Forget the hotel Wi-Fi. Now that the Federal Communications Commission is cracking down on hotels and other businesses trying to force you to use their networks, it’s time to consider a more secure way to connect to the Internet.
The FCC warned businesses Tuesday that Wi-Fi blocking violates the Communications Act, and it’s an illegal move that it will be “aggressively investigating.”
“Protecting consumers from this kind of interference is a priority area for the FCC enforcement bureau,” said Chairman Tom Wheeler in astatement.
Wi-Fi blocking made headlines last October, after Marriott International agreed to pay a civil fine of $600,000 to resolve such an FCC probe. The investigation found that employees at Marriott’s Gaylord Opryland Resort and Convention Center in Nashville, Tennessee, had prevented guests from connecting to the Internet via their own Wi-Fi hotspots, while charging them for access to the hotel’s network.
According to the American Hotel and Lodging Association, just 11 percent of hotels charge for in-room Internet access, down from 23 percent in 2012. Fees can vary widely, with prices starting as low as $4 per day, or ranging up to $25 as part of a broader resort fee.
Some properties offer basic access for free, with a charge for more bandwidth; at Marriott, Rewards club members get free basic access and can pay $5 to $7 per day, depending on the market, for premium access.
The hotel group later petitioned the FCC for the ability to block guests’ personal Wi-Fi. “Marriott has a strong interest in ensuring that when our guests use our Wi-Fi service, they will be protected from rogue wireless hot spots that can cause degraded service, insidious cyberattacks and identity theft,” it said in a statement after the October ruling.
Security experts say the FCC’s reinforcement of consumer choice bodes well for those looking to keep their data secure. “Any time you’re connecting to a public network, whether it’s in a coffee shop, a bookstore or a hotel, there are some basic things you need to think about,” said Geoff Webb, senior director of solution strategy for security management firm NetIQ. Namely, whether there’s someone else with malicious intent using the same network to grab some of the data you’re transmitting.
“A lot of these connections are relatively secure,” he said. But “there’s a risk that you don’t know who’s listening in.”
More hotels are expected to offer free Wi-Fi to guests this year. Marriott began offering all Rewards club members basic free Wi-Fi earlier this month, with elite members getting a faster connection.Starwood Hotels & Resorts and Hyatt Hotels also have plans to expand guest access to free Wi-Fi access this spring.
Consumers planning to use one of those hotel or other public networks could benefit from a virtual private network, or VPN, said Ryan Olson, Unit 42 intelligence director for security firm Palo Alto Networks. VPNs encrypt all data going to or from your computer, helping protect you from anyone eavesdropping.
Plenty of companies offer that protection for traveling employees to secure business communications; consumers can sign up for free or low-cost VPN services such as Hotspot Shield Elite, proXPN or VPN Direct.
A better option might be the one that businesses have tried to block: Turning your phone into a personal hot spot to connect a laptop or other device to the Internet. (The logistics and cost will depend on your device, wireless carrier and data plan.) If you configure the connection securely, “those are definitely a better choice,” said Luke Klink, a security programs strategy consultant for Rook Security.
If you must use a public Wi-Fi network, make sure you have the right one. “There are tools out there that [hackers] can use to create access points that look just like the one you’re trying to get onto,” said Klink. Ask a hotel or coffee shop employee for the right network name and password to avoid joining a like-named rogue that will capture all the data you transmit.
Regardless of how secure you think the connection is, use caution when surfing anywhere that’s not home or work, said Olson. Skip online banking and other financial transactions, and avoid sending sensitive documents and emails. “If all you’re going to do is watch Netflix, that’s fine,” he said.