The US communications regulator, the Federal Communications Commission, has issued an enforcement advisory notice, stating that it is not going to change its position on rules prohibiting interference to permit hotels and the like from blocking third party Wi-Fi hotspots — such as users turning their phones into portable hotspots for their computers — on their premises.
The hotel industry, along with Marriott and Ryman, had argued that they should be entitled to make use of deauthentication functionality found in enterprise Wi-Fi products, such as those offered by Cisco, to forcibly disconnect users from their third party hotspots, to protect the security of their network from “rogue” access points, as well as to maintain the quality of the radio environment for users of the hotel’s own Wi-Fi service.
Cisco argued that sending deauthentication packets was not a prohibited act of interference, since (a) sending such a packet is “often sent in the ordinary course of setting up or taking apart a network” (Cisco’s filing, at page 11), and (b) it was not simply attempting to jam the channels used for Wi-Fi, but, rather, was using those channels to send particular messages to devices (page 13). This was, I thought, a clever argument. An analogy might be that of a remote control: is it “interference” for me to stand outside someone’s window, switching their TV off whenever they try to watch it, with a remote control?
In my view, such an approach should fail. The law on interference (if you are particularly bored, see Article 15 of the ITU’s Radio Regulations) exists, in its broadest guise, to ensure that maximal efficient use is made of the limited resource of radio spectrum, which has finite capacity. Whilst some frequencies are heavily controlled, by way of licensing — for example, the bands used to provide cellular mobile services — others are regulated in a more open manner, meaning that radio devices which meet certain requirements can be operated without need for an individual spectrum licence by either the device user or a service provider. Permitting one user of spectrum to engage in behaviour aimed solely at excluding another user’s use of more openly regulated spectrum is inconsistent with the overall approach of maximising efficient usage.
Similarly, if a hotel is not prohibited from disconnecting Wi-Fi hotspots which are not controlled by it, what is to stop someone else from forcibly deauthenticating anything connected to the hotel’s Wi-Fi service? It would seem undesirable to me to permit me to walk along the street, randomly disconnecting people’s Wi-Fi connections.
I struggled with the arguments made that this was a security issue, as the hotspots in question were not being attached to the hotel’s network. It is desirable to allow network operators to control their networks, and, in Europe at least, there are positive obligations on network operators to ensure the security of their networks, and, had this been an issue as to whether a hotel is permitted to disconnect Wi-Fi hotspots which users connected to the hotel network, I suspect that the opposition might have been rather more limited. But it was not such a case.
To many — me included — this felt like nothing more than an attempt by a hotel industry to ensure a revenue stream for itself, by giving itself the technical armaments to block guests from using their own personal hotspots, and, instead, require them to buy hotel-provided Internet access services. With the increase in Skype, FaceTime and other over the top communications services, I would be surprised if hotel phone call revenues had not dropped significantly, but what might be seen as an attempt to sure this up by forcing guests to buy Wi-Fi seems untoward.
Had all the hotel industry submissions made it clear that, wherever such deauthentication systems were to be used, guests would be provided with equivalent-quality Wi-Fi access for free, I suspect that some would be placated, but, personally, I would have remained sceptical, as I am not persuaded that it should be the hotel’s right to choose which connectivity options I should have.
Of course, the FCC’s announcement does not mean that hotels cannot prohibit third party Wi-Fi devices in their contracts, and seeking to recover damages from any guests who operate their own hotspot in breach of contract, subject to rules on reasonableness of contractual terms and general competition law. Whether any hotel chain fancies going down this route, which would need to be far more in-your-face than passive-aggressive blocking system, it remains to be seen. But would you frequent such a hotel?
(You can view all the filings on the FCC website, and some make for interesting reading.) Neil Brown.