Marriott has agreed to pay $600,000 in fines after the Federal Communications Commission discovered the hotel chain had been blocking their customers' personal Wi-Fi network access.
The FCC started investigating Marriott's practice of blocking personal Wi-Fi hotspots after an event in Nashville last year, CNN reports. In that same incident, the hotel chain had been charging exhibitors and other guests fees of up to $1,000 per device to be able to gain access to their own internet network.
An official press release from the FCC stated the hotel company "will pay $600,000 to resolve a Federal Communications Commission investigation into whether Marriott intentionally interfered with and disabled Wi-Fi networks established by consumers in the conference facilities of the Gaylord Opryland Hotel and Convention Center in Nashville, Tennessee, in violation of Section 333 of the Communications Act."
"Marriott employees had used containment features of a Wi-Fi monitoring system at the Gaylord Opryland to prevent individuals from connecting to the Internet via their own personal Wi-Fi networks, while at the same time charging consumers, small businesses, and exhibitors as much as $1,000 per device to access Marriott's Wi-Fi network," the FCC document continued.
Glenn Fleishman writes in a BoingBoing article that the scam involved Marriott employees using a technique known as "deauthentication", which essentially works by pushing legitimate users off their internet access points and instead connect them to "look-alike Wi-Fi networks that are hives of villainy."
"There is no authentication of deauth, ironically enough, although the kind of intrusion-detection and -mitigation hardware and software used by companies like Marriott can detect these attacks," adds Fleishman.
Under the terms of the FCC's consent decree, the hotel chain "must cease the unlawful use of Wi-Fi blocking technology and take significant steps to improve how it monitors and uses its Wi-Fi technology at the Gaylord Opryland."
Furthermore, the hotel chain must "institute a compliance plan and file compliance and usage reports with the Bureau every three months for three years, including information documenting any use of access point containment features at any U.S. property that Marriott manages or owns," according to the press release.