Enforcement Bureau stretches meaning of “cause interference to” in order to reach the right result.

The Enforcement Bureau has struck a blow for those who prefer to use smartphones to set up their own personal mobile hotspots when they’re on the go – thereby avoiding the pricey wireless Internet access offered by various places, like hotels. In an Order and related Consent Decree, the Bureau has spanked the Marriott Corporation with a $600,000 “civil penalty” for using “containment capability” to prevent guests at the Gaylord Opryland (run by Marriott) from by-passing the hotel’s Wi-Fi system in favor of their own DIY hotspots.

To get to that result, though, the Bureau had to stretch the conventional definition of “interference to radio communications”.

It is, of course, well-known that many smartphone users can use their handsets as mobile hotspots to connect their laptops, tablets, and other Wi-Fi enabled devices to the Internet. When, as occasionally happens, that doesn’t work, users usually chalk it up to network congestion, or to the data network management practices (read – throttling) of their wireless carriers.

Turns out there may be other forces conspiring against the mobile hotspot user.

This came to light when an attendee of a function at the Gaylord Opryland found that he was inexplicably prevented from connecting to his personal access point, leaving him only one other Wi-Fi option: the Internet services provided on-site by Marriott, available at the whopping cost of $250 to $1,000 per wireless access point. Rather than shrugging this off and waiting until after the conference to get back online (or simply paying the freight and claiming it as a standard business expense), the individual filed a complaint with the FCC. The allegation: Marriott was using wireless technology to prevent guests from using their Wi-Fi mobile hotspots, forcing exhibitors or customers to use Marriott’s expensive Internet services rather than their own mobile connections for free.

The Bureau investigated and, wouldn’t you know, the allegation was true: Marriott had deployed a Wi-Fi monitoring system with a “containment capability”. When activated, the system could identify Wi-Fi access points that were not part of Marriott’s own Wi-Fi system (or otherwise authorized by Marriott). Such non-Marriott access points were dubbed “rogues”. When rogues were detected, the system sent “de-authorization” packets to the unauthorized access points, booting those users off their free connections and, presumably, forcing them to pony up for Marriott’s paid Internet access. 

In the Bureau’s view, this practice violated Section 333 of the Act, which provides that “No person shall willfully or maliciously interfere with or cause interference to any radio communications of any station licensed or authorized by or under this Act or operated by the United States Government”. While Marriott admitted that it had installed and operated the “containment capability” system, it stopped short of admitting that it had violated Section 333. Nevertheless, to put the whole affair behind it, Marriott agreed to pay the Feds $600,000 – and promised that it wouldn’t do it again and that it would adopt and implement a compliance plan.

(Historically, in consent decrees the required cash payment has usually been characterized as a “voluntary contribution”, in keeping with the fact that consent decrees are in the nature of a settlement in which the alleged wrong-doer is allowed to get off the hook without admitting that it in fact violated any rules. Recently, however, the Enforcement Bureau has declined to use the felicitous “voluntary contribution” language. Here, for example, the section of the consent decree imposing the payment obligation is titled “Civil Penalty”, even though that term does not appear elsewhere in the section. Word is that, in the Bureau’s view, this approach will prevent the payment/penalty from being deducted as a routine business expense in the payor’s tax return.)

While most of us (at least those of us not affiliated with Marriott) can probably agree that the Bureau reached the right result here, in order to get to that result the Bureau took a potentially ground-breaking approach.

As noted above, Section 333 of the Act – the section Marriott is accused of violating – prohibits “interference to any radio communications”. Normally, we think of “interference” as involving the transmission of a signal that prevents intelligible reception of some other authorized signal. Cell phone jamming is a classic example.

But in this case, Marriott arguably did not do that. While the facts described in the Consent Decree are less than detailed, it appears that Marriott’s system did not involve the transmission of radio signals that “interfered” with any other radio signals in the traditional sense. Rather, upon detection of a so-called “rogue” Wi-Fi access point, Marriott’s system simply sent out a signal that kicked the device off the network. That is more akin to hacking, i.e., sending undesirable messages rather than garbling desired content.

The Bureau’s seemingly new-found approach to Section 333 has implications in other contexts as well. We have previously blogged about the FCC’s NPRM to reduce the use of contraband cell phones in correctional institutions. There, the FCC proposed to allow prisons to prevent inmates from using cell phones through the use of “managed access systems” (MAS). These systems avoid running afoul of Section 333, and are different than traditional “jammers”, because they do not broadcast a signal that interfere with cell phone signals. If MAS don’t run afoul of Section 333 problem, it would seem that Marriott’s Wi-Fi de-authentication system arguably shouldn’t either.

Presumably, the Commission will have to address this conundrum eventually. For now, however, road warriors may wish to keep a copy of the Marriott Consent Decree handy to show hotel (or other venue) operators who may be using similar “containment capabilities” to discourage Wi-Fi access for which those operators cannot exact exorbitant charges.

(Note: Action under the Computer Fraud and Abuse Act (CFAA) for the hacking of mobile hotspots may have been a more appropriate enforcement vehicle than Section 333. However, since the CFAA is outside the FCC’s purview, the Enforcement Bureau couldn’t rely on it, and it had to make do with the regulatory options available to it.)