FCC Takes on Hospitality Wi-Fi Management Again: More Sanctions, Unresolved Concerns
On Monday, November 2nd, the Federal Communications Commission (FCC) took more enforcement steps in its campaign against Wi-Fi blocking – the practice of blocking unauthorized Wi-Fi hotspots that let consumers share mobile data access with other devices, like laptops and tablets – in hotels and convention spaces. It released two Notices of Apparent Liability for Forfeiture (“NALF”) indicating that it will issue:
- a $718,000 fine in connection with Wi-Fi blocking at the Baltimore Convention Center; and
- a $25,000 fine against Hilton Hotels for a failure to cooperate in the FCC’s investigation of Wi-Fi blocking at Hilton properties around the world.
This comes on the heels of a $750,000 settlement with Smart City Holdings over its Wi-Fi blocking at multiple convention centers, and a late-2014 settlement of $600,000 with Marriott over similar conduct.
As we previously noted in this space, in the wake of the Marriott settlement, industry groups petitioned the Commission for a declaration or rulemaking clarifying the FCC’s stance toward certain sophisticated Wi-Fi management techniques, which can be valuable tools for protecting consumers on business premises, and for protecting the businesses themselves. The FCC aggressively rebuffed the petition, issuing multiple statements on January 27 to the effect that the FCC does not countenance Wi-Fi blocking, period. The industry groups, faced with a near-certain public flogging, withdrew their petition. They had little choice, but the move meant that important and complex questions regarding Wi-Fi network management on hotel and other business premises would remain unanswered.
In the course of withdrawing the petition, the American Hotel & Lodging Association (“AH&LA”) highlighted the legitimate security concerns associated with unchecked hotspot use in a physical space crowded with Wi-Fi users, telling the FCC:
Broad access to Wi-Fi is among the capabilities that Petitioners' guests demand. They also demand access to a safe and secure system in order to protect private information from criminals seeking to exploit consumers. . . . Of particular concern to the hospitality industry is the ability of a hotel to protect the security of its network and guests by using wireless intrusion detection and prevention systems that are part of WLAN equipment authorized by the FCC. These systems are employed by numerous WLAN operators across multiple industries, including the federal government.
Monday’s enforcement actions appear to signal again the FCC’s blunt rejection of the industry group’s concerns.
Commissioners O’Rielly and Pai dissented from the Baltimore Convention Center NALF, echoing the industry’s unease over the FCC’s aggressive enforcement absent clear rules. Both Commissioners questioned whether the current state of the law even allows the FCC to prohibit the type of sophisticated Wi-Fi management at issue, noting that the Commission’s interpretation of the law could lead to absurd results, including that every intentional use of Wi-Fi equipment in a public space could invite sanctions. Both bemoaned the Commission’s failure to take up the industry’s request for legally binding guidance over what is and is not allowed, instead of “trying to set important and complex regulatory policy by enforcement adjudication.” Ultimately, Commissioner Pai called the decision “the latest evidence that the FCC’s enforcement process has gone off the rails,” accusing the Commission of “yet again focus[ing] on attention-grabbing fines”; Commissioner O’Rielly called the move “backward and not the best course of action”; and both declined to join in the decision.
At the time of the industry groups’ withdrawal of their petition, we noted that the FCC appears set on aggressively moving against Wi-Fi blocking without answering crucial questions about which available network management techniques are FCC-approved. This state of affairs is increasingly common in issues of cybersecurity, where slow-moving regulators meet fast-developing technology. The FCC has made it clear that it will look with a jaundiced eye on practices that fail to meet its expectations; what exactly those expectations are appears destined to be developed piecemeal, one enforcement action at a time.
Disclaimer: This post does not offer specific legal advice, nor does it create an attorney-client relationship. You should not reach any legal conclusions based on the information contained in this post without first seeking the advice of counsel.
About the Authors
Abraham J. Rein is a Principal in the Firm's Internal Investigations & White Collar Defense Group, Co-Chair of its Information Privacy & Security Group, and a member of the Firm's Diversity and Inclusion Committee. He focuses particularly on the intersection of technology and the law, advising clients on legal aspects of data security, social media compliance, electronic discovery, the application of certain constitutional rights in a digital era, and related topics.
Charles W. Spitz is Co-Chair of the Firm's Hospitality & Retail Practice Group. He focuses his practice on representing members of the hospitality industry in a variety of legal disputes in both state and federal court. His clients include local and national food & hospitality companies, including hotel chains, management groups, and restaurants, as well as a variety of retail companies.