The Marriott hotel chain swears it has to force guests to keep using its expensive, creaky Wi-Fi connections because the alternative, personal hotspots, would open the door to cybercrooks. Too bad the argument is, at best, half-true. Hotels’ Internet monopolies may be hurting our security rather than helping it.
A recent FCC investigation found Marriott’s blocking of personal Wi-Fi devices to be “unlawful”—kind of like the hotel charging you for towels and banning any you brought yourself.
The hotelier’s practice “unjustifiably prevents consumers from enjoying services they have paid for and stymies the convenience and innovation associated with Wi-Fi Internet access,” the FCC added.
Marriott was forced to pay $600,000 in penalties for its Wi-Fi blocking—a black mark for a firm that advertises itself as “a 2014 World’s Most Ethical Company.” So now the company is asking the FCC to, in effect, reverse itself.
“Rogue wireless hotspots [c]an cause degraded service, insidious cyberattacks, and identity theft,” Marriott told the FCC in a recent petition.
But regulators may have a tough time accepting Marriott’s logic, in part because the hotelier’s assertion “conflates two different downsides implicated by Wi-Fi hotspots,” said Justin Brookman, the director of consumer privacy at the Center for Democracy and Technology.
Sure, there’s some chance of “diminished performance from Marriott’s own networks because of signal interference” from the hotspots, Brookman said. But that’s a different issue from “the potential for rogue hotspots set up by criminals to steal personal information from people who decide to log on to those networks.” And in either case, “the significant benefit from allowing Wi-Fi hotspots outweighs these concerns.”
In other words, Marriott is mixing up the quality of its product—the speed of hotel Internet—with its users’ basic security.
Which makes one wonder whether the hotel’s excuses are less about security than protecting the Internet monopoly on its premises. These days, charges for such service can range from $250 to $1,000 for conferences and rise to $20 daily for guests (one woman recently paid $366 for a day of high-speed Internet at a hotel in Cannes, according to The Telegraph), even for legendarily bad Wi-Fi.
Blocking hotspots is “just an economic move to control the connection so they can continue to command $15 per day for Wi-Fi and $10 per movie,” said Steven Sesar, the COO of FreedomPop, a wireless Internet provider. Sesar points out that hotels often block Netflix and other streaming platforms within the network so guests have no other option but to pay up.
“Personal hotspots are just that, personal,” Sesar continued. “If someone wants to ensure a direct and secure connection, no entity, whether a hotel or otherwise, should be able to block it.”
“The effort to try to cloak this as a security issue is kind of silly,” Harold Feld, with the consumer advocacy group Public Knowledge, told The Wall Street Journal.
Microsoft and Google agreed, jumping in on the side of consumers—and companies like Sesar’s—in the debate. (After all, these same consumers are using the tech giants’ products to get online.) In opposition filings to the FCC, the companies argued that the hotels’ legitimate managing of their own networks “does not include intentionally blocking access to other commission-authorized networks,” as Google wrote. “Particularly where the purpose or effect of that interference is to drive traffic to the interfering operator’s own network [often for a fee].”
Marriott, as well as Ryman Hospitality Properties, which supported the company’s disputation of the FCC investigation, did not offer additional information for this story beyond the formal FCC filings. Google and Microsoft also declined to comment.
In some ways, the Marriott Internet monopoly may be weakening its guests’ cybersecurity instead of strengthening it. Safety tips for using public hotel Wi-Fi networks, which might be open to thousands of people daily, include turning off automatic file-sharing, updating your firewall, and only accessing sites that use secure Web connections. But just one hotel guest (or potential hacker) switching their network card to “promiscuous mode” can give that guest the ability to intercept any unsecured data being sent from computers on the network. That could include private financial or personal information—like the credit-card numbers you used to pay for the corrupted Wi-Fi.
Marriott, with its deep history in the Mormon faith, portrays itself as a deeply ethical institution. “How we do business is just as important as the business we do,” the company recently said in a press release. It’s hard to square that sentiment with Marriott’s gouging of its guests—all while opening them up to possible electronic attacks.
The FCC investigation recently closed its comment period on the Marriott case. Next, filings like Google and Microsoft’s will be reviewed and the FCC staff will develop a recommendation for responding to the hotel’s petition to uphold its ability to block personal Wi-Fi. For now, the process is ongoing.
We’re already paying hundreds of dollars a month for smartphone data that we carry with us wherever we go. The added charge for access to hotel Wi-Fi is not only exploitative but increasingly irrelevant. Hotels either can choose to get on the users’ side and package dependable, secure Wi-Fi into the cost of rooms—or drift toward technological absurdity as we come to depend on third parties that fulfill our needs better. “Personal hotspots can get speeds of up to 60 Mb/s down, whereas hotel Wi-Fi can be as slow as 1.5 Mb/s,” Sesar said.
These days, many hotels don’t even charge for Internet, because they know their clients won’t spring for it. Companies like Marriott are still riding on the bet that guests won’t catch on to how bad a deal they’re getting. Users “should be allowed to use these devices and services the way they were intended,” Brookman says. “Otherwise, they’re stuck paying often egregious rates for poor hotel Wi-Fi that often works worse than the local networks their phones can create.”