can't ask the government to go shut him down.

In any case, it also probably depends on the precise legal definition of "interference", "must accept", and so on.

Citation, please? This is an area of the law with which I'm not too familiar.

I do recall from dim memory that private-property rights aren't without limits. For example:

+ The (U.S.) National Labor Relations Act puts limits on an employer's right to prohibit employee collective action on the employer's property;

+ Similarly, various civil-rights acts prohibit the owner of a business from refusing service to people on impermissible discriminatory grounds (race, national origin, etc.);

+ [ADDED:] Anti-trust law places limits on a business owner's ability to say, for example, I'll sell you my patented photocopier only if you agree to buy all your unpatented paper from me as well.

[EDITED:] I'm not saying the first two laws apply in this case. I am suggesting that anti-trust law, and perhaps federal communications law, might analogously limit the ability of the owner of a business to require guests, as a condition of admission, to forego their lawful access to the public spectrum. That practice seems roughly analogous to the conference company saying, "you can attend our conference, but only if you travel to the conference center in one of the expensive private limousines that we've arranged for, instead of in a cab."

Are we going to treat WiFi according to airspace protocol? Can a company or operation claim ownership to a quasi-physically-contained airspace? Perhaps invoke claims of trespassing by other non-approved, non-financially viable, sources? If you're living/working/visiting under my roof, then my rules, my WiFI.

>Because (1) a jammer is an unlicensed transmitter and (2) jammers do not just jam with discretion they jam for as far as they reach and it is impossible to operate a jammer in such a way that you cover all the territory without extending beyond it in some places.

Jammers can interfere with people's ability to contact emergency services. Obviously in the case of WiFi this is not an immediate concern because 911 is currently reached through a different wavelength, but WiFi is integrating into infrastructure (WoT, etc...) such that jammers can be a real cause for concern (especially if they are operated by poorly trained people).

>If you're living/working/visiting under my roof, then my rules, my WiFI.

What about the scenario where you have an ISP that offers city-wide WiFi to its subscribers. A Marriott is within the bounds of this area, they block access to a service I pay for and they have approval to provide me with. Who is in the wrong?

[0] https://news.ycombinator.com/item?id=8407399

That's one way to look at it. But it doesn't square with an important fact, namely that under U.S. law, you don't own the RF spectrum, even though RF waves happen to exist "on" "your" property.

Keep in mind that in a civil society, property ownership and the autonomy that goes with it are largely social constructs that can and are limited by the rest of us. Marriott might imagine that it "owns" a conference facility and can do what it wants with it. Certainly for most purposes that's a reasonable approximation of the truth. But: Marriott gets to exclude, say, Alice from walking into the conference facility, not by virtue of some natural right, but solely because the rest of us have tacitly agreed that our police and, ultimately, our armed forces will back Marriott up if it chooses to do so.

(That is, of course, unless Marriott happen to have access to a militia or other armed force; @Rayiner has written about related topics in other threads here.)

And whether Marriott likes it or not, the rest of us, via our duly-elected or -appointed representatives, have decreed:

1. that the public airwaves are no one's private property; and

2. that in certain circumstances, "tying" arrangements, in which a seller requires a purchaser to buy an unwanted product or service B as a condition of being able to buy wanted product or service A, are unlawful --- that is to say, the seller's autonomy in respect of its goods and services only goes so far. [1]

It's therefore not an incoherent argument that Marriott may not require Alice, while in the conference facility, to use only Marriott's expensive WiFi network, as opposed to using, say, the phone in her pocket as a WiFi hotspot of her own.

[1] http://en.wikipedia.org/wiki/Tying_(commerce).

You may be confusing a wifi hotspot with a wifi router. It's certainly reasonable for the owners of a physical network to disallow users to plug in their own wifi routers, especially because it can cause problems, even potentially taking down the entire network with loops and rogue DHCP servers. There are ways the owner can prevent those problems, but it comes at higher cost of equipment

I don't see why a hotspot would be any different than a mobile phone. Some places tell you to turn them off, because it interrupts the movie, and they may ask you to leave if you don't. But they don't jam phones and provide high cost alternatives.

They want to know who is using the network and wireless access points remove some of that control.

If you expose unrestricted access to sensitive stuff to everyone on the dorm ethernet, sinister wifi hackers on the sidewalk outside is the least of your worries. Your university IT was trying to cover their incompetence with random authoritarianism.

When a network device is attached that doesn't pass this authentication requirement onto its users (i.e. by NATing, or offering a public or common-key WiFi network) the university loses its ability to see who is doing what, and to deny access to people it doesn't want on its network. IT departments don't like that.

The security risk is not so much that you can now route certain internal IPs, but that IT has no way of determining who you are, or even your real MAC address, if it has questions about or objections to your traffic (whether

Hopefully no one is placing sensitive services on the same network as dorm rooms with no security, but being on the LAN is often used as a front line. For one thing, sitting on the right part of the campus network gets you access to most scientific journals based on IP whitelisting. The University is contractually not allowed to provide this access to people who aren't students/faculty/staff, so it has to control who can come from those IPs. We operate separate SSIDs for guests that route to the internet through IPs not in the whitelist. We also have certain intranet-only services like Facilities work orders, printing, etc. that could be on the public internet, but don't need to be, so better to those aging, likely vulnerable applications behind a layer than not.

Likewise, it's probably trivial to ignore these deauth packets if you're running your own boxes (although it'll probably be more problematic if you wanted tablet / phone access, too).

It's not their spectrum to manage, and everyone else has just as much right to use it as they do, event or no event.

Deliberate interference of the legal use of the airwaves by others is flat out illegal.

Spectrum is spectrum. Convention centers don't own WiFi spectrum any more than they own cell phone spectrum.

I imagine that a contract that says, "You won't run a hotspot, and if we catch you doing it, we'll kick you out" would be fine. But actually jamming the radio signals would not be.

They weren't using a radio jammer, but using techniques just like were described in the article. We tried getting our gear setup and couldn't get anything working, even trying to use Internet connection sharing over Wifi between a Macbook and an iPad right next to each other wouldn't work. Until we got a hold of the network engineer for the convention and got him to whitelist our MAC addresses on their own APs. Then all of a sudden all our gear sprang to life. He told us they were looking for rogue APs and were sending frames to their clients to disassociate. If you were an attendee and not an exhibitor you could use the free public WiFi that was available. But we were warned that was far too flaky to use for product demos and would require re-registration every hour.

We also had to use commercial grade APs (like Cisco, Aruba, etc.) that could have the signal strength turned way down so it wouldn't bleed too far out of our booth. The WiFi APs at your local Staples don't usually have this option; they only boost the signals, not lower them.

They have no authority to be able to interfere with your use of spectrum, just as you have none to interfere with theirs.

i think if a teenager did it to the Marriot then a closest DA or an FBI office would be immediately having the teenager on "unauthorized access" at minimum if not on some nice terrorism charge

Congratulations, first DDOS of a geographical site instead of a virtual one. :P

Note: This is kinda a dick move because you're probably screwing over the customers more than you are the IT douchebags. Maybe a better plan is to find the Marriott headquarters, mockup a visitor badge, and do it there.

These high-end WiFi systems are expensive to install and administer. But that those prices they were charging, they've paid for the system in, like, the first day. Maybe by lunch time.

Conference stuff in general is crazy.

"“Consumers who purchase cellular data plans should be able to use them without fear that their personal Internet connection will be blocked by their hotel or conference center,”"

http://transition.fcc.gov/Daily_Releases/Daily_Business/2014... http://www.fcc.gov/document/marriott-pay-600k-resolve-wifi-b...

Sounds to me like an unlawful tie-in, in violation of the anti-trust laws.

I don't picture this idea ending well.

Besides, I much prefer spending time with my son reading Asterix the Gaul comic books.

Are the regulations in this case meeting the end goal of the FCC - that good use is being made of the RF space?

Were that not the case, I could enter an arms race with my neighbors where we all compete for the strongest Wi-Fi blockers so that our own signal is strongest, perhaps to the point that one of us might get a business-class connection and start allowing paid access to it. "Too bad our block can't use Wi-Fi. Say, neighbor, for $100 a month I bet I could let you share mine."

Most of these mobile hotspots are going to be limited by the cell connectivity, not the wifi speed, so it would be pretty easy for multiple APs to exist on the same channel.

More on the law: http://www.fcc.gov/jammers

More on deauthentication packet jamming: http://hackaday.com/2011/10/04/wifi-jamming-via-deauthentica...

"This device complies with FCC part 15 and will not cause harmful interference".

The argument could be made that by using the device to send lots of deauth packets, that Marriott had modified the device beyond it's original scope, and was now using it to cause harmful interference (to other wifi devices).

If they determine you are deliberately interfering with lawful use of the airwaves, it doesn't matter how you are doing it.

Mariott is, in effect, preventing people from using the cellular service they pay (a carrier) for. Except, instead of attacking the cellular part, they're attacking the WiFi part. But, in effect, it's very close to jamming cell phone calls.

Something tells me there is more to this story.

Looks like the Cisco AP sends these deauthentication packets over wireless, it doesn't cut off the rogue AP from the network by filtering it or disabling a switch port. The rogue AP is certainly bridged to your network, but is the association between the clients and the rogue AP part of your network?

> rogue containment usually introduces legal issues that can put the infrastructure provider in an uncomfortable position if left to operate automatically.

The FCC also says selling these things is illegal:

> Federal law prohibits the operation, marketing, or sale of any type of jamming equipment

There might be a legal workaround in the case of unauthorized devices, as I doubt Cisco's legal team would allow such a feature if there was not something to base it off of. It is concerning though...

Or rather,"those dudes". A good prosecutor would start at the bottom and work his way up the chain of command, not stopping until he reached the highest level person who was aware of this without immediately moving to shut it down. Then he'd throw the book at they guy.

Conference organization is a small world. Word would get out fast, and that really would be the end of it.

Second, even if you accept that, you could at least fine them an amount that will cause harm, rather than an amount they'll barely notice.

Here, neither is happening. The individuals responsible are, as far as I can tell, being completely let off the hook, while the company gets a completely trivial fine.

I don't know this, nor do you. The people that do know this are the prosecutors in this case, and they considered that $600k (and the rest of the consent decree) was punishment that fit the crime. Unless you have some special knowledge of this particular case, I don't see why you are in a position to second guess them.

Proportionally, my cost for merely retaining a lawyer would affect me more than a $600,000 fine affects Marriott. Never mind the fact that I would probably go to jail and lose out on months or years of salary, not to mention freedom.

Will this particular remedy be effective at preventing the behavior in the future, both from Marriott and other corporations? The prosecutors seem to think so, you think to seem not. You've given me no reason to trust your judgement more than theirs.

If the reverse was happening, say a hacker was going through and deauthentication jamming THEIR network you can bet they would call the FBI.

It seems that the convention center was blocking mobile hotspots in an effort to control the Wi-Fi traffic in the center, possibly so that they could charge for their in-house Wi-Fi. This doesn't seem to have been a widespread issue or an issue for hotel guests.

However, I suspect that this is a common practice among convention centers and that the main point of this action by the FCC was to put everyone on notice that this is not acceptable behavior.

That, combined with the fact that, yes, businessfolk will just expense it, leads to the current situation.

The answer is really, "because they are rapacious".

I used to work for a fairly large hotel chain that would charge ridiculous amounts for internet. Thinking back it wasn't too ridiculous (certainly not 10k for 3 days as someone said above) but it was still a high price.

The only people to really use the service were business people, and they'd always charge it back to their companies.

The WiFi itself was merely a luxury we offered to encourage business people to stay in the properties because "WiFi available" made for better advertisements.

Heck, I know one convention center that charges $1500 just to hang a small banner over the door of the ballroom with your event's logo on it.

http://www.reddit.com/r/AskReddit/comments/e2uui/why_is_wifi...

As long as they clearly label them as a cost+ and provide you those dinky plastic cups you can drink tap water with, I am happy.

3 euros, 3 pounds sterling, or 3 dollars is common. I guess the US wins in the "over-priced-water-in-your-room" war. There must be something magical about the $3 price tag.

Much more exciting have been the freebies (zero status/independent hotels): chocolates, biscuits, wine, platters of local delicacies, fruit baskets, free non-alcoholic mini-bar replenished daily... :-)

Ironically, they gave me at least $5 worth of chocolate chip cookies when I checked in.

So it's not clear whether Marriott was intentionally being nasty or some over-eager CCNA just turned on all the bells and whistles he could find.

It's not a technical limitation on a certain type of packets, but about the results.

The problem is only when the end result is that you are deliberately stopping other people from making valid use of the spectrum.

There are valid cases for doing what they are doing (preventing spoofing).. this just wasn't one of those valid use cases.

So is it a disruption feature if in effect it neutralises disruption when used correctly? As I said, it is a grey area.

> "Containment can have legal implications when launched against neighboring networks. Ensure that the rogue device is within your network and poses a security risk before you launch the containment."

The wording in the FCC Consent Decree in this case suggests that this feature would actually have been okay if it was being used against actively hostile networks:

> "Specifically, such employees had used this capability to prevent users from connecting to the Internet via their own personal Wi-Fi networks when these users did not pose a threat to the security of the Gaylord Opryland network or its guests."

From the linked article it appears to only target devices attempted to spoof you by default, which is definitely not what the complaint was about.

- Rogue on Wire - If a rogue device is identified to be attached to the wired network, then it is automatically placed under containment.

- Using our SSID - If a rogue device is using an SSID which is the same as that configured on the controller, it is automatically contained. This feature aims to address a honey-pot attack before it causes damage.

- Valid client on Rogue AP - If a client listed in ACS is found to be associated with a rogue device, containment is launched against that client only, preventing it from associating to any non-managed AP.

- AdHoc Rogue AP - If an ad-hoc network is discovered, it is automatically contained.

The kind of blocking in question here sounds more aggressive than any of these categories. Though it's certainly possible they were using some other vendor's gear which has additional options.

One of the important issues here is that wireless communication doesn't respect boundaries. It seems they could have easily been interfering with networks on neighboring properties.

I don't think so. This mode targets ad hoc networks. Mifi devices and iPhone/Android tethering set up access points, not ad hoc networks.

Like, I know whenever I go into my local supermarket, I'm lucky if I can get a signal once I venture past the front door. There's no active jamming going on; it's just the way the building is constructed (I assume).

If hotels really want to force their own Wi-Fi on people, couldn't they do the same thing -- make use of physical impediments?

I personally wouldn't book a conference center which didn't allow the use of cellphones. Just too impractical as a lot of people use them as de facto 2 way radios (e.g. the people setting up booths, employees of the conference center, security, et al).

However, when you start jamming other people's signals that's in direct violation of FCC regulations, so of course the hammer is going to drop. I'm really glad it wasn't just a token slap on the wrist. FCC made it clear that they are serious about this.

It's also enough to get the people who decided to do this fired.

The other conditions of the decision put a stop to the activity, and require them to report on compliance for three years. That will be more onerous than writing a check, and may convince them to stop being such greedy dickheads.

You're correct there. Cell signals don't play very nice with concrete and steel. It also depends on who your carrier is and what technology their using.

Verizon uses CDMA, which uses a lower frequency (around 800MHz) which gives you better building penetration, as opposed to say T-Mobile that runs on higher frequency (1.9MHz) which tends to have issues getting through all that concrete and steel.

Honestly, I figure that just the initial analysis of what they need to do will cost them that much before they actually start hiring personnel and putting the preventive actions in place.

Then factor in all the bad press they will get from this and the final bill will be well into the millions.

It's like putting someone in front of a big trough of money and allowing them to take as much as they want, with the caveat that every few months they will get a mosquito bite.

You just can't actively jam their use of that spectrum.

The FCC has no place setting fines based on the total size of a corporation. It seems rather proportionate to me, given that they were attempting to profit from willful interference, and that's in the ballpark of how much they probably made. I doubt Marriott, or any other major US hotel chain, will ever attempt this again. Seems to me the punishment worked, without having to get dragged into courts, appeals, and legislation if they had, for example, fined them $1 billion.

Even if I'm off by two full orders of magnitude it'd still be $960,000, and it's possible I'm undercutting the truth.

Also, don't forget the cost of doing compliance audits across all of their properties for the next three years, which is not going to be cheap either.

-- If Marriott charged minimum $250 for its own wifi then ($600,000/$250), it paid the fine equaling to 2400 guests.

-- If Marriott charged maximum $1000 for its own wifi then ($600,000/$1000), it paid the fine equaling to only 600 guests.

Seems to me that Marriott got away very cheaply.

"Wi-Fi is an essential on-ramp to the Internet"

oh thanks for explaining it in electronic superhighway terms. Now I understand.