Some Regulatory Shorts

FCC_New_LogoAs to be expected our regulators stay busy regulating. Not all of their decisions have widespread impact, but it’s always worth keeping an eye on what’s going on.

WiFi Blocking: The FCC continues to come down on hard on those in the hospitality industry that would stop people from using their own hot spots in or near hotels or other gathering places. You might recall, last year the FCC fined Marriott for blocking access to guests using their cellphones for WiFi. Marriott is one of those chains that charges extra for WiFi and so they were operating jammers that interfered with the ability of a smart phone to act as a hotspot.

The FCC continued with that theme and recently fined M.C. Dean $718,000 for blocking WiFi at the Baltimore Convention Center. They also fined Hilton Worldwide $25,000 for “apparent obstruction of an investigation” in the case. In August the FCC fined Smart City Holdings $750,000 for using technology at 28 convention centers that blocked cellphone and wireless routers from acting as hotspots.

As somebody who travels and who generally finds hotel WiFi to be inadequate, this is a welcome move. But it’s even more so for groups that rent space in a convention center. Some of those locations charge 6 digits for use of a convention center’s WiFi system, and the FCC is telling the hospitality industry that it is never okay to block WiFi.

Do Not Track Requests: The FCC voted earlier this month to not require web sites to honor Do Not Track requests. The group Consumer Watchdog had petitioned the FCC asking them to force companies to honor such requests. Today web sites can voluntarily honor privacy requests, but only a handful of large web sites do so. The group had hoped that since the FCC had elected to regulate privacy practices for ISPs as part of the net neutrality rules that they might carry this forward to the web.

But the FCC declined to make such a ruling. They said that they are not in the business of regulating ‘edge providers’, meaning the companies that offer web content. I keep an eye on privacy and use web sites that don’t track people whenever I can like the Duck Duck Go search engine. But I am leery about the FCC getting into the business of regulating the behavior of web service providers. When you look at some of the consequences of such actions it’s not necessarily good for anybody. Even in England, which we always assume is a lot like us, the government has proscribed a large list of web content that is off limits unless people opt into them. I personally am glad the FCC doesn’t want to cross that line. I think back to all of the wasted effort they spent on the ‘seven dirty words’ on TV and radio and don’t think we need a repeat of that.

The FCC and Privacy. In what seems like an extreme order, the FCC just fined Cox Communications $595,000 for a security breach that exposed the records of 61 customers. That’s almost $10,000 per customer.

This is the first such privacy ruling by the FCC since this was always under the purview of the Federal Trade Commission until the FCC asserted primary responsibility for regulating ISPs as common carriers. I find the order to be puzzling. The breach was apparently due to a hacker. Cox self-reported the breach and said that they had processes in place that found the breach quickly and that limited it from happening to a larger number of customers. To me that sounds like what companies are supposed to do and I’m not sure that any company these days can be completed immune from hackers. I know we won’t know the details of exactly what Cox did wrong, but it doesn’t feel like this is a case where the punishment fits the crime.

One only has compare this to the way that the very massive data breaches have been handled for companies like Target, J.P. Morgan Chase and a number of other banks, and even from several branches of the federal government. None of them got significant fines and the general thinking is that the market itself provides a lot of punishment in lost business and in the cost of dealing with the data breach. The size of the FCC fine seems out of line, and because of that every ISP ought to be reviewing the way you store and protect customer data. You can’t afford not to, and perhaps that is the message the FCC was making.

 

WiFi Blocking

Wi-FiThe FCC recently ruled against Marriott for blocking customers’ access to WiFi generated by the cellphones. Guests who tried to use their own WiFi were deauthenticated so that the only WiFi option available was to use the one sold by the hotel, for a hefty daily fee. The Marriott Wifi engineers testified that they had done this to protect against interference to their own WiFi networks for paying customers. But the FCC ruled against Marriott and told them to stop blocking customers.

My gut feeling is that Marriott was doing this for the money, because they must have gotten a ton of customer complaints and it’s hard to think that they continued to back their IT engineers over the public. But as the FCC ruling made clear, it didn’t really matter why Marriott did it. There is no valid reason to block WiFi.

What Marriott failed to realize is that WiFi is truly a public spectrum. And while it is open to everybody, it also comes with some rules about how the public is allowed to use it. The FCC spectrum rules are clear on this, but I suspect that even many industry people have never read them. Certainly the manufacturers of WiFi devices don’t educate their customers very much about the obligations of using the spectrum.

The following portions of the FCC rules, although written in tech-speak, sum up the WiFi obligations:

§15.5   General conditions of operation.

(a) Persons operating intentional or unintentional radiators shall not be deemed to have any vested or recognizable right to continued use of any given frequency by virtue of prior registration or certification of equipment, or, for power line carrier systems, on the basis of prior notification of use pursuant to §90.35(g) of this chapter.

(b) Operation of an intentional, unintentional, or incidental radiator is subject to the conditions that no harmful interference is caused and that interference must be accepted that may be caused by the operation of an authorized radio station, by another intentional or unintentional radiator, by industrial, scientific and medical (ISM) equipment, or by an incidental radiator.

What these rules mean are that nobody has any more right to use the WiFi than anybody else. It does not matter if you are the first one using the spectrum in an area – everybody else has the right to use the spectrum in that same area as well. Further, you are allowed to use spectrum as long as you don’t harm other users, with the caveat that lawful interference must be accepted. With most licensed spectrum bands no interference is allowed. But WiFi, by its very definition as a public spectrum, can have mountains of interference and still be operating within the law. So when the rules say that you can’t cause harmful interference, this is interpreted for WiFi to mean that you can’t somehow stop others from using the spectrum – but that normal interference with WiFi is perfectly lawful and expected.

The Marriott engineers also tried to argue that deauthentication is not the same thing as interference. The system they were using repeatedly sent out signals that stopped WiFi users from staying connected to their cellular WiFi networks. Marriott says they weren’t blocking the spectrum, just the use of the spectrum, a very fine distinction that the FCC also didn’t buy.

And so the Marriott engineers were wrong about a few very basic rules of spectrum usage. They had no more right to the WiFi spectrum inside the hotel than any of their customers. And it doesn’t matter if customer use of WiFi from cellphones interferes with Marriott WiFi, since the cellphone WiFi is lawful and the interference is legally acceptable.

This is a caution to anybody who wants to use WiFi in a commercial application. Whether you are a wireless ISP (WISP), a hospital, an airport, or a coffee shop, you have no more right to the spectrum than anybody else. Again, this is something that the makers of WiFi equipment don’t tell their customers, or at least not outside of the very small print. If you really need interferences free transmissions, you ought to be looking for a different spectrum to use. There are absolutely no guarantees with WiFi, regardless of what the claims of the vendor who sold you your gear.

There have been several attempts over the years to build large public outdoor WiFi networks. Almost by definition these networks are going to fail, or at least perform incredibly poorly in some places. Such networks have to compete against every home router, public hotspot and other uses of the spectrum in the same area. Further, like cellular networks, WiFi networks can become overloaded with too many simultaneous users.

Some of us are old enough to remember the days when the 900 MHz spectrum got overloaded. This is are also free public spectrum and it was originally used for everything from cordless phones to garage door openers. It got so overloaded that eventually you couldn’t hold a 900 MHz phone connection long enough to finish a call. Because it seems like everybody has a plan to use WiFi that the day might come whenthis spectrum will also get overloaded in some places. And the only real solution for this will be for the FCC to provide more public spectrum. Because WiFi interference is lawful and expected, as much as users might hate it.