Wi-Fi Hotspot Blocking Persists Despite FCC Crackdown

An anonymous reader writes: An examination of consumer complaints to the FCC over the past year and a half shows that the practice of Wi-Fi hotspot device blocking continues even though the agency has slapped organizations such as Marriott and Hilton more than $2 million in total for doing this. Venues argue they need to block hotspots for security reasons, but the FCC and consumers say the organizations are doing this to force people to pay for pricey Internet access.
"Consumers who purchase cellular data plans should be able to use them without fear that their personal Internet connection will be blocked by their hotel or conference center," FCC Enforcement Bureau chief Travis LeBlanc said in a statement. "It is unacceptable for any hotel to intentionally disable personal hotspots while also charging consumers and small businesses high fees to use the hotel's own Wi-Fi network. This practice puts consumers in the untenable position of either paying twice for the same service or forgoing Internet access altogether." Consumers have filed many complaints about Wi-Fi hotspot blocking to the FCC.

Not free?

[Frosty+Piss]

In recent years, I have rarely stayed at a first class hotel that did not have free guest w-fi. People expect it and will bail for the local coffee shop if it's not free in the hotel.

My guess is a lot of the offenders are in tourist traps where everything costs a lot.

Re:Not free?

[Dcnjoe60]

In recent years, I have rarely stayed at a first class hotel that did not have free guest w-fi. People expect it and will bail for the local coffee shop if it's not free in the hotel.

My guess is a lot of the offenders are in tourist traps where everything costs a lot.

I think you intended to say that all of the first class hotels you stayed at had free guest wifi, but your double negative said just the opposite. However, my experience, at least in the US is just the opposite. Big name, first class hotels charge for wifi. It is the middle tier hotels that give it away as part of the room cost. Same thing with parking and other amenities.

Re:Not free?

[Frosty+Piss]

So you have stayed in first class hotels that did not have free guest wi-fi in recent years.

Yes, troll. Out of the last 50 hotels I have stayed in, perhaps two had charges that were very minimal.

My point is that offensive and exorbitant wi-fi fees are in fact far and few between, even as the typically "ZOMG THE SKY IS FALLING" Slashdot article tries (and fails) to imply otherwise.

Non-free wi-fi is simply not a huge issue anymore because while many hotels may charge a nominal fee which is their right, they don't block you from creating a wi-fi hot spot.

You probably don't know this if you don't travel a whole lot, as I do.

Simply put, I travel a lot. I have rarely had to pay for wi-fi, and when I did, the cost was negligible, and hot-spots where not blocked if I had chosen to use my cell data plan.

Why did you even bother with the rest of your post?

I don't know why I respond to Anonymous Cowards , they are usually vapid chihuahuas.

Re:Not free?

In 100% of the crappy low end hotels that Ive stayed in during the last eight years, 100% of them have provided free wifi provided that you ask for the pass code at the front desk. This goes for KOA also.

Re:Not free?

[Frosty+Piss]

I stay a lot at Sheraton and Westin properties because I have a points account... But you could be right.

Re:Not free?

[turbidostato]

"My guess is a lot of the offenders are in tourist traps where everything costs a lot."

Two options:
1) The USA way: It's a free market, ain't it? Let the owners of the real state do whatever they want within their premises and let the market sort them out.
2) The EU way: let's define a fair leveled playground and punish those that cheat.

You now choose your poison.

Re:Not free?

[whoever57]

To be accurate, the GP's statement could be satisfied if he never stayed at a first-class hotel.

Re:Not free?

[wbr1]

I travel quite a bit. Most mid tier hotels offer free wifi. Higher end hotels often have free and 'upgraded' tiers. You can get laggy, almost unable to stream 720 video wifi free or pay.

Re:Not free?

[Applehu+Akbar]

It's different in hotel conference facilities. Charging your organization $50,000 and up just to turn on the WiFi while your conference is in session are routine. Conferees find it pays to use their own cellular data plans to run a personal hotspot that several other conferees can share. The hotels being discussed here will run jammers to prevent this from happening.

Re:Not free?

[Gadget_Guy]

In recent years, I have rarely stayed at a first class hotel that did not have free guest w-fi.

I think you intended to say that all of the first class hotels you stayed at had free guest wifi, but your double negative said just the opposite.

That is completely wrong. If you rarely stay at a hotel that does not have free Wi-Fi then it means that you more commonly stay at hotels that do have free Wi-Fi. It certainly does not mean, as you claim, the opposite of what was intended. Nor can you infer that the intention was that all the hotels had free Wi-Fi, as the word rarely indicates that some hotels did not have that feature. If the word used had been never then you could say that all hotels did have it.

Re:Not free?

[Gadget_Guy]

To be accurate, the GP's statement could be satisfied if he never stayed at a first-class hotel.

Actually, that would not be accurate. He must have stayed in at least one first-class hotel for him to be able to say that he has stayed in one that didn't have free Wi-Fi. If you slightly reword the original phrase "I have rarely stayed at a first class hotel that did not have free guest Wi-Fi" as "I have stayed at a first-class hotel that did not have free guest Wi-Fi, but only on rare occasions".

It is possible to say that he might never have stayed at a first-class hotel that did have free Wi-Fi, because the rarely term could mean that he only rarely stays at first-class hotels at all and he gives no indication how often (if ever) he stays at hotels that do have free Wi-Fi..

Re:Not free?

[thegarbz]

I borderline live in hotels at the moment. Spent the past year hotel hopping for work from one top tier place to another. Now I've settled in an area, in Europe, we're taking the opportunity to travel as much as possible jumping from bottom tier, hotel to bottom tier hotel.

Nearly all hotels have had a free service.
Some of those free services had to provide personal information to 3rd parties, such as logging in to Facebook.
Nearly all hotels have had a paid service which was much MUCH faster and with less restrictions.
Generally the more expensive the hotel the less likely it was had free WiFi. I was there for work so they paid for it.

Now the kicker:
Nearly all the hotels which offered any kind of wifi did so via a public hotspot and some gateway login. Great, now I don't even something as basic as WEP encryption to keep the script kiddy next door from snooping on my traffic.

Re:Not free?

[lsatenstein]

In recent years, I have rarely stayed at a first class hotel that did not have free guest w-fi. People expect it and will bail for the local coffee shop if it's not free in the hotel.

My guess is a lot of the offenders are in tourist traps where everything costs a lot.

Naah. Its a Trump Hotel. Nothing is free.

Re:Not free?

[Shirley+Marquez]

Sheraton gives you free WiFi at most of their hotels if you have a membership in their frequent traveler program. Otherwise it's $10 per night. Westin has the same parent company so their policy is likely to be similar. My only recent Westin stay was at a convention that negotiated free WiFi for all guests, so I don't know.

Re:Not free?

[Shirley+Marquez]

This. The hotel charges for internet access in conference areas are insanely high. Professional conventions just pay it and build it into their fee structure, but it means that leisure conventions that have to keep their prices down are typically unable to pay and have to do without internet access. That causes problems for exhibitors who want to use the internet to present things.

Re:Not free?

[larriet]

Yes, troll. Out of the last 50 hotels I have stayed in, perhaps two had charges that were very minimal.

My point is that offensive and exorbitant wi-fi fees are in fact far and few between, even as the typically "ZOMG THE SKY IS FALLING" Slashdot article tries (and fails) to imply otherwise.

Non-free wi-fi is simply not a huge issue anymore because while many hotels may charge a nominal fee which is their right, they don't block you from creating a wi-fi hot spot.

You probably don't know this if you don't travel a whole lot, as I do.

Simply put, I travel a lot. I have rarely had to pay for wi-fi, and when I did, the cost was negligible, and hot-spots where not blocked if I had chosen to use my cell data plan.

Bullshit.

I do travel a lot and while I can usually access the "Free WiFi" at a luxury hotel from their lobby, if I need privacy or bandwidth I (my client) pays their outrageous rates.

Personal travel domestically I look for a Red Roof Inn. Dogs and strong, really free WiFi.

So, make their decision easier

[nightfire-unique]

First offense, $5 million. Second, $50 million and jailtime for those responsible for the policy. Third offense, $500 million, and so on.

Re:So, make their decision easier

[Z00L00K]

Too low, raise it to a billion per suppression device.

Re:So, make their decision easier

[Bob_Who]

First offense, $5 million. Second, $50 million and jailtime for those responsible for the policy. Third offense, $500 million, and so on.

Yeah, all the above, what you said.

Lets be sure that individuals are named and charged with misdemeanors - no more corporate anonymity - expose the thugs.

Then force them to provide free internet for a whole year to everyone, a fine that pays the customer instead of authorities.

They still have the "honor bar" to make up for any shortfalls..

Re:So, make their decision easier

[93+Escort+Wagon]

First offense, $5 million. Second, $50 million and jailtime for those responsible for the policy. Third offense, $500 million, and so on.

Nah. If you're a Slashdotter and run into this...

First offense, take out the hotel's wifi.

Re:So, make their decision easier

[Gadget_Guy]

No, require them to provide free Wifi (without logins or nags) that is not slower than any paid Wifi they offer, and make them advertise it everywhere they mention their paid Wifi.

That goes beyond the remit of the FCC. They only care about whether you have used Wi-Fi blocking technology designed to interfere with legal use of the airways. It is not illegal to charge money for Wi-Fi access.

Re:So, make their decision easier

[tlhIngan]

Then force them to provide free internet for a whole year to everyone, a fine that pays the customer instead of authorities.

Doesn't work. A lot of hotels already provide "free wifi" but also make money off it. What they do is the WiFi is definitely free - you don't have to pay for it. But it's like 1Mbps. You can then pay $10/night if you want to upgrade to "high speed" 10Mbps or so.

A lot of hotels do this. I wouldn't be surprised if those hotels named also did the same, trying to get people to pay for "premium wifi" over using their phones.

Re:So, make their decision easier

[rworne]

This isn't the same thing. The commuter was blocking cell signals with a jammer. The hotels do not do this, they block WiFi signals instead.

What they do differently is forge deauthentication packets to force WiFi clients to disconnect from the WiFi hotspots and allow connections to a whitelisted batch of MAC addresses. One such tool to do this is called "Omerta".

Cell phones and hotspots work just fine in the venue with the cellular network, just good luck keeping a WiFi device connected to them.

It'd be interesting to see what their argument would be to the FCC. They are not "jamming" the 2.4 or 5 GHz spectrum, they are selectively allowing certain connections and interfering with others. I'd be interested in seeing them prosecuted under computer hacking laws, since they are performing what is essentially a DoS attack on the computers within (and around) their property.

Re:So, make their decision easier

[Jesus_666]

Nah, that is too punishing for smaller venues who might not be aware of the regulations. Better to use day's wages - which for companies should be defined through their annual revenues divided by 365. That way we don't hand out fines that immediately send a small venue into liquidation or go unnoticed by a big venue.

As for jail time: Seriously? For phone/wifi jamming? I mean, sending people to jail for trivialities is all the rage in America these days but I think that reserving that measure for more harmful crimes would be a better policy. Besides, if you just cost the company ten percent of its yearly revenues in fines you will feel the pain - either your boss will want your head or you own the company and it suddenly took a huge financial hit.

Re:So, make their decision easier

[Shirley+Marquez]

Sending people to jail is part of the populist desire to make white collar criminals pay with time in prison. Typically poor criminals spend time behind bars, starting even before they are tried because they can't afford bail, and continuing after the trial because they can't afford good lawyers who can get them out of prison time. Meanwhile, white collar criminals get off with fines at worst (and often manage to buy their way out of the charges completely), and those are typically paid by their companies so the criminals themselves feel little pain. Lots of people want that to change, and specifically for white collar infractions to cost the criminals TIME (which is a scarce resource for them) rather than money (which they have plenty of and won't miss much).

Re:So, make their decision easier

[Jesus_666]

I can see the resoning behind that and I agree that those who cause damage to the most people tend to get off with the slightest punishment, which needs to change. But again, I'd reserve prison sentences for those who actually cause significant harm, such as by pushing people beneath the poverty line or making them homeless. Hotels who block wifi/mobile data access inconvenience their guests and cost the companies who use them for conferences a bit of money - bad but not that bad.

I mean, seriously - look at the GGP's proposal: Fines scaling by an order of magnitude, with the first fine already big enough to completely wipe out smaller businesses. Mandatory jail time for the second offense. That's reminiscent of the War on Drugs: Zero tolerance, cruel punishment and a good chance of causing vastly more damage than the thing it's supposed to protect against.

Sure, white collar criminals deserve proper punishment but that doesn't mean we need to maximize their suffering at any cost, for even the slightest infraction. We can't answer injustice with more injustice and expect a good outcome. It's rather telling that blatantly destructive vengeance fantasies like that get +4, Interesting...

Solution: Harsher Punishments

[ThatBeDank]

Make offending organizations pay $25+ million. Make them hurt. Better yet, jail some of the executive staff. Organizations are people and the board and C level suite are the head. Works for me!

Re:Solution: Harsher Punishments

[Z00L00K]

You missed three zeroes, start with a billion for one device, then an exponential increase for each device found.

Re:Solution: Harsher Punishments

[GuB-42]

Did you work for the RIAA?
Reminds me of "oh my god, a torrent, let's sue for 1 billion dollars"

But blocking all wifi is fine?

[sims+2]

So If they block all wifi any force you to use a ethernet connection in you room for an extra $25 that's ok then?

Re:But blocking all wifi is fine?

[ShaunC]

I think it's the "blocking wifi" part that's getting the FCC's attention, not so much which expensive alternative is being pimped. If you're jamming frequencies or using some type of active denial to kick everyone off APs in the area, they aren't going to be happy with you.

Some guy just got arrested for jamming cell phones

But wi-fi "blocking" gets a free pass? Have the FCC throw the book at them.

Security

[thegarbz]

Venues argue they need to block hotspots for security reasons

Due to security reasons we are preventing people from running their own closed network between their devices and their telecom companies and instead forcing them all into our own network joined up with hundreds of other strangers ....

Re:Security

[ShaunC]

Hundreds of other strangers and the lights in their hotel rooms!

Re:Security

[DRJlaw]

Putting a fireall [sic] between the local clients and the rest of the Internet, or even port blocking certain classes of internal traffic, protects the clients and the rest of the Internet from quite a few vulnerabilities, such as unsecured sharing of the "C$" share with no admin password that is prevalent on poorly managed Windows laptops. And it reduces the cost of the service for the hotel by allowing bandwidth limiting on the controlled "free" access.

The concept went right over your head, didn't it?

If you set up your own WiFi hotspot, say using your cellular phone, you are not putting traffic on the facility network, you are not causing the facility to incur costs for bandwidth, and you are not in any sense the facility's local client. You are a client of your cellular provider's network, using a your own WiFi connection between your own cell phone and your other devices (over public airwaves; without connecting to the facility's WiFi network). That connection is presumably entirely private to your own devices (assuming that you're password protected your hotspot; my own device will not provide a WiFi hotspot without one).

Putting a firewall between a customer and the customer's cellular provider is not the facility's job. Policing the internet (as opposed to the facility LAN) is not the facility's job. And appropriating public airwaves (in this case WiFi frequencies) for the exclusive use of the facility is quite simply illegal.

Security reasons have very little to do actively interfering with WiFi hotspots. There is only one potentially valid concern - SSID spoofing. If you want to take on the FCC concerning that issue - go for it. But if the SSID is not the same as your facility's SSID, then you should not and legally cannot interfere with that other wireless network. Full stop.

Got it?

Re:Security

[Trickster+Paean]

There is only one potentially valid concern - SSID spoofing. If you want to take on the FCC concerning that issue - go for it. But if the SSID is not the same as your facility's SSID, then you should not and legally cannot interfere with that other wireless network. Full stop.

In general, you are correct, but someone's SSID can still be deceptive without being the same and still pose a security issue.

A security concern about SSID spoofing can be more complicated than just whether the SSID is the same, because you can have a valid security concern if the SSID is misleading. My favorite example is the "Free Public WiFi" you would often see in airports in years past, set up by a virus. Someone could also be using a typo, or adding something to your SSID, like "Guest" or "5G" or something else to make it look like your SSID. In such a case, there is a real argument to be made that they are trying to interfere with your network.

But I think that's the widest possible extent of any valid security concern.

Re:Security

[thegarbz]

Putting a fireall

Sorry but you've failed already, and not because of spelling. Personal hotspots are always encrypted. Neither Android nor iOS provide the ability to do otherwise. Also they ALL have firewalls in place due to the nature of the hotspot requirements ... NAT.

On the other hand hotel / conference centres' WiFi are nearly always unencrypted. No firewall is going to protect you from the person next to you with their laptop. You're now open to additional attacks such as packet sniffing which no firewall is going to protect you against.

Re:Security

[thegarbz]

In general, you are correct, but someone's SSID can still be deceptive without being the same and still pose a security issue.

Yeah I don't trust other's SSIDs. That is why I only connect to the SSID I provided on my device, the one that is listed in my Android settings.....
On the other hand which of the Hotel WiFi, Hotel Guest WiFi, Hotel Guest, WiFi Hotel, Guest_Hotel, Hotel_Guest, should I connect to?

In my view SSID spoofing is another security flaw that would be introduced by this policy.

Re:Security

[Antique+Geekmeister]

> If you set up your own WiFi hotspot, say using your cellular phone, you are not putting traffic on the facility network,

As long as the traffic from the hostspot stays only on that VLAN, then yes. Part of the difficulty is that it does _not_ stay there. People cross connect networks as a matter of course, for example with laptops that have both wired and wifi connections, and they are horrible about the resulting security problems.

Re:Security

[Antique+Geekmeister]

> Personal hotspots are always encrypted.

The connection between the hotspot and a cell phone network is encrypted. The connection of wifi devices to the hotspot is often left unencrypted or with a published or guessable passphrase, for convenience of the hotspot users. Cross-connect them, and you have fascinating issues.

Cross connecting to other devices on the same private subnet, behind the same NAT, is a problem. It's aggravated if devices in the same NAT have non-firewalled and non-monitorable connections to alternative networks at the same time.

MITM Protection

[mentil]

Experiments have found that unsecured hotspots in airports will be connected to by hundreds of strangers, running Firesheep etc. they can be easily MITMed. I'm sure the same is true in hotels, people don't bother to find out what the hotel's Wifi ID is. Blocking other hotspots prevents people from connecting to any attempts to MITM them.

Re:MITM Protection

[marka63]

Blocking traffic to other spots just means the hotel can MiTM your traffic. I've found most hotels do MiTM traffic sent on their network.

Re:How?

Cisco calls it containment. Centrally managed access points will send deauth or deassociation frames to clients connected to "rogue" APs.

We use it at my job, but only for our SSIDs ie., if you set up an AP or hotspot with the same SSID as ours, the containment feature will attempt to stop clients from associating. Our company name is part of the SSID, so it's not like you can innocently or accidentally have your connections to your hotspot blocked.

That said, there have been times when I wished we simply banned the use of hotspots (we provide free, fast wi-fi) due to the RF interferences. At one point, 90 hotspots were operating in a ballroom competing for a limited number of 5ghz channels and everyone's experience suffered. When we asked people to disable their hotspots and connect to our unfiltered, unthrottled, free connection, about 70 did and the performance for everyone was (reported by them to be) better.

Re:How?

[sims+2]

Probbably something like this:
https://github.com/DanMcInerne...

Using wifi deauth packets.

This blocking almost cost me a $7500 job

I am a startup that sets up electronic visual attractions at large venues at facilities like these. For configuration purposes, the units contain APs which are supposed to be connected to via the organizer's phone in order to allow them to control the attractions.

Twice I ran into cases where I was simply unable to connect to any of the units and I had no idea why. Eventually to debug this pulled up wireshark and found someone was performing a de-authentication attack! This was at two different events, but at large hotel chains. Had I not had a wired backup, I could have easily been out some several thousand dollar paychecks.

Two million in fines!

[Revek]

Doctor evil doesn't care about 'Two Million'. Seriously, why not try to fine them a amount that will make it unprofitable.

Re:Two million in fines!

[iggymanz]

let's see, for Mariot gross profit for 2015 totaled 2.1 BILLION dollars

Hilton gross profit was 7.1 BILLION dollars.

Guess you're right, $2M for both is a flea bite

Re:How?

[paradxum]

So...... would disabling SSID broadcast stop the devices from getting the info for a successful deauth attack? I don't know... I'm asking... I know it'd be able to see the macid of the ap, but is that enough to do a deauth?

Re:How?

[danbob999]

Cisco calls it containment. Centrally managed access points will send deauth or deassociation frames to clients connected to "rogue" APs.

We use it at my job

What is your job, so that I can complain to the FCC?

Re:How?

[Trickster+Paean]

I don't think there would be an FCC enforcement action over something like this. So long as you're allowing other wireless hotspots if they aren't trying to impersonate you, that should be fine.

In the FCC enforcement advisory put out after Marriott, one of the things they mentioned was that Marriott "admitted that the customers it blocked did not pose a security threat to the Marriott network..." If there is a security threat, that does change the situation. You can see that advisory here: https://apps.fcc.gov/edocs_public/attachmatch/DA-15-113A1_Rcd.pdf

In fact, I would argue that by trying to put up a wireless network with the same or a similar name, that would constitute an attempt at interference by them. Either way, the FCC is indicating it would consider valid security concerns.

Re:Some guy just got arrested for jamming cell pho

[Gadget_Guy]

But wi-fi "blocking" gets a free pass?

How is getting a $2 million fine a "free pass"? That guy who got arrested for using a phone jammer had already been caught once before doing the same thing and yet continued the illegal activity, just the same as the hotels. There is no double standard going on (yet).

Interference with licensed operator

[Todd+Knarr]

Up the ante a bit, and have someone with a ham radio license file a complaint, not about WiFi blocking but about an unlicensed operator's (the hotel) interference with a licensed operator's transmissions. The rules about that, IIRC, apply even on the unlicensed bands and give the FCC well-established grounds to shut down the hotel's WiFi completely until it modifies the equipment to eliminate the interference.

Re:Some guy just got arrested for jamming cell pho

[PinkyGigglebrain]

I was going to post the same thing. With the added comment that IIRCC most private hotspots are actually just cell phones with a "data only" type 3g connection and an standard 802.11x AP.

The only way I can see those getting jammed is either something is jamming every other wi-fi channel or they jam the 3G connection.

In both cases they are willfully interfering with a commercial radio device. I seem to recall there are laws about jamming ANY commercial radio signal.

Could someone with more knowledge about this please clarify?

okay hows this law

[laurencetux]

1 to certify your location as requiring CELL PHONE JAMMERS you need to file with the FCC/FTC actual valid proof of this requirement (in detail and each floor /1000 foot area must have a separate listed reason). there will be a $20K per area fee and this must be filed yearly (twiddle the form each year to prevent simple copy/paste).

or

2 provide free uncapped wifi to all clients/guests (give them the credentials when they check in)

oh and if you get "caught" then your CXO rack has to pay out of pocket to refund all fees collected and they are personally liable for any lawsuits. (oh and then you get fined as a business)

Re:How?

[paradxum]

So.... you are saying that it would not stop the deauth attack? not exactly clear on your answer.