Wireless

by Mike Masnick


Filed Under:
fcc, fines, jammer, mifi, opryland hotel, wifi

Companies:
marriott



FCC Fines Marriott For Jamming Customers' WiFi Hotspots To Push Them Onto Hotel's $1,000 Per Device WiFi

from the sleazy-sleazy dept

Hotel WiFi sucks. If you do any traveling, you're aware of this. Though, from what I've seen, the higher end the hotel, the worse the WiFi is and the more insane its prices are. Cheap discount hotels often offer free WiFi, and it's generally pretty reliable. High end hotels? I've seen prices of $30 per day or higher, and it's dreadfully low bandwidth. These days, when traveling, I often pick hotels based on reviews of the WiFi quality, because nothing can be more frustrating than a crappy internet connection when it's needed. But, even worse than the WiFi in your room, if you're using the WiFi for a business meeting or event -- the hotels love to price gouge. And, it appears that's exactly what the Marriott-operated Gaylord Opryland Hotel and Convention Center in Nashville did. Except, the company went one step further. Thanks to things like tethering on phones and MiFi devices that allow you to set up your own WiFi hotspot using wireless broadband, Marriott realized that some smart business folks were getting around its (absolutely insane) $1,000 per device WiFi charges, and just using MiFi's. So, Marriott then broke FCC regulations and started jamming the devices to force business folks to pay its extortionate fees.

In response, the FCC has now cracked down and Marriott has agreed to pay a $600,000 fine for the practice, while also promising to continue to make sure it doesn't make use of jammers and to update the FCC on "compliance" every three months for the next three years. The FCC found out about all of this because a customer sent in a complaint -- though its unclear if the customer just figured it out by themselves, or if some employee at Opryland stupidly admitted to the hotel's practices.

Update: Oh, and I missed the best part, as pointed out in the comments. Marriott is still claiming that what it did was legal... and for the benefit of consumers. Uh huh:
"Marriott has a strong interest in ensuring that when our guests use our Wi-Fi service, they will be protected from rogue wireless hot spots that can cause degraded service, insidious cyber-attacks and identity theft," the statement said. "Like many other institutions and companies in a wide variety of industries, including hospitals and universities, the Gaylord Opryland protected its Wi-Fi network by using FCC-authorized equipment provided by well-known, reputable manufacturers.

"We believe that the Opryland's actions were lawful. We will continue to encourage the FCC to pursue a rulemaking in order to eliminate the ongoing confusion resulting from today's action and to assess the merits of its underlying policy."



Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    Whatever (profile), 3 Oct 2014 @ 2:28pm

    A couple of things. The price was "up to $1000" and not an absolutely $1000 for every use. Generally, that would be an 'old style' convention / booth space rate, similar to charging $400-$1000 to hook up power and a couple of thousand more for a 10 by 10 space. I can remember setting up convention spaces in various cities in the US and finding that their internet charges were insane. In at least one case, they would force you to deal with their prefered supplier, who would set up a T1 line (speedy as it was at the time), and you would be required to pay setup, removal, and a full month's service, even if you needed it only for a day.

    In very general terms, $250 a day for wi-fi seems high, but in convention space terms, it seems pretty much par for the course. Most hotels with WiFi intentionally make sure that the service is NOT available in their convention spaces, and charge for connectivity - installing a wireless modem in your conference room, as an example.

    Marriott certainly went over the top here, I guess just pure profiteering wasn't enough for them.

    reply to this | link to this | view in chronology ]

    • icon
      That One Guy (profile), 3 Oct 2014 @ 2:41pm

      Re:

      Honestly, it really wouldn't matter what they were charging, whether $10, $100 or $1000, the second they started jamming the signals to force people to use their connection, they deserved to be slapped down hard for it.

      reply to this | link to this | view in chronology ]

      • icon
        Whatever (profile), 3 Oct 2014 @ 5:21pm

        Re: Re:

        Here's the thing though... up to the point of jamming, they are within the industry norms, and the ONLY reason the FCC is involved is as a result of that. Merely blocking mifi devices from hosting multiple devices on their network wouldn't even be the issue.

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 4 Oct 2014 @ 11:43am

          Re: Re: Re:

          Which is kinda part of the point of the OP, that the industry norm is to offer terrible wifi at inflated prices.

          reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 4 Oct 2014 @ 11:44am

            Re: Re: Re: Re:

            Just because it's legal doesn't make it good for consumers and it doesn't mean we can't complain about it.

            reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 4 Oct 2014 @ 11:52am

          Re: Re: Re:

          "they are within the industry norms"

          In addition to complaining about the jamming we are here to complain about the industry norm. If you don't like it you can get lost and find another website to troll or you can start your own blog.

          reply to this | link to this | view in chronology ]

        • icon
          JMT (profile), 4 Oct 2014 @ 4:12pm

          Re: Re: Re:

          "...up to the point of jamming, they are within the industry norms...

          The real problem is staring you right in the face and you still completely miss it.

          reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 4 Oct 2014 @ 9:33pm

            Re: Re: Re: Re:

            He's basically admitting that the industry norm is to do everything short of jamming signals and breaking the law. How is that supposed to result in customers not complaining?

            reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 3 Oct 2014 @ 5:04pm

      Re:

      "The price was "up to $1000" and not an absolutely $1000 for every use."

      Oh, ok ... nevermind. Nothing to see here, move along.

      Apparently customers go elsewhere when dissatisfied.

      reply to this | link to this | view in chronology ]

      • icon
        John Fenderson (profile), 6 Oct 2014 @ 6:57am

        Re: Re:

        Well, I certainly would. I don't pay for any hotel's WiFi because that's just a silly and stupid thing to do. If a hotel was blocking my ability to run my own hotspot, I'd move on to the next hotel down the road.

        reply to this | link to this | view in chronology ]

  • icon
    Paul Renault (profile), 3 Oct 2014 @ 2:31pm

    I suppose rich people have too much money to think for themselves, eh?

    If the expensive (or even cheap) hotel I was staying at is charging anything, I feel insulted, as it demonstrates that they think I'm a fool.

    And actually, I would be a fool if I paid (really?) $1K/day for WiFi... Jeepers, for a thousand dollars you could buy a no-contract cell phone, a no-contract/burner SIM card, and use the phone as a WiFi hot-spot. Bonus: you don't have to worry about whether the hotel set up the security well (usually they don't).

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 3 Oct 2014 @ 2:40pm

      Re: I suppose rich people have too much money to think for themselves, eh?

      Rich people measure the quality of everything by the price that is charged to their companies expense account.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 3 Oct 2014 @ 3:29pm

        Re: Re: I suppose rich people have too much money to think for themselves, eh?

        I imagine the expense account angle is the key. If I am staying at Jerry's Motel in East Bumfark AR, I am paying for the night myself. Anything Jerry can do to make me want to stay there is in his best interest, so I get free or low-cost wifi in the same way I get a croissant and OJ for free off the dingy little cart in the corner of the lobby. But Hoity-Toity Hotel in downtown Pilly knows that most of its customers are on business and going to submit an expense report, which the company will just straight up pay without comment 95% of the time. So gouging for wifi is literally free money.

        I stayed at a small chain hotel out on the fringe of the city where my alma mater is located. The lady running the desk was almost indecently insistent with making sure I knew the (free) wifi password. Contrary-wise, when I stayed at a swanky hotel downtown in the same city, not only did they charge more for wifi than they charged for parking, but they were "perplexed" that despite their claims that I could get free wifi because of my cellphone carrier, their system did not recognize said condition. After saying that it should work, they helpfully offered to charge me the full rate for wifi instead (?!?!). At least the co-ed running the desk had the decency to blush when I gave her the hairy eyeball for that piece of BS.

        reply to this | link to this | view in chronology ]

        • icon
          Whatever (profile), 3 Oct 2014 @ 5:24pm

          Re: Re: Re: I suppose rich people have too much money to think for themselves, eh?

          This isn't about in room wifi, it's about convention center wifi.

          The room wifi wouldn't be very expensive at all.

          reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 4 Oct 2014 @ 11:51am

            Re: Re: Re: Re: I suppose rich people have too much money to think for themselves, eh?

            The person in the OP is complaining about the time(s) when s/he was charged for Wifi.

            reply to this | link to this | view in chronology ]

        • icon
          LVDave (profile), 5 Oct 2014 @ 8:22am

          Re: Re: Re: I suppose rich people have too much money to think for themselves, eh?

          Marriot is particularly bad about this.. There is actually two "Marriots", the big swanky hotel-type Marriots,
          and the motel-style Marriots. The motel-style Marriots go by names like "ResidenceInn" etc.. Waaay back in 2004, I stayed in the downtown Atlanta Marriot and was charged $10/day for wifi, and later on that same trip I stayed at a Marriot ResidenceInn in Sarasota Florida, and the wifi was free. Seems somewhat backwards somehow...

          reply to this | link to this | view in chronology ]

          • icon
            nasch (profile), 6 Oct 2014 @ 5:52am

            Re: Re: Re: Re: I suppose rich people have too much money to think for themselves, eh?

            The motel-style Marriots go by names like "ResidenceInn" etc.

            I don't think Marriot operates any motels. Certainly Residence Inn, Fairfield Inn, and Courtyard are not motels.

            reply to this | link to this | view in chronology ]

      • identicon
        Right wing nutter, 5 Oct 2014 @ 5:52pm

        Re: Re: I suppose rich people have too much money to think for themselves, eh?

        No. Mid level executives who aren't going much higher measure quality by how much is billed to their expense account. The rich pay attention to that kind of stuff in a "fool me once shame on you, fool me twice shame on me" fashion. As they become aware of this they won't be booking this place again.
        Which is why the management tried to cover up, and then spin. Starting this practice up again would cost them more than they've gouged.

        reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 3 Oct 2014 @ 2:42pm

      "...they will be protected from rogue wireless hot spots that can cause degraded service, insidious cyber-attacks and identity theft,"

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 3 Oct 2014 @ 3:13pm

        Re: "...they will be protected from rogue wireless hot spots that can cause degraded service, insidious cyber-attacks and identity theft,"

        Which customer?

        reply to this | link to this | view in chronology ]

      • icon
        That One Guy (profile), 3 Oct 2014 @ 3:14pm

        Re: "...they will be protected from rogue wireless hot spots that can cause degraded service, insidious cyber-attacks and identity theft,"

        "Well you see we were robbing our customers blind, so they couldn't be robbed and taken advantage of by some other person or group, who may not have had our customer's best interests at heart.

        Just another friendly service we here at the Marriott Hotel provide.'

        reply to this | link to this | view in chronology ]

        • icon
          MikeC (profile), 3 Oct 2014 @ 3:24pm

          Re: Re: "...they will be protected from rogue wireless hot spots that can cause degraded service, insidious cyber-attacks and identity theft,"

          I guess it's better the thief you know instead of any old thief....

          reply to this | link to this | view in chronology ]

    • icon
      Zos (profile), 3 Oct 2014 @ 3:37pm

      Re: I suppose rich people have too much money to think for themselves, eh?

      yeah, good luck with that inside a convention hall. it's a concrete box saturated with signals. I can actually understand being charged a small amount for reliable data access in that situation. but any hotel that doesn't offer free wifi in guests rooms merits nothing but contempt. and he's right, the nicer the hotel the more shitty their internet policies usually.

      reply to this | link to this | view in chronology ]

  • identicon
    Christenson, 3 Oct 2014 @ 2:36pm

    Whistleblowing?

    You call an employee who admitted to the hotel's practices stupid...but maybe the employee was whistleblowing, or simply doing a frustrated customer a favor? (Our wifi is down, but I'll get it fixed the next time you are here...)

    I can't believe our Mike is the only potential customer of that hotel that might be unhappy about the insane profiteering and broken connectivity that even the non-technical folks are increasingly taking for granted.

    reply to this | link to this | view in chronology ]

  • identicon
    zip, 3 Oct 2014 @ 2:43pm

    I'd like to know what they were using to jam wifi, and if such tools are even legal to buy and sell.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 3 Oct 2014 @ 2:56pm

      Re:

      Essentially all you need is a reprogrammed wifi router.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 3 Oct 2014 @ 3:33pm

      Re:

      There's a discussion about this happening right now on the NANOG mailing list, and the answer seems to be "no, it is not legal".

      If that's correct then it's worth noting that when Marriott does this they get fined chump change...but if a hacktivist did this (OMG anons anarchists political activists aiaiieiieeieyeee) they'd get their door kicked down, they're be beaten, they'd be tasered, they'd have every electronic device they own confiscated, they'd be charged with multiple felonies, they'd be perXXXprosecuted by vicious grandstanding federal assholes and have their lives destroyed.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 3 Oct 2014 @ 4:03pm

      Re:

      I am not sure which tool they were using, but it is very common in enterprise wireless solutions and is legal in many cases. If you read through the order on page 3 item 6 they use language that specifies that the hotel was using it on users that did not pose a risk to the security of the hotels network or its guests. In the corporate world if a company is concerned about the security of their networks they use this technology to keep people from setting up an unauthorized wifi access point within their airspace. I was just at a client this morning that we are recommending they enable that feature on their system as we were able to pop an access point on their network and man in the middle anyone who connected to it and capture the traffic passing through.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 3 Oct 2014 @ 5:42pm

        Re: Re:

        "[...] and is legal in many cases."

        No. You are wrong. I strongly suggest that you acquaint yourself with the relevant Federal law -- in particular, the Communications Act of 1934. I strongly suggest that you cease advising clients to enable such features until you have properly educated yourself on the relevant statutes and FCC regulations, as what you're currently telling them to do is a violation of US federal law.

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 3 Oct 2014 @ 6:12pm

          Re: Re: Re:

          " Specifically, such employees had used this capability to prevent users from connecting to the
          Internet via their own personal Wi-Fi networks when these users did not pose a threat to the security of the
          Gaylord Opryland network or its guests.
          "

          I suggest you go into any Hospital or business that is covered by PCI and uses WIFI that does not deauth unauthorized wifi hotspots and convince them that they are better off not protecting their networks by tossing aside security best practices and NIST guidance and see what that get. I am confident the FCC specifically stated the lack of a security threat due to the fact that many security standards require the deauthorization of unauthorized traffic. I will continue to recommend clients de-auth traffic within their networks without losing sleep. I agree that the law may read that way but there is way too much on the line from a security standpoint to go against best practices within a regulated data environment to worry about the FCC in that scenario. Other government agencies would consider the lack of that security negligence.

          reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 4 Oct 2014 @ 2:35am

            Re: Re: Re: Re:

            So your pathetic, feeble excuse for breaking federal law is your lack of baseline security competence?

            Everyone who actually knows what they're doing -- which clearly excludes ignorant morons like you -- is perfectly capable of locking down environments without resorting to the kind of crude, ineffective tactics you're recommending. You're a disgrace to the profession of IT security. Get out.

            reply to this | link to this | view in chronology ]

            • identicon
              Anonymous Coward, 4 Oct 2014 @ 7:36am

              Re: Re: Re: Re: Re:

              No, "my feeble excuse" is NIST and ISO standards the recommend/require in some cases deauthorization of unauthorized 802.11 traffic. And you are obviously clueless.

              reply to this | link to this | view in chronology ]

              • icon
                ltlw0lf (profile), 4 Oct 2014 @ 12:14pm

                Re: Re: Re: Re: Re: Re:

                No, "my feeble excuse" is NIST and ISO standards the recommend/require in some cases deauthorization of unauthorized 802.11 traffic.

                Citation please.

                I am not aware of any NIST guidance that requires WIFI deauth packets be used. NIST SP 800-153 talks about using WIDPS only for monitoring. General NIST guidance is that rogue access points should physically be removed. PCI DSS does not say anything about deploying automated wifi containment, and section 11.1 talks about using IDS/IPS only for monitoring for rogues. The PCI DSS Information Supplement v2.0 talks about using containment, but only against devices that are connected to the CDE. It also recommends physical removal of rogue access points. "Many wireless IPS systems provide the ability to prevent clients from associating with an unauthorized AP or can disable an ad-hoc network. However, efficacy of these techniques varies widely, and while they can provide adequate temporary mitigation of the risk, unauthorized devices should be physically removed from the CDE as soon as possible" - https://www.pcisecuritystandards.org/pdfs/PCI_DSS_Wireless_Guideline_with_WiFi_and_Bluetooth_082211. pdf, section 4.3.1.

                And best practices are against you. Note, the last document is a CISCO best practices document, that specifically states "Note that it is critical to evaluate (or avoid altogether) rogue auto-containment, as there are potential legal issues and liabilities if left to operate automatically."

                reply to this | link to this | view in chronology ]

        • icon
          MikeC (profile), 4 Oct 2014 @ 8:14am

          Re: Re: Re:

          You both are wrong and right ... you can block traffic within your airspace as long as you don't block other folks traffic nearby. Specifically from CISCO:
          =====================================================
          As containment renders any standard 802.11 network completely ineffective, containment
          measures should taken in your airspace. Extreme caution should be taken to ensure that
          containment is not being performed on a legitimate network nearby and, action should only be
          taken as a last resort. Unauthorized containment is prosecutable by law (subject to the FCC’s
          Communications Act of 1934, Section 333, ‘Willful or Malicious Interference’).
          ===================================================

          However PCI standards require you take this into account:
          --------------------------------------
          PCI Compliance
          Understanding and remediating against wireless threats is also a requirement under the Payment
          Card Industry Data Security Standard (PCI DSS), a standard required for retailers to follow when
          processing credit card data over WLAN networks. Examples of WIPS requirements under PCI DSS
          include:
          Section 9.1.3 Physical Security: Restrict physical access to known wireless devices.
          Section 10.5.4 Wireless Logs: Archive wireless access centrally using a WIPS for 1 year.
          Section 11.1 Quarterly Wireless Scan: Scan all sites with card dataholder environments (CDE)
          whether or not they have known WLAN APs in the CDE. Sampling of sites is not allowed. A WIPS
          is recommended for large organizations since it is not possible to manually scan or conduct a
          walk-around wireless security audit of all sites on a quarterly basis
          Section 11.4 Monitor Alerts: Enable automatic WIPS alerts to instantly notify personnel of rogue
          devices and unauthorized wireless connections into the CDE.
          Section 12.9 Eliminate Threats: Prepare an incident response plan to monitor and respond to
          alerts from the WIPS. Enable automatic containment mechanism on WIPS to block rogues and
          unauthorized wireless connections.
          ------------------------------------------------

          So you both have points.

          reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 4 Oct 2014 @ 8:54am

            Re: Re: Re: Re:

            If you read the language used in the consent decree it is clear the FCC was careful to not say "Deauthenticating Wifi access points is illegal under any circumstance"
            The Bureau investigated the complaint in order to assess Marriott’s compliance with Section 333
            of the Act. In the course of its investigation, the Bureau discovered that one or more Marriott employees
            had used the containment capability discussed in paragraph 5 in a manner that the Bureau believes violates
            Section 333. Specifically, such employees had used this capability to prevent users from connecting to the
            Internet via their own personal Wi-Fi networks when these users did not pose a threat to the security of the
            Gaylord Opryland network or its guests

            If the FCC truly wanted to make WLAN Deauthentication illegal they would not imply there are manners that do not violate section 333. They also would not be just going after Marriot they would be fining Cisco, Motorola, Aruba, ETC that market the technology in the US as they have with companies marketing cell jammers.

            reply to this | link to this | view in chronology ]

      • icon
        Derek Kerton (profile), 4 Oct 2014 @ 7:24pm

        Re: Re:

        According to federal law and FCC regs, it is illegal to deliberately jam wifi in the unlicensed bands. But it is unlikely the Hyatt was doing this, because it would also interfere with their own $1000 wifi.

        More likely, the Hyatt was jamming the cellular signal to people's phones and Mifis, which is a big federal no-no, cuz big biz interests like Verizon and ATT lose their sheet when that happens.

        If the Hyatt were jamming instead the cellular signals that powered the Mifis, then it is absolutely illegal to even transmit any unauthorized signal on spectrum licensed to some wireless carrier, let alone use a jammer.

        reply to this | link to this | view in chronology ]

      • icon
        John Fenderson (profile), 6 Oct 2014 @ 7:04am

        Re: Re:

        "if a company is concerned about the security of their networks they use this technology to keep people from setting up an unauthorized wifi access point within their airspace."

        Well, first, it isn't their airspace, and they have no right to claim control over it like that. Period. Second, what threat does "an unauthorized wifi access point within their airspace" pose to their networks? None whatsoever -- those hotspots are not connected to the hotel's networks.

        reply to this | link to this | view in chronology ]

    • identicon
      Scott, 3 Oct 2014 @ 6:18pm

      Re:

      All high end wireless systems have the ability to "jam" wifi. It's not really a jammer, it simply spoofs a rogue devices mac and sends endless disconnect signals, preventing potential clients from connecting to the wifi. It's generally called rogue access point containment, or something similar, and is completely legal and neccesary. It's what prevents me from setting up my own "marriot-guest" wireless then capturing your credit card or banking info.

      reply to this | link to this | view in chronology ]

      • icon
        John Fenderson (profile), 6 Oct 2014 @ 7:06am

        Re: Re:

        "is completely legal and neccesary"

        Legal? That seems debatable, since the FCC is claiming otherwise at least in Marriot's case. Necessary? Not by a longshot.

        reply to this | link to this | view in chronology ]

    • identicon
      jd, 4 Oct 2014 @ 4:35am

      Re:

      There are Wi-Fi blocking devices commonly used by businesses to prevent employees from using devices on company property. I don't think it would be difficult for someone to make one at home.

      I'm not excusing what Marriot did in anyway...

      reply to this | link to this | view in chronology ]

    • identicon
      J1, 5 Oct 2014 @ 11:03am

      Re:

      My question too. I thought this type of jamming was a crime. Does anybody know? And if so, will the employees responsible be prosecuted?

      reply to this | link to this | view in chronology ]

      • icon
        John Fenderson (profile), 6 Oct 2014 @ 7:08am

        Re: Re:

        They aren't jamming in the usual sense of the word -- that is, they aren't broadcasting noise loudly to drown out all the radio signals on WiFi frequencies (or their own WiFi wouldn't work). What they're doing is more like spoofing, to selectively block "unauthorized" access points.

        reply to this | link to this | view in chronology ]

  • identicon
    Jake, 3 Oct 2014 @ 2:52pm

    What.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 3 Oct 2014 @ 3:15pm

    "or if some employee at Opryland, aware of the wrongdoing that was going on, decided to report the hotel's practices."

    Fixed that for you. No need to assume that every employee at the hotel is a criminal. There might be one or two who are kind, law abiding citizens.

    reply to this | link to this | view in chronology ]

  • icon
    John85851 (profile), 3 Oct 2014 @ 3:27pm

    On the other hand

    On the other hand, how many scammers are offering their "free" wifi which can steal people's information?
    A convention is a great place to do this, especially if the scammers name their wifi "FreeMarriott" to confuse people into thinking it's the one owned by the hotel.

    So Marriott may seem heavy-handed by doing this, but what's their liability if someone got infected (especially using a *business* laptop) when the person connected to the fraudulent "FreeMarriott" wifi?

    reply to this | link to this | view in chronology ]

    • icon
      ltlw0lf (profile), 4 Oct 2014 @ 4:21am

      Re: On the other hand

      On the other hand, how many scammers are offering their "free" wifi which can steal people's information?

      Why should Marriott or anyone else care what is being done on anything other than their own WIFI? If someone sets up a "FreeMarriott" access point on their property, they can ask that person to leave, but they don't have any legitimate reason to care if someone sets up "FreeMarriott" in their personal vehicle sitting on a public street broadcasting next to the hotel (except maybe for use of Trademark.) What is worse, is that scammers don't need to create something called FreeMarriott to scam, all they really need to do is break into Marriott's poorly locked down computers or sit on their WIFI and sniff the unencrypted traffic and they are done.

      If the hotel really wants to prevent this from happening, provide the user with a WPA2-PSK key to use to connect to the hotel wifi, or even set up RADIUS, create an account for the person checking in, and give them their own key to connect to the WIFI using WPA2-Enterprise, and call it a day.

      There is no legitimate reason to use DEAUTH jamming; none. Not even for protecting your own WIFI. It is only used by heavy handed monopolists and petty bureaucrats.

      reply to this | link to this | view in chronology ]

  • icon
    MikeC (profile), 3 Oct 2014 @ 3:28pm

    Custormers Still Screwed - didn't see anything about refunds!

    So the FCC fined them 600K -- customers not seeing a dime of that in refunds for outrageous costs - am I right there.

    This really doesn't suprise me though... if the service they did deliver was fast .. then 1000$ to hook up your own wireless so you could hand it out to attendees would be ok... but if it's for one client device, that is insane.

    My firm has done numerous trade shows, normally we have to pay fee these days for decent internet connections (usually cable), 4-500$ for a week long show. It's all part of the space/booth fee.

    Not long ago though we had to bring in our own connections - usually IDSN or if we were lucky DSL. Local telco would wire us up a circuit for the duration of the show.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 3 Oct 2014 @ 3:59pm

    Nothing New for Them

    I've heard that they are known for racking up the charges to corporate customers. The people attending a trade show never hear about it. If you are very careful and watch things like a hawk, you can have your event not go greatly over budget.

    Before wifi was widespread, you had to deal with the venue for trade show or in room network access. Lately wired in room is going away and the wifi is slow and capped at slow rates. I recently found (at a different hotel) the free lobby wifi was 5 time faster than the in room service. It makes a big difference when you have gigs of photos to upload to waiting editor.

    reply to this | link to this | view in chronology ]

    • identicon
      Rick, 5 Oct 2014 @ 12:44pm

      Re: Nothing New for Them

      Ever been to a "resort" hotel? Could be marriott, Hilton, doesn't matter really. Upon checkout, I ALWAYS have bogus charges on the statement. Parking, spa charges, fitness center, movies. You name it. They think people won't look at the bill; that they'll just pay it. Many do. And that's what they're banking on. What a flippin' racket. And they wonder why we cast a dirty look at them when get a bogus bill.

      reply to this | link to this | view in chronology ]

  • identicon
    Brian Phoenix, 3 Oct 2014 @ 4:14pm

    Hotel Wifi

    The motel 6 in Phoenix charged $3 a day for lousy wifi. Super 8 next store had free wifi and I was able to use theirs.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 3 Oct 2014 @ 4:52pm

    Gaylord Focker

    reply to this | link to this | view in chronology ]

  • icon
    Uriel-238 (profile), 3 Oct 2014 @ 4:57pm

    Betcha Marriott made far more than $600,000

    This sounds very much like a wrist-slap to me.

    reply to this | link to this | view in chronology ]

  • identicon
    Shakakahn, 3 Oct 2014 @ 5:26pm

    My outrage around this was somewhat subdued by this reasonable post: http://blog.erratasec.com/2014/10/two-minutes-of-hate-marriot-deauthing.html

    Food for thought.

    reply to this | link to this | view in chronology ]

  • icon
    DB (profile), 3 Oct 2014 @ 5:37pm

    It might be a feature on certain WiFi access points, but that doesn't mean that jamming is legal.

    The FCC is asserting that deliberate interference with radio communication, "jamming", is not allowed. Period. Full stop. You can use the bands without a license, subject to ERP (power) limits. You can even heavily use the bands. But you can't do something to deliberately block someone else from using the spectrum, even if you handwave and say that it's pretty much like just using the band.

    reply to this | link to this | view in chronology ]

    • identicon
      Scott, 3 Oct 2014 @ 6:28pm

      Re:

      Sure, when you put it that way, it sounds like illegal interference. If you described it as "our system sends out messages requesting that clients disconnect from the access point, which they are able to ignore", it sounds like it's not illegal interference. That is, by the way, exactly what it is doing.
      In the context that the law was written, it's reasonable to assume that they're talking about radio interference, which this is not. If I walk down the street asking people to hang up their phones, that doesn't make me a human cell phone jammer.

      reply to this | link to this | view in chronology ]

      • icon
        ltlw0lf (profile), 4 Oct 2014 @ 4:00am

        Re: Re:

        If you described it as "our system sends out messages requesting that clients disconnect from the access point, which they are able to ignore"

        This isn't something that you can easily, technically, ignore.

        Ignoring DEAUTH packets is a violation of the RFC, and generally causes bad thingsTM to happen. How do you manage entering and leaving a WIFI cell without DEAUTH? How do you handle an access-point going off-line, switching channels, etc. And how do you handle trade-offs between access points. If your solution is to just ignore it, you are potentially performing a denial-of-service against your own connection, or causing harm to the WIFI network you are connected to.

        There isn't any way to ignore DEAUTH packets using standard available drivers right now, though you could modify firmware/drivers to accomplish this. There is work being done on implementing real management frame authentication capabilities through 802.11w, though I am not aware of any equipment that currently provides this capability.

        If I walk down the street asking people to hang up their phones, that doesn't make me a human cell phone jammer.

        If you walk down the street asking people to hang up the phone, they still have a choice to ignore you, punch you in the face, etc. You aren't jamming their phone connection. With deauth packets, you are jamming their connection, and the FCC rightly doesn't like the jamming of public airwaves.

        What would be really interesting, in a situation similar to this one, is what would have happened on the Hotel side if the people being jammed just turned around and jammed the hotel right back. Would the hotel be screaming for the cops to intervene when their WIFI network was taken down?

        reply to this | link to this | view in chronology ]

      • icon
        PacoBell (profile), 4 Oct 2014 @ 10:19pm

        Re: Re:

        That's a poor analogy. A better one would be if all cell phones automatically responded to that request by hanging up and you knew they would do that.

        reply to this | link to this | view in chronology ]

    • icon
      John Fenderson (profile), 6 Oct 2014 @ 7:14am

      Re:

      "The FCC is asserting that deliberate interference with radio communication, "jamming", is not allowed"

      Except that technically this isn't what Marriot did. They weren't interfering with any radio communication -- all radio transmissions were being allowed to be sent and received without interference.

      reply to this | link to this | view in chronology ]

  • identicon
    dj fischer, 3 Oct 2014 @ 9:42pm

    When I am on the road . . .

    . . . I VPN into my home computer where it is connected via fiber (FIOS) so that the abysmal hotel connection just has
    to feed me screens of the fast connection. It's faster than doing it directly to the 'net through the hotel connection.

    I am doing that right now.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 4 Oct 2014 @ 1:07am

    I can't believe there's people in this thread advocating that jamming and denial of service attacks are legal. They're not.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 4 Oct 2014 @ 4:52am

      Re:

      Basically, the FCC owns the airwaves, all frequencies, so any kind of radio transmitter device needs FCC approval of some sort. Generally speaking, high-wattage transmissions need a specific operating license, while manufacturers of low-wattage units can get blanket permission from the FCC to manufacture, distribute, and sell the device to end-users who don't need to register them.

      Jamming the airwaves is absolutely legal, as long as the FCC grants its specific approval, and the jammers stay within the authorized parameters set by the FCC license. But whether the FCC actually grants such approval is another question.

      At least that was way the system worked with 'analog' radio, presumably digital would not be too much different.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 4 Oct 2014 @ 4:20pm

    I'm guessing Marriott won't mind the soon-to-follow Yelp reviews, right?

    reply to this | link to this | view in chronology ]

  • identicon
    Roderick, 4 Oct 2014 @ 4:24pm

    the higher end hotels

    I'd just like to point out that the really top hotels, like Gleneagles in Scotland, provide inclusive, high-speed WiFi at no extra charge. Of all the places I've stayed, the best WiFi has been in the truly special 5-star establishments. Second best is in youth hostels. Everywhere in between will suck you dry, while trying to jam up your web traffic with amateurish malware to insert extra ads in your browsing.

    reply to this | link to this | view in chronology ]

    • icon
      Whatever (profile), 4 Oct 2014 @ 6:12pm

      Re: the higher end hotels

      Roderick, again, you need to understand that this story isn't about in room wifi, it's about convention center / meeting space wi-fi. Personal room wi-fi was not and is not an issue here..

      reply to this | link to this | view in chronology ]

      • icon
        Niall (profile), 6 Oct 2014 @ 5:46am

        Re: Re: the higher end hotels

        Even so, it's an absolutely ridiculous price to pay PER DEVICE. We are talking about anyone's individual mobile phone or laptop or tablet - which is a lot of devices in a conference centre. It would be one thing if they were charging $1000 for a high-end connection for a local high-bandwidth wi-fi that anyone attending the conference could use, or even charged a nominal amount.

        Jamming a person's own service into the bargain is really adding insult to injury, quiet aside from the legalities of the issue.

        reply to this | link to this | view in chronology ]

  • identicon
    Mark Noo, 5 Oct 2014 @ 8:21pm

    "These days, when traveling, I often pick hotels based on reviews of the WiFi quality, because nothing can be more frustrating than a crappy internet connection when it's needed."

    Beautiful statement. It brought a single, triumphant tear of joy to my eye.

    reply to this | link to this | view in chronology ]

  • icon
    DannyB (profile), 6 Oct 2014 @ 6:43am

    If Marriott is truly concerned about people's MiFi hot spots interfering with their wireless network, then they need to give people a reason NOT to use their MiFi by giving registered guests free WiFi. Then their WiFi network would not be competing with other WiFi hotspots.

    If Marriott is concerned about security, they could ensure that only registered guests have access by issuing a password.

    If Marriott complains that they cannot offer WiFi for free, because it costs money to install and then has an ongoing cost to operate, I would point out the following. Marriott offers other things for free that cost substantial money to install, and have some ongoing costs to operate:
    * Free Air Conditioning / Heating
    * Free Color TV
    * Free drinking fountains
    * Free use of electrical outlets
    * Free indoor plumbing

    Does WiFi cost as much to install as central air conditioning? Indoor plumbing? Does WiFi cost anywhere near as much to operate as air conditioning? Cable TV?

    I won't hold my breath waiting for Marriott's response. But now I realize that I have made a serious mistake by posting this. Marriott will now have additional charges for air conditioning, indoor plumbing, etc. (please don't throw things at me now that Marriott will start charging for these things! I didn't mean to inspire them to create new charges! Really.)

    reply to this | link to this | view in chronology ]

    • icon
      John Fenderson (profile), 6 Oct 2014 @ 9:57am

      Re:

      WiFi is what is known as a "profit center": it's basically free money for the hotel. The more they can charge for it, the more free money they're getting. The rates they charge have nothing to do with installation or operating costs.

      "they need to give people a reason NOT to use their MiFi by giving registered guests free WiFi."

      True in principle, but I think it's important to note that this case doesn't involve hotel guests at all. It's the attendees to a conference held in their conference rooms.

      reply to this | link to this | view in chronology ]

      • icon
        DannyB (profile), 8 Oct 2014 @ 8:03am

        Re: Re:

        Yes, I get that. And I'm glad the FCC is not allowing Marriott to interfere with the properly licensed use of the limited resource of spectrum.

        But as I say, if Marriott was really concerned about . . .

        reply to this | link to this | view in chronology ]

  • identicon
    None, 11 Oct 2014 @ 3:18pm

    Applicable Law

    The Communications Act of 1934
    Section 301 - requires persons operating or using radio transmitters to be licensed or authorized under the Commission’s rules (47 U.S.C. § 301)
    Section 302(b) - prohibits the manufacture, importation, marketing, sale or operation of these devices within the United States (47 U.S.C. § 302a(b))
    Section 333 - prohibits willful or malicious interference with the radio communications of any station licensed or authorized under the Act or operated by the U.S. Government (47 U.S.C. § 333)
    Section 503 - allows the FCC to impose forfeitures for willful or repeated violations of the Communications Act, the Commission's rules, regulations, or related orders, as well as for violations of the terms and conditions of any license, certificate, or other Commission authorization, among other things.
    Sections 510 - allows for seizure of unlawful equipment (47 U.S.C. § 510)
    The Commission's Rules
    Section 2.803 - prohibits the manufacture, importation, marketing, sale or operation of these devices within the United States (47 C.F.R. § 2.803)
    Section 2.807 - provides for certain limited exceptions, such as the sale to U.S. government users (47 C.F.R. § 2.807)
    The Criminal Code (Enforced by the Department of Justice)
    Title 18, Section 1362 - prohibits willful or malicious interference to US government communications; subjects the operator to possible fines, imprisonment, or both (18 U.S.C. § 1362)
    Title 18, Section 1367(a) - prohibits intentional or malicious interference to satellite communications; subjects the operator to possible fines, imprisonment, or both (18 U.S.C. § 1367(a))

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: Copying Is Not Theft
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.