Slashdot Mirror
Marriott Fined $600,000 For Jamming Guest Hotspots
schwit1 writes: Marriott will cough up $600,000 in penalties after being caught blocking mobile hotspots so that guests would have to pay for its own Wi-Fi services, the FCC has confirmed today. The fine comes after staff at the Gaylord Opryland Hotel and Convention Center in Nashville, Tennessee were found to be jamming individual hotspots and then charging people up to $1,000 per device to get online. Marriott has been operating the center since 2012, and is believed to have been running its interruption scheme since then. The first complaint to the FCC, however, wasn't until March 2013, when one guest warned the Commission that they suspected their hardware had been jammed.
...convention centers, sports stadiums, and other large public venues that stop working simply due to the sheer number of people congregated, that would be nice.
Do not look into laser with remaining eye.
I just wonder if the fine that Marriott had to pay actually was large enough to take out the profit that they got from the jamming.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
Why is it that the most awful dumpy motels always seem to have free, open and strong wi-fi? Many don't even bother with passwords.
Yet it's the expensive name-brand boutique hotels that always charge for wi-fi. And more often not, it's terrible quality, hard to connect and slow?
And, now we see this happening. This never happens at Motel 6.
Has anyone else noticed this- that overall the cheaper and sleazier the motel, the better the wi-fi?
The Opryland Hotel blocks customers wifi at conventions hosted in the hotel since they sell their own service. Here's their statement from Jeff Flaherty, a Marriott spokesman...
"Marriott has a $trong intere$t in en$uring that when our gue$t$ use our Wi-Fi $ervice, they will be protected from rogue wirele$$ hot$pot$ that can cau$e degraded $ervice, insidious cyber-attacks and identity theft."
Dollar signs added for emphasis. That hotel sells dedicated wireless services and custom networks for convention purposes at prices ranging from $250 to $1,000 per access point.
But remember it's all about protecting you! Any time someone says they are doing something for your protection remember it's most likely to further their own interests and not yours.
"GET / HTTP/1.0" 200 51230 "-" "Mozilla/4.0 (compatible; Setec Astronomy)"
To return the jamming favor.
Heh. Just commented on this on the Gizmodo post an hour ago. Please forgive the copypasta for my first post on Slashdot in probably 5 years.
My organization recently had a conference in a hotel owned by Marriott in a large Southern city. Not only did they want $500 per device per day for any Internet access — wired or wireless — the $12.95/day in-room wifi straight up did not work. They'd take your money before you could figure out it didn't work, of course. And if you ponied up the $16.95 for the "high speed" in-room wifi, it...barely worked. Barely.
We request one wired connection now. And once it's connected and the hotel staffers leave, I set up our own router with our own network. I'm pretty sure that if there was will or pressure on various and sundry consumer protection agencies, the prices charged by many hotel chains — with Marriott properties being the worst of them all — would not hold up in court.
I'll also add that our Director of Events is fairly convinced a new Marriott property in Washington, DC is doing this right now.
ACs are modded -6. I don't read you, I don't mod you, I don't see you. Don't like it? Don't be a coward.
$600k seems too small for such a large company. This is very sinister behavior. It would be like Burger King parking unmarked trucks or actors playing drunk bums in front of McDondalds' drive-through lanes to block customers.
Table-ized A.I.
Probably trade show booths. $1k is not an unusual cost of doing business internet fee for a convention. Oh yes, it's absurd. And yes, people will pay it if that means they can peddle their wares and make some deals.
"The first complaint to the FCC, however, wasn't until March 2013, when one guest warned the Commission that they suspected their hardware had been jammed."
How many guests would have the technical knowledge to tell if a device is being "jammed" or simply "isn't working" or that "cell reception is bad"?
Only one man would dare... Lone Star!
Who knew?
Anyone who has read the regulations.
I should use this sig to advertise my book ISBN-13 : 978-1501515132.
I've certainly noticed that. Midrange value-oriented places frequently include a continental breakfast too, whereas high-end places want you to buy their overpriced breakfast.
Sometimes I enjoy employing certain Priceline biding tactics to get a $200 room for $81, but other than the appearance the less-expensive places are often just as good or better.
They didn't jam the spectrum, they sent de-auth packets to the clients making it impossible for them to use the hotspots.
I am very sure it is not the top management of Marriot that dreamt up this scheme. The top honchos of most companies are so technologically inept they need tech support to turn on their iPads. It is most likely a local operation. The local manager lamenting not showing any revenue increase despite installing the WiFi access point server. And from the ranks someone down realizing jamming is possible. After that it is simple making bonus and making numbers for the local team that set up the scheme. The top guy has collected his bonus and will find another job. The mid level guys who knew it would be fired and have to look for a new job. The tab is paid by a big faceless corporation. This is likely to happen again.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
is that now that's less money that Mariott can donate to the Mormon church. Anything to deprive that cult of funds is a good thing.
I have, for years, because of Marriott's cozy relationship with the Mormons, refused to stay in one of their properties or any property owned by same.
So they basically got away with it. $600k when they're charging $250-$1K per wireless account? Yeah...that's fair.
Personal experience: ... where are the refunds? Where are the damages being paid back? My conference was fairly small (this hotel is beyond enormous mind you) and there still had to be 100+ vendors. We were one of ... I don't know ... 5-10 conferences that weekend?
I was a vendor at a conference in this exact hotel in 2013. Internet access was ridiculously expensive...per account which they prohibited sharing between devices of course. Handy when you're trying to present and sell technical services...and your hotspot doesn't work. Many vendors complained about how their hotspots weren't working, quite a few sucked it up and paid the extortion fee. Now I guess we know why. What I want to know is
At a bare minimum the FCC should find them equal to all the WiFi access fees they collected while this system was in place. Would some have paid anyhow? Yes. This is meant to punitive after all.
Oh...and don't let me get started on how they *required* you to "rent" carpet for your booth 10'x10' booth (starting at several hundred dollars) and pay for power connections - another several hundred dollars for the lowest ~300w 110v connection. Then there were fees to receive fedex boxes, fees to store them until you got them, fees to deliver them to you, etc. Want to rent a TV for your display? They quoted something like 6 grand for two 42" TVs with speakers. Yah huh. The vendor that got that quote laughed at them, went to costco and bought two TVs for ~$1500, then raffled them off.
You can get rich if you own a politician, but you have to be rich to buy one in the first place.
Technically this wasn't jamming - it was a DoS through wifi deauth attacks.
Actually jamming other wifi routers while keeping yours up would be extremely tricky or maybe impossible.
"When information is power, privacy is freedom" - Jah-Wren Ryel
Are you kidding?
They were jamming for two years in a convention center where thousands of people meet every weekend, and they were charging exorbitant fees, in some cases $1000 per device. If this looks too high to you, imagine you are giving a talk about the last 18 months of your research, and a prearranged setup stops working. Your tenure, your reputation, your tenure may depend on that talk. And that's just for researchers. A company that has gathered a thousand POS managers for a discussion of a new system will have millions on the line.
Captive customer base indeed.
Fines seldom come close to wiping out the profits from the con, when big businesses with lobbyists are involved. I have personally participated in a cleanup effort (mostly through volunteers) which used about $30,000 on top of our donated time and equipment. While we were working, the assholes released more detectable crap, and were fined $2,500. But hey, they are golfing with the local high scum.
No good deed goes unpunished...
Yeah, we pay several times that for WiFi coverage for our 5 days each year at the Bellagio for our industries trade show. Of course we're paying that to use their infrastructure and bandwidth, our rental agreement prohibits us from using our own WiFi equipment (which sucked the first year there because we were paying for dedicated bandwidth but they initially set us up on the same line as their guest vlan, if we had been able to setup our own equipment ahead of time we would have found the issue before the show and had it corrected instead of it being 4 hours in before it was addressed). I'm rather surprised Marriott decided to block hotspots instead of just adding the clause to their rental contracts and telling exhibitors to shut it down or move out like most convention centers do.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
Lately, Slashdot seems to be echoing Hacker News, about three hours late. If you're going to be a scraper site, you have to do it faster.
As much as I dislike Mariott's practice here, this is clearly outside the scope of the FCC's regulatory powers and as far as I know isn't even in violation of their own regulations. First of all, WiFi operates on UNREGULATED spectrum, which means anyone can use, and anyone must accept interference from other users. Apparently, the FCC wasn't even concerned with the frequencies that Mariott was using, it was the fact that they were sending de-auth packets that bothered them. This is not the sort of thing FCC should be regulating. In fact, the technique used by Mariott is commonly used in many locations (hotels, universities, hospitals) that provide their own WiFi in order to prevent rogue setups from intercepting people's data, and possibly even redirecting traffic to their own phishing sites. (Not everyone checks that the SSL certificate fingerprints haven't changed when they log in to their bank account!) I used to work in the IT department at a university and we did EXACTLY the same thing that Mariott was doing, for just that reason. (Unlike Mariott, we didn't charge people to use our WiFi, but that should make no difference as far as the FCC is concerned.) When we set up that system, we also investigated the legality of it, and the conclusion we came to was that it was perfectly legal since it was on unregulated spectrum. In fact, many, if not most, commercial WiFi systems have this function built in. Ours certainly did, we only had to turn it on.
If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
not if you "cheat" flood the channels with noise and use restricted channels for your APs. I think it's channels 12-14 that are only legal in the rest of the world, but should be accessible to devices.
instead of using illegal frequency jamming or equipment that disconnects wifi clients, simply insulating the room with steel mesh of some sort would block radio transmissions without violating any laws..
tiny trade convention in Northern Ontario (town has maybe 15k people) charges up to 300$ for internet connections through DSL. Larger shows and such in bigger areas can get away with higher charges
Comment removed based on user account deletion
Are you kidding?
They were jamming for two years in a convention center where thousands of people meet every weekend, and they were charging exorbitant fees, in some cases $1000 per device. If this looks too high to you, imagine you are giving a talk about the last 18 months of your research, and a prearranged setup stops working. Your tenure, your reputation, your tenure may depend on that talk. And that's just for researchers. A company that has gathered a thousand POS managers for a discussion of a new system will have millions on the line.
Captive customer base indeed.
Fines seldom come close to wiping out the profits from the con, when big businesses with lobbyists are involved. I have personally participated in a cleanup effort (mostly through volunteers) which used about $30,000 on top of our donated time and equipment. While we were working, the assholes released more detectable crap, and were fined $2,500. But hey, they are golfing with the local high scum.
Did you host an event there? Sue Marriott in civil court.
So they basically got away with it. $600k when they're charging $250-$1K per wireless account? Yeah...that's fair.
Yeah, and the victims won't see a penny of it either. What should have happened was the Marriot charged with full refunds with interest to those they scammed. I'm quite certain they would have financial records of them.
If this looks too high to you, imagine you are giving a talk about the last 18 months of your research, and a prearranged setup stops working.
Not that this excuses their illegal behaviour but if you are giving a talk that important and you do not have at least one local copy of the talk without then your reputation deserves to take a battering. I'd be astounded if such a thing seriously affected someone's tenure though - it certainly would not where I work.
This shit is why I strongly prefer AirBnB or other alternative forms of hospitality.
I was at a hotel in London and found out that "Free wifi" meant it was freely available to reach the paid gateway. Sleezery seems to be in all large chains in large cities. You would think the high premium on staying there, and the economy of scale of the size of the hotel would mean that it's easier to provide good service to guests.
By contrast, with AirBnB you'll probably get secure, unrestricted residential wifi, or even an ethernet jack to plug into. Sure you might not, and you might not get a clean place. But there's no guarantee of cleanliness at the Mariott either, and you're certain not to get a free Internet connection.
For that price, they'd better be giving you an actual wire to connect to.
An enigma, wrapped in a riddle, shrouded in bacon and cheese
If the FCC doesn't have the authority under current law, what agency should regulate situations like this (assuming for the sake of argument that Congress intended for such situations to be regulated)? The Federal Trade Commission perhaps?
What you were doing was arguably more ethical since you weren't making money off of people using the service, but if it happened today you would be denying other companies (namely, cell phone carriers who sell wifi hotspots and who charge by the byte) the right to conduct business.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
The ISM bands are not unregulated. Operations in the ISM bands are not protected from unintentional interference, but the FCC most certainly has the authority to, but chooses to abide by agreements with the ITU deferring to ETSI.
This is exactly what the FCC should be regulating, and not the content of TV or Radio broadcasts. This type of intentional disruption of service should be policed by the FCC.
by Mike Buddha -- Someday the mountain might get him, but the law never will.
You're confusing unlicensed with unregulated. The FCC regulates ALL the RF spectrum in the US.
With that said...The rules include:
"...no person shall willfully or maliciously interfere with or cause interference to any radio communications of any station licensed or authorized by or under this chapter or operated by the United States Government"
This was definitely willful and arguably malicious as well.
You can get rich if you own a politician, but you have to be rich to buy one in the first place.
You should fire your legal research team and pull your equipment ASAP. A simple 10 second google search yielded http://www.fcc.gov/encyclopedi... which includes wi-fi jammers.
First of all, WiFi operates on UNREGULATED
This is completely and patently false. There ARE regulations on wifi. They are merely moved into the unlicensed spectrum which is NOT the same thing as unregulated. Granted, the regulations are pretty few, they are NOT non-existent.
There is so much you could do with a K. Why not spend a few hundred and get internet over cellphone. At least then if they want to jam you they need to block everyone's cell and face huge jail time if caught?
Troll is not a replacement for I disagree.
WiFi operates in UNLICENSED spectrum. That spectrum is still very much REGULATED. Taking action that requires broadcasting on a spectrum with the intent of interfering with the legal operation of another device is an illegal action (whether or not you call it "jamming"), and something that the FCC has the authority to patrol.
...WiFi operates on UNREGULATED spectrum, which means anyone can use, and anyone must accept interference from other users... and we did EXACTLY the same thing that Mariott was doing, for just that reason. ... we also investigated the legality of it, and the conclusion we came to was that it was perfectly legal since it was on unregulated spectrum.
According to that logic, I can come with a router backpack and prevent all users from connecting to YOUR university network. Well, it's unregulated, right? You should accept the interference and you cannot ask me to leave (in fact, I can be on a public place to cause you enough of a headache, so all is a fair game).
How did Google get charged exorbitant fees for briefly recording unencrypted wi-fi traffic from their street view cars while everything they did was on an unregulated spectrum?
There's no such thing as "illegal download"
Seems like you're asking for the FCC do go beyond their duties. What you're looking for is a class-action lawsuit.
Enforcement is...difficult at best.
When APs were big and bulky and more scarce perhaps. These days though my daily carry bag has 2 or 3 APs in it (iPhone, android, sometimes hotspot or iPad). Chromecast uses WiFi. Samsung printers with NFC use wifi ... as to a plethora of other things that people don't even realize.
Yes you can get some directional antennas and start triangulating people...but you've probably got dozens of WiFi networks that the owners don't even know exist and aren't using to get internet anyhow. So chasing them down doesn't earn you a sale and just pisses people off.
You can get rich if you own a politician, but you have to be rich to buy one in the first place.
As much as I dislike Mariott's practice here, this is clearly outside the scope of the FCC's regulatory powers and as far as I know isn't even in violation of their own regulations. First of all, WiFi operates on UNREGULATED spectrum, which means anyone can use, and anyone must accept interference from other users.
Not quite true, the ISM bands are Unlicensed bands, not unregulated. In order to sell equipment used to transmit on these bands, the systems must be type approved. Part of this type approval process includes ensuring that the equipment in question will not cause undue interference to other users on the band. To me, sending rogue de-auth packets constitutes interference.
In Meraki's Air Marshal Whitepaper, they explicitly state on page 8 that Unauthorized containment is prosecutable by law (subject to the FCC’s Communications Act of 1934, Section 333, ‘Willful or Malicious Interference’)..
I actually had this particular issue affect me. As a volunteer, I operate a community-wide network, including a widespread wifi network, at a retreat centre high in the mountains of WA. At this time, there is a significant mine remediation project going on in our valley, so we have leased out several buildings to the construction companies, who setup their own Meraki system. Unfortunately, they enabled Air Marshal, which then went on to attack our wireless network. Despite running WPA-Enterprise on our network, it was still successful in attacking our networks, and rendering them nearly useless. In the end, we had to flex our muscles as the landlord to get the feature disabled.
In my mind, the ability to attack adjacent networks should be illegal, and Cisco and the others should not be permitted to sell this technology to the general public. Rather the systems should simply alert on the presence of other wifi networks, and assist in locating them. Also, the wifi standards should really be updated to fix this type of vulnerability... in a WPA-Enterprise environment, clients should only respond to a de-auth packet encrypted/signed with the session key between the client and the AP its connected to.
...si hoc legere nimium eruditionis habes...
I'd call it malicious but that's an opinion word. Nobody, however, can deny that it was willful. They admitted they did it and said they think it's an okay thing to do; that is clearly willful. That's fine, they are being honest: they violated a rule which has the force of law because they don't think that rule should exist.
They can lobby for a change to the law/rule, and until then they should obey the law/rule. My only problem is, like always, the fine is 100x too small.
Is the $600,000 going to the government or the people that were affected? Could Marriott be in the crosshairs for a class action also?
Passionately Indifferent
Stomping on a signal to prevent a receiver from being able to correctly receive it is jamming. In the case of a cellular jammer, this is true whether you block all the cellular frequencies, just those used for call setup and signaling, or just a small burst when a phone or tower tries to send a packet. On the other hand, sending all the phones in the area a validly formatted signal saying I am the tower so send any communication to me, and thereby preventing them from making real calls, isn't technically jamming, it is masquerading. You are still sending malicious transmissions for the purpose of interfering with regulated communications, but it isn't jamming. That is kind of like what Marriott did. Their system sent control packets to the clients, pretending to be the wireless access device (hotspot), telling them they were being dropped - an operation called being deauthorized - and the clients therefore stopped talking making the user unable to use their hotspots. When the client tried to connect (authorize) again, the Marriott system would send it another deauth packet. Rinse and repeat. Of course, anyone connected to their wireless system wouldn't receive a deauth packet so those communications worked (rinse, repeat, and profit).
Yeah that's one way.
Another way is to have laws and fines that are sufficient to actually stop abuses, instead of burdening courts with remunerating for abuses after the fact. I prefer this way.
For instance, yeah my family could sue the maker of the tainted drug that kills me, or we could just have the nanny state certify drug manufacturers and then people don't have to die nearly so much in the first place. I think that is a better world so that's the one I support.
The way we've seen it done is they use the location service in their AP management software to detect rogue AP's, with Cisco this is accurate to a few meters, if you check before any guests have arrived it's easy to pin it to one booth and remind that booth that they aren't allowed to have their own network.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
The fine is appropriate if you buy that they were willful but not malicious. If they were honestly trying to keep the WiFi working for presenters at the convention, and this was the only way, for example. OTOH, if this was some money-making scheme, that's malice in my book, and the FCC should have demolished the hotel such that no brick stands upon another, and salted the earth as a lesson to generations to come (or, just fined them enough that the CEO resigns, if you want to get all modern about it).
Socialism: a lie told by totalitarians and believed by fools.
maybe they only affected 600 people?
THEY DID NOT USE A JAMMING DEVICE
Jamming would have made a range of frequencies unusable to one device.
Instead, they merely sent normal WiFi messages to any clients connecting to the AP saying "Hey, Get off that AP.
So all radios still had full operational use of the spectrum, it's just that, there was a process preventing any clients from connecting to the unapproved APs.
The Mariott owns the property, and they have a right to dictate the use of their property, so they have a right to control what WiFi equipment can be brought into and used within their premises.
What the Marriott was doing was HACKING not JAMMING.
To the end-user it might appear they were effectively jamming: but they were not doing so by drowning out or canceling radio transmissions: instead they created a hostile network that more or less "hacked" the other networks in its range. I can see why the FCC got the call, but technically this is probably more one for the FBI.
You should read the summary at least, my friend.
deleting the extra space after periods so i can stay relevant, yeah.
I'm sure it is. I support a customer every few years at a 4 day convention there. Last time they bought a brand new dyson vaccuum for less than the price of the cleaning crew vaccuuming the booth at night. Another vendor bought a full set of very nice folding chairs for their booth for the price of chair rental. The service prices are just absurd.
I'm trying to wrap my head around this. So, were this the case, could I without penalty send de-auth packets for Mariott's pay wifi networks? Since wifi is unregulated. One could even do it from just off Mariott property, if that would be an issue.
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
Good luck carrying those in past the union staff at most places. :(
In some of our trips, we couldn't move anything over 20# without union assistance.
ISM is very much regulated. Get a new legal team.
ISM is unLICENSED. That means that you don't need a license to operate in that band as long as you obey the regulations in place. Those regulations cover radiated power and intentionbbal interferance (which is MUCH different than unintentional interference.
If your baby monitor causes trouble for my WiFi (or vice versa), that is unintentional. OTOH, if you get a baby monitor and a parabolic antenna with the intention of interfering with my WiFi you are violating regulations (but it may be hard to prove). If you get a WiFi and send deauth packets to my hardware it becomes easier to prove willful interference. If you change channels when I change channels it is very easy to prove.
Somebody mod my previous comment out of existence: I was re-stating Strider's informative post... feeling too sick to work, and it looks like I'm too ill to be on /. either
UNLICENSED not unregulated. And I'd think this falls squarely under racketeering as the entire point is to force them to buy (at a premium) network access from them.
I find it odd, since every Mariott property I've stayed in over the last decade has provided free wifi. (hell, some even had *wired* networking.)
Are you saying they jammed cell phone lines? Or where they onyl jamming the local wireless routers, "individual", And no one thought to buy a cable?
Troll is not a replacement for I disagree.
You're confusing unlicensed with unregulated. The FCC regulates ALL the RF spectrum in the US.
With that said...The rules include:
"...no person shall willfully or maliciously interfere with or cause interference to any radio communications of any station licensed or authorized by or under this chapter or operated by the United States Government"
This was definitely willful and arguably malicious as well.
The very law you quoted defeats your argument. First, you are correct that WiFi frequencies are unlicensed, not unregulated. However, the statute you quote says: "...no person shall willfully or maliciously interfere with or cause interference to any radio communications of any station licensed or authorized by or under this chapter or operated by the United States Government" [emphasis added]. So, if the WiFi spectrum is unlicensed, please explain how Marriott is in violation of this statute.
If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
I'm not in academia, but my wife and half of our friends are. To hear them talk, a blown talk or even a bad poster can absolutely affect your tenure chances. A few years ago, they were trembling over their own reputation, now they are gossiping/deciding the newbies' fate. And even if no one hold your equipment problems against you, you will still have missed a great opportunity to enhance your reputation.
As for having a local copy... you'd be surprised how many young people do not share our mindset. Too many people nowadays take connectivity for granted, and do not even know where their stuff is, physically. I'm not even talking about those who put important (or private) stuff 'on the Cloud'. I've seen students in my wife's lab who cannot even comprehend that it matters where the experimental data is stored, when you are dealing with datasets measured in gigabytes. I am not sure my wife would know as much about her lab's infrastructure, were I not sneaking away to drink beer with the IT people every time she tries to take me to her department's 'functions'.
IT professionals think about this - after all, we're paid to. Most other people are used to thing 'working', and if they are being jammed in Florida when their IT guy's kayaking off California, they will pony up a thousand bucks of their lab's fund in a second.
No good deed goes unpunished...
The Mariott owns the property, and they have a right to dictate the use of their property, so they have a right to control what WiFi equipment can be brought into and used within their premises.
While I can see why a business owner would want to control WiFi on their property, the fact is they do not have that as a blanket right under US law. For example, as a business open to the public, they can't say AT&T cell phones may be used but not Verizon or Sprint since they have a contract with AT&T. Nor could they say you are prohibited from using your radio to listen to any radio station but theirs. BY LAW, they do not control the airwaves. They are allowed use to the airwaves under the rules and regulations set forth by the US Government and its duly authorized regulating bodies. They may be able to put usage wording into contracts that they could then enforce in the courts if the user violated them, or even kick them out of the conference, but they can not do a vigilante move by killing all radio signals they think must be from someone violating the contract. And that already presumes a legally binding contract. The public owns the airwaves, not the hotel/convention center.
"or authorized by" you are authorized to use unlicensed frequencies, by that very chapter if you are abiding by those rules, ergo the marriott's AP was not abiding by that rule and therefore technically not permitted to use the unlicensed frequencies which would be the legal grounds for the fine - would it not?
I don't think you completely understand Air Marshal. Or maybe I do. What do you think?
Air Marshal is recognizing a client is on the LAN by way of a non-Meraki AP, and then sending that client an 802.11n de-auth, so that it doesn't work, and the man in the middle attack is stopped. It doesn't interfere or attack other AP's. Basically, in order for this to work, the rogue AP has to be connecting into the Meraki network.
Am I wrong? That's how I read the whitepaper.
In Meraki's Air Marshal Whitepaper [cisco.com], they explicitly state on page 8 that Unauthorized containment is prosecutable by law (subject to the FCC’s Communications Act of 1934, Section 333, ‘Willful or Malicious Interference’)..
Hmm, according to the whitepaper you linked it says "As containment renders any standard 802.11 network completely ineffective, containment measures should taken in your airspace(emphasis mine). Extreme caution should be taken to ensure that containment is not being performed on a legitimate network nearby and, action should only be taken as a last resort. Unauthorized containment is prosecutable by law (subject to the FCC’s Communications Act of 1934, Section 333, ‘Willful or Malicious Interference’). "
So provided that the "containment" effort took place only on Marriott's property (not a public space), I'm having trouble seeing how Marriott is legally in the wrong. Obviously, it's sleazy (and the FCC found reason to fine them, as well, so what do I know). Perhaps there is an implied right to the public use of the air in a building that, while not freely "open to the public" per se, is also not "closed off" private, either?
Would a retail store be prevented from doing the same thing?
Look at the tomato! Isn't it sad? He can't dance! Poor tomato!
I was a vendor at a conference in this exact hotel in 2013. Internet access was ridiculously expensive...per account which they prohibited sharing between devices of course. Handy when you're trying to present and sell technical services...and your hotspot doesn't work. Many vendors complained about how their hotspots weren't working, quite a few sucked it up and paid the extortion fee. Now I guess we know why.
Three words. Class action lawsuit.
I agree, the fine should be bigger. Regulators should stomp the fuck out of Marriot for this. But class actions are the only remaining tool we have in this country against mega-corp. Since the FCC has already ruled Marriot has broken the law, I've no doubt that there's a bunch of lawyers right now hatching a plan to sue Marriot.
AccountKiller
However, spoofing an AP in an attack would be illegal. Even without considering the fact that it was radio frequencies.
Even if the AP's they spoof were unauthorized.
If they were charging some people $1,000 during that time period then it would only have taken 600 customers to cover the fine. With all the smaller fish who were fried it could easily have been millions. Plus the huge inconvenience for those who went without. This fine should have been ruinous and someone should have gone to jail. Someone really senior, not just some tech dweeb who was scapegoated.
One of the rules that have long thought should be that when a corporation commits a felony there should be mandatory jail time and that it should be at the highest level that may (not certainly) have been aware of the crime. So if a UPS driver runs someone over going too fast that he may or may not go to jail but that if they can show that some executive was told that some policy would push drivers to speed, then boom it would be whatever sentence that would apply had he been speeding himself.
Yes. GP is just being obtuse.
In the context of that passage, "licensed... by or under this chapter" means regulated and licensed spectrum allocated to your organization within certain parameters (geographical, spectrum boundaries, etc.)
Also in the context of that passage, "authorized by or under this chapter" means regulated but not necessarily licensed. This is the catch-all clause that allows the FCC to curb-stomp idiotic jamming practices that happen on private property.
You can't legally jam any radio-frequency communications anywhere in the US at any time for any purpose. Period. If your lawyers thought you could, fire them and hire lawyers that aren't going to cost you money.
It seems that blocking someone's active legal service is vandalism. I could imagine that those with such a service might have important needs for it so that damages for not accessing that service would be substantial. So why wasn't anyone at Marriott arrested, charged with vandalism, and imprisoned until their trial? That's what would have happened if an individual did the same thing.
With a punitive fine of 5x that amount to discourage such behaviour in the future.
'The tyrant will always find pretext for his tyranny.' - Aesop's Fables
First of all, WiFi operates on UNREGULATED spectrum
No it doesn't. It's unlicensed spectrum, but it's quite tightly regulated in the U.S. by the FCC under CFR 15.247.
Am I wrong? That's how I read the whitepaper.
You are wrong. At least one model of Meraki access point has a dedicated radio for this purpose. It attacks other wifi networks through a number of mechanisms, including pretending to be the AP under attack, to attract clients to it, sending spoofed de-auth packets to the clients of other APs, and other techniques to effectively conduct a denial of service attack on whatever other wireless network that may exist within its range. This is precisely what I was encountering on my network.
The main issue I have with this technology is that it can be set to attack all other wifi networks. If it was limited to protecting the SSIDs under its control, I would have less of an issue with it. IE if the wireless system is advertising the SSID "Marriott Convention Center" and someone else sets up a rogue AP using the same SSID, then that's fair game, as the person running the rogue AP is either clueless, or has nefarious intent. If it's attacking "Bob's iPhone Network" then that's another matter.
...si hoc legere nimium eruditionis habes...
Guess what was authorized?
These are guest-created hotspots. Likely provided by A LICENSED CELLULAR CARRIER. You are attacking my ability to connect to something I paid for in an attempt to get me to pay YOU for the same thing.
This is a violation of FCC rules, tortious interference of contract, and CFAA bait, on top of a RICO suit.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
It's a rounding error in the accounts of an organisation like that; at least one more zero on it would have been a good start...
But Noooooo. We have to play by communista rules, where companies are not allowed to use the airwaves, which belong to them to intercept, jam or do whatever they want to, as guaranteed in the Constitution, when Jesus wrote it.
Thanks, Obama.
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
I'm saying that the summary alone explained that they were disabling routers/hotspots.
deleting the extra space after periods so i can stay relevant, yeah.
Marriott's behavior smacks of shadiness and price-gouging, but they ware well within their rights on their own private property. Doing this in a public space might be interfering with common services, but in this context Marriott was simply regulating congestion on their internal network. There's only so many channels of available spectrum, especially at 802.11b/2.4ghz. It's simplex communication; more than a few hosts talking at once will absolutely saturate the pipe. You can throw more access points on different channels at the problem but eventually crosstalk and back-off timers bring things to a halt.
Could the hotel/conference center have 86'd a disruptive patron with their own security and not the police? If so, it's a private space and internal network regulation at ISO Layer 2 and above is a private matter. If they're not interfering with somebody's communication on a Layer 1, laws-of-physics level, I consider it to be outside the FCC's purview. I doubt they were disrupting cell service, so usb-connected MiFis likely worked just fine.
I hate attaching civil rights and civil liberties to corporate persons, but the fact of the matter is that this decision, if upheld, could be misapplied to the use and management of WiFi in many other contexts.
. We've got computers, we're tapping phone lines, you know that ain't allowed - Talking Heads, "Life During Wartime"
or we could just have the nanny state certify drug manufacturers and then people don't have to die nearly so much in the first place. I think that is a better world so that's the one I support.
On the other side of that coin are the people who die because the nanny state hasn't gotten around to, or simply won't, certify drugs that would save their lives, or who decertify other drugs because a few people with good lawyers suffered negative side effects.
Which doesn't normally happen.
Price gouging because of stupid laws about copyright or orphan drugs? Yes. Letting some ill-behaved drugs out occasionally? Yes. But actual withholding of a legitimate drug from the market? Not usually. And, if it does happen, it doesn't happen for long.
So, yeah, even with the distortions in the "Free Market" (capitals used as you should for any theological Supreme Being), I'll take not dying from some bootleg chemical that got into my bottle of ibuprofen by "mistake" over all the relatively minor negative impacts the FDA has (or might have in the future) on my life.
And, if it gets to the point that the impacts are no longer minor, well, then I'll bring out the pitchforks. But not before - I'm not fucking stupid.
That is all.
or to have some real fun use the MOFO/DSH summoning spell by using the incantation
HIGH DOLLAR CLASS ACTION LAWSUIT.
GOD help them if IBM was tagged by this.
Any person using FTFY or editing my postings agrees to a US$50.00 charge
Sorry, but the rules make no distinction between licensed and unlicensed spectrum. If you deliberately interfere with someone else's radio communications, you are breaking the rules.
Marriott's reply is laughable. It might work on unsophisticated readers but not anyone who knows anything about WiFi. They said they wanted to "protect" their guests against "rogue" access points. Well, if those "rogue" access points were spoofing Marriott's own SSID, they might have a point. But I certainly don't set my own portable hotspot SSID to that of any hotel. It's set to something quite unique, and it's encrypted. Nobody is going to mistake it for a hotel's network, much less actually associate with it.
So would you have had a problem with someone irritated by this (say, a group of CS students, or perhaps someone on campus leasing facilities for a conference) firing up something to spam all of your connections with deauth packets? Because clearly your conclusion was that there was nothing wrong with doing so.
fencepost
just a little off
It's not "UNREGULATED", it's unlicensed. Similar to CB radio, you don't need a license to operate a device transmitting on this band. There are explicit regulations Title 47 CFR Part 15. 15.5 part C specifically says that you're not allowed to cause harmful interference. http://www.gpo.gov/fdsys/pkg/C...
If it were unregulated, it would be perfectly legal for me to set up a 100MW transmitter adjacent to your university broadcasting noise on the wifi band.
The FCC certainly regulates the wi-fi spectrum, as you would know if you ever bothered to even glance at all the pieces of paper that come with anything operating in the 2.4 or 5 GHz band.
If those bands were actually unregulated, you'd be able to go on Amazon and buy a 1000 watt wi-fi booster.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
I used to work in the IT department at a university and we did EXACTLY the same thing that Mariott was doing,
I work in a university IT department and we never go near those vendor features because of legal concerns. I don't know how the vendors get away with offering them.
Someone had to do it.
How does that work? Did you sign an agreement with the union? What are they going to do if you ignore them anyway?
In the UK I've never seen "you can't do that, union rules" ever, outside of parody TV shows.
Yeah, that was obviously a BS legal response on their part about protecting guests. If that was the case, the actions would have spoken a different story. For instance, there should have been signs posted on site saying "We have taken the liberty of blocking rogue WiFi sites that could breach your privacy.. we have provided a safe access point for free at this SSID... Wired Ethernet connections also available."
I do see the concerns that any commercial organization could have. There is potentially a sense of liability that anyone off the street can set up rogue access points and do harm to customers/guests. This is roughly equivalent to skimming credit cards or sneaking into unlocked hotel rooms. So what recourse does an organization have to protect the airwaves on their own premises? Access points are just so common and transient that it would be impossible to report every infraction to the FCC and expect a useful response.
...WiFi operates on UNREGULATED spectrum, which means anyone can use, and anyone must accept interference from other users... and we did EXACTLY the same thing that Mariott was doing, for just that reason. ... we also investigated the legality of it, and the conclusion we came to was that it was perfectly legal since it was on unregulated spectrum.
According to that logic, I can come with a router backpack and prevent all users from connecting to YOUR university network.
That's absolutely true, and we discussed that very scenario at our staff meeting. The conclusion was that about all we could do in that situation is demand that the person with router backpack either turn it off or leave the campus and charge him/her with trespassing if they didn't.
If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
How did he do it?
News for nerds, come on!
As much as I dislike Mariott's practice here, this is clearly outside the scope of the FCC's regulatory powers and as far as I know isn't even in violation of their own regulations.
It it's not outside the FCC's powers, then it sounds like it's a violation of the computer fraud and abuse act.
They have the right to tell people who are using the equipment they don't like on their premises to turn it off or leave. But they don't have the right to use illegal means to disrupt that equipment. It's sort of like you have the right to tell people walking across your property to leave or face trespass charges, but you don't have the right to viciously murder them for it... Ok, bad example, you might live in Texas. How about if you own a movie theater and you don't want people talking. You have the right to tell them to shut up or leave or face trespass charges. Walking up to them and spraying chloroform mist into their face to shut them up is beyond your rights.
THEY DID NOT USE A JAMMING DEVICE
No, no jamming, just a hacking device.
Instead, they merely sent normal WiFi messages to any clients connecting to the AP saying "Hey, Get off that AP.
Yes, they performed a DoS attack against people and computers. Rather than a civil fine, they should be sending techs and engineers to jail.
Learn to love Alaska
Just FYI - "malicious" has a specific legal meaning, rather than just being a subjective opinion. I don't know what the definition is in US federal law, but it's usually something along the lines of "intentional and without reasonable justification" (making "malicious and willful" somewhat tautologous, but that's not unusual in older legislation).
It's common in the US when signing up for a trade show. The convention center will dictate the terms that include compliance with union rules. Las Vegas is notorious. They have people roaming the halls to make sure vendors are in compliance.
You can't get a network connection from a cell phone via USB? You have a lame cell phone.
"National Security is the chief cause of national insecurity." - Celine's First Law
No, that's just enough money to tell Marriott that the regulators think it's a really swell idea, just don't get caught next time.
Chelloveck
I give up on debugging. From now on, SIGSEGV is a feature.
So provided that the "containment" effort took place only on Marriott's property (not a public space), I'm having trouble seeing how Marriott is legally in the wrong.
So a renter has no rights at all? If I rent a space, it's "mine". So Marriott loses the airspace when they rent it out. Also, that's an interesting idea in the whitepaper, considering how the FCC doesn't recognize a difference between public and private space. It's been made clear that a "jammer" in a private theater, with ample warnings and no leakage, would still be illegal. Just because you own the land under the air, doesn't mean you own the airspace.
Learn to love Alaska
1kW @ 2.45GHz is called a microwave oven. Now getting a magnetron to modulate is and exercise left to the student.
-- I have a private email server in my basement.
I'm not so much assuming it as going with the evidence, but you're right there are some (many) people who deny that. But for most of those deniers, it wouldn't matter anyway: they want no regulations even if it leads to death and destruction so the death and destruction are irrelevant to them. But not to me.
Yep, it's true. It's a hard balance. I prefer to try to find that balance than to simply deny the legitimacy of regulation, but many people see it otherwise.
Yes, you have correctly described how fines work. The general intention is prevention not remuneration.
Sometimes there are other legal options other than civil suits, but that is the primary way.
...I've seen today. Or can remember for a long time. Bastids! Marriot is definitely off my list.
The story specifically is about Nashville. I've been places like this but the Opryland Gaylord is not one of them.
yeah i don't think so still. i think your interpretation of the technology is wrong.