The
hotel chain petitioned the FCC for changes that could let venues shut
down personal networks. Microsoft, Google, and the cell industry are
opposed.
by Glenn Fleishman
Marriott is fighting for its right to block personal or mobile Wi-Fi hotspots—and claims that it’s for our own good.
The hotel chain and some others
have a petition before the FCC
to amend or clarify the rules that cover interference for unlicensed
spectrum bands. They hope to gain the right to use network-management
tools to quash Wi-Fi networks on their premises that they don’t approve
of. In its view, this is necessary to ensure customer security and to
protect children.
The petition, filed in August and strewn with technical mistakes, has
received a number of formally filed comments from large organizations
in recent weeks. If Marriott’s petition were to succeed, we’d likely see
hotels that charge guests and convention centers that charge exhibitors
flipping switches to shut down any Wi-Fi not operated by the venue. The
American hotel industry's trade group is a co-filer of the petition,
and Hilton submitted a comment in support: this isn't just Marriott
talking.
But there are big guns in opposition, including Google, Microsoft,
and the cell industry’s trade group, the CTIA. Even Cisco’s “support” of
the Marriott petition seeks to minimize the extent to which a rule
clarification would affect most users.
Earlier in 2014,
the FCC fined Marriott
for jamming guests, exhibitors, and others’ Wi-Fi networks at the
Gaylord Opryland resort in Nashville. The hotel chain agreed to pay the
FCC $600,000 in fines and create a compliance plan, with regularly filed
updates, for all its properties.
Anyone can comment on this matter—click
Submit a Filing—not
only giant companies. Despite the FCC’s bad track record on media
consolidation, fighting for strong network neutrality, and other issues,
the agency does quite well in preserving consumer rights relative to
spectrum use and cellular carriers, even if its actions in favor of
consumers take far too long. FCC orders often cite comments by
individuals and the quantity of responses—in fact, this whole mess got
started because of a single person's complaint.
Unlicensed networks’ massive success
Wi-Fi operates in America in two unlicensed bands: 2.4 gigahertz
(GHz) and 5 GHz. (The bands and rules are similar or identical in most
of the rest of the world, too.) These unlicensed bands, along with a few
others, allow the use of FCC-tested and -approved devices without a
license on the part of the person operating the equipment, whether a
Bluetooth headset or a Wi-Fi base station.
These Part 15 devices, so-called by the FCC rules under which they
operate, have been massively successful in the U.S. and worldwide.
Billions of gadgets use 2.4 GHz and 5 GHz radios—most of it running one
of several generations of Bluetooth or Wi-Fi—dating back to the late
1990s.
But the fundamental rule of unlicensed spectrum is that devices need
to expect and accept that interference exists. Radio techniques and
network protocols have all been designed to produce as much co-existence
as possible to maximize the utility of the spectrum. (Interference is
sometimes defined as information that’s beyond the sensitivity of the
receiver that’s trying to interpret it.)
Because there are no primary licensed users of these bands, everyone
has to play nice, and the FCC enforces those rules fairly well. No one
owns the spectrum, and thus everyone has seemingly equal rights to it.
This has been upheld in FCC rulings repeatedly over the years. (One
exception: amateur radio users and a few other kinds of technology,
including TV vans that send video from the field back to a studio, have
licensed uses of the band, but they are limited in scope and number.)
Nobody owns unlicensed use of the bands. Nobody can tell you nor can
you tell anyone else how to use the bands. Nobody can operate similar
equipment that prevents your use of the bands.
So far, so good. Now on to Marriott’s ersatz jamming behavior.
Smacking down alleged rogues
Marriot's earlier customer-jamming scheme wasn’t accomplished through radio interference.
Radio jammers,
though widely available, are illegal in the U.S. and most countries.
Truck drivers use them to suppress GPS reception and avoid being
well-tracked by employers. Some venues use them to prevent cellular
phone usage. Rather, Marriott used wireless network management software
and hardware that can monitor a combination of logical stuff (how a
Wi-Fi network is being used to identify problems or bad behavior) and
physical stuff (the spectrum in use by what devices and base stations).
This software can mitigate network problems by shutting down bad
players. For instance, a government facility, a corporation, or a school
might have varied reasons for not wanting anyone on site to operate a
separate Wi-Fi network outside the ones directly managed, because it
might leak secure information, offer outside access into a protected
network, or allow students to see material in contravention of school or
government rules.
Such a network could be a Wi-Fi base station plugged into an Ethernet
port, a software base station created by a computer connected to the
network, or a personal or mobile hotspot connected via a cellular data
network. These networks might be created by those who don’t know about
or agree with a security policy, or for a malicious purpose, such as
creating an
“evil twin” or “honeyspot” network that resembles a legitimate network to pull in wireless connections and then sniff and misdirect them to extract data.
Rogue AP detection and mitigation relies on the fact that much of the
handshaking between devices in Wi-Fi connections isn’t validated. A
network-management system can prevent clients from associating with
Wi-Fi networks under its control in a number of ways, but they can also
block wireless devices from connecting with
other networks that are in range. This typically involves sending
deauthentication frames—frames
are data packets in the wireless world—that either or both spoof the
client or base station. (This is also a way to launch a
denial-of-service attack, by a rogue hotspot spewing out such frames
against legitimate local usage.)
These defensive systems have been available for at least a decade.
They are widely deployed and used for the reasons cited above. And
there’s never been a ruling by the FCC nor by federal courts as to
whether they operate within the FCC’s rules.
The FCC reserves all rights to the regulation of wireless spectrum to
itself. Even licensed owners of spectrum—such as cellular
networks—aren’t allowed to employ techniques to jam other users. Rather,
they pull in enforcement from the FCC, which tracks down, shuts down,
fines, and even proffers criminal charges against violators.
Marriott is asking, therefore, for a unique right: the right to
police spectrum privately based on property rights. As Cisco put it in
its comment, “Wi-Fi operators may not ‘deputize’ themselves to police
the Part 15 radio frequency environment.”
Which parties are at this table, anyway?
This petition represents the collision of multiple, competing interests, some of whom are customers or suppliers to each other.
Marriott and other hospitality and convention businesses want to
preserve their ability to have a locked-in audience for which they can
set arbitrary rates for Internet access. If these groups didn’t charge
exorbitant rates, their arguments about network management would carry
more water. As one commenter to the FCC, Glen E. Ashman,
noted, “This is simply a ploy to force guests to pay extra for premium service.” (Marriott
posted a statement
on December 30 stating that its petition is entirely about protecting
its conference and meeting spaces. However, the petition doesn't limit
discussion in any way to just those areas. The settlement paid to the
FCC in October also specifically covers blocking personal use of
hotspots by guests.)
Mobile operating system makers and cellular networks have every
motivation to let their customers use personal hotspots on phones and
tablets, as well as mobile hotspots from NetGear and others, because
such accessibility encourages people to buy higher-usage plans or pay
overage fees, and emphasizes the utility of the network, especially the
new 4G LTE networks which may be far faster than a hotel’s service. The
CTIA
in its comment
wrote, “…all Part 15 devices, including mobile devices that incorporate
Part 15 capabilities, have equal rights to use unlicensed spectrum; no
single entity may intentionally prevent others from using that
spectrum.”
Companies that sell to corporate, government, and academic markets,
as well as IT people running systems in those markets, are nervous.
There is no current regulatory structure under which they knock rogue
APs off networks operated on or near their premises. If the FCC were to
issue a response to Marriott’s petition that banned all forms of
deauthentication against non-authorized networks, this reduces the
effectiveness of these products and opens customers to legal liability
as long as the current generation of software is still running. This is
why Cisco filed a comment rejecting Marriott’s general position, but
supporting the notion of mitigation.
So far, there’s no organization representing consumers, small
businesses, trade-show exhibitors, or business travellers that has
submitted a comment, though a couple dozen individuals have. The
affected parties are these groups. The original complaint against
Marriott came from a savvy business traveller who saw what was up.
Should Marriott get what it wants, we’d all have to use hotel or
convention Wi-Fi; portable hotspots would fail, and our cell phones'
Wi-Fi sharing would be disabled, though USB and Bluetooth tethering
would continue to work.
There’s also no representation from businesses and people adjacent to
hospitality operations. If a hotel is in a city, how can it possibly
protect just its own network without disabling all the dozens of
networks around it without whitelisting those networks—in effect,
requiring neighbors to register with them.
Clear the interference
The petition and a few of the supporting comments out of 42 filed by
citizens, groups, and companies, get into the meaning of interference
under the FCC’s Section 333, the regulation used by the agency to fine
and put in place an order against Marriott. The petition wants the FCC
to declare an affirmative right for property owners to be able to
suppress Wi-Fi networks on the basis of “security and reliability.”
But the petition misstates many things. It cites on page 10 and 11
and in Appendix A how universities “employ various techniques to ensure
network performance,” but then exclusively refers to policies and
actions that apply only to the use of Wi-Fi networks operated by the
institutions—not other Wi-Fi networks on campus. That was so egregious
that Brown University
filed a comment explaining that Marriott et al. had gotten it wrong.
On page 12, it makes multiple ridiculous technical boners. It implies
that only three nonoverlapping 2.4 GHz channels can be used effectively
in the same space by calling them “non-interfering”; this is
technically and practically incorrect. It also says that the 5 GHz band
has just four non-overlapping channels—but the number is actually eight.
The basic channel width for 5 GHz is 20 MHz, of which there are 23
non-overlapping channels available, although many base stations only
support eight of those. Between 2.4 GHz and 5 GHz there are 11
completely clear channels, and as many as 34 with some provisos.
(802.11n and 802.11ac can pair up 20 MHz channels for more throughput,
but it's dynamic: it occurs only when there aren't competing uses that
it can detect.)
It gets even more tendentious as it goes on, noting in one place that
the FCC failure to act could mean, “a hotel could decide to prohibit
guests from bringing Part 15 devices on the hotel’s property.” Uh huh.
That would mean bag searches to prevent cellular phones, wireless
headsets computers, portable game systems, and tablets from being
brought into a hotel. Maybe a search every time you re-enter the hotel
of every guest and visitor. Or active monitoring and a knock on the
door: "Hotel Wi-Fi detective! Open up!" Right.
But beyond the technical errors and absurd scenarios, Marriott’s
petition is prima facie incompetent because it is trying to claim rights
that nobody possesses, no matter what contortions it puts itself into.
“Those who wish exclusive use of spectrum can buy some,”
wrote
Arnold G. Reinhold in a comment; he received his first amateur radio
license in 1957. Reinhold succinct statement is apt: the use of
unlicensed bands is predicated on the notion that nobody owns them.
Marriott’s assertion of the right to cause “interference” as part of its
property rights is found nowhere in FCC rules or court decisions. If
you want exclusive rights, then you buy spectrum. Wi-Fi usage isn’t
exclusive, and thus you can’t enforce exclusive geographic rights.
Cisco argues for a middle ground that protects its corporate clients
on campuses and in buildings, but would not allow Marriott its
particular use case:
Unlicensed spectrum generally should be open and available to all
who wish to make use of it, but access to unlicensed spectrum resources
can and should be balanced against the need to protect networks, data
and devices from security threats and potentially other limited network
management concerns.
For example, in public places or places where the public is routinely
invited, users have every reason to expect that they can make use of
personal hot spot technology, unless the user’s device is presenting a
security threat of some type to the co-located enterprise or service
provider Wi-Fi network.
That balance shifts in enterprise locations, where many entities use
their Wi-Fi networks to convey company confidential information, trade
secrets, and for the safety and security of the firm and its employees.
That’s pretty language, but these qualifications and the kinds of
situations I cited earlier are not defined as carveouts for unlicensed
spectrum. But there are no exceptions; Cisco wants the FCC to create
them.
Businesses and other venues can have policies for visitors and
employees, and escort guests out or fire workers for violating
restrictions on setting up Wi-Fi networks. Corporate networks with the
capability of detecting and blocking ostensible rogue Wi-Fi networks can
also prevent the computers on the network from being able to run
software base stations and lock down Ethernet (through several means) to
prevent just plugging one in. The tools that mitigate can also
physically pinpoint the rogue operation, to allow security or managers
to descend upon the location. Students can be suspended or expelled if
found out, if there's a policy. All these options already exist.
Cisco and others also want to argue that preventing other networks
from operating is not interference, even though the functional outcome
is precisely the same. The supporters and opponents in comments fight
over whether radio-frequency “interference” can include offensive
network management practices which require impersonating another device.
The FCC will have to make a determination, and courts beyond that, if
parties aren’t satisfied.
What’s all the static
Why make such a fuss about something that appears to be
money-grubbing activity (or, charitably, careful management of one
revenue stream out of many required for profitability) by hospitality
organizations? The least-expensive hotel chains, like Best Western,
include Wi-Fi at no cost. The more expensive the hotel, the more likely
you have to pay, unless you’re a member of the hotel’s loyalty club or
possess its branded credit card—so perhaps this affects only businesses
and those well-off enough to stay in such places. And exhibitors who
have to pay through the nose typically represent companies, and it’s one
of the expenses of participating. And shouldn’t the benefit of security
and network management that at least Cisco is fighting for win the day?
Frankly, no. While I sympathize with network managers, this is a
simple appropriation of public property, one we see far too often.
Unlicensed spectrum is the purest expression of “the commons” that
exists in America today. There is quite literally nothing else like it
where every participant is forced to participate under the same rules,
and, large and small, receive the same benefits.
Even in areas with lots of wireless cows chomping at the digital
grass, the rules in place typically preserve the commons or force some
kind of accommodation among users. Allowing companies to exercise the
FCC's jurisdiction is a taking of public space. (Apple’s “Wi-Fi”
network failure during a 2010 demo because of mobile hotspots was because of limitations in the cellular networks, not because of Wi-Fi.)
FCC commenter Eric Pederson wrote, “I live in a high-rise apartment
building in New York City. I typically see 20-plus of my neighbors’
SSIDs. Yet somehow my Wi-Fi works just fine.” Wi-Fi is resilient.
Marriott and its supporters are not. If sense prevails at the FCC, which
the agency appears to have on this subject, hotels are going to need to
suck it up, and the rest of us can keep exercising our spectrum rights.
