Since marketing and selling jamming devices is illegal, I would like to know what the FCC is going to do about the supply chain. We know these are all using well known advertised features of enterprise wireless gear. Are they working on a consent decree with Cisco/Aruba/etc to stop including this feature? Or are they going to play whack-a-mole with end users for the next decade?
Indeed jamming is illegal. Anti-rogue AP tech' is a grey area.
It doesn't jam the spectrum in the traditional sense. Instead it transmits packets telling the AP and client to disconnect from one another for WiFi networks it doesn't "own." That within itself isn't technically "jamming" and is also likely legal in some cases.
The whole point of the tech is: If you own a network called "CorpWiFi," someone can come along, set up their own AP, and call their WiFi "CorpWiFi" to try and trick clients into connecting to it with the goal of stealing information. Cisco's anti-rogue AP tech attacks these hotspots and causes continuous disconnects. That is likely legal.
What is not legal is using this same tech' to disconnect ALL WiFi hotspots within range. So instead of using it to go after "CorpWiFi" you also disconnect "MyWiFi" and "FreeWiFi" which are networks you don't run. That's what has got these guys into trouble.
The technology itself is legal. Using the technology in the US is also legal in some cases. Using it to effectively corner the market for WiFi in certain areas is illegal.
I don't see how anti-rogue AP tech can be legal either unless it is within the confounds of your own property. Where WiFi jamming is technically also legal if it does not affect any external party.
What gives you, company xyz, the right to essentially DoS an AP just because they share the SSID? Just because you call something CorpWiFi, doesn't really make it legal to DoS someone else's SSID that is also called CorpWiFi. There does not seem to be any kind of legal framework that would allow you do so, but inversely, you are essentially then not only committing multiple types of crimes, but you are also violating free speech.
I get the reason, but the solution really needs to be something else, even if that something else is some sort of change to the WIFI spec and inclusion of some kind of authentication or security layer.
The airwaves are considered a public space so it's not two private parties and the rules are different. (You can't just use air raid sirens to disrupt a public protest.) However, at a minimum you are likely to run into issues with the computer fraud and abuse act because your interfering with two other parties, and that has rather stiff penalties.
PS: Random noise is one thing; hacking someone’s Wi-Fi even using such a simplistic approach is very different.
It's two private parties acting in a public space. It may still be illegal to interfere, but the first amendment protects you from the government, not from other individuals.
You can't just use air raid sirens to disrupt a public protest
I'm not 100% up on my civil rights/protest law, but if you are a private party, I suspect you could. It is, for example, 100% legal to surround a protest with other people holding sheets to block them & their signs from view.
Of note: A violation of a noise ordinance is in most jurisdictions not considered a disturbance of the peace unless the perpetrator has disregarded an affirmative request that he or she reduce the noise to a reasonable level. However, that would be implied in the air raid siren case.
Anyway, I agree it's not the 4th that's the issue. But, it's still unlawful conduct.
Talking over each other would be the same as running two or ten routers on the same channel, which is not an issue. This approach actively prevents communication.
Where WiFi jamming is technically also legal if it does not affect any external party.
I'll concede the possibility that my understanding is incorrect but jamming is flat out illegal(for non-government entities). It's illegal to even sell jamming devices. I remember a few years ago, the FCC started threatening movie theaters that had been jamming cell phones.
What is the legal definition of a jamming device? The wifi jamming being discussed does not interfere with any existing radio communications, it adds extra packets of data that the client device interprets. The original signal is fine, it's just not usable in a practical sense.
Broadcasting white noise on wifi frequencies to drown out communications is the sort of jamming that is clearly illegal, this likely isn't jamming under current laws.
There was also a guy in Florida who went to jail because he ran a jammer in his car during his work commute so people wouldn't text and drive around him.
I am not 100% sure, but I think if you are jamming signals on your own, personal, private property and the jamming does not extend past your boundaries, it might be legal. But that is an edge case that really doesn't apply in the vast majority of situations. The rule of thumb would essentially be that if you are jamming someone's signal outside of the strict boundaries of your personal, private property you are doing so illegally.
Especially in public gathering business, when you are subleasing some part of the attraction (alcohol, wifi) there are provisions in the contracts to ensure the provider is the only one providing the service. That's why it is usually illegal to bring own alcohol to festival. In this case they could argue to have acted in good faith according to the contract. Should the wifi provider/venue operator first block all APs and then accept rebutals that it is for personal use, or attempt investigations if given AP is for sale?
Illegal contract provisions are not enforceable. I can sign a contract saying you can jam my wifi, I can sign a contract saying you can kill me and serve me as the main course at the banquet, but you're still not actually allowed to do those things.
Yeah, still doesn't give them legal claim to 'This Wifi SSID'.
Also, there are trespass statutes for people behaving as you don't wish within private property.
"Within the bounds" - so their walls are RF shielded, then?
> Yeah, still doesn't give them legal claim to 'This Wifi SSID'
Nobody has a legal claim to any wifi SSID. They don't have an exclusive claim to the conference SSID, and you don't have a legal claim to your hotspot's SSID (the one that's actually at issue here). Conflicts can occur, and the law has nothing to say about them.
> Also, there are trespass statutes for people behaving as you don't wish within private property.
Yes, there are, but it's not the FCC's role to enforce those particular statutes (nor should it be). The real question is whether the FCC should be unilaterally setting policy regarding interference at the MAC level where things like de-auth packets come into play. That's being discussed in another sub-thread, so I won't repeat the points here.
> Within the bounds" - so their walls are RF shielded, then?
No more that the average corporate HQ, but there seems to be a consensus here that doing the same thing in that context would be A-OK. Why the different treatment for two situations that are equal under the law?
Right. They don't. But they seem to think they can send de-auth packets that effectively say to third parties, "I am going to disconnect you from this network". That is at the least -implicitly- saying "I am claiming this SSID, and I am willing to use power/technology/tools to enforce this, whether you like it or not, whether I have the right to or not".
I never said the FCC was involved in enforcing trespass statutes. If there are people on your private property behaving in a way you deem unacceptable (even if legal), then the solution is to remove them from your property, not for you to illegally interfere with the use of the spectrum. That's vigilantism.
The Corp HQ example seems to work because there are clauses that surround intentional deception and the risk to security that could come there-from. When CorpHQSSID access points de-auth packets to an unauthorized access point using the same SSID.
That -wasn't- what was happening here. The convention center was saying "I don't care what your use of the wireless spectrum is, your hotspot, whatever, I'm going to interfere with it so that my SSID is the only one usable (oh, enter your credit card number here)".
Your contortion of logic, willful and disingenous ignorance of contradictions and interpretations don't change these facts. The issue was discussed many times, many lawyers were involved, and the outcome was decided - whether you think it should be or not (your perfect right), it -is- illegal.
You know if a private individual was disrupting a corporation's WiFi he'd be put in prison, right? People got sued for just using WiFis without permission, not even by the owners, but by the government.
> Cisco's anti-rogue AP tech attacks these hotspots and causes continuous disconnects. That is likely legal.
Why would it be legal to order your computing device to disrupt someone else's computing services?
Just for reference here, under US Federal law:
> knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer;
> the term “damage” means any impairment to the integrity or availability of data, a program, a system, or information;
A protected computer is any computer connected to the internet.
Taking any action to impair the availability of data, a program, or a system to any computer connected to the internet is a felony in the United States.
You're right! It is also a crime under the FCC laws. If you manage to interfere with internet-connected computers, using radio communication, you're breaking multiple laws at once. Better hope you have a good lawyer.
You could make an argument that if they set the SSID to CorpWiFi that they have joined the CorpWiFi network, and it's perfectly okay for other parts of that network to decide what connects to what.
There's probably a way to use the CFAA against someone setting up a fake AP, too.
>The whole point of the tech is: If you own a network called "CorpWiFi," someone can come along, set up their own AP, and call their WiFi "CorpWiFi" to try and trick clients into connecting to it with the goal of stealing information.
Then contact law enforcement. Building out some vigilante feature into AP's is completely asinine. This is like me seeing someone speed on the expressway and trying to pull them over myself. Of course, we'll abuse that power if given to us!
The FCC needs to up its game. Either allow us to do whatever the hell we want or stop the bad guys. You either have police or you don't. This middle ground of outsourcing enforcement to Cisco and Aruba and other deep pocketed enterprise players was, predictably, abused by terrible corporate citizens and puts home users as a disadvantage as their equipment doesn't have these features.
Or heaven forbid the FCC get off the big donors/money train and strongarm some spectrum so we have more for wifi in the ISM band. How much spectrum is wasted right now on analog radio or other dinosaur services that can be downsampled into bandwidth efficient digital transmissions? Its incredible we have so few bands for our most used infrastructure. Hell, give us channel 14 at least. Figure out a safe way to do this here. We're dying for spectrum yet deep pocketed players buy all they need (mobile networks, clear channel, etc). That's the core problem hereand until we get more wifi spectrum, these shenanigans will continue in one form or another. Smart City isn't knocking you offline because you're some kind of wifi pirate, they're doing it because they want to hog the limited spectrum for their convention customers.
If pirating ssid's were a real problem, we'd all be proposing an ssl-cert like system to verify identities or at least some kind of web of trust to avoid rogue AP's. But its not, its a complete red herring. The real issue is the stingy amount of spectrum allocated to us.
>Then contact law enforcement. Building out some vigilante feature into AP's is completely asinine. This is like me seeing someone speed on the expressway and trying to pull them over myself. Of course, we'll abuse that power if given to us!
No, it's like any corporation's private security asking you to leave. (Which they absolutely will.)
Except you don't have property rights over the radio spectrum, unless you licensed it from FCC. It doesn't matter that it's your physical territory - the radio spectrum belong to FCC and them alone.
Similarly, you don't have any rights over the airspace above your land - the FAA does.
Well, yes, but in addition to agreeing to accept interference users of this spectrum also are not allowed to cause interference, so this isn't a good defense strategy for those who would jam you.
These companies have enough lobbying dollars to make LE care. LE cares about me pirating Hollywood movies, doesn't it? That didn't just magically happen on its own.
Those features are legitimate when the targeted AP is illegally on the corporate LAN, impersonating the legitimate APs, and/or a personal hotspot in an environment where data exfiltration is a concern.
In places where the public goes (hotels, convention centers) they are absolutely wrong but they're still important to enterprise security on corporate campuses.
You raise an interesting point. As far as I know, the law doesn't recognize concern about exfiltration as a factor distinguishing "legitimate" vs. "illegitimate" use of these features. It just makes a public vs. private distinction, and the convention spaces in question were considered private. In Smart City's response, they point out that they also provide service in public spaces, and took pains to ensure that users there weren't affected. Is that "illegitimate" in your book? How would you even craft a law that would prohibit them from doing this, without also preventing the "legitimate" corporate use you mention?
Where I think Smart City's argument falls down is not that managing the network within their private space is generally wrong or illegal. Their failure seems to have been that the users whose hotspots they were killing had entered into no agreement not to bring or use those devices. Had that been a part of the event registration, I for one might have declined to attend, but I also think the FCC might then have been right - per the law - to have decided differently.
Just because some people consent to you interfering with WiFi signals, doesn't mean you are allowed to do it. You'd need to completely wrap your transmitters in a Faraday cage and hold the entire convention inside it, only allowing people who have signed your bizarre and draconian contract, that allows you to interrupt their WiFi signals, in to the venue.
"Legitimate" here may mean that you agree with the use in those cases, but don't mistake it for "legal", which it is not, at least in the last two instances. Corporate LAN is an interesting one.
Hypothetical question: I buy some land to host conventions. I make the buildings and enclose them in a big faraday cage. Then I make deals with anyone that agrees: Whoever wants to host a convention in my center, they will accept that inside the convention center, there will not be any kind of transmission, except my own wifi. Leaving aside the ways I could accomplish this, is what I want legal?
There's a hack you could do to make it so it is illegal for people to operate Wifi in your convention center.
Wifi spectrum is shared with other services. I am aware of at least the following services that use all or part of the same spectrum that 2.4 GHz wifi uses:
1. Radiolocation services (e.g., radar).
2. Industrial, Scientific, and Medical (ISM) devices operating under Part 18 of the FCC regulations.
3. Amateur radio (ham) operators operating under Part 97 of the FCC regulations.
4. Wifi, RF remote controls, Bluetooth, microwave ovens, cordless phones, wireless microphones, and many other things, operating under Part 15 of the FCC regulations. (Note: note all instances of all of these devices will be in the 2.4 GHz band. For instance. There are other bands available for most of these, and which a particular device uses is up to the manufacturer).
There may be other services operating under other parts of the FCC rules that I did not list (because I don't know about them).
The above are listed in order of priority. The rules are simple:
• You cannot interfere with users of services above yours the list. For instance, if a ham radio operator interferes with an ISM user, the ham has to stop the interference. How he does that is up to the ham...he could reduce power, or use a directional antenna aimed away from the ISM device, or move to a different frequency, but if he can't stop the interference by such means, then he has to stop transmitting.
• If a user of a service above you on the list interferes with you, it's entirely your problem, not theirs. They have no obligation whatsoever to take any steps to reduce or eliminate their interference with you.
So here is the hack. Get some part 18 certified ISM device that is very sensitive to interference from wifi--so sensitive that it is pretty much impossible to operate wifi near it without interfering--and operate it on site. Now anyone who fires up wifi will interfere, and you can ask them to stop and if they do not they are violating FCC regulations.
I think you have #2 and #3 backward. ISM is unlicensed and can't cause interferences to ANY licensed radio services, that's including amateur radio users.
I checked the regs, and looks like they may be effectively on the same level.
47 CFR 97.301 says that the sharing requirements for hams in 2.390-2.450 GHz are given by 97.303(d), (e), and (p).
97.303(e) says: "Amateur stations receiving in the 33 cm band, the 2400-2450 MHz segment, the 5.725-5.875 GHz segment, the 1.2 cm band, the 2.5 mm band, or the 244-246 GHz segment must accept interference from industrial, scientific, and medical (ISM) equipment".
So, hams must accept interference from ISM in that band, which would put hams equal or below ISM on my list...BUT I cannot find anything that says hams must not interfere with ISM, which would indicate hams should be equal or above ISM.
The one thing about ISM is that a lot of those are actually transmitting only; for instance, microwave oven. The fact that amateur radio service needs accept interference from ISM equipments just indicates the fact that hams can't report instances of interferences to FCC (as long as such devices are operating under proper conditions as described under Part 18) and unlicensed services usually receive very little protection, if at all, from interferences caused by licensed services.
I've always worked on the assumption that it is within my right to build my private facility out of copper if I choose, and the fact that your cell phone doesn't work in my facility is your problem not mine. I am not "jamming" any signals. I would be interested to hear counter-arguments from those familiar with the FCC rules on this matter.
Maybe if intent to jam wireless could be demonstrated, but there are no codes I know of that require a certain level of permittivity in a building, and indeed many buildings all but squash signals- and that is the user's problem.
> If someone has a cell phone and needs to call 911, would you be held liable for their inability to make that call?
I've been in plenty of buildings with terrible-to-nonexistent cell reception. I somehow doubt that they'd be held liable if I wasn't able to get reception to make a 911 call. I can't see that the large Faraday cage example is appreciably different.
No it doesn't. That ruling is about the illegality of deploying a wi-fi protocol that's meant to interfere with other communication.
A purely passive barrier to electronic signals is a completely different thing. There are no rules against Faraday cages, and the FCC is perfectly aware of them and what they are for; it OKs the use of Faraday cages for use with experimental radio technology that would otherwise require a special permit.
So it is illegal. So basically I am not free to block hot spots in my own area if I use it for public access, which essentially amounts to "Even if you own an area, whenever it is publicly accessible, you do not own its 'air'". I find it a bit too restrictive.
A lot of people want land ownership to mean that they have absolute dictatorial power over everyone and everything on their land. We, as a society, have decided that this is silly, and that most crimes outside your land remain crimes inside your land. I can't really disagree.
I dont know, but it's my property and it seems logical that as long as they know they cant make that call, the decision is theirs and so is the liability.
I've always wanted to open a bar where cell phone and wifi signals are blocked.
I'd put big signs up announcing that fact, and it would be awesome to see the kinds of people that actively want to hangout where cell phones don't work.
Among other interesting points is that they seem to have been using the same "de-authentication" trick that Marriott had used in a similar case a while ago. Also, they make an argument about density and interference that IMO shouldn't be dismissed out of hand. I still think they were wrong and deserved the fine, but it's worth keeping in mind that mobile hotspots can fall afoul of the very same principle and law behind that fine.
> For instance, in those cases in which Smart City has used de-authentication in the past, it targeted only access points and wireless devices that are located within the confined and proprietary space of the exhibit hall -- areas of a convention center that are licensed for private event and to which access is limited -- and that pose a threat to secure, reliable, WiFi availability within that confined space.
That's not how WiFi works. They cannot know for a fact that these WiFi hotspots are within the convention space, they could and likely are, blocking WiFi located outside of that space.
Additionally they're claiming that they literally own the radio spectrum within a "proprietary space" which is a dangerous line. What is stopping them from blocking all cellular signals or worse charging cellphone companies for the signal travelling through their space?
Their point about security is nonsense. The technology they're employing is DESIGNED to secure WiFi networks by disconnecting actually rogue APs (i.e. devices squawking the same SSID as their network), that is still legal, the problem they and the Hilten ran into is that they took tech' designed for security and mis-used it for monopolising the WiFi spectrum within their convention centers.
So, sorry, no. If your WiFi network is called SmartCityWiFi and you disconnect MyHotSpot then you're breaking the law and have zero security arguments to make.
Good on the FCC for giving these guys a fine. Too bad it wasn't more. I read their arguments and it has only made me side with the FCC more. What they're asking for would make the world a worse place in general and only helps their bottom line.
>That's not how WiFi works. They cannot know for a fact that these WiFi hotspots are within the convention space, they could and likely are, blocking WiFi located outside of that space.
To play devil's advocate, some APs support rogue triangulation. Ours plot any rogues on a building map so we know exactly where they are. When combined with a proper wireless survey, you could ensure that they don't deauth anything beyond the building perimeter. Not that I recommend that, since at the very least someone should be able to tether their phone if they want. But also because it puts additional overhead on your APs, which are usually already taxed in high-usage areas.
>that is still legal, the problem they and the Hilten ran into is that they took tech' designed for security and mis-used it for monopolising the WiFi spectrum within their convention centers.
Why is this legal while the other practice is not? Say the conference center uses a wifi named HallWifi. Why are they allowed to block me from using the same SSID but not HallWifi2 or else? Also, what about blocking similar SSIDs like Hal1Wifi?
This seems one of those things where you have to write a 'I can't define exactly what is illegal, but I know it when I see it' law. I really don't like those types of laws.
Bingo. You are totally and 100% legitimately allowed to hijack, block, and/or de-auth rogue WiFi access points broadcasting the same SSID as you so long as the blocking is targeted at your own property (some leakage is inevitable).
If attendees were naming their personal hotspots "SmartCity" then SmartCity would have a point. They weren't.
Uh, no. Just because you think this should be the law doesn't mean it is the law.
Instead the law in the United States is that you aren't allowed to jam anyone, aren't allowed to interfere with the operation of other computers on the internet, and whether the computers are on your real estate or not has nothing at all to do with it.
In the first paragraph you mention property, but SSIDs aren't property. They don't own "SmartCity" and you don't own "RandomPundit" and I don't own "DidMyResearch" either. The legal point seems to be whether Smart City's actions were limited to the physical space they owned or leased, not what SSIDs were involved.
Yeah, I'm not seeing any evidence that they were the first to be using a particular SSID when they shut them down.
What happens if we both have the same SSID and move into the same area? Who 'owns' that SSID? Smart City gets to just roll into town taking over any SSID it wants?
As far as I can tell, strongest signal wins (assuming it's within transmit-power limits). Probably just as well, since adjudicating disputes over who owns what SSID in what space would be a total nightmare.
> They cannot know for a fact that these WiFi hotspots are within the convention space
You don't think triangulation can be that accurate?
> they could and likely are, blocking WiFi located outside of that space.
You have even less basis for that statement than they had for theirs.
> They're claiming that they literally own the radio spectrum within a "proprietary space" which is a dangerous line.
Absolutely agree. That's why we need to have those conversations, instead of just oversimplifying into "bad guys" trying to meet their SLAs and "good guys" bringing whatever gadgets they want to the party.
> If your WiFi network is called SmartCityWiFi and you disconnect MyHotSpot then you're breaking the law
[citation needed]
> Good on the FCC for giving these guys a fine
I agree. In my opinion spoofing de-auth packets should be legally equivalent to jamming (currently it's not) and should be severely punished. The fine was deserved. On the other hand, let's not rush to throw the baby out with the bathwater. There is a serious issue here, which won't go away until we face it.
> You don't think triangulation can be that accurate?
Does Cisco's anti-rogue AP tech perform triangulation? Why would it when it isn't designed to limit what people can do in physical spaces?
> You have even less basis for that statement than they had for theirs.
I know how the tech works. I know how the anti-rogue AP tech works. I have plenty of reasons for believing that they're disconnecting APs outside of a physical zone (since it isn't designed to do accomplish that to begin with).
>> If your WiFi network is called SmartCityWiFi and you disconnect MyHotSpot then you're breaking the law
> [citation needed]
Literally the article this entire thread is about... The FCC's fine of Smart City today that we're discussing is the citation. I cannot believe you even asked for that... Wow.
> Literally the article this entire thread is about
As another commenter so politely put it, and received no censure, absolutely wrong. You're trying to make a distinction based on SSIDs, and SSIDs have no legal standing. The string "SSID" doesn't even appear in the FCC's decision. Reasonable people can disagree on whether this was the right decision, and as it happens we do agree. Reasonable people can disagree on which statutes, definitions, etc. apply. However, reasonable people can not claim that the entire thread is about SSIDs. To quote you, "Wow."
That's a strawman, the term "SSID" appearing or not appearing is irrelevant. The distinction is about legal and illegal usage of rogue AP containment. To quote Cisco[0]:
> Rogue AP-connected clients, or rogue ad hoc connected clients, may be contained by sending 802.11 de-authentication packets from local APs. This should be done only after steps have been taken to ensure that the AP is truly a rogue AP, because it is illegal to do this to a legitimate AP in a neighboring WLAN. This is the reason why Cisco removed the automatic rogue AP containment feature from this solution.
You're arguing that it is illegal in all circumstances, Cisco disagrees. The FCC also has not brought a single enforcement action against anyone utilising rogue AP containment the way it was designed, they have only brought it against businesses using it to shut down third party WiFi (that wasn't pretending to belong to the same network).
Speaking of strawmen, I am not arguing that rogue AP containment is always illegal. Nor am I arguing that it's always legal. I believe this is a matter of consent. If you enter a space where wifi hotspots are forbidden, then your proprietor can de-auth you to hell and the FCC should have nothing to say about it. It's not interference any more; it's an agreed-to limitation on use.
Your Cisco quote is a complete non sequitur because you're assuming a very particular definition of "legitimate AP" when none is present or implied by law. A "legitimate AP" is one that is not itself being operated in violation of the law, and a "neighboring WLAN" is one that you do not own or have consent to manage. With correct or reasonable definitions, that quote doesn't support your position at all.
No, its not. This is quite obvious from the time of the documents (The January 15 document you point to could not, even without looking at its content, be a response to the settlement the FCC just announced with Smart City.)
If you actually read the content of the thing you say is "Smart City's response", its Smart City's response comments in support of a petition filed by Marriot [0]seeking to have the FCC repudiate the principle that formed part of the basis for the judgement against Marriot and Smart City.
But note that even in that response, Smart City does not take the position that the actions for which it was being investigated, which it admitted to in the Consent Decree and claims to have discontinued when it learned of the investigation in 2014, should be permitted, instead taking a position that de-authentication should be allowed when based on specific objective measures indicating a threat to networks, whereas what they were doing (by their own admission) before, and were fined for, was indiscriminating sending de-authentication packets shut down WiFi access points that they did not control.
> What, time didn't exist before today's decision?
Time did, and part of time is that responses don't occur before the thing they respond to.
> It was a response - just to an earlier round of the same debate
Its not even that; its a response in a parallel but tangentially related proceeding that started after the complaint on which the current Consent Decree was filed, addressed a different issue, and was never resolved because the party that filed it (Marriott) later withdrew it.
And Smart City's response in that proceeding essentially argues that the FCC can and should prohibit the conduct which Smart City admitted to in the consent decree, though it argues that the prohibition should be based on a different legal foundation than the one cited in the Marriott and now Smart City consent decrees.
(It also argues that the FCC should not prohibit a different, more targeted practice of de-authing that is actually based on more specific objective indicia of a threat to an existing network, which no FCC enforcement action as yet has targeted.)
Also absolutely wrong. There is a complete difference between a noisy environment (lots of mobile hotspots / access points) and an environment with an active attacker (device sending out deliberate deauth signals). Try to understand the difference, it's the key to the case.
> 47 U.S. Code § 333 - Willful or malicious interference
>
> No person shall willfully or maliciously interfere with
> or cause interference to any radio communications of any
> station licensed or authorized by or under this chapter
> or operated by the United States Government.
The method of interference (‘jamming’ or sending deauth packets) is irrelevant.
OK, let's play that game. What is the legal definition of "interference" with respect to this statute? What is the legal definition of "interference" with respect to the FCC? Does or should the FCC have jurisdiction over "interference" above the physical level? That's a pretty hotly debated topic. Extending the FCC's mandate in this way might not actually be such a great idea, even if it would have yielded the outcome you want in this particular case. Also, what makes 47§333 so sacred? ISTRC that it has been used to prosecute hackers that were doing nothing wrong. Personally, I think this set of issues should be addressed in a more organized way than by throwing random statutes and regulatory agencies at it.
> What is the legal definition of "interference" with respect to this statute?
“Any emission, radiation or induction that [...] seriously degrades, obstructs or repeatedly interrupts a radiocommunications service operating in accordance with this chapter.” (Emphasis added. The elision is specific to navigation and safety services.)
No, the “emission, radiation, or induction” of the bit pattern is an “emission, radiation, or induction”. The bit pattern is perfectly fine; you can print it on a t-shirt or tattoo it on your forehead and the law won't care. You can even emit, radiate, or induce it as long as that doesn't willfully or maliciously seriously degrade, obstruct or repeatedly interrupt a radiocommunications service.
> Yes, the mechanism is different, but the basic problem of interfering with others' communication is the same.
The legal problem isn't the effect of interfering with others' communication, its the active intent to interfere with others' communication.
So, no, a noisy environment because lots of people set up WiFi hotspots with no intent to prevent use (even though it may prevent some uses) does not pose the same legal issue as an environment in which someone is intentionally actively denying people the use of WiFi hotspots by spoofing de-auth packets.
How would mobile hotspots fall afoul of the same thing? If you get enough of them active in the same area you might get degraded or even nonexistent service, but that's not at all the same thing as sending fake deauthentication packets in a deliberate act to prevent other devices from working.
No, it's not the same as sending de-auth packets, but it's still interference with their signal on their property and that's an issue quite worthy of concern. That's why we have laws about jamming devices or radiated-power limits. I think their reaction was inappropriate, but the basic principle of not interfering with others' communications still cuts both ways. We need a better way to deal with such conflicts, which are only going to become more and more frequent and severe.
We have a system to address the public airwaves, which include all the airwaves on all property since the electromagnetic spectrum conveniently ignores our artificial property boundaries.
That system is called "licensing" and SmartCity is completely free to apply for a license to own their own slice of spectrum. When you are talking about single-building uses or point-to-point links they aren't even that expensive (unlike regional or national cellular frequencies for example). Good luck getting hardware makers to adopt your special snowflake system!
WiFi operates on unlicensed bands. By using such bands you are bound by various rules (like power transmit limits) designed to ensure everyone has shared access. WiFi itself is designed to scale down power and share transmit time to keep the noise low. In fact using a personal hotspot isn't likely to cause much interference since the devices are likely right next to each other and transmitting at very low power levels.
What you can't do is take the spectrum, protocols, and devices designed to allow everyone to share and hijack it to stop other people from using it.
You might make the case that officially certified WiFi devices should include some frequency bands that are license-only so that large venues could apply for exclusive use of certain frequencies* but unless and until that happens you are legally required to abide by the same rules as everyone else, even on your property.
* As radio chips get better it becomes more and more feasible to include the hardware for a multitude of frequencies (chips, amps, filters, etc); eventually SDR will make it possible to support a huge range.
>That system is called "licensing" and SmartCity is completely free to apply for a license to own their own slice of spectrum.
In this context, (hotel internet) it doesn't seem reasonable to ask them to start manufacturing their own wireless cards that support a wider spectrum, since everybody staying at the hotel would need one.
We're not asking them to do this, just saying that this is what they'd have to do if they want to have a frequency that's protected from other users.
Right now, hotels have two choices. They can support cheap commodity equipment that uses unlicensed spectrum, but they have to accept that everyone is allowed to use that spectrum as they wish (within the rules) and this might impact the hotel's use. Or they can use expensive specialized equipment that nobody owns, and have guaranteed exclusivity to their bit of spectrum in that area.
I think a third choice would be great, to have commodity hardware that can access licensed spectrum so that venues who want to guarantee exclusivity can obtain a license while allowing their users to use standard hardware.
But that third choice isn't available, so the reality of the situation is the two choices above. Naturally, venues pick the option with commodity equipment and no exclusivity. And that's totally fine. But they can't then try to force exclusivity into the situation afterwards.
The whole idea of these unlicensed bands is that there are limits on power and such, and otherwise you can more or less do what you want as long as you're not deliberately interfering with other people. If your legitimate use happens to step on other people's legitimate use, well, so it goes. If you want to make sure nobody else can interfere with you, use a licensed frequency and obtain a license for your use.
I think this raises an interesting point. There ought to be some frequency bands accessible by common WiFi hardware which require a license to use. Then big venues like this could set up their networks on licensed bands, after obtaining a license, and be free from interference by people's mobile hotspots and such.
Although I have a feeling that approximately nobody would actually go through the process of getting a license, because the whole "interference" thing is just a cover, and their actual motivation is a cash grab by attempting to force people to use their spectacularly overpriced service.
> There ought to be some frequency bands accessible by common WiFi hardware which require a license to use.
Thank you for keeping this constructive. That's exactly the kind of discussion we need to have. Certainly there are likely to be all of the problems we've seen in every other aspect of spectrum allocation and licensing, but at least exploring the possibilities might lead to a better solution. Certain others' insistence on denial and bluster won't get us anywhere.
Also, they make an argument about density and interference that IMO shouldn't be dismissed out of hand.
The point isn't worthless in general, but it's worthless in the context of the text and principle of 44 US Code 333. In that case, I will dismiss it out of hand.
it's worth keeping in mind that mobile hotspots can fall afoul of the very same principle and law behind that fine
What mobile hotspots maliciously interfere with eachother's operation?
"Also, they make an argument about density and interference that IMO shouldn't be dismissed out of hand"
Absolutely it should. It might make for a shitty experience, but the whole (un) license of the Wifi spectrum is "it's a free-for-all, suck it up". However many users are there, microwaves, you name it. "May not produce interference to other users, must accept any and all interference".
I wish they (FCC, FTC et al) would look into other convention center trade practices. Convention center workers are heavily unionized and exhibitors are forced to pay abnormal rates for any kind of local labor or rental services. You can't bring your own service providers and you can't DIY either in most cases.
Convention center rates are kind of ridiculous, but they're sort of like airports in that they both charge ridiculous rates for common goods in their controlled areas.
Also similar to airports, I doubt that the local monopoly is illegal since it's usually the city that sets it up. The problem here seems to be that they were messing with transmissions, which the FCC has control over.
Although I agree, just because it's legal doesn't make it less of a pain. Back when I was an exhibitor at conferences, we used to get Ikea furniture delivered to the hotel, carry it in, assemble it ourselves, and just leave it at the end of the conference. It was about 1/8 the price of rental furniture.
Different convention centers have different rules, but the ones I went to used to allow you to assemble anything you could bring in the front doors. If it came in the back doors you'd need to pay drayage and assembly fees. We had a collapsible booth that was very useful in this regard.
Convention centers are often built with taxing authority bonds, and then the monopolies used as kickbacks to local unions and service providers. Very cozy.
___Municipal facilities___ are often built with ___municipal obligation/revenue____ bonds, and then the monopolies used as ___opportunities___ to local unions and service providers.
This is well known to professional convention planners and service companies such as GES and Freeman. It's not going to change any time soon. Each venue has its own rules, depending upon the strength of the local unions. I've worked at trade shows around the country. In many cases, I've been able to assemble my own booth, plug in my own electricals once they've run the drops for us, etc. For infamous venues like Chicago and Las Vegas, you're going to pay for everything beyond sticking up some posters, including even plugging in a light.
Conference organizers who book these venues are making a conscious choice that the inconvenience and cost to their exhibitors pays off in increased attendance.
That seems like the sort of thing that doesn't need government intervention. Complain to the conference organizers and maybe you can get them to switch to a better venue. Worst case, don't exhibit at conferences that use places like this.
Venues (over a certain size) are near monopolies. There is only one Moscone Center. You could hold event at Cow Palace, but that's not the same level of facility, nor so optimally placed.
There are lots of other conference centers. That Moscone happens to be the only big one located in downtown San Francisco doesn't make it a monopoly, that's merely a competitive advantage, and competitive advantages often let places charge more.
Unfortunately, there's really no market-based solution to convention-center practices. Competing for desirable locations -- say, by building your own convention center and charging less/having better practices -- is close enough to impossible that we can just call it impossible.
And given how often convention centers are funded by the taxpayers, it's only fair for the taxpayers to impose conditions on how their money will be used.
Even if there's only one convention center in an area that's suitable, there are a lot of cities with convention centers out there. Lots of conventions are not particularly tied down to a ___location, other than for sentimental reasons.
I get that the situation sucks. I've been there too. But ultimately you're paying this tremendous premium not because there's literally no choice, which is what a monopoly would entail, but merely because it's worth it over the alternative.
I think the fact that these things are often owned by the local governments is a good reason why they shouldn't be doing stuff like this, but that seems like a remedy to ask for from the local governments in question, rather than some sort of federal investigation.
Like ghaff says, once your event gets above a certain size, you're not choosing a venue for "sentimental reasons". The number of places that can handle the truly large conventions and conferences is, I suspect, not as high as you think it is.
Right. You get to around the 10K+ range and you've basically got Vegas (the Sands and possibly the Convention Center though I haven't been to the latter since Comdex days), the Moscone, Javits, the main convention center in Boston (10K is a bit large for the Hynes), Orlando can be made to work (though I hate the logistic involved). There are doubtless other potential locations--Chicago was the other Comdex site back in the day, Houston had/had huge oil & gas shows--but I can't remember the last time I've seen a top-tier tech show at another ___location.
The whole tradeshow thing is something of a racket--speaking as someone who has been involved with tech tradeshows in various contexts for more years than I care to admit. As you suggest, there are lots of cities and lots of convention centers, at least until you get above a certain size in which case your options drop dramatically. But I suspect that moving most tech conferences to $RANDOM_MIDWEST_CITY wouldn't be a popular choice among potential attendees. (Not that I'm personally a particular fan of certain popular venues like Vegas but many are.)
bell never had a monopoly because you could choose to run wires to all the people you want to communicate with, you merely pay them because it's worth it over the alternative.
There are lots of conference centers for small conferences. In the medical field, some of the conferences can only be held in 5-6 centers within the U.S.
I've seen conferences charge really high prices for data at a convention center, namely because so many people attended, that it would have overwhelmed the convention center's (likely underpowered) network. Price kept usage low.
This is one reason I've began to like the smaller conferences more. More variety in venues and free data. Plus it's easier to be known among a smaller group of people.
Exactly "the only big one". As in there are no others. If you want to have a big convention in SF your choices are, ... None. The ability for a developer to buy land and build another big, profitable convention center in SF is near zero.
You were lucky, I'm surprised they didn't flat out demand from the convention organizers that you either dismantle for them to reassemble, or were billed what it would have cost them to set up themselves.
How were they blocking personal hot spots? The article doesn't get into details. Since they were providing their own wifi, they weren't using a jammer. Were they blasting deauth packets at any hotspot not on their whitelist? Were they using mdk3?
According to their response (cited in another comment) they were spoofing de-auth packets, and were only doing so for hotspots determined to be physically within their proprietary space. It's not hard to do that via triangulation.
You repeatedly and willfully ignore the invalidating part of this - that they -do not own the airwaves-, inside their 'proprietary space' or otherwise. It is unlicensed spectrum, anywhere, precisely because we can't control (easily) the transmission of radio waves.
They don't, and you don't either. The attitude that hotspots' use of unlicensed spectrum is sacrosanct, while failing to extend that same doctrine to venue owners, just reeks of entitlement. The attempt to put one group of unlicensed-spectrum users above another has no basis in law.
What does have basis in law is that, while on unlicensed spectrum, you can't willfully mess with other people's transmissions. Period, point blank, end of discussion. They were doing this. They violated the law. They got fined. This is not up for debate.
- On your property? Doesn't matter. Still illegal.
- They're using your SSID? Doesn't matter. Still illegal.
- You entered into a contract to block all other signals? Doesn't matter, you entered into a contract to do something expressly illegal.
- Too many radios will make the local spectrum unusable? Doesn't matter, the band is unlicensed. Still illegal.
We can talk all day about the should haves and the would haves, but the practical and legal facts of this case are quite clear.
> You entered into a contract to block all other signals? Doesn't matter, you entered into a contract to do something expressly illegal.
Incorrect. There are many things that are illegal without consent, but legal with it. Sex, for example. In this case, as soon as you enter into an appropriately worded contract, that de-auth packet stops being interference and starts being an agreed-to part of that contract. Therefore it's none of the FCC's business. It might be the subject of a civil suit, but that's a different matter.
That's why I've said repeatedly that Smart City's misdeed (and Marriott's before them) was not the mere sending of de-auth packets. Condemning de-auth packets is like condemning screwdrivers. The real problem is that they did not obtain consent for that use of the tool. They could have made that part of the convention registration, and they would have been OK (though they would almost certainly have faced an outcry). It's no different than a company forbidding the same thing within their corporate HQ building, which almost everybody here seems to believe is OK. I see a lot of people throwing words like "legitimate" and "illegitimate" around today, but nobody seems to have a realistic definition handy. I find it amazing that so many here want the government making technical distinctions for us, which they never do well, instead of relying on the simple notion of consent (or lack thereof) between parties.
>In this case, as soon as you enter into an appropriately worded contract, that de-auth packet stops being interference and starts being an agreed-to part of that contract.
Please point to the specific portion of case law or FCC law that shares this definition, because as far as I can tell, it doesn't exist.
I'm not sure why you insist on muddying what is a pretty clear law and also a pretty clear decision based on that law. The "permission" point you're stating has no basis in law.
You cannot willfully interfere with another user's lawful transmission on an unlicensed band.
It is that simple.
What they could do, and probably should have done, is post notices saying that unauthorized wifi is against the venue rules and will lead to ejection, and then go around with a laptop, find the people, and boot them out. That would have been perfectly okay and perfectly legal.
Your contract as a private party, with another private party, does not absolve either of you from your obligations under law. The FCC is a third party to this contract, and your 'sex' example is irrelevant (on many different levels).
So what is your solution, other than hoping the FCC will get the definitions right to allow the practices that are convenient for you and disallow those that are inconvenient - and not overreach into still more areas of communications, and not be generally corrupt, and so on? If rigorously applied, the precedent set here WOULD apply to corporate networks doing the same thing, with the FCC involved in deciding which rogue APs are or are not "legitimate" threats to security. Oh boy, they'll sure get that one right! As I said, consent is at least a clear and enforceable standard, plus it gets the FCC out of everyone's boardrooms and bedrooms.
> The attitude that hotspots' use of unlicensed spectrum is sacrosanct, while failing to extend that same doctrine to venue owners, just reeks of entitlement.
Then it's a good thing nobody here is expressing that attitude!
Everyone (venue owner, hotspot owner, mobile tethering user, etc) gets to use unlicensed spectrum as long as they follow the rules. One of the rules is no jamming / intentional interference. It's just not as complex as you seem to think.
Both groups are treated equally. Everyone is allowed to use the spectrum. No one is allowed to intentionally interfere with anyone's use of the unlicensed spectrum.
Who am I trying to put above someone else? I want the freedom to use the unlicensed spectrum, as I am -entitled- to do so, without some other party believing they can interfere with it.
If you think that my hotspot is interfering with their ability to do business/profit, well, I'm not sure where anyone is entitled to profit.
If only they could do the same thing for airports (e.g. LAX) where they don't explicitly block your signals, but they also don't allow any cell towers to be built in the area...
I'm convinced that LAPD has a few Stingrays set up at LAX - my phone shows full service but the connection is terrible and I always lose about 30% of my battery life between touch down and getting in a car.
Phone bars typically just measure signal strength. You can show full service but have a poor connection because there's a lot of noise or because the tower is overloaded.
most structures like that will have repeaters in the building for each vendor. they are common in many buildings which have site line issues to include basement level boosting
I've seen them tied to the side of existing buildings, and even masquerading as a tree :) Something I've noticed is that it seems the denser the population, the lower the towers are.
It's logical: the higher the antenna, the larger the area it has in its line of sight. If your base station is going to serve a large area, you want it as high as possible. If it's only for a small one, not so much.
At a large convention, would personal Wifi hotspots even work reasonably?
There are only 11 Wifi channels available in the US, and since the channels are considerably wider than the center frequency separation each overlaps with several adjacent channels--meaning that in a given area at most 3 wifi hotspots can operate before you start to get overlap.
Unless the power is kept very low, so that only devices very near you can see your hotspot, I'd expect performance to be terrible if more than a handful of people fire up their hotspots.
They should return the $750k directly to the people who they scammed out of $80 / day instead of to the FCC slush fund. I'm sure most/everyone paid with a credit card.
$80? SmartCity charged us over $1200 for three days of T1 Internet access because that was the only way we would be allowed to have Wifi for a demo we were doing in our booth in MInneapolis according to their rules.
Even after paying all that we were still blocked with deauth packets until we begged their network engineer to whitelist our MAC addresses.
The market would have adjusted and better devices that can circumvent their blocking would have become available.
Moreover, if Smart City chooses to block WiFi signal on their own private property, that is their business and not the FCC's. Of course they probably did this nefariously without the knowledge or consent of the private property owner.
What if the building is intentionally built as a Faraday Cage thus preventing an outside signal? This way the signal is passively blocked and they can still provide their wifi inside.
You can still bring the wifi antennas inside the venue and operate a wifi LAN.
The cage may block avenues for that LAN's access to the Internet, but in the worst case scenario, someone could operate a sneakernet bridge by shuttling large storage devices between the wifi LAN inside the doors and the WAN access point outside them. Latency would be terrible, but you could get the packets through eventually.
I think this would be a disaster for other reasons and EM bands. Doctors with Pagers. Parents who need to be informed of a sick kid at school, etc. You would be interfering with a public conveyance.
Many convention centers are, nonetheless, obviously built to ensure you won't get a signal inside the building and will have to pay for whatever overpriced service the convention center offers.
Even from a cynical-greed perspective, that seems catastrophically stupid. Businessfolks need to stay in touch. A convention center where cellphones don't work is a convention center that won't get a lot of repeat customers, and cellphones don't even offer the option of extorting your visitors to use your in-house service like wifi does.
Sure it does. Have your venue be a faraday cage so that outside cellular service doesn't work inside. Setup cellular service inside your building, and enter into high cost roaming agreements with the major carriers, at such a rate that the carriers pass it on to customers. Much like cell service on cruise ships.
Can you imagine the public outrage when people start finding $100 roaming charges on their cellphones because they stayed at a hotel? And the alternative is to notify all your potential customers that their phone costs more inside this building, before they actually give you any money. Your competitors would throw a party when they heard about it.
The reason why building to block cellular is important is that many conventions would otherwise bring in cellular modems to provide internet access. Without cellular signal, they have to pay the convention center for internet access.
(for phone service, people just have to give up and go outside)
People who care about this can upgrade their clients and APs to handle Management Frame Protection. Or they can complain to FCC and wait fourteen months.
"Why is the gov't punishing a successful business model?"
"The gov't should stay out of SmartCity's Freedom To Contract with the convention centers."
"If people don't like it, they can go outside the convention center, or not attend conferences at that convention center. No one is holding a gun to their head."
