----- Original Message -----
From: "Chris Marget" <chris@marget.com>
You [I] said:
It is OK for an enterprise wifi system to make this sort of attack *on rogue APs which are trying to pretend to be part of it (same ESSID).
I'm curious to hear how you'd rationalize containing a copycat AP under the current rules.
In fact, I remain fuzzy on when spoofed de-auth frames would *ever* be okay when used against unwilling clients within the FCC's jurisdiction given their position that spoofed control frames constitute interference under part 15 rules.
This thread and similar discussions elsewhere contain assertions that enterprise networks "need to defend themselves" in some circumstances, or that "containing" an AP with a copycat SSID would certainly be okay.
I'm not so sure.
The "need to manage our RF space" arguments ring hollow to me. I certainly understand why someone would *want* to manage the spectrum, but that's just not anyone's privilege when using ISM bands. If the need is great enough, get some licensed spectrum and manage that.
I wasn't making that argument. I was making the "if someone tries to pretend to be part of my network, so that my users will inadvertantly attach to them and possibly leak 'classified' data, *then that rogue user is making a 1030 attack on my network*.
A copycat AP is unquestionably hostile, and likely interfering with users, but I'm unconvinced that the hostility triggers a privilege to attack it under part 15 rules. In addition to not being allowed to interfere, we also have:
You're not attacking it, per se; you are defensively disconnecting from it *users who are part of your own network*; these are endpoints *you are administratively allowed to exert control over*, from my viewpoint.
2. This device must accept any interference received, including interference that may cause undesired operation.
Certificate-based authentication would solve that problem anyway, wouldn't it?
Probably. And yes, any system big enough to do this stuff is likely big enough to run 1x as well.
A "rogue" AP plugged into a wired port is best solved at the wired port,
I'm not sure anyone was actually mooting this.
Even large private campuses like oil refineries probably wouldn't be in the clear doing this sort of thing unless they're able to stop law enforcement, delivery drivers, paramedics and firefighters at the gate in order to get them to agree to receive spoofed de-auth frames.
Again: you've shifted topics here from "enterprise rogue protection" (stay off *my* ESSID) to "Marriott Attack" (stay off all ESSIDs that *aren't* mine); different thing entirely. I make a clear distinction (now that it's not 3am :-) between what Marriott is doing, and what enterprises doing rogue protection are doing, as noted above. Still not a lawyer. Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
On Sat, Oct 4, 2014 at 2:47 PM, Jay Ashworth <jra@baylink.com> wrote:
----- Original Message -----
From: "Chris Marget" <chris@marget.com>
You [I] said:
It is OK for an enterprise wifi system to make this sort of attack *on rogue APs which are trying to pretend to be part of it (same
ESSID).
I'm curious to hear how you'd rationalize containing a copycat AP under the current rules.
<snip>
The "need to manage our RF space" arguments ring hollow to me. I certainly understand why someone would *want* to manage the spectrum, but that's just not anyone's privilege when using ISM bands. If the need is great enough, get some licensed spectrum and manage that.
I wasn't making that argument.
Yes, sorry. I presented two arguments. Only the one about copycat SSIDs is yours.
I was making the "if someone tries to pretend to be part of my network, so that my users will inadvertantly attach to them and possibly leak 'classified' data, *then that rogue user is making a 1030 attack on my network*.
A copycat AP is unquestionably hostile, and likely interfering with users, but I'm unconvinced that the hostility triggers a privilege to attack it under part 15 rules. In addition to not being allowed to interfere, we also have:
You're not attacking it, per se; you are defensively disconnecting from it *users who are part of your own network*; these are endpoints *you are administratively allowed to exert control over*, from my viewpoint.
Okay, so we're not talking about wholesale containment of the copycat AP, but rather management of our own client devices which, by definition, we can't interfere with. Because they're ours. That approach sounds perfectly reasonable. I wonder, absent certificates, how one can be certain about the identity of the client, and if such a narrowly scoped containment mechanism is actually implemented by the various checkboxes available to enterprise wifi administrators.
I make a clear distinction (now that it's not 3am :-) between what Marriott is doing, and what enterprises doing rogue protection are doing, as noted above.
Is it clear exactly what "enterprises going rogue protection" are up to? I've asked several, gotten wildly different answers. Keeping "my clients" off "copycat APs" sounds reasonable. More aggressive action might not be. Thanks.
On 10/04/2014 11:47 AM, Jay Ashworth wrote:
A copycat AP is unquestionably hostile, and likely interfering with users, but I'm unconvinced that the hostility triggers a privilege to attack it under part 15 rules. In addition to not being allowed to interfere, we also have: You're not attacking it, per se; you are defensively disconnecting from it *users who are part of your own network*; these are endpoints *you are administratively allowed to exert control over*, from my viewpoint.
The problem is that there's really no such thing as a "copycat" if the client doesn't have the means of authenticating the destination. If that's really the requirement, people should start bitching to ieee to get destination auth on ap's instead of blatantly asserting that somebody owns a particular ssid because, well, because. Mike
On Sat, 4 Oct 2014, Michael Thomas wrote:
The problem is that there's really no such thing as a "copycat" if the client doesn't have the means of authenticating the destination. If that's really the requirement, people should start bitching to ieee to get destination auth on ap's instead of blatantly asserting that somebody owns a particular ssid because, well, because.
In the enterprise environment that there's been some insistence from folks on this list is a legitimate place to block "rogue" APs, what makes those SSIDs, "yours"? Just because they were used first by the enterprise? That doesn't seem to hold water in an unlicensed environment to me at all. If the Marriott can't do this, I don't think anyone can, legally. Now, granted, if I'm doing it with the intent to disrupt the corporate network or steal data, there's certainly other laws to deal with that, but I don't think even that is justification for spoofed deauth. -- Brandon Ross Yahoo & AIM: BrandonNRoss +1-404-635-6667 ICQ: 2269442 Skype: brandonross Schedule a meeting: http://www.doodle.com/bross
On Oct 4, 2014, at 12:39 , Brandon Ross <bross@pobox.com> wrote:
On Sat, 4 Oct 2014, Michael Thomas wrote:
The problem is that there's really no such thing as a "copycat" if the client doesn't have the means of authenticating the destination. If that's really the requirement, people should start bitching to ieee to get destination auth on ap's instead of blatantly asserting that somebody owns a particular ssid because, well, because.
In the enterprise environment that there's been some insistence from folks on this list is a legitimate place to block "rogue" APs, what makes those SSIDs, "yours"? Just because they were used first by the enterprise? That doesn't seem to hold water in an unlicensed environment to me at all.
Pretty much... Here's why... If you are using an SSID in an area, anyone else using the same SSID later is causing harmful interference to your network. It's a first-come-first-serve situation. Just like amateur radio spectrum... If you're using a frequency to carry on a conversation with someone, other hams have an obligation not to interfere with your conversation (except in an emergency). It's a bit more complicated there, because you're obliged to reasonably accommodate others wishing to use the frequency, but in the case of SSIDs, there's no such requirement. Now, if I start using SSID XYZ in building 1 and someone else is using it in building 3 and the two coverage zones don't overlap, I'm not entitled to extend my XYZ SSID into building 3 when I rent space there, because someone else is using it in that location first. I can only extend my XYZ coverage zone so far as there are no competing XYZ SSIDs in the locations I'm expanding in to.
If the Marriott can't do this, I don't think anyone can, legally.
If I set up something on an SSID Marriott is already using, then my bad and they have the right to take appropriate defensive action to protect their network. If I stand up a new network using an SSID Marriott isn't already using, then they have no right to cause harmful interference to that network. Sharing the same channels using different SSIDs, while it may degrade performance (of both networks) isn't technically what I would call "harmful interference", nor is it considered such by the FCC. That's just a matter of sharing the spectrum as intended in the products certified for that service.
Now, granted, if I'm doing it with the intent to disrupt the corporate network or steal data, there's certainly other laws to deal with that, but I don't think even that is justification for spoofed deauth.
Depends on whether you were the first one using the SSID in a particular location or not. Sure, this can get ambiguous and difficult to prove, but the reality is that most cases are pretty clear cut and it's usually not hard to tell who is the interloper on a given SSID. Owen
On 10/04/2014 01:33 PM, Owen DeLong wrote:
On Oct 4, 2014, at 12:39 , Brandon Ross <bross@pobox.com> wrote:
On Sat, 4 Oct 2014, Michael Thomas wrote:
The problem is that there's really no such thing as a "copycat" if the client doesn't have the means of authenticating the destination. If that's really the requirement, people should start bitching to ieee to get destination auth on ap's instead of blatantly asserting that somebody owns a particular ssid because, well, because. In the enterprise environment that there's been some insistence from folks on this list is a legitimate place to block "rogue" APs, what makes those SSIDs, "yours"? Just because they were used first by the enterprise? That doesn't seem to hold water in an unlicensed environment to me at all. Pretty much... Here's why...
If you are using an SSID in an area, anyone else using the same SSID later is causing harmful interference to your network. It's a first-come-first-serve situation. Just like amateur radio spectrum... If you're using a frequency to carry on a conversation with someone, other hams have an obligation not to interfere with your conversation (except in an emergency). It's a bit more complicated there, because you're obliged to reasonably accommodate others wishing to use the frequency, but in the case of SSIDs, there's no such requirement.
Now, if I start using SSID XYZ in building 1 and someone else is using it in building 3 and the two coverage zones don't overlap, I'm not entitled to extend my XYZ SSID into building 3 when I rent space there, because someone else is using it in that location first.
I can only extend my XYZ coverage zone so far as there are no competing XYZ SSIDs in the locations I'm expanding in to.
If the Marriott can't do this, I don't think anyone can, legally. If I set up something on an SSID Marriott is already using, then my bad and they have the right to take appropriate defensive action to protect their network.
No. Seriously, no. Biggest come, biggest serve doesn't do a damn bit of good dealing with the actual problem which is one of authentication. Think of this with the big I internet without TLS. What you're asking for is complete chaos. Stomping on other AP is an arms race in which nobody wins. If I want to guarantee that I only connect to $MEGACORP AP's, I should be using strong authentication, not AP neutron bombs to clear the battlefield. Mike
Very true. I wasn't talking about ideal solutions. I was talking about current state of FCC regulations. Further, you seem to assume a level of control over client behavior that is rare in my experience. Owen
On Oct 4, 2014, at 13:44, Michael Thomas <mike@mtcc.com> wrote:
On 10/04/2014 01:33 PM, Owen DeLong wrote:
On Oct 4, 2014, at 12:39 , Brandon Ross <bross@pobox.com> wrote:
On Sat, 4 Oct 2014, Michael Thomas wrote:
The problem is that there's really no such thing as a "copycat" if the client doesn't have the means of authenticating the destination. If that's really the requirement, people should start bitching to ieee to get destination auth on ap's instead of blatantly asserting that somebody owns a particular ssid because, well, because. In the enterprise environment that there's been some insistence from folks on this list is a legitimate place to block "rogue" APs, what makes those SSIDs, "yours"? Just because they were used first by the enterprise? That doesn't seem to hold water in an unlicensed environment to me at all. Pretty much... Here's why...
If you are using an SSID in an area, anyone else using the same SSID later is causing harmful interference to your network. It's a first-come-first-serve situation. Just like amateur radio spectrum... If you're using a frequency to carry on a conversation with someone, other hams have an obligation not to interfere with your conversation (except in an emergency). It's a bit more complicated there, because you're obliged to reasonably accommodate others wishing to use the frequency, but in the case of SSIDs, there's no such requirement.
Now, if I start using SSID XYZ in building 1 and someone else is using it in building 3 and the two coverage zones don't overlap, I'm not entitled to extend my XYZ SSID into building 3 when I rent space there, because someone else is using it in that location first.
I can only extend my XYZ coverage zone so far as there are no competing XYZ SSIDs in the locations I'm expanding in to.
If the Marriott can't do this, I don't think anyone can, legally. If I set up something on an SSID Marriott is already using, then my bad and they have the right to take appropriate defensive action to protect their network.
No. Seriously, no. Biggest come, biggest serve doesn't do a damn bit of good dealing with the actual problem which is one of authentication. Think of this with the big I internet without TLS. What you're asking for is complete chaos.
Stomping on other AP is an arms race in which nobody wins. If I want to guarantee that I only connect to $MEGACORP AP's, I should be using strong authentication, not AP neutron bombs to clear the battlefield.
Mike
On 10/04/2014 11:13 PM, Owen DeLong wrote:
Very true. I wasn't talking about ideal solutions. I was talking about current state of FCC regulations.
Further, you seem to assume a level of control over client behavior that is rare in my experience.
Owen
I this particular case, I think that enterprise could go a very long way to driving a solution through standards and deployment. They, after all, call the shots of who does and who doesn't get over the corpro-drawbridge. A much different state of affairs than the typical unwashed masses dilemma. Assuming that there's the perception that this is a big enough problem, of course. Mike
On Oct 4, 2014, at 11:23 PM, Michael Thomas <mike@mtcc.com> wrote:
On 10/04/2014 11:13 PM, Owen DeLong wrote:
Very true. I wasn't talking about ideal solutions. I was talking about current state of FCC regulations.
Further, you seem to assume a level of control over client behavior that is rare in my experience.
Owen
I this particular case, I think that enterprise could go a very long way to driving a solution through standards and deployment. They, after all, call the shots of who does and who doesn't get over the corpro-drawbridge. A much different state of affairs than the typical unwashed masses dilemma.
Not sure what you mean by corpro-drawbridge in this context. Some corporations exercise extreme control over their clients. They are the exception, not the rule. The vast majority of corporate environments have to face the realities of BYOD and minimal control over client configuration, software load, etc.
Assuming that there's the perception that this is a big enough problem, of course.
Not sure. The issue you seem to be talking about seems somewhat orthogonal to the original topic of the thread, so I”m not sure going too deep into it in this forum is appropriate. Owen
On 10/06/2014 07:37 AM, Owen DeLong wrote:
On Oct 4, 2014, at 11:23 PM, Michael Thomas <mike@mtcc.com> wrote:
On 10/04/2014 11:13 PM, Owen DeLong wrote:
Very true. I wasn't talking about ideal solutions. I was talking about current state of FCC regulations.
Further, you seem to assume a level of control over client behavior that is rare in my experience.
Owen
I this particular case, I think that enterprise could go a very long way to driving a solution through standards and deployment. They, after all, call the shots of who does and who doesn't get over the corpro-drawbridge. A much different state of affairs than the typical unwashed masses dilemma. Not sure what you mean by corpro-drawbridge in this context.
Some corporations exercise extreme control over their clients. They are the exception, not the rule.
The vast majority of corporate environments have to face the realities of BYOD and minimal control over client configuration, software load, etc.
It means that they can exercise control of what they allow on their corporate network, byod or not. Nobody would allow a WEP-only wireless device on their network these days, so it's not hard to imagine that if a standard for authenticating AP's became available and enterprises went to the effort to upgrade their AP kit, they could reasonably say "use a client that supports this, or you must vpn in". That's a much better outcome than quibbling about squatter's rights, blah blah blah. Mike
On Oct 6, 2014, at 8:06 AM, Michael Thomas <mike@mtcc.com> wrote:
On 10/06/2014 07:37 AM, Owen DeLong wrote:
On Oct 4, 2014, at 11:23 PM, Michael Thomas <mike@mtcc.com> wrote:
On 10/04/2014 11:13 PM, Owen DeLong wrote:
Very true. I wasn't talking about ideal solutions. I was talking about current state of FCC regulations.
Further, you seem to assume a level of control over client behavior that is rare in my experience.
Owen
I this particular case, I think that enterprise could go a very long way to driving a solution through standards and deployment. They, after all, call the shots of who does and who doesn't get over the corpro-drawbridge. A much different state of affairs than the typical unwashed masses dilemma. Not sure what you mean by corpro-drawbridge in this context.
Some corporations exercise extreme control over their clients. They are the exception, not the rule.
The vast majority of corporate environments have to face the realities of BYOD and minimal control over client configuration, software load, etc.
It means that they can exercise control of what they allow on their corporate network, byod or not. Nobody would allow a WEP-only wireless device on their network these days, so it's not hard to imagine that if a standard for authenticating AP's became available and enterprises went to the effort to upgrade their AP kit, they could reasonably say "use a client that supports this, or you must vpn in”.
I think most environments already support this to some extent in terms of the APs participating in the controller framework and 802.1x authentication. However, that doesn’t cover the guy that brings a linksys in and plugs it into his wired port. I think the only solution for those is detection followed by blocking the wired port until resolution. Most companies I have worked with that took the time to think this through simply made it an instant firing offense for anyone to plug in an unauthorized WAP to the corporate wired network, problem solved.
That's a much better outcome than quibbling about squatter's rights, blah blah blah.
To the extent that such is a feasible solution, I think it was long since done. That’s got nothing to do with what this discussion was about, however, you’ve warped it into a completely different problem space. Owen
On 10/06/2014 10:12 AM, Owen DeLong wrote:
On Oct 6, 2014, at 8:06 AM, Michael Thomas <mike@mtcc.com> wrote:
On 10/06/2014 07:37 AM, Owen DeLong wrote:
On Oct 4, 2014, at 11:23 PM, Michael Thomas <mike@mtcc.com> wrote:
On 10/04/2014 11:13 PM, Owen DeLong wrote:
Very true. I wasn't talking about ideal solutions. I was talking about current state of FCC regulations.
Further, you seem to assume a level of control over client behavior that is rare in my experience.
Owen
I this particular case, I think that enterprise could go a very long way to driving a solution through standards and deployment. They, after all, call the shots of who does and who doesn't get over the corpro-drawbridge. A much different state of affairs than the typical unwashed masses dilemma. Not sure what you mean by corpro-drawbridge in this context.
Some corporations exercise extreme control over their clients. They are the exception, not the rule.
The vast majority of corporate environments have to face the realities of BYOD and minimal control over client configuration, software load, etc.
It means that they can exercise control of what they allow on their corporate network, byod or not. Nobody would allow a WEP-only wireless device on their network these days, so it's not hard to imagine that if a standard for authenticating AP's became available and enterprises went to the effort to upgrade their AP kit, they could reasonably say "use a client that supports this, or you must vpn in”. I think most environments already support this to some extent in terms of the APs participating in the controller framework and 802.1x authentication.
However, that doesn’t cover the guy that brings a linksys in and plugs it into his wired port.
I think the only solution for those is detection followed by blocking the wired port until resolution.
If there's strong auth to the AP which enforces which SSID I connect to, who cares about somebody bringing their own AP and fire up an SSID with the same name as $COPROSSID?
Most companies I have worked with that took the time to think this through simply made it an instant firing offense for anyone to plug in an unauthorized WAP to the corporate wired network, problem solved.
That's orthogonal to somebody backhauling the AP's traffic to some other (possibly evil) network.
That's a much better outcome than quibbling about squatter's rights, blah blah blah. To the extent that such is a feasible solution, I think it was long since done. That’s got nothing to do with what this discussion was about, however, you’ve warped it into a completely different problem space.
Not really. The original posts posited that there were perfectly valid reasons to send deauth frames to "rogue" AP's because clients might connect to "spoofed" SSIDs. That's a bad solution to what at its heart is an authentication problem. Bring strong auth to the table, and there's no reason to worry about "spoofed" SSID's. Mike
On Oct 6, 2014, at 10:32 AM, Michael Thomas <mike@mtcc.com> wrote:
On 10/06/2014 10:12 AM, Owen DeLong wrote:
On Oct 6, 2014, at 8:06 AM, Michael Thomas <mike@mtcc.com> wrote:
On 10/06/2014 07:37 AM, Owen DeLong wrote:
On Oct 4, 2014, at 11:23 PM, Michael Thomas <mike@mtcc.com> wrote:
On 10/04/2014 11:13 PM, Owen DeLong wrote:
Very true. I wasn't talking about ideal solutions. I was talking about current state of FCC regulations.
Further, you seem to assume a level of control over client behavior that is rare in my experience.
Owen
I this particular case, I think that enterprise could go a very long way to driving a solution through standards and deployment. They, after all, call the shots of who does and who doesn't get over the corpro-drawbridge. A much different state of affairs than the typical unwashed masses dilemma. Not sure what you mean by corpro-drawbridge in this context.
Some corporations exercise extreme control over their clients. They are the exception, not the rule.
The vast majority of corporate environments have to face the realities of BYOD and minimal control over client configuration, software load, etc.
It means that they can exercise control of what they allow on their corporate network, byod or not. Nobody would allow a WEP-only wireless device on their network these days, so it's not hard to imagine that if a standard for authenticating AP's became available and enterprises went to the effort to upgrade their AP kit, they could reasonably say "use a client that supports this, or you must vpn in”. I think most environments already support this to some extent in terms of the APs participating in the controller framework and 802.1x authentication.
However, that doesn’t cover the guy that brings a linksys in and plugs it into his wired port.
I think the only solution for those is detection followed by blocking the wired port until resolution.
If there's strong auth to the AP which enforces which SSID I connect to, who cares about somebody bringing their own AP and fire up an SSID with the same name as $COPROSSID?
Who said he’d use $CORPROSSID? He’ll probably use Linksys, leave it wide open, and, you know, your internal network just became accessible to any script-kiddie on a nearby mountain top with a coffee can. I’m going to guess that most IT managers and CSOs would be unhappy with that situation, but perhaps I am wrong.
Most companies I have worked with that took the time to think this through simply made it an instant firing offense for anyone to plug in an unauthorized WAP to the corporate wired network, problem solved.
That's orthogonal to somebody backhauling the AP's traffic to some other (possibly evil) network.
And back hauling the AP’s traffic to some other (possibly evil) network is completely orthogonal to ANY of the threads in this discussion.
That's a much better outcome than quibbling about squatter's rights, blah blah blah. To the extent that such is a feasible solution, I think it was long since done. That’s got nothing to do with what this discussion was about, however, you’ve warped it into a completely different problem space.
Not really. The original posts posited that there were perfectly valid reasons to send deauth frames to "rogue" AP's because clients might connect to "spoofed" SSIDs. That's a bad solution to what at its heart is an authentication problem. Bring strong auth to the table, and there's no reason to worry about "spoofed" SSID’s.
That doesn’t mean that 802.1x doesn’t address the issue exactly as you described. People argue all kinds of things and there are lots of networks that haven’t deployed 802.1x and/or strong authentication (WPA2-Enterprise, et. al). Failure to deploy the tools doesn’t mean the tools and standards don’t exist. Owen
On Sat, Oct 04, 2014 at 01:33:13PM -0700, Owen DeLong wrote:
On Oct 4, 2014, at 12:39 , Brandon Ross <bross@pobox.com> wrote:
On Sat, 4 Oct 2014, Michael Thomas wrote:
The problem is that there's really no such thing as a "copycat" if the client doesn't have the means of authenticating the destination. If that's really the requirement, people should start bitching to ieee to get destination auth on ap's instead of blatantly asserting that somebody owns a particular ssid because, well, because.
In the enterprise environment that there's been some insistence from folks on this list is a legitimate place to block "rogue" APs, what makes those SSIDs, "yours"? Just because they were used first by the enterprise? That doesn't seem to hold water in an unlicensed environment to me at all.
Pretty much... Here's why...
If you are using an SSID in an area, anyone else using the same SSID later is causing harmful interference to your network. It's a first-come-first-serve situation. Just like amateur radio spectrum... If you're using a frequency to carry on a conversation with someone, other hams have an obligation not to interfere with your conversation (except in an emergency). It's a bit more complicated there, because you're obliged to reasonably accommodate others wishing to use the frequency, but in the case of SSIDs, there's no such requirement.
Now, if I start using SSID XYZ in building 1 and someone else is using it in building 3 and the two coverage zones don't overlap, I'm not entitled to extend my XYZ SSID into building 3 when I rent space there, because someone else is using it in that location first.
So your position is that if I start using Starbuck's SSID in a location where there is no Starbuck, and they layer move in to that building, I'm entitled to compel them to not use their SSID?
I can only extend my XYZ coverage zone so far as there are no competing XYZ SSIDs in the locations I'm expanding in to.
Is ther FCC guidance on this, or is this "Regulations As Interpreted By Owen"?
Depends on whether you were the first one using the SSID in a particular location or not.
Sure, this can get ambiguous and difficult to prove, but the reality is that most cases are pretty clear cut and it's usually not hard to tell who is the interloper on a given SSID.
It's usually easy to tell, but I doubt the FCC would find it relevant. There's a lot of amateur lawyering ogain on in this thread, in an area where there's a lot of ambiguity. We don't even know for sure that what Marriott did is illegal -- all we know is that the FCC asserted it was and Mariott decided to settle rather than litigate the matter. And that was an extreme case -- Marriott was making transmissions for the *sole purpose of preventing others from using the spectrum*. -- Brett
On Sat, Oct 4, 2014 at 5:58 PM, Brett Frankenberger <rbf+nanog@panix.com> wrote:
...
So your position is that if I start using Starbuck's SSID in a location where there is no Starbuck, and they layer move in to that building, I'm entitled to compel them to not use their SSID?
This would be why commercial entities often use their trademark identifiers as part of the SSID. You can compel them (briefly) not to use the SSID, until they sue you for trademark infringement and serve cease-and-desist orders against you for unlicensed and unauthorized use of the Starbucks name. Totally separate realm of enforcement, and in many ways far more effective. Matt
Perhaps. I admit that trademark would be a novel approach that might succeed. Of course if I put a satire of Starbucks up on the captive portal, do I qualify under the fair use doctrine for satire? I think in most cases, people are able to be adults and work it out reasonably without involving the FCC or the PTO. Owen
On Oct 4, 2014, at 19:04, Matthew Petach <mpetach@netflight.com> wrote:
On Sat, Oct 4, 2014 at 5:58 PM, Brett Frankenberger <rbf+nanog@panix.com> wrote:
...
So your position is that if I start using Starbuck's SSID in a location where there is no Starbuck, and they layer move in to that building, I'm entitled to compel them to not use their SSID?
This would be why commercial entities often use their trademark identifiers as part of the SSID. You can compel them (briefly) not to use the SSID, until they sue you for trademark infringement and serve cease-and-desist orders against you for unlicensed and unauthorized use of the Starbucks name. Totally separate realm of enforcement, and in many ways far more effective.
Matt
----- Original Message -----
From: "Matthew Petach" <mpetach@netflight.com>
This would be why commercial entities often use their trademark identifiers as part of the SSID. You can compel them (briefly) not to use the SSID, until they sue you for trademark infringement and serve cease-and-desist orders against you for unlicensed and unauthorized use of the Starbucks name. Totally separate realm of enforcement, and in many ways far more effective.
Though this requires you to buy the argument that the use of a wordmark *in an address of some time* is infringing under the terms of the Lanham Act, which is a point on which I don't believe there's presently any case law, and which I think would be a difficult argument to prosecute against a properly defended plaintiff. Just *using a word* that someone has registered as a wordmark is not inherently infringement, or Ford City PA would be in serious trouble. The Lanham Act is *quite* clear on what is an infringing use, and I don't myself believe the posited case qualifies. Cheers, -- jr 'IANAL' a -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
On Oct 4, 2014, at 17:58, Brett Frankenberger <rbf+nanog@panix.com> wrote:
On Sat, Oct 04, 2014 at 01:33:13PM -0700, Owen DeLong wrote:
On Oct 4, 2014, at 12:39 , Brandon Ross <bross@pobox.com> wrote:
On Sat, 4 Oct 2014, Michael Thomas wrote:
The problem is that there's really no such thing as a "copycat" if the client doesn't have the means of authenticating the destination. If that's really the requirement, people should start bitching to ieee to get destination auth on ap's instead of blatantly asserting that somebody owns a particular ssid because, well, because.
In the enterprise environment that there's been some insistence from folks on this list is a legitimate place to block "rogue" APs, what makes those SSIDs, "yours"? Just because they were used first by the enterprise? That doesn't seem to hold water in an unlicensed environment to me at all.
Pretty much... Here's why...
If you are using an SSID in an area, anyone else using the same SSID later is causing harmful interference to your network. It's a first-come-first-serve situation. Just like amateur radio spectrum... If you're using a frequency to carry on a conversation with someone, other hams have an obligation not to interfere with your conversation (except in an emergency). It's a bit more complicated there, because you're obliged to reasonably accommodate others wishing to use the frequency, but in the case of SSIDs, there's no such requirement.
Now, if I start using SSID XYZ in building 1 and someone else is using it in building 3 and the two coverage zones don't overlap, I'm not entitled to extend my XYZ SSID into building 3 when I rent space there, because someone else is using it in that location first.
So your position is that if I start using Starbuck's SSID in a location where there is no Starbuck, and they layer move in to that building, I'm entitled to compel them to not use their SSID?
It isn't "Starbuck's SSID". There are no ownership rights or registrations of SSIDs for unlicensed wireless networks. So, under the existing regulatory framework, whoever arrived last is the one causing "harmful interference".
I can only extend my XYZ coverage zone so far as there are no competing XYZ SSIDs in the locations I'm expanding in to.
Is ther FCC guidance on this, or is this "Regulations As Interpreted By Owen"?
This is many FCC responses to various part 15 interference complaints as interpreted by Owen.
Depends on whether you were the first one using the SSID in a particular location or not.
Sure, this can get ambiguous and difficult to prove, but the reality is that most cases are pretty clear cut and it's usually not hard to tell who is the interloper on a given SSID.
It's usually easy to tell, but I doubt the FCC would find it relevant.
There's a lot of amateur lawyering ogain on in this thread, in an area where there's a lot of ambiguity. We don't even know for sure that what Marriott did is illegal -- all we know is that the FCC asserted it was and Mariott decided to settle rather than litigate the matter. And that was an extreme case -- Marriott was making transmissions for the *sole purpose of preventing others from using the spectrum*.
I don't see a lot of ambiguity in a plain text reading of part 15. Could you please read part 15 and tell me what you think is ambiguous? Owen
-- Brett
On Sat, Oct 04, 2014 at 11:19:57PM -0700, Owen DeLong wrote:
There's a lot of amateur lawyering ogain on in this thread, in an area where there's a lot of ambiguity. We don't even know for sure that what Marriott did is illegal -- all we know is that the FCC asserted it was and Mariott decided to settle rather than litigate the matter. And that was an extreme case -- Marriott was making transmissions for the *sole purpose of preventing others from using the spectrum*.
I don't see a lot of ambiguity in a plain text reading of part 15. Could you please read part 15 and tell me what you think is ambiguous?
Marriott was actually accused of violating 47 USC 333: No person shall willfully or maliciously interfere with or cause interference to any radio communications of any station licensed or authorized by or under this chapter or operated by the United States Government. In cases like the Marriott case, where the sole purpose of the transmission is to interfere with other usage of the transmission, there's not much ambiguity. But other cases aren't clear from the text. For example, you've asserted that if I've been using "ABCD" as my SSID for two years, and then I move, and my new neighbor is already using that, that I have to change. But that if, instead of duplicating my new neighbor's pre-existing SSID, I operate with a different SSID but on the same channel, I don't have to change. I'm not saying your position is wrong, but it's certainly not clear from the text above that that's where the line is. That's what I meant by ambiguity. (What's your position on a case where someone puts up, say, a continuous carrier point-to-point system on the same channel as an existing WiFi system that is now rendered useless by the p-to-p system that won't share the spectrum? Illegal or Legal? And do you think the text above is unambiguous on that point?) -- Brett
On Sun, Oct 5, 2014 at 6:13 PM, Brett Frankenberger <rbf+nanog@panix.com> wrote:
For example, you've asserted that if I've been using "ABCD" as my SSID for two years, and then I move, and my new neighbor is already using that, that I have to change. But that if, instead of duplicating my [snip]
Actually... I would suggest that it is not entirely clear if you have to change or not. Your conflicting SSID in no way impedes the use of the spectrum, one of you just has to recode your SSID; this is different from setting up a WIPS Rogue AP containment feature to completely block an AP from ever being used. If your SSID happens to conflict with your neighbor's SSID by coincidence, and the SSID is a common name such as Linksys, then this conflict alone probably does not qualify as willful or malicious interference. As the spectrum is unlicensed, neither of you is a licensed station, and neither of you has "priority"; neither of your stations is a primary or secondary user. Both of your stations has to accept the unintended interference in the unlicensed frequencies; it is essentially up to the two of you to either take it upon yourself to change your own SSID, or to negotiate with your neighbor. On the other hand, if you chose a SSID for your AP of "STARBUCKS" and you set this up in proximity to a Starbucks location or selected "[YOURNEIGHBORSCOMPANYNAME]" as your SSID; it would seem to be more evident that any interference that was occuring to their wireless station operation was willful and possibly a malicious attempt to compromise client security. -- -JH
On Oct 5, 2014, at 4:31 PM, Jimmy Hess <mysidia@gmail.com> wrote:
On Sun, Oct 5, 2014 at 6:13 PM, Brett Frankenberger <rbf+nanog@panix.com> wrote:
For example, you've asserted that if I've been using "ABCD" as my SSID for two years, and then I move, and my new neighbor is already using that, that I have to change. But that if, instead of duplicating my [snip]
Actually... I would suggest that it is not entirely clear if you have to change or not. Your conflicting SSID in no way impedes the use of the spectrum, one of you just has to recode your SSID; this is different from setting up a WIPS Rogue AP containment feature to completely block an AP from ever being used. If your SSID happens to conflict with your neighbor's SSID by coincidence, and the SSID is a common name such as Linksys, then this conflict alone probably does not qualify as willful or malicious interference.
Right… You probably don’t face the issues under 47CFR333, but you’ve still got a 47CFR15.5 problem of harmful interference.
As the spectrum is unlicensed, neither of you is a licensed station, and neither of you has "priority"; neither of your stations is a primary or secondary user. Both of your stations has to accept the unintended interference in the unlicensed frequencies; it is essentially up to the two of you to either take it upon yourself to change your own SSID, or to negotiate with your neighbor.
Actually, in multiple situations, the FCC has stated that you are responsible when deploying a new unlicensed transmitter to insure that it is deployed in such a way that it will not cause harmful interference to existing operations. Using the same SSID of someone else who is already present would, IMHO, meet the test of “causing harmful interference”.
On the other hand, if you chose a SSID for your AP of "STARBUCKS" and you set this up in proximity to a Starbucks location or selected "[YOURNEIGHBORSCOMPANYNAME]" as your SSID; it would seem to be more evident that any interference that was occuring to their wireless station operation was willful and possibly a malicious attempt to compromise client security.
Willful and malicious only comes into play if you’re looking to prosecute under 333. Any harmful interference is still a problem under 15.5. Owen
On Oct 6, 2014, at 8:41 AM, Owen DeLong <owen@delong.com> wrote:
Actually, in multiple situations, the FCC has stated that you are responsible when deploying a new unlicensed transmitter to insure that it is deployed in such a way that it will not cause harmful interference to existing operations.
I recognize that you were making this statement in the context of colliding SSIDs, but to me this could be an interesting point in another way. Suppose from Marriott’s perspective that your personal wifi network is interfering with the throughput of their existing network. After all, if you fire up your personal AP, with a non-colliding SSID, and start downloading multi-GB files, that’s bound to impact[1] anything else using that channel. While there are at least a few non-overlapping channels on most wifi networks, if Marriott(’s third party network operators) had any sense they likely would have situated their APs and channels to provide the most range with the least amount of frequency overlap. Now here your personal AP on one of those channels consuming enough of its bandwidth to significantly degrade performance for anyone else, and they may not have access to (or usable signal strength or bandwidth on) another channel from their hotel room. During a big convention for example, the hotel network is probably at its busiest while the number of guests using personal APs is likely also at its peak. This may be a stickier case, as no one user is causing the issue but one could make the case that, in aggregate, they are very much interfering with existing operations. There are probably a couple of different angles to consider, but I’m thinking in terms of the “first come, first served” concept. At what point is the extra bandwidth consumed by your personal wifi network considered to be harmfully interfering with an existing network? FWIW I am not defending Marriott’s actions, nor even positing that this was the reason for them. I just want to gain understanding. -c [1] This is of course assuming you’re getting decent throughput from your 3G/4G provider’s network. But even though it’s almost certainly slower than wifi it’s probably generating enough packets in a collision-based medium to impact other flows.
I live in a condo. I have a WLAN set up. More people move in and start setting up WLANs and the collective noise of those WLANs starts to impact the performance of my WLAN. Just because I was there first doesn't mean I have any right to start de-authing the newcomers. I don't see how Marriott has any additional rights to de-auth personal hotspots than I do to de-auth my neighbours. On Mon 2014-Oct-06 11:53:40 -0700, Clay Fiske <clay@bloomcounty.org> wrote:
On Oct 6, 2014, at 8:41 AM, Owen DeLong <owen@delong.com> wrote:
Actually, in multiple situations, the FCC has stated that you are responsible when deploying a new unlicensed transmitter to insure that it is deployed in such a way that it will not cause harmful interference to existing operations.
I recognize that you were making this statement in the context of colliding SSIDs, but to me this could be an interesting point in another way.
Suppose from Marriott’s perspective that your personal wifi network is interfering with the throughput of their existing network. After all, if you fire up your personal AP, with a non-colliding SSID, and start downloading multi-GB files, that’s bound to impact[1] anything else using that channel. While there are at least a few non-overlapping channels on most wifi networks, if Marriott(’s third party network operators) had any sense they likely would have situated their APs and channels to provide the most range with the least amount of frequency overlap. Now here your personal AP on one of those channels consuming enough of its bandwidth to significantly degrade performance for anyone else, and they may not have access to (or usable signal strength or bandwidth on) another channel from their hotel room.
During a big convention for example, the hotel network is probably at its busiest while the number of guests using personal APs is likely also at its peak. This may be a stickier case, as no one user is causing the issue but one could make the case that, in aggregate, they are very much interfering with existing operations.
There are probably a couple of different angles to consider, but I’m thinking in terms of the “first come, first served” concept. At what point is the extra bandwidth consumed by your personal wifi network considered to be harmfully interfering with an existing network?
FWIW I am not defending Marriott’s actions, nor even positing that this was the reason for them. I just want to gain understanding.
-c
[1] This is of course assuming you’re getting decent throughput from your 3G/4G provider’s network. But even though it’s almost certainly slower than wifi it’s probably generating enough packets in a collision-based medium to impact other flows.
-- Hugo
On Mon, Oct 6, 2014 at 2:53 PM, Clay Fiske <clay@bloomcounty.org> wrote:
Suppose from Marriott’s perspective that your personal wifi network is interfering with the throughput of their existing network.
Then Marriott misunderstands the nature of *unlicensed* spectrum which anyone is allowed to use. There's a difference between interference incidental to one's lawful use and intentional, harmful interference. It isn't their spectrum. I have just as much a right to it as they do. If the microwave oven in the adjoining room makes 2.4ghz unusable I'm out of luck. If Marriott sends deauth packets (or any other unsolicited packets) under my SSID, they're hacking my computer and that's generally understood to be unlawful. Regards, Bill Herrin -- William Herrin ................ herrin@dirtside.com bill@herrin.us Owner, Dirtside Systems ......... Web: <http://www.dirtside.com/> May I solve your unusual networking challenges?
On Oct 6, 2014, at 12:07 PM, William Herrin <bill@herrin.us> wrote:
On Mon, Oct 6, 2014 at 2:53 PM, Clay Fiske <clay@bloomcounty.org> wrote:
Suppose from Marriott’s perspective that your personal wifi network is interfering with the throughput of their existing network.
Then Marriott misunderstands the nature of *unlicensed* spectrum which anyone is allowed to use. There's a difference between interference incidental to one's lawful use and intentional, harmful interference. It isn't their spectrum. I have just as much a right to it as they do.
If the microwave oven in the adjoining room makes 2.4ghz unusable I'm out of luck. If Marriott sends deauth packets (or any other unsolicited packets) under my SSID, they're hacking my computer and that's generally understood to be unlawful.
Again, to be clear, I’m not defending Marriott or their actions. I wouldn’t dispute your statements, but if the FCC set the tone as indicated by Owen then it sounds like it may not be that simple. Depending how it was actually worded by the FCC, I could see a corporation using it in court to defend their perceived “right" to protect their wifi network from being “disrupted” by other traffic. -c
On Mon, Oct 6, 2014 at 3:56 PM, Clay Fiske <clay@bloomcounty.org> wrote:
On Oct 6, 2014, at 12:07 PM, William Herrin <bill@herrin.us> wrote:
If the microwave oven in the adjoining room makes 2.4ghz unusable I'm out of luck. If Marriott sends deauth packets (or any other unsolicited packets) under my SSID, they're hacking my computer and that's generally understood to be unlawful.
Again, to be clear, I’m not defending Marriott or their actions.
I wouldn’t dispute your statements, but if the FCC set the tone as indicated by Owen then it sounds like it may not be that simple.
Hi Clay, It isn't that simple. Marriott offended against multiple laws and regulations in multiple jurisdictions. The FCC's concern is use of the spectrum. This they addressed -- intentionally preventing others' use of the spectrum gets you spanked. Many states also have computer hacking laws where intentionally sending falsified data packets to a computer with the purpose of causing it to malfunction is either a tort or a crime. The FCC did not speak to that issue as it's out of their jurisdiction. We've discussed this on the list before: you don't get to counterattack a network you think is attacking you. It isn't lawful. Marriott should be grateful. They're lucky they only got slapped by the FCC. Had politicos been present they could have found themselves facing criminal charges. Regards, Bill Herrin -- William Herrin ................ herrin@dirtside.com bill@herrin.us Owner, Dirtside Systems ......... Web: <http://www.dirtside.com/> May I solve your unusual networking challenges?
On Oct 6, 2014, at 1:16 PM, William Herrin <bill@herrin.us> wrote:
Hi Clay,
It isn't that simple. Marriott offended against multiple laws and regulations in multiple jurisdictions.
The FCC's concern is use of the spectrum. This they addressed -- intentionally preventing others' use of the spectrum gets you spanked.
Hi Bill, Right. So I think I was approaching it a different way, and I probably wasn’t clear enough about that. My question wasn’t meant to justify the response (deliberately booting people from non-Marriott SSIDs), it was about whether they had any legitimate right to claim that other wifi networks were impacting their own network’s performance, specifically based on the FCC’s position that a new transmitter should not disrupt existing operations. I was not in any way intending to say that their -response- was legitimate. Anyway, I think the departed horse has been suitably tenderized. Apologies for not being clearer, nothing to see here, etc. Thanks, -c
On Mon, Oct 6, 2014 at 5:03 PM, Clay Fiske <clay@bloomcounty.org> wrote:
legitimate right to claim that other wifi networks were impacting their own network’s performance, specifically based on the FCC’s position that a new transmitter should not disrupt existing operations. I was not in any way intending to say that their -response- was legitimate.
Hi.... the FCC's position about a transmitter not disrupting existing operations applies to various licensed frequencies but not the low-powered unlicensed transmitters. Please don't imagine that Part 15 devices have any regulatory protection against interference from any other Part 15 devices being operated, no matter which device is "new", except for the prohibition against Malicious/Willful interference. Of course, it is within the FCC's power to regulate, there just isn't this regulation in Part 15. -- -JH
On Mon, Oct 6, 2014 at 7:30 PM, Jimmy Hess <mysidia@gmail.com> wrote:
On Mon, Oct 6, 2014 at 5:03 PM, Clay Fiske <clay@bloomcounty.org> wrote:
legitimate right to claim that other wifi networks were impacting their own network’s performance, specifically based on the FCC’s position that a new transmitter should not disrupt existing operations. I was not in any way intending to say that their -response- was legitimate.
Please don't imagine that Part 15 devices have any regulatory protection against interference from any other Part 15 devices being operated, no matter which device is "new", except for the prohibition against Malicious/Willful interference.
Hi Clay, The answer to the question you asked is: No, Marriott lacked any legitimate right to claim that other wifi networks were impacting their own network’s performance. Any such impact was incidental to those other individuals'' lawful use of an unlicensed frequency. A more interesting question (to me anyway) is: does vendor gear which facilitates willful interference, as the "equipment provided by well-known, reputable manufacturers" apparently did, comply with Part 15? Or does the presence of such features make the gear non-compliant, ergo unlawful. Regards. Bill Herrin -- William Herrin ................ herrin@dirtside.com bill@herrin.us Owner, Dirtside Systems ......... Web: <http://www.dirtside.com/> May I solve your unusual networking challenges?
On 10/6/14 12:56 PM, Clay Fiske wrote:
Depending how it was actually worded by the FCC, I could see a corporation using it in court to defend their perceived “right" to protect their wifi network from being “disrupted” by other traffic.
It's not clear that you understand how unlicensed spectrum works. The "right" you posit doesn't exist. The question of "Can we stomp on unauthorized users who are impersonating our ESSID(s)?" is a little more complex, as others have pointed out. But that's not what Marriot was doing. For my money the amount of uninformed speculation on this thread has exceeded even the normal levels for this list ... Doug
On Oct 6, 2014, at 11:53 AM, Clay Fiske <clay@bloomcounty.org> wrote:
On Oct 6, 2014, at 8:41 AM, Owen DeLong <owen@delong.com> wrote:
Actually, in multiple situations, the FCC has stated that you are responsible when deploying a new unlicensed transmitter to insure that it is deployed in such a way that it will not cause harmful interference to existing operations.
I recognize that you were making this statement in the context of colliding SSIDs, but to me this could be an interesting point in another way.
Suppose from Marriott’s perspective that your personal wifi network is interfering with the throughput of their existing network. After all, if you fire up your personal AP, with a non-colliding SSID, and start downloading multi-GB files, that’s bound to impact[1] anything else using that channel. While there are at least a few non-overlapping channels on most wifi networks, if Marriott(’s third party network operators) had any sense they likely would have situated their APs and channels to provide the most range with the least amount of frequency overlap. Now here your personal AP on one of those channels consuming enough of its bandwidth to significantly degrade performance for anyone else, and they may not have access to (or usable signal strength or bandwidth on) another channel from their hotel room.
The FCC has specifically stated that sharing of the spectrum bandwidth in this manner is not considered “harmful interference” in at least a few rulings. This is the “normal and expected result of deployment of multiple networks onto limited spectrum”.
During a big convention for example, the hotel network is probably at its busiest while the number of guests using personal APs is likely also at its peak. This may be a stickier case, as no one user is causing the issue but one could make the case that, in aggregate, they are very much interfering with existing operations.
Yes, but not in a manner the FCC fits into the definition of “harmful interference” under 15.3 and/or 15.5.
There are probably a couple of different angles to consider, but I’m thinking in terms of the “first come, first served” concept. At what point is the extra bandwidth consumed by your personal wifi network considered to be harmfully interfering with an existing network?
It isn’t (unless you run afoul of 47CFR333 and are consuming bandwidth for the sole purpose of denying it to others).
FWIW I am not defending Marriott’s actions, nor even positing that this was the reason for them. I just want to gain understanding.
Yep. Understood. Hope the above helps.
-c
[1] This is of course assuming you’re getting decent throughput from your 3G/4G provider’s network. But even though it’s almost certainly slower than wifi it’s probably generating enough packets in a collision-based medium to impact other flows.
Actually, I usually get better 4G service on my LTE devices than I get from most hotel WiFi networks. It’s one of the reasons I wish Apple would let me choose the interface preference order rather than locking me to “if Wifi is on and can find an AP, then I won’t use LTE”. Owen
On 10/6/14, 8:41 AM, Owen DeLong wrote:
Actually, in multiple situations, the FCC has stated that you are responsible when deploying a new unlicensed transmitter to insure that it is deployed in such a way that it will not cause harmful interference to existing operations.
Using the same SSID of someone else who is already present would, IMHO, meet the test of “causing harmful interference”.
Really? From a radio perspective if it isn't on the same RF channel? I'm not so sure about that. It might cause interference to the revenue stream, it could be considered a trademark infringement especially if it leads to a fake "splash page" with the Marriott logo, and it could certainly be used for malicious MITM purposes, but it doesn't cause harmful interference to the existing user from the perspective of radio frequency use. -- Jay Hennigan - CCIE #7880 - Network Engineering - jay@impulse.net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV
On Oct 6, 2014, at 11:20 PM, Jay Hennigan <jay@west.net> wrote:
On 10/6/14, 8:41 AM, Owen DeLong wrote:
Actually, in multiple situations, the FCC has stated that you are responsible when deploying a new unlicensed transmitter to insure that it is deployed in such a way that it will not cause harmful interference to existing operations.
Using the same SSID of someone else who is already present would, IMHO, meet the test of “causing harmful interference”.
Really? From a radio perspective if it isn't on the same RF channel?
In fact, yes. Since clients bind based on SSID and return to whatever channel the AP tells them to as a result, it's still an issue and still fits within the purview of RF regulation. Further, most of the channels somewhat overlap as it's a spread-spectrum technology, so the traditional concepts of "channel" don't actually completely apply (this is a good thing, actually).
I'm not so sure about that. It might cause interference to the revenue stream, it could be considered a trademark infringement especially if it leads to a fake "splash page" with the Marriott logo, and it could certainly be used for malicious MITM purposes, but it doesn't cause harmful interference to the existing user from the perspective of radio frequency use.
It does, actually, because the client may well rebind to the other AP thinking it's still part of the same ESS (since ESS are usually identified by sharing a common SSID). Owen
On Sat, Oct 04, 2014 at 11:19:57PM -0700, Owen DeLong wrote:
There's a lot of amateur lawyering ogain on in this thread, in an area where there's a lot of ambiguity. We don't even know for sure that what Marriott did is illegal -- all we know is that the FCC asserted it was and Mariott decided to settle rather than litigate the matter. And that was an extreme case -- Marriott was making transmissions for the *sole purpose of preventing others from using the spectrum*.
I don't see a lot of ambiguity in a plain text reading of part 15. Could you please read part 15 and tell me what you think is ambiguous?
Marriott was actually accused of violating 47 USC 333: No person shall willfully or maliciously interfere with or cause interference to any radio communications of any station licensed or authorized by or under this chapter or operated by the United States Government.
In cases like the Marriott case, where the sole purpose of the transmission is to interfere with other usage of the transmission, there's not much ambiguity. But other cases aren't clear from the text.
For example, you've asserted that if I've been using "ABCD" as my SSID for two years, and then I move, and my new neighbor is already using that, that I have to change. But that if, instead of duplicating my new neighbor's pre-existing SSID, I operate with a different SSID but on the same channel, I don't have to change. I'm not saying your position is wrong, but it's certainly not clear from the text above that that's where the line is. That's what I meant by ambiguity.
I've watched this discussion with much amusement. In a manner similar to our legal system, where a lot of the law is actually defined by what is commonly called "case law", most of the non-radio geeks here are talking about radios and spectrum as though all of this represents some sort of new problem, when in fact the agency tasked with handling it is older than any of us.
(What's your position on a case where someone puts up, say, a continuous carrier point-to-point system on the same channel as an existing WiFi system that is now rendered useless by the p-to-p system that won't share the spectrum? Illegal or Legal? And do you think the text above is unambiguous on that point?)
It doesn't matter if you think your quoted text on this point is ambiguous. The fact of the matter is that decades of policy are that the FCC decided many years ago that you cannot go onto shared, unlicensed spectrum with a powerful transmitter and hold the mic open with the intent to disrupt the legitimate communications traffic of others on that channel. This logically derives fairly straightforwardly from the quoted text, and the fact that wifi deauth interference is merely a packet-pushing variant of this isn't really hard for the average person to extrapolate. But they also have decades of experience with other aspects of more subtle radio shenanigans, and they have the authority to sort it all out, so what we should really be hoping for is that the FCC doesn't do something onerous like mandate registration of access point MAC's and SSID's if and when it gets to a point where it is considered a true problem. That could well be the regulatory "solution" to your ABCD problem, but it would be a heavyhanded fix to a minor problem. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.
On Oct 5, 2014, at 4:13 PM, Brett Frankenberger <rbf+nanog@panix.com> wrote:
On Sat, Oct 04, 2014 at 11:19:57PM -0700, Owen DeLong wrote:
There's a lot of amateur lawyering ogain on in this thread, in an area where there's a lot of ambiguity. We don't even know for sure that what Marriott did is illegal -- all we know is that the FCC asserted it was and Mariott decided to settle rather than litigate the matter. And that was an extreme case -- Marriott was making transmissions for the *sole purpose of preventing others from using the spectrum*.
I don't see a lot of ambiguity in a plain text reading of part 15. Could you please read part 15 and tell me what you think is ambiguous?
Marriott was actually accused of violating 47 USC 333: No person shall willfully or maliciously interfere with or cause interference to any radio communications of any station licensed or authorized by or under this chapter or operated by the United States Government.
In cases like the Marriott case, where the sole purpose of the transmission is to interfere with other usage of the transmission, there's not much ambiguity. But other cases aren't clear from the text.
For example, you've asserted that if I've been using "ABCD" as my SSID for two years, and then I move, and my new neighbor is already using that, that I have to change. But that if, instead of duplicating my new neighbor's pre-existing SSID, I operate with a different SSID but on the same channel, I don't have to change. I'm not saying your position is wrong, but it's certainly not clear from the text above that that's where the line is. That's what I meant by ambiguity.
True, but if you read the rest of Part 15, you’ll also find these gems: (From http://www.ecfr.gov/cgi-bin/text-idx?node=47:1.0.1.1.16) §15.3 Definitions. ... (m) Harmful interference. Any emission, radiation or induction that endangers the functioning of a radio navigation service or of other safety services or seriously degrades, obstructs or repeatedly interrupts a radiocommunications service operating in accordance with this chapter. §15.5 General conditions of operation. (a) Persons operating intentional or unintentional radiators shall not be deemed to have any vested or recognizable right to continued use of any given frequency by virtue of prior registration or certification of equipment, or, for power line carrier systems, on the basis of prior notification of use pursuant to §90.35(g) of this chapter. (b) Operation of an intentional, unintentional, or incidental radiator is subject to the conditions that no harmful interference is caused and that interference must be accepted that may be caused by the operation of an authorized radio station, by another intentional or unintentional radiator, by industrial, scientific and medical (ISM) equipment, or by an incidental radiator. (c) The operator of a radio frequency device shall be required to cease operating the device upon notification by a Commission representative that the device is causing harmful interference. Operation shall not resume until the condition causing the harmful interference has been corrected. (d) Intentional radiators that produce Class B emissions (damped wave) are prohibited. [54 FR 17714, Apr. 25, 1989, as amended at 75 FR 63031, Oct. 13, 2010] It seems to me that if you deploy something new in such a way that it causes harmful interference to an operating service, you’ve run afoul of 15.5 as defined in 15.3.
(What's your position on a case where someone puts up, say, a continuous carrier point-to-point system on the same channel as an existing WiFi system that is now rendered useless by the p-to-p system that won't share the spectrum? Illegal or Legal? And do you think the text above is unambiguous on that point?)
-- Brett
So is the main factor here in all the FCC verbage become that the WiFi spectrum is NOT a licensed band and therefore does not fall under the interference regulations unless they are interfering with a licensed band? I think the first sentence below says a lot to that. The basic premise of all Part 15 unlicensed operation is that unlicensed devices cannot cause interference to licensed operations nor are they protected from any interference received. The operational parameters for unlicensed operation are set forth in Section 15.5 of the rules, as follows: (a) Persons operating intentional or unintentional radiators shall not be deemed to have any vested or recognizable right to continued use of any given frequency by virtue of prior registration or certification of equipment, (b) Operation of an intentional, unintentional, or incidental radiator is subject to the conditions that no harmful interference is caused and that interference must be accepted that may be caused by the operation of an authorized radio station, by another intentional or unintentional radiator, by industrial, scientific and medical (ISM) equipment, or by an incidental radiator. (c) The operator of a radio frequency device shall be required to cease operating the device upon notification by a Commission representative that the device is causing harmful interference. Operation shall not resume until the condition causing the harmful interference has been corrected. http://transition.fcc.gov/sptf/files/E&UWGFinalReport.doc On Thu, 9 Oct 2014 11:34:40 -0700 Owen DeLong <owen@delong.com> wrote:
On Oct 5, 2014, at 4:13 PM, Brett Frankenberger <rbf+nanog@panix.com> wrote:
On Sat, Oct 04, 2014 at 11:19:57PM -0700, Owen DeLong wrote:
There's a lot of amateur lawyering ogain on in this thread, in an area where there's a lot of ambiguity. We don't even know for sure that what Marriott did is illegal -- all we know is that the FCC asserted it was and Mariott decided to settle rather than litigate the matter. And that was an extreme case -- Marriott was making transmissions for the *sole purpose of preventing others from using the spectrum*.
I don't see a lot of ambiguity in a plain text reading of part 15. Could you please read part 15 and tell me what you think is ambiguous?
Marriott was actually accused of violating 47 USC 333: No person shall willfully or maliciously interfere with or cause interference to any radio communications of any station licensed or authorized by or under this chapter or operated by the United States Government.
In cases like the Marriott case, where the sole purpose of the transmission is to interfere with other usage of the transmission, there's not much ambiguity. But other cases aren't clear from the text.
For example, you've asserted that if I've been using "ABCD" as my SSID for two years, and then I move, and my new neighbor is already using that, that I have to change. But that if, instead of duplicating my new neighbor's pre-existing SSID, I operate with a different SSID but on the same channel, I don't have to change. I'm not saying your position is wrong, but it's certainly not clear from the text above that that's where the line is. That's what I meant by ambiguity.
True, but if you read the rest of Part 15, you’ll also find these gems:
(From http://www.ecfr.gov/cgi-bin/text-idx?node=47:1.0.1.1.16) §15.3 Definitions. ... (m) Harmful interference. Any emission, radiation or induction that endangers the functioning of a radio navigation service or of other safety services or seriously degrades, obstructs or repeatedly interrupts a radiocommunications service operating in accordance with this chapter.
§15.5 General conditions of operation.
(a) Persons operating intentional or unintentional radiators shall not be deemed to have any vested or recognizable right to continued use of any given frequency by virtue of prior registration or certification of equipment, or, for power line carrier systems, on the basis of prior notification of use pursuant to §90.35(g) of this chapter.
(b) Operation of an intentional, unintentional, or incidental radiator is subject to the conditions that no harmful interference is caused and that interference must be accepted that may be caused by the operation of an authorized radio station, by another intentional or unintentional radiator, by industrial, scientific and medical (ISM) equipment, or by an incidental radiator.
(c) The operator of a radio frequency device shall be required to cease operating the device upon notification by a Commission representative that the device is causing harmful interference. Operation shall not resume until the condition causing the harmful interference has been corrected.
(d) Intentional radiators that produce Class B emissions (damped wave) are prohibited.
[54 FR 17714, Apr. 25, 1989, as amended at 75 FR 63031, Oct. 13, 2010]
It seems to me that if you deploy something new in such a way that it causes harmful interference to an operating service, you’ve run afoul of 15.5 as defined in 15.3.
(What's your position on a case where someone puts up, say, a continuous carrier point-to-point system on the same channel as an existing WiFi system that is now rendered useless by the p-to-p system that won't share the spectrum? Illegal or Legal? And do you think the text above is unambiguous on that point?)
-- Brett
I don't read it that way at all. It is illegal to intentionally interfere (meaning intending to prevent others from effectively using the resource) with any licensed or unlicensed frequency. That is long standing law. It says in (b) that you must accept interference caused by operation of an AUTHORIZED station or intentional or unintentional radiator (like a microwave oven which serves a purpose, or a amateur radio operator messing up your TV once in awhile (as long as he is operating within his license), not a jammer that has no purpose other than to prevent others from using an authorized spectrum). To me that looks like as long as the other guy is using the frequency band in an authorized manner (i.e. not purposely stopping others from using it, but using it for their own authorized purpose) you have to deal with it. So another guy using your channel (which is not really "yours") for his network would be fine but if he is purposely camped on your SSID and deauthing your clients is not using it legally. As far as who owns an SSID, I don't think there is any law on that unless it is a trademarked name but the FCC rules in general give the incumbent user the right of way. If two licensed systems interfere with each other (common in licensed microwave), the older system usually gets to stay and the new system has to change. I think they would be unlikely to get involved in the whole SSID dispute (because they don't regulate SSIDs or the 802.11 standards) they would most likely tell you it's a civil matter and walk away. Now, if you are using someone else's SSID for the purpose of intruding, you are violating Part 15 because that is not authorized spectrum usage. That they will probably address. I don't think the FCC would classify a wifi router operating normally as interference, but a device purposely bouncing clients off of the clients own network would be. I have worked with them a lot as a frequency coordinator with the Air Force and find that the enforcement guys have quite a bit of common sense and apply a good measure of it to deciding what to enforce or not enforce. My guess (you would have to ask them) is that an entity defending their SSID from unauthorized access is an acceptable security feature but someone using a different SSID and not trying to connect to the entities network should not be active messed with. If my SSID is there first and you show up and try to kick my clients off so you can use it, you will appear to be the aggressor and I will appear to be the defender. In the same way that it is not legal for me to punch you in the face unless of course you punched me in the face first and I'm defending myself. It gets messy when you get into the cellular world. I don't think you would be within the law jamming or blocking cell phones even within your building (even though the government is known to do so). You could however have a policy that prevents people from bringing a cell phone into your building. The public has no right of access to your property so you are free to make rules about what can and can't come within your building. I do know that the areas I have worked in that had cellular jammers for security purposes are already areas where they are prohibited by regulation. National security trumps a lot of other laws. Remember, a lot of law is about intent and it is clear that the intent of this law is to allow everyone access to use the ISM spectrum for useful purposes and to prevent people from interfering with your right to do so. Any case has to take that into account. In the Marriott case, I think it would be a tough argument for them to show anything other than stopping people from using anything other than their wifi service when it is clear that someone could use their own network services without causing undue harm to Marriott. In my own environment, there are tons of clients running around with their devices wifi tethered to phones and searching for their home wifi networks. As long as they stay off my SSIDs, they will not be harmed. If they try to connect to my SSID they better authenticate or they get denied. If they keep trying, they will get ACL'd out. If you set up an AP and try to plug it into my wired infrastructure that's when the active stuff comes into effect because you have no right to add a device to my wired network. Steve Naslund Chicago IL
-----Original Message----- From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Robert Webb Sent: Thursday, October 09, 2014 2:05 PM To: Owen DeLong; Brett Frankenberger Cc: nanog@nanog.org; Brandon Ross Subject: Re: Marriott wifi blocking
So is the main factor here in all the FCC verbage become that the WiFi spectrum is NOT a licensed band and therefore does not fall under the interference regulations unless they are interfering with a licensed band?
I think the first sentence below says a lot to that.
The basic premise of all Part 15 unlicensed operation is that unlicensed devices cannot cause interference to licensed operations nor are they protected from any interference received. The operational parameters for unlicensed >operation are set forth in Section 15.5 of the rules, as follows: (a) Persons operating intentional or unintentional radiators shall not be deemed to have any vested or recognizable right to continued use of any given frequency by virtue of prior registration or certification of equipment, (b) Operation of an intentional, unintentional, or incidental radiator is subject to the conditions that no harmful interference is caused and that interference must be accepted that may be caused by the operation of an authorized >radio station, by another intentional or unintentional radiator, by industrial, scientific and medical (ISM) equipment, or by an incidental radiator. (c) The operator of a radio frequency device shall be required to cease operating the device upon notification by a Commission representative that the device is causing harmful interference. Operation shall not resume until the condition causing the harmful interference has been corrected.
On Oct 9, 2014, at 12:41 PM, Naslund, Steve <SNaslund@medline.com> wrote:
I don't read it that way at all. It is illegal to intentionally interfere (meaning intending to prevent others from effectively using the resource) with any licensed or unlicensed frequency. That is long standing law.
Indeed… this is 47CFR333. It’s not limited to Part 15 (47CFR15).
It says in (b) that you must accept interference caused by operation of an AUTHORIZED station or intentional or unintentional radiator (like a microwave oven which serves a purpose, or a amateur radio operator messing up your TV once in awhile (as long as he is operating within his license), not a jammer that has no purpose other than to prevent others from using an authorized spectrum). To me that looks like as long as the other guy is using the frequency band in an authorized manner (i.e. not purposely stopping others from using it, but using it for their own authorized purpose) you have to deal with it. So another guy using your channel (which is not really "yours") for his network would be fine but if he is purposely camped on your SSID and deauthing your clients is not using it legally.
Now you’re talking about 47CFR15 (Part 15) and more specifically about 15.5(b). Otherwise, yes, you are exactly right.
As far as who owns an SSID, I don't think there is any law on that unless it is a trademarked name but the FCC rules in general give the incumbent user the right of way. If two licensed systems interfere with each other (common in licensed microwave), the older system usually gets to stay and the new system has to change. I think they would be unlikely to get involved in the whole SSID dispute (because they don't regulate SSIDs or the 802.11 standards) they would most likely tell you it's a civil matter and walk away. Now, if you are using someone else's SSID for the purpose of intruding, you are violating Part 15 because that is not authorized spectrum usage. That they will probably address.
I don’t believe that there is any such thing as “Owning an SSID”. One might be able to try and claim that ownership of a *mark (where * = one or more of {trade,service,etc.}) extends to use of that name in an SSID, but generally speaking, I think the most likely outcome would be to treat an SSID as an address and declare that addresses are not subject to those limitations.
I don't think the FCC would classify a wifi router operating normally as interference, but a device purposely bouncing clients off of the clients own network would be. I have worked with them a lot as a frequency coordinator with the Air Force and find that the enforcement guys have quite a bit of common sense and apply a good measure of it to deciding what to enforce or not enforce. My guess (you would have to ask them) is that an entity defending their SSID from unauthorized access is an acceptable security feature but someone using a different SSID and not trying to connect to the entities network should not be active messed with. If my SSID is there first and you show up and try to kick my clients off so you can use it, you will appear to be the aggressor and I will appear to be the defender. In the same way that it is not legal for me to punch you in the face unless of course you punched me in the face first and I'm defending myself.
I think the FCC would, likely, classify two neighbors in adjacent apartments arguing over the same SSID and unwilling to move either one of them would likely both get told to cease and desist until they picked different SSIDs, though it’s hard for me to believe that this would get elevated to the FCC very often. More often one person or the other will change their SSID and move on.
It gets messy when you get into the cellular world. I don't think you would be within the law jamming or blocking cell phones even within your building (even though the government is known to do so). You could however have a policy that prevents people from bringing a cell phone into your building. The public has no right of access to your property so you are free to make rules about what can and can't come within your building. I do know that the areas I have worked in that had cellular jammers for security purposes are already areas where they are prohibited by regulation. National security trumps a lot of other laws.
In fact, movie theaters tried this briefly and got a pretty strong smack from the FCC as a result. http://www.fcc.gov/encyclopedia/cell-phone-and-gps-jamming However, that’s not what was being discussed in the BART example. In this case, repeaters with unclear ownership operated by cellular providers were shut down by BART authorities to try and disrupt a protest. That’s not active jamming, so most likely, not an FCC issue. There are other areas of concern, however, such as 1st amendment violations, abuse of authority, potential civil liability if anyone was unable to reach 911 in an expected manner, etc. Owen
Yes, the BART case is different because we are talking about a public safety functionality. It really does not even matter who owns the repeaters. Let's say one of the carriers suddenly shuts down their very own cell sites to purposely deny public service. You can almost guarantee that an FCC enforcement action will result because carriers have a public safety responsibility. The state communications commission could even pull your license for that and the FCC could ultimately pull your spectrum licenses for using a public resource in a way not beneficial to the public. BART disrupting cell repeaters is tantamount to you doing anything to disrupt 911 service which is illegal whether you own the gear or not. I don't know what the exact rule currently is but I'm sure it would take someone like Homeland Security to shut down a cellular network for "national security" reasons. For example, interrupting a cellular bomb detonator or a coordinated terrorist attack. The legal concept of "greater good" comes into effect at that point. As a common carrier, I know I would not shut down anything that affects 911 service deliberately without either the proper notifications taking place or a federal court order in my hand (and it better be federal because those are the laws you are asking me to throw out here). The funny thing about cell service (or repeaters in this case) is that there isn't usually a mandate to provide coverage in any particular area but once you provide it you are on the hook to maintain it and not purposely disrupt it. Again, it is the intent in this case that matters. If BART had a maintenance problem or the equipment was damaged, they would be off the hook but they purposely interrupted the service to deny communications services to a group of users. Cell sites go down all the time for maintenance scheduled or otherwise but if you are doing it to purposely deny service, it's another story. Again, intent matters...a lot. I definitely see abuse of authority (not really a criminal act in itself, but not nice for sure) and for sure civil liability, not so much a 1st Amendment issue since the government is under no real obligation to give you the means to communicate (like repeaters). It's the 911 service disruption that is most criminal here. Steve
However, that's not what was being discussed in the BART example. In this case, repeaters with unclear ownership operated by cellular providers were shut down by BART authorities to try and disrupt a protest. That's not active jamming, so most likely, not an FCC issue. There are other >areas of concern, however, such as 1st amendment violations, abuse of authority, potential civil liability if anyone was unable to reach 911 in an expected manner, etc.
Owen
On 10/10/14 01:02, Naslund, Steve wrote:
Yes, the BART case is different because we are talking about a public safety functionality. It really does not even matter who owns the repeaters. Let's say one of the carriers suddenly shuts down their very own cell sites to purposely deny public service. You can almost guarantee that an FCC enforcement action will result because carriers have a public safety responsibility. The state communications commission could even pull your license for that and the FCC could ultimately pull your spectrum licenses for using a public resource in a way not beneficial to the public. BART disrupting cell repeaters is tantamount to you doing anything to disrupt 911 service which is illegal whether you own the gear or not. I don't know what the exact rule currently is but I'm sure it would take someone like Homeland Security to shut down a cellular network for "national security" reasons. For example, interrupting a cellular bomb detonator or a coordinated terrorist attack. The legal concept of "greater good" comes into effect at that point.
As a common carrier, I know I would not shut down anything that affects 911 service deliberately without either the proper notifications taking place or a federal court order in my hand (and it better be federal because those are the laws you are asking me to throw out here). The funny thing about cell service (or repeaters in this case) is that there isn't usually a mandate to provide coverage in any particular area but once you provide it you are on the hook to maintain it and not purposely disrupt it. Again, it is the intent in this case that matters. If BART had a maintenance problem or the equipment was damaged, they would be off the hook but they purposely interrupted the service to deny communications services to a group of users. Cell sites go down all the time for maintenance scheduled or otherwise but if you are doing it to purposely deny service, it's another story. Again, intent matters...a lot.
I definitely see abuse of authority (not really a criminal act in itself, but not nice for sure) and for sure civil liability, not so much a 1st Amendment issue since the government is under no real obligation to give you the means to communicate (like repeaters). It's the 911 service disruption that is most criminal here.
Steve
However, that's not what was being discussed in the BART example. In this case, repeaters with unclear ownership operated by cellular providers were shut down by BART authorities to try and disrupt a protest. That's not active jamming, so most likely, not an FCC issue. There are other >areas of concern, however, such as 1st amendment violations, abuse of authority, potential civil liability if anyone was unable to reach 911 in an expected manner, etc. Owen
see if you can get tor browser to work... download it from torproject.org
On Sun, Oct 5, 2014 at 7:13 PM, Brett Frankenberger <rbf+nanog@panix.com> wrote:
(What's your position on a case where someone puts up, say, a continuous carrier point-to-point system on the same channel as an existing WiFi system that is now rendered useless by the p-to-p system that won't share the spectrum? Illegal or Legal? And do you think the text above is unambiguous on that point?)
Not how 802.11 works. Put up another transmitter on a different SSID and it raises the noise floor for everybody. It doesn't render the frequency useless. Remember, we got 2.4ghz in the first place because the huge signal interference from microwave ovens and -rain- had already rendered it useless. Until spread spectrum came along. Regards, Bill Herrin -- William Herrin ................ herrin@dirtside.com bill@herrin.us Owner, Dirtside Systems ......... Web: <http://www.dirtside.com/> May I solve your unusual networking challenges?
participants (17)
-
Brandon Ross -
Brett Frankenberger -
Chris Marget -
Clay Fiske -
Doug Barton -
Hugo Slabbert -
Jay Ashworth -
Jay Hennigan -
Jimmy Hess -
Joe Greco -
Matthew Petach -
Michael Thomas -
Naslund, Steve -
Owen DeLong -
Paige Thompson -
Robert Webb -
William Herrin