A Deeper Look at the FCC’s Marriott WI-FI Consent Order

As you’ve likely seen in the general media,  MARRIOTT INTERNATIONAL, INC. and MARRIOTT HOTEL SERVICES, INC. (jointly, “Marriott”) and the FCC have entered into a Consent Decree in connection with Marriott’s intentionally blocking of Wi-Fi access points brought in to the conference center portion of the Gaylord Opryland Hotel and Convention Center in Nashville, Tennessee (a property operated by Marriott).  The Consent Decree provides that Marriott will pay a fortitude of $600,000 for violating 47 U.S.C. § 333.

47 U.S.C. § 333, the law violated by Marriott, says in its entirety, “No person shall willfully or maliciously interfere with or cause interference to any radio communications of any station licensed or authorized by or under this chapter or operated by the United States Government. ”

mifi1It turns out that Marriott used its own sophisticated Wi-Fi network to detect and disable what the Commission called “rogue” portable Wi-Fi access points that use the cellular network for Internet connectivity.  If you own a “Mi-Fi” type device like that shown here, this is what Marriott electronically hunted down and disabled.

Why would Marriott want to do such a thing? Well, it turns out that Marriott charged between $250-$1,000 per access point to allow convention visitors and booth-holders to use their own device inside the convention center.

Based on the detailed description and terms provided by the FCC, it appears that Marriott used something like (if not specifically) a Cisco system and software to detect and disable the so-called rogues.   Cisco’s Prime Infrastructure, used to manage a Cisco Unified Network Solution, does exactly what the FCC described.

According to Cisco in its “Cisco Prime Infrastructure Configuration Guide, Release 1.3“,

When the Cisco Unified Wireless Network Solution is monitored using Prime Infrastructure, Prime Infrastructure generates the flags as rogue access point traps and displays the known rogue access points by MAC address. The operator can then display a map showing the location of the access points closest to each rogue access point. The next step is to mark them as Known or Acknowledged rogue access points (no further action), Alert rogue access points (watch for and notify when active), or contained rogue access points (have between one and four access points discourage rogue access point clients by sending the clients deauthenticate and disassociate messages whenever they associate with the rogue access point).

(Page 3-67, Emphasis added)

Basically, if the controlled wireless network detects a “rogue” access point (say, a Mi-Fi not paying a Troll-Toll) operating within the physical confines of the larger Wi-Fi network, then the Wi-Fi controller can intentionally disrupt the Mi-Fi’s operation by sending the clients trying to connect to the Mi-Fi deauthenticate and disassociate messages whenever those devices try to associate with the Mi-Fi.

Now that the FCC has dinged Marriott to the tune of $600,000, will the Commission turn its attention to firms that manufacture the software and equipment allowing people and entities like Marriott to violate Section 333 of the Communications Act?

To read the FCC’s full Order and Consent Decree CLICK HERE.  If the PDF does not save or open up in your browser, right click to do a save as to your computer.




Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>