By now, most everyone in the WiFi industry has seen the news about the Federal Communications Commission fining electrical contractor M.C. Dean and Hilton Hotels for purposefully disrupting the use of personal WiFi hotspots. This week's fines continue the agency's crackdown on WiFi providers it says are using 802.11 deauthentication frames to force users onto expensive WiFi networks and block the use of MiFi alternatives. The rules are now clear, right? Sadly, they are anything but, and a story of governmental dysfunction is only getting worse.
On balance, I have great respect for the FCC’s mission and an appreciation for the technical complexities that the agency tries to keep in order. As a long time amateur radio operator (Extra Class) and WLAN architect, I see the results of well-regulated spectrum and end-user privileges in many RF-dependent applications. The FCC usually leaves little wiggle room for misinterpretation of its rules, and American society has benefitted greatly from that since the agency’s founding in 1934. But on the topic of personal WiFi hotspots, this usually great agency is bungling it horribly and losing credibility in the process.
Yet I’m finding that if you find fault with the FCC’s enforcement actions, general non-techies accuse you of wanting to jam everyone in order to control the airwaves, which in my case is the farthest from the truth. My WiFi management system has the same tools that the hotels are getting in trouble for using, but I have them disabled as they are trouble waiting to happen in light of the FCC's actions.
Here's the problem: While the FCC could not be any clearer about the use of jammers -- in all cases, selling or using them is illegal -- its enforcement actions lump in the use of WiFi deauthentication frames against MiFi devices as “jamming.” This is where those of us who do WLAN for a living and respect the rule of law get really uncomfortable. WiFi deauthentication capabilities have long been readily available in many commercial WLAN management products, including Cisco's (see screenshot below). Yet the FCC isn't going after the vendors for providing jammers in the form of deauthentication capabilities, only those who use them.
(Image: Cisco WLAN controller built-in containment utilities.)
Advisories like this spell out the agency’s position: "No hotel, convention center, or other commercial establishment or the network operator providing services at such establishments may intentionally block or disrupt personal Wi-Fi hot spots on such premises, including as part of an effort to force consumers to purchase access to the property owner’s Wi-Fi network."
Instead of keeping it simple by saying “no one can ever use deauthentication frames to block MiFi,” the FCC is harping on hotels and convention centers. Lots of folks are guessing that the FCC means that no one can use deauthentication tools under any circumstance, but that is not what the FCC is actually saying through its enforcement actions.
So we have tools that might be legal, or might not be, being sold. We have a strict edict on where you specifically can’t use deauthentication mechanisms, but no guidance on where you can. We have an agency known for its leadership choosing not to lead by dismissing petitions asking for clarity on this whole mess. And we have two out the five FCC commissioners publicly criticizing the legality of the enforcement actions while lamenting about the absolute murkiness of the whole situation.
As a WLAN admin, I just want to know if the tools I have are legal, and what constitutes legal use. If they are not legal, I would expect the FCC to compel WLAN vendors to update their code to remove the tools. As an American taxpayer (and former government official myself who has seen the fallout from poorly crafted and executed laws), I expect something more concrete than fat fines, sensational headlines, and a cloud of confused paranoia to substitute as law.