The FCC has been very clear that it didn’t approve of a Marriott International hotel’s blocking of convention center attendees’ Wi-Fi hotspots: It fined the hospitality company $600,000 last fall and issued a stern warning on Jan. 27 that such wireless network interference by others will not be tolerated either.
But what remains murky to IT shops and wireless LAN product vendors is exactly what constitutes illegal “Wi-Fi blocking”:
*One university WLAN/network architect wrote a blog post earlier this month titled “Are WLAN vendors selling illegal jammers?” and sparked an online discussion among peers, who are trying to figure out if the tools they routinely use to contain rogue devices are prohibited. These IT directors are trying to determine if their institutions fall under the umbrella of “commercial establishments” singled out by the FCC in its enforcement warning against certain mitigation techniques. There have been calls by IT pros for industry group lawyers, such as at EDUCAUSE, to help them out.
*A systems engineer for a security company wrote to us asking if private companies – those that aren’t necessarily providing Wi-Fi access to guests like in the hospitality industry – are allowed to block Wi-Fi hotspots. At least two such companies have prevented him from using his AT&T hotspot, which he says relieves him from relying on spotty guest access networks and allows him to use a VPN to access data needed from his own company’s network.
* The FCC’s Marriott decision and subsequent warning about Wi-Fi blocking have been applauded by many, including the Wireless Innovation Alliance, whose members include Dell, Google and Microsoft. IT pros have indicated some disappointment that their WLAN vendors have not been vocal enough in getting the FCC to clarify its position on Wi-Fi blocking, though vendors such as Aruba, Cisco and Ruckus did file comments with the commission in December seeking clarification on the topic of management and security.
“This issue is riddled with complexity and ambiguity,” says David Callisch, VP of marketing at Ruckus Wireless, which filed its comments to the FCC jointly with Aruba Networks. “The FCC should use this as an opportunity to work with the industry to help companies know what are appropriate security measures that can be employed to protect networks operating in unlicensed spectrum without violating the [Communications] Act.”
Among other things, Ruckus is urging the FCC not to automatically apply rules established for licensed spectrum to the unlicensed spectrum of Wi-Fi.
Ruckus also believes that the use of de-authentication protocols, “which are 802.11 compliant and common security techniques,” do not fall under wireless interference as described in the Communications Act, Callisch says.
Marriott was found to be using such Layer 2 de-authentication protocols to block use of Wi-Fi hot spots – some suspect in order to force users to pay for Internet service from the hotel (though the hotel industry calls such claims false). Here's the consent decree from the FCC:
After being fined by the FCC, Marriott said it would work with the commission to “clarify appropriate security measures network operators can take to protect customer data, and will continue to work with the industry and others to find appropriate market solutions that do not involve the blocking of Wi-Fi devices.” But Marriott, the American Hotel & Lodging Association and Ryman Hospital Properties withdrew their petition for a declaratory ruling on Jan. 30.
Instead, the hospitality industry will form the American Hotel & Lodging Association Cybersecurity Task Force with industry experts and technology companies “to find and implement the most effective market-based solutions available to tackle growing cyber threats.”
Shane Buckley, CEO of WLAN vendor Xirrus, filed comments on Jan. 17 with the FCC in support of the hospitality industry petition, though emphasizes that concerns raised about Wi-Fi management go beyond those organizations in the hospitality industry that provide Wi-Fi services to customers. Xirrus has a big clientele in the education