How could they possibly think that jamming public frequency bands would not be illegal?
https://www.fcc.gov/encyclopedia/jammer-enforcement clearly states "Federal law prohibits the operation, marketing, or sale of any type of jamming equipment, including devices that interfere with ... wireless networking services (Wi-Fi)."
Approximately 24.67 minutes for what it's worth. Marriott made > $12 billion last year and was fined $600k. I'm curious how much revenue the wifi fees bring in and whether that fine even makes a dent in income from that alone.
... revenue is absolutely meaningless in this conversation. You should be looking at profit. It doesn't matter what Marriott charges, it matters what they make, and saying they "made > $12 billion" is totally false: they made at the high end something like $2 billion (which is still high enough that you could have used those numbers as an honest ratio instead of distorting the discussion by looking at revenue).
I'd say revenue's probably the better number. Profit varies by quite a number of factors, but revenue is a reasonably reliable yardstick for the size of the business.
For example, consider Amazon, who didn't turn a profit for decades:
Nobody uses profit when determining the appropriate fines for an individual. A court doesn't look at an offender making $100,000/year and say, well, they're only saving $5/month, so we'll only fine them $60.
If we're talking about the discrepancy between punishments for individuals and punishments for companies, then we should absolutely be looking at revenues, not profits. Or alternately, punishments for individuals should look at savings, not income.
Looking at other convictions, it seems that the more usual punishment is arrest, probation, and a massive fine. Even compared to that, fining a big hotel $600,000 is a joke.
I want the board to go to jail, not some low level janitor. Or do we only go as high as the paper trail takes us? This lets companies erect firewalls and appear innocent like the vw CEO...
Or, tweaking the law along the lines that corporate executives are vicariously liable for the job related misdeeds of their underlings, if it can be shown they did or should have known about the goings on and did nothing to stop it.
Suddenly, there will be a lot more care about ethical behavior..
I don't agree. People should not go to prison for crimes committed by others. We should still have to show each individual is guilty, including the executives. But I don't think that would solve the problem anyway. Owners and shareholders will still be immune. They will simply hire figurehead executives to sign things and speak at events.
These people are financially motivated, so the punishment should be financial. Most criminals don't think they are going to be caught anyway, so prison isn't a disincentive. Financial punishment may not be a disincentive either (but I suspect for most shareholders it would), but it has the effect of reducing the efficacy of bad actors, leading to better outcomes overall.
The real problem is the fines are usually far outweighed by the profits from acting in this manner. Make the punishment an audit at the end of which they must pay the costs of the independent audit (whether done by private third party or government) as well as a multiplier on whatever profits were determined to stem from the elicit activity.
Yes, fines might be effective if they were bigger.
Many of the people I found while searching got fines that probably equated to something like a year's salary. Fine these companies an amount comparable to a year's revenue and I bet things would change in a hurry.
I didn't say anything about prison, but the term used was carefully chosen in that in some capacities, you are liable for the actions of other people.
While I agree with you about prison not working, fining a multibillion dollar company the equivalent of a few day's profits aren't good enough. The fines need to be much more strident, along the lines of administrative dissolution or something else that would motivate the top brass via angry shareholders.
At what point are we willing to entertain a fine large enough to bankrupt an enterprise?
Should we consider the economic impact to the neighborhood, city, state, or nation when levying fines?
Do you think VW shareholders are angry? I think not. They know management did what it had to do. I'm just mad that they threw the programmers under the bus.
It doesn't seem like we consider the economic impact of fines to individuals. The government looks to be more than happy to bankrupt people as part of punishment. Why should corporations get special treatment. "Too big to fail"?
Owners and board members of companies should be liable not just for the action of their employees but also the actions of their subcontractors. Otherwise, we will have situations like the one John Oliver mocked in the North Dakota petroleum industry.
This is novel. You scrolled to the bottom without reading the top. The top of that page is very clear:
"ALERT
Federal law prohibits the operation, marketing, or sale of any type of jamming equipment, including devices that interfere with cellular and Personal Communication Services (PCS), police radar, Global Positioning Systems (GPS), and wireless networking services (Wi-Fi)"
Then it references The Communications Act of 1934:
"The Communications Act of 1934
Section 301 - requires persons operating or using radio transmitters to be licensed or authorized under the Commissions rules (47 U.S.C. § 301)"
But wait, there's more! 47 U.S.C. 302b. reads:
"(b) Restrictions
No person shall manufacture, import, sell, offer for sale, or ship devices or home electronic equipment and systems, or use devices, which fail to comply with regulations promulgated pursuant to this section"
(Emphasis mine).
Have a read of the Communications Act before you get into trouble.
Excuse me, aren't you supposed to be a lawyer? Please read item number 8 here and stop spreading misinformation that can get others in serious trouble:
The AP needs to know your network exists to send deauth packets - if you lower the power on your device so that your network is only accessible to you, you'll end up fine. So the argument for the other side would basically be that you're not operating a private device if it's broadcasting so their customers may attempt to connect to it. I think many companies' security groups would have a problem with you saying that someone needs to be able to run a publicly accessible access point in their building.
I think the complication comes here from the fact that they were charging for internet and then preventing people from using their own. If there were hotspots trying to mimic the network, I don't think there would be any problem with deauthing them since that's a security risk but it seems like in this case it was just a money grab.
I guess the question becomes for other companies not doing it for the money grab, if you are offering wifi, do you have a duty to protect your customers from rogue hotspots or is it their problem?
I would hope that those security groups you mention would know that, under the law, they do not own the airwaves in their buildings, and therefore it doesn't matter what their opinion is on whether somebody "needs" to run a hotspot. All that matters is that a hotspot is an authorized device and intentionally interfering with the operation of an authorized device is against the law.
> There are exceptions, prisons can operate cellphone jammers for example.
It is not legal for prisons to jam cell phones.
"The Communications Act prohibits non-Federal entities from using cell jammers. The FCC cannot waive this statutory prohibition absent a change in the law by Congress." [1]
There was an attempt to add an exception for prisons, but it was never passed (Safe Prisons Communications Act of 2009[2]).
Look up the Communications Act of 1934, specifically 47 USC 302a:
"(c) Exceptions
The provisions of this section shall not be applicable to carriers transporting such devices or home electronic equipment and systems without trading in them, to devices or home electronic equipment and systems manufactured solely for export, to the manufacture, assembly, or installation of devices or home electronic equipment and systems for its own use by a public utility engaged in providing electric service, or to devices or home electronic equipment and systems for use by the Government of the United States or any agency thereof. Devices and home electronic equipment and systems for use by the Government of the United States or any agency thereof shall be developed, procured, or otherwise acquired, including offshore procurement, under United States Government criteria, standards, or specifications designed to achieve the objectives of reducing interference to radio reception and to home electronic equipment and systems, taking into account the unique needs of national defense and security."
Hmmm... I'm a bit of a goose and misread that. The bit I got wrong is:
"under United States Government criteria, standards, or specifications designed to achieve the objectives of reducing interference to radio reception and to home electronic equipment and systems, taking into account the unique needs of national defense and security."
Why would you need to? I'm not sure I understand the point.
You're not indiscriminately preventing wifi from working. If your network is broadcasting with enough power to reach the AP, and therefore customers besides yourself, they would be preventing that.
If someone sets up a wifi access point outside your building with the same name as your wifi, you should be able to prevent people from accidentally connecting to that rogue access point. That's why basically every enterprise AP comes with that ability. I can't imagine if this were actually illegal the FCC would allow the sale of systems with the ability to do that.
The distinction here is that it was done as a money grab and not for security reasons.
Why are you talking about "with the same name as your WiFi"? That might change things (the people setting up the rogue network would be deliberately interfering with your network, after all), but as far as I can see that's not what anybody is doing here.
Because I'm not trying to defend what they did -- they were wrong and just trying to grab money.
I am saying that using deauth packets to prevent wifi from operating does not seem to be outright illegal and there are valid reasons to be able to do it. Considering basically every high end AP has the ability to target rogue APs and the FCC takes a dim view on people selling jammers, it seems like the context of the application of this determines whether you are jamming or not and not the use of deauth packets by itself.
Many AP's have the ability to operate outside of their proper bands and above the stated power limits too. Existence of a feature doesn't make its usage legal.
The legal principle here is remarkably clear cut.
Are you willfully interfering with another user of the band? Yes? You're breaking the law.
The method used to accomplish the interference isn't germane to the question of whether you're interfering or not.
I'm aware that nearly every enterprise AP has the ability to detect rogue access points. I am not aware of any with the ability to attack them. Also, as far as I know, none of them can target devices that are not actually attached to their network.
As someone who has experienced the fallout firsthand from a neighboring tenant in a downtown Seattle office building who used it, I'd challenge the idea that there are valid reasons to do this.
If you control the physical network - don't allow rogue APs on your network.
If you control the client and care about them connecting to access points that aren't under your control, then manage that instead.
Section 333 of the Communications Act
: “No person shall willfully or maliciously
interfere with or cause interference to
any radio communications of any station
licensed or authorized by
or under [the Communications]
Act or operated by the
United States Government.” 47 U.S.C. § 333.
If you're willfully screwing with other people's transmissions, you're breaking the law. It's that simple. The method being used doesn't really enter into it.
Wifi operates in unlicensed spectrum and transmitters and receivers are required to handle interference in this space. Is it still jamming if it's not a licensed station doing the broadcasting?
</devilsadvocate>
...I suppose it does say "authorized" there, and 2.4 and 5Ghz transmitters are authorized.
It always feels funny to me to refer to the ISM bands (the spectrum itself) as "unlicensed".
- Devices operating there have to be approved
- There are rules about how the devices work
- There are rules about how the _operator_ is allowed to operate the approved devices ("Operation is subject to the following conditions" sticker on most equipment).
In other bands, the operator in control of the transmitter generally needs to file paperwork with the FCC to get a license (in some systems like cellphones, the base station is in control so the subscribers don't need licenses, just approved equipment).
Understood you're playing devil's advocate, but the response would be: Why don't I stand outside with a WiFi antenna pointed at your house, doing the same thing, causing your WiFi devices to drop connections over and over, and then you tell me that I'm not jamming you.
Even further, denial of service attacks can be performed using totally valid and normal HTTP or HTTPS requests. In that case, it's the volume and the intent that matter.
Yes its still jamming. Even though the devices are unlicensed, you are still not allowed to intentionally cause interference with other devices. You can think of it as the requirement to use the ISM bands is you have to be nice to other users of the band.
The requirement on receiving interference means that you don't get to gripe to the FCC about other users of the band that are otherwise being nice.
Just playing devils advocate but it doesn't sound like they're creating radio interference. It sounds like they're interfering at the protocol layer, which would be another matter (likely also against regulations)
Ultimately if you follow the network layers it gets to physical media. Without physical media nothing works. Ergo, just layering over the top of the physical layer means you still interfere with wifi comms.
How? The law as written refers to "willfully or maliciously interfere with" authorized equipment. They purchased equipment and configured it to do just that, clearly on purpose. The only possible outs here are if the equipment is a hoax and doesn't actually work, or if they managed to purchase and configure this equipment completely by accident.
Would the people who claim that those syntactically valid 802.11 frames in question aren't "jamming" hold the same opinion if it were the exhibitors, attendees, or other punters who brought in the disruptive equipment? Or are they simply being pedantic about the imprecise usage of the word "jamming"?
So that blurb on the FCC site isn't the law. The fines are issued under 47 USC 333, but on its face that only prohibits interfering with any "station licensed or authorized" under that chapter: https://www.law.cornell.edu/uscode/text/47/333. Is a WiFi hotspot a "station?" It's not licensed either. Though it is "authorized" to operate in the unlicensed band.
Using deauth packets, versus actual jamming, sounds like it wouldn't even violate unlicensed band requirements. Last I checked nothing in the FCC regs requires you to respect 802.11 or other protocols while operating in the unlicensed band. You're supposed to abide by power limits and things like that, which the hotels were doing.
This is an interesting story, but I have to wonder if the writer did their research. This caption really stuck out at me:
> A mobile hot spot can be transported in a carrier the size of a briefcase.
I mean, this is technically true, but it's pretty crazily misleading about the size. The picture itself shows some massively bulky thing. It also shows what appears to be an ethernet switch with one cable plugged into it, which is about 25ft long, coiled up, and has the other end just dangling free. And it shows a power brick large enough to use as an actual brick.
One thing I'll add about this is that these wireless hotspots need to cover different types of uses than what you assume with traditional hotspots.
The event director of the American Public Human Services Association is not trying to put people on a MiFi or a Karma device—she's trying to ensure an entire room full of people at an education session or a large hall have access to an open wireless network.
That's a lot different usage than the average person might expect to run into. Her $30,000 bill is essentially to manage the wireless for the whole event.
I think it's actually misleading in the other direction than what you're suggesting–generally it's the vendors who are running into these frustrations with wireless blockers, not the event managers for the associations. The people who usually feel the brunt of the pain here are the vendors on the tradeshow floor, the startups and companies who are running stands that rely on a lot of multimedia gizmos.
These are the folks who are reaching out to the FCC, not the event planners.
"Although Wi-Fi might work fine for checking email or conducting a brief product demonstration, activities that demand more bandwidth or more security, like transmitting a live broadcast or running credit cards, still often require wired Internet access."
Why would running a credit card require wired internet?
There was a hack a while back where someone sat in a Best Buy parking lot and recorded credit card numbers in plain text as they transmitted between the cash registers and the Access Point wirelessly with WEP protection.
That means they require a secure connection, not that they require a wired connection. A wired connection can be insecure (you might stumble across an idle port sitting on the wall somewhere) and a wireless connection can be secure (WPA2 plus TLS is going to be just fine).
Although you are correct, I will point out that physical access to a wireless-connection is generally much easier than physical access to a wired-connection
From the parent comment, it appeared that the commenter was saying TLS for the WiFi connection. Upon reflection, that doesn't make any sense! Nice catch.
This logic is a few years old, but back when WEP was popular and HTTPS less-so, I was nervous about buying things online over such a connection. WEP was/is easily crackable and without HTTPS, that credit card info is plaintext over the airwaves.
Nowadays we have WPA2 and HTTPS is more common. But I still prefer an ethernet cable.
Saying that CC terminals require Wifi because not all of them support Wifi is like saying that Laptops require wifi because not all of them have built-in Wifi.
Good. It's too bad that this same stance can't be taken for other aspects of this industry. There just isn't market capacity in even semi-large cities for multiple convention centers so there is literally no competition at that scale and thus nothing to prevent predatory pricing and restrictions of all sorts. Also there is a tendency at the smaller scale for hotels to horizontally integrate so as to form a micro-monopoly on a 'full solution' for their building, meaning that you don't get to pick and choose different providers for different services, you only get to pick at a whole package (and availability) level.
Regardless of whether or not sending deauth packets counts as jamming, the root problem can be solved by simply enabling and requiring protected management frames on your router/hotspot/phone.
Once you have protected management frames required, the only way to block your devices from connecting to your hotspot would be the kind of actual jamming that I'm sure we can all agree is illegal. Problem solved.
Unfortunately most phones' hotspot apps don't let you configure this setting (and disable it by default), so we need to push OEMs to enable it by default or at least make it configurable. I for one have it required on my home network, and it gives me peace of mind knowing that I can't be deauthed by random strangers.
Wait: Conference internet, as in that thing that rarely works without a hitch and is often super-overwhelmed, is being paid for by organizers for up to 6-figures??? Does anyone else find this to be absolutely insane?
I've covered this issue closely in my role as a journalist in the association space, and this is definitely a clear divide between the hospitality industry and the associations. The thing is, associations and businesses bring in thousands of people to each event, and they drive major economic benefits.
Why do those economic benefits have to come from the wireless access? If you want to drive massive revenue from a conference, build a restaurant that profits off the many instead of a wireless business that profits off a small handful of people.
My organization occasionally sends people as exhibitors to conferences. At the biggest one of the year, renting a wireless hotspot from the hotel costs $900 (for a poor connection).
Rumor has it, one year, they rented a hotel room for a few hundred dollars and then sent an intern up to the room every hour to sync up everyone's devices.
I'm with the FCC on this one... though on the flip side, I wouldn't mind if movie theaters were lined with materials that block wireless signals altogether in the theater/screen rooms.
I can't claim to go to the movie theater often, but frankly, the incessant reminders to use CineMode(TM!) and silence your cell phone and dim your screen and so on are FAR more annoying than any actual interruption from a phone has ever been.
In fact, I can't remember EVER hearing a phone chime in a theater when I was present. I'm 100% sure it has happened a number of times, but it's still so infrequently as to not even cross my radar as an annoyance.
Let alone one that I'd support jamming to 'solve'.
I've experienced jerks answering ringing phones twice in my cinema experience over the last fifteen years. However, the REAL problem is that obnoxious individual on the row in front of me (stadium seating) with the brightness all the way up checking texts every few minutes with the screen pointed right back at me. I don't need to keep you from your messages, I'd just like you to turn the screen down please!
Thought every time I go to the theater how awesome it is if they'd designate back few rows as device-ok zone, where people are allowed to text, browse, with their devices, as long as they keep it quiet. Might attract some of solo-movie goers... (Though this is coming from the kind of person who look things up like background info and other random information while watching movie on Netflix, just I don't know how common this type of movie watching is.)
Interesting idea.. I tend to do the same thing when watching stuff at home, where I can pause and/or jump back a few minites if I'm distracted... less so with others around me... I also tend to ignore messages, and not answer my phone when I'm out with someone else... I think it's rude. Then again, I grew up in an era where you had to go home to make a phone call.
I see a great device model to handle this. It monitors the audience and when some jerk brings out their phone a set of high powered stage lights zeros in on them and blinds them. Hehe, I'm dreaming of course.
Seems like a classic case of looking for a technical solution when human solutions exist and do just fine.
All you have to do is make it clear that any and all phone use, including just looking at it, is not allowed. Encourage people to report offenders. Make it easy to do so anonymously, for example by passing a note to an usher. Eject violators and do not refund their money.
(This is stolen from the Alamo Drafthouse's policy, not just something I made up. It seems to work just fine.)
THIS, SO MUCH! Yes, I completely agree that this is the correct solution. Be very strict about people being ejected who use electronics and interrupt other patrons. That is the proper solution.
To play devil's advocate, a lot of volunteer fire departments use pagers still - not because of the technology being cheaper, but because coverage is better, more reliable and more widespread than cellular.
This isn't true. You can't intentionally use paint or wallpaper that blocks signals in public spaces or places where a wireless device is expected to be able to be used(like a movie theatre) in the case of an emergency.
In the eyes of the FCC it is no different if it is willful.
There is indeed a distinction between your own private property and a business that invites the general public in to do business. The cinema is still private property, but it's still also public space.
That said, I don't think anyone has ever attempted a ruling on whether chicken wire/Faraday cage in the walls of public spaces is permissible according to the FCC. I'd doubt such an attempt would make it far; there are so many buildings made with metal siding which do a fantastic job of reducing cellular signals to useless levels.
I don't have any citations but it seems unlikely given that there's certainly no law that requires building structures to not block cell service. (I've been in enough buildings that seem to pretty much act as Faraday cages.) Intent matters I suppose but seems pretty unenforceable.
On the other hand, on-call surgeons might just have to choose not to attend radio-opaque movie theatres when they're on-call (just as they have to choose not to consume intoxicants when they're on-call).
When the lady featured in the article "brings her own hot spot network", what is powering it? Is she plugging it into the network jack in the room? Is it cellular?
Between $100-750 per day. Some plans charge per device, some per jack, some per event. At some events you can get away with using hotel guest Internet, which is cheaper ($10-15 per day). Typically other network connectivity (fiber point to point, dry lines, VLANs, etc) is also expensive. Power is sometimes charged for, but in some states that is illegal or included in the room rentals. Some hotels and convention centers get around that by charging to hook up power, charging for the power drop equipment or charging to turn it on.
Don't ever underestimate a hotel or conference center's ability to bill large amounts of money for services their captive clients need. Coffee is $60 a gallon.
Prices quoted are from major brand hotels and major conference centers on the west coast of the United States and are in US Dollars.
No need to get something that fancy for short-range use in a conference booth. I have a $40 T-Mobile Wifi hotspot that I activate for $10/GB when I need it.
It came in handy at a conference where the provider's network went down and we could still process credit card orders over the cheap hotspot. Though I imagine that if everyone used them, the cellular networks would not keep up with the demand.
As long as the cellular networks are on top of their game, they shouldn't have a problem. Conference centers can be blanketed in microcells to ensure good coverage even when spaces are extremely crowded and utilization is high. My own (limited) experience is that cellular is more reliable that WiFi in such an environment. Your problem would more likely be accidental interference from other hotspots on the WiFi end.
Conference centers can be blanketed in microcells...
Except the conference centers would charge the carriers millions to install any equipment, so the signal usually has to punch through windowless buildings from the outside.
https://www.fcc.gov/encyclopedia/jammer-enforcement clearly states "Federal law prohibits the operation, marketing, or sale of any type of jamming equipment, including devices that interfere with ... wireless networking services (Wi-Fi)."