No, The FCC Is Not (Intentionally) Trying To Kill Third-Party Wi-Fi Router Firmware
from the unintended-consequences dept
For a few months now a rumor has been circulating that the FCC is intentionally planning to ban third-party custom router firmware. Wi-Fi hobbyists (and people who just like a little more control over devices they own) have long used custom, open source firmware like DD-WRT or Open-WRT to bring some additional functionality to their devices, with the added bonus of replacing clunky router GUIs. Custom firmware is also handy in an age when companies like to force firmware upgrades that either eliminate useful functionality, or add cloud-features and phone-home mechanisms a user may not be comfortable with.But at last July's BattleMesh 8 event, Wi-Fi enthusiasts noticed the clunky wording of an FCC NPRM (notice of proposed rulemaking) discussing the FCC's plan to modify the rules governing RF devices. The NPRM in question (pdf), like all NPRMs, is basically the FCC's way of fielding questions about potential rule changes. It's important to understand no rules have actually been passed yet before committing gadget-nerd seppuku.
It's also important to note the FCC's motivation here is primarily safety, not to be a bureaucratic hardware-enthusiast buzzkill factory. The FAA found some illegally modified equipment operating in the unlicensed bands was interfering with terrestrial doppler weather radar (TDWR) at airports, and pushed the FCC to update its rules governing radios accordingly. But with many routers having systems-on-a-chip (SOC) where the radio isn't fully distinguishable from other hardware, Wi-Fi hobbyists are worried that a ban on modifying a device's radio could result in a blanket ban on modifying the device:
"Like all government regulations, the law of unintended consequences rears its ugly head, and the proposed rules effectively ban Open Source router firmware. The rules require all relevant devices to implement software security to ensure the radios of devices operating in this band cannot be modified. Because of the economics of cheap routers, nearly every router is designed around a System on Chip – a CPU and radio in a single package. Banning the modification of one inevitably bans the modification of the other, and eliminates the possibility of installing proven Open Source firmware on any device.And these concerns aren't entirely unjustified, thanks to a few troubling phrases buried in both the NPRM itself, and previous FCC guidance (pdf), which asks vendors questions like:
"What prevents third parties from loading non-US versions of the software/firmware on the device? Describe in detail how the device is protected from “flashing” and the installation of third-party firmware such as DD-WRT.So yes, it's understandable that sloppy FCC engineer wording has some people nervous. But as folks like Stanford lawyer and software engineer Jonathan Mayer have noted, shitty wording during a conversation about potential rules does not automatically equate to shitty rules. Meanwhile, one needs to apply some common sense, and ask if an agency on a uncharacteristic pro-consumer tear -- fresh from a battle over one of the most important open platform fights of our time (net neutrality) -- would seriously think that banning all personal hardware freedom is a nifty follow up.
Curiously nobody seems to have asked the FCC what they think about all of this. So I asked, and the FCC offered me this admittedly clunky statement (note the underlined bit):
"(FCC rules) require that the devices must ensure that under all circumstances they comply with the rules. The majority of the devices have software that is used to control the functionality of the hardware for parameters which can be modified and in turn have an impact on the compliance of devices. Our rules do permit radios to be approved as Software Defined Radios (SDRs) where the compliance is ensured based on having secure software which cannot be modified. The (FCC's) position is that versions of this open source software can be used as long as they do not add the functionality to modify the underlying operating characteristics of the RF parameters. It depends on the manufacturer to provide us the information at the time of application on how such controls are implemented. We are looking for manufacturers of routers to take more responsibility to ensure that the devices cannot be easily modified."So in essence the FCC is saying that third-party firmware is just fine, just as long as it's not pushing the radio outside of legally-mandated parameters and causing a safety hazard. I also talked a little bit about the FCC's plan with Public Knowledge lawyer and FCC wireless policy guru Harold Feld, who spends more time wading through FCC NPRMs and telecom policy wonkery than any expert I know. Feld agrees that killing custom firmware isn't the FCC's intentional goal. That said, he's also quick to note there's still reason for concern if the rules aren't crystal clear:
"This is, of course, why the FCC does notices of proposed rulemaking and seeks comment from the parties and affected stakeholders. Especially on technical engineering matters like this, it isn't a matter of something being baked already. The FCC is responding here to a real world issue: we had problems with illegally modified equipment interfering with terrestrial doppler weather radar (TDWR) at airports. Naturally the FAA freaked out, and the FCC responded to this actual real world concern.The nifty part? This being an open conversation, the FCC is fielding comments on the proposed rule changes. And if you're a hardware owner looking to protect your right to modify devices you own, you can head here to comment on the NPRM at the FCC website. You can also file a comment in the Federal Register, but need to do so before midnight, September 8.
But at the same time, we don't want the FCC to accidentally write rules that are over-broad or subject to misinterpretation by companies. The real concern here is not some government conspiracy to wipe out open source or mandate encryption. The real worry is that major chip manufacturers will respond by saying "the easiest thing for us to do is lock down all the middleware rather than worry about where to draw the line." That would potentially kill a lot of innovation and valuable uses."
Update: It appears the FCC decided to begin Labor Day weekend backend system upgrades shortly after this story was posted, meaning their public comment system is offline until next week. Fortunately it appears that the comment deadline had previously been extended, and users concerned about the FCC's upcoming rules regarding third party open source firmware have until October 9 to make their voices heard.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
Still, I find it a little troubling:
We are looking for manufacturers of routers to take more responsibility to ensure that the devices cannot be easily modified."
This is incredibly broad wording. They mean they want manufacturers to take steps to prevent firmware from making the devices send waves at a higher output than safety guidelines (as far as I can see) but this can be done by physically limiting the output to the desired power levels. If the proposals are better worded then firmware will be left alone to be changed and tinkered at will. Public participation is imperative if we want better regulations and laws.
[ link to this | view in chronology ]
Re:
There are issues though with trying to physically limit that. There are cases where you can legally go above what is normally allowed. For example, if your using directional antennas and building a point to point wifi connection you are allowed to use more power than if your just blasting out in all directions.
Talking of antennas though, the antennas make it hard to physically limit the power of the broadcast because if you change the antenna you can change the broadcast power even though the internal chip thinks it is sending the same amount.
I'm sure there are some others that can explain this far better than me. Personally, I'm right around that area of knowledge where you could say, "I know just enough to be dangerous".
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
Kind of like how you take a Mag light and remove the top, the light shines in all directions but pretty weak. You put the reflector on it and suddenly it seems much more powerful in the direction that you point it, but the power output at the light bulb is the same.
[ link to this | view in chronology ]
Re:
It is still a favorite for this reason, but of course, better hardware has supplanted it.
Now, many OEMs like Asus basically use DD-WRT as their firmware, just a branded version.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Rules are rules
[ link to this | view in chronology ]
Re: Rules are rules
[ link to this | view in chronology ]
Re: Re: Rules are rules
It's certainly easier for a hardware manufacturer to disable all unsigned firmware than it is to ensure that third party firmware can affect feature X but not feature Y (where feature Y includes antenna boost, channels offered), particularly when manufacturer first party firmware needs to affect parameters for feature Y.
[ link to this | view in chronology ]
FCC site down
[ link to this | view in chronology ]
The problem with *this* wording is that the capability *does* exist in the hardware. Software defined radios are about all that exist any more, and what's legal in one jurisdiction is illegal in another. Japan's "channel 14" for WiFi is a great example.
So at best it still seems like overbroad, sloppy thinking. Another case of trying to ban a tool that has legitimate uses, instead of addressing the instances of bad behavior.
[ link to this | view in chronology ]
Gotta wonder
With a stick of RAM?
[ link to this | view in chronology ]
I'm a former modem designer. The problem is that the easiest way for the OEM to meet that requirement - & show the FCC compliance people that they've met it, is to lock down the firmware so that it can't be updated. This is why people are, rightly, freaking out about this.
[ link to this | view in chronology ]
Oh, and while I have you here... It looks like that statement says they're cool with things like OpenBTS and Osmocom, which use software-defined radios to emulate cell towers, and other similar projects. But most consumer-grade WiFi base stations aren't commonly considered software-defined radios and aren't submitted for approval under SDR rules.
[ link to this | view in chronology ]
Re:
You can still fax in your comments or phone them in, right? I realize this isn't the most convenient scenario, but a way to comment is a way to comment.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Things are as bad as they were proported to be
As one of the people who've been working on the www.savewifi.org campaign for a month I know that the time to act on this was last year when prior related rules were passed. The community has entirely missed the boat on this and there are already rules that will turn things upside down.
Regardless of what is the intent the practical outcome is that companies are already being forced to lock down devices. Routers which are now shipping are coming with digital locks in place and replacing the firmware isn't possible without special equipment to directly overwrite the flash chips.
There is a lot of confusion going on about the rules because there are multiple rules and multiple deadlines. There is also Europe and Canada which are also planning to pass identical or similar rules.
Nobody has suggested that this is a conspiracy. What is serious is the impact the rules which have already passed will have and those which are being proposed now. Go to www.savewifi.org and comment on the current propose rules so that we have a chance at influcening the FCC's decision on the final rules.
Once all this is done we have further work in Canada, Europe, and the United States to get rules stopped there and rules already passed overturned in the United States.
[ link to this | view in chronology ]
Re: Things are as bad as they were proported to be
Yeah I'm really not saying this is being blown out of proportion.
I'm only taking issue with websites that reported that these rules were final (when this is an in-process NPRM), and those claiming the FCC is INTENTIONALLY trying to ban all third-party custom firmware.
Totally agree that the vague wording could be a HUGE problem.
People still believe the FCC is intentionally being malicious here, though I've been picking the brains of FCC-focused lawyers who claim that's conspiratorial thinking. If the FCC is engaged in a Machiavellian plot to intentionally ban all third-party firmware, I imagine that should make itself apparent pretty soon.
At which point I'll write up a follow up post admitting I'm a total sucker.
[ link to this | view in chronology ]
Re: Re: Things are as bad as they were proported to be
It doesn't matter in the slightest what the intention is. I'm sure that the people who framed the kiddy-porn laws didn't intend them to be used to prosecute 15 year old kids for sexting their boyfriends, & put them on Sex Offender registries for the rest of their lives, but that's how they're being used anyway. I doubt that the people who wrote the DMCA intended it to be used as a stick to bully small content-creators, or as a way to eliminate Fair Use, but there are stories every week on this site about it being used in those ways.
With laws & regulations, 'intent' doesn't matter.
[ link to this | view in chronology ]
Re: Re: Re: Things are as bad as they were proported to be
http://www.telegraph.co.uk/news/uknews/3333366/Half-of-councils-use-anti-terror-laws-to-spy-on- bin-crimes.html
[ link to this | view in chronology ]
Re: Re: Re: Things are as bad as they were proported to be
Absolutely it does. If the INTENTION isn't malicious, it's much more likely you can get the government to listen to reason and change the wording during the NPRM.
If the intention IS malicious, they're much less likely to field public input since the government heart wants...what the government heart wants.
[ link to this | view in chronology ]
Re: Re: Re: Re: Things are as bad as they were proported to be
Their motivation is "broadcast on disallowed frequencies and at excessive power must not be allowed." The easiest and simplest way to achieve that goal is to disallow unsigned firmware-- it's the suggestion offered in the FCC technical document itself. Unless the FCC for some reason mandates allowing third party firmware (while banning third party firmware that affects certain radio features), then it will lead to less third party firmware allowed.
Not because they're being malicious, but because the consider following their rules on spectrum to be more important than allowing third party firmware.
[ link to this | view in chronology ]
Deadline has been extended
https://www.federalregister.gov/articles/2015/09/01/2015-21634/extension-of-time-for-comments-o n-equipment-authorization
"Starting Wednesday, September 2nd at 6pm EDT, interactive public-facing
web applications hosted at the FCC will not be available. We will work
to have these web applications upgraded and available again by the
morning of 8am EDT on Tuesday, September 8th."
So from September 9th to October 9th people should be able to file
comments directly through the FCC website. "Electronic Filers: Comments
may be filed electronically using the Internet by accessing the ECFS:
."
Obviously the fjallfoss.fcc.gov/ecfs2 site above will not work since it
is not yet September 9th.
[ link to this | view in chronology ]
Re: Deadline has been extended
[ link to this | view in chronology ]
You forgot to underline something
That's the FCC basically saying they won't be banning users from doing what they want with the equipment they bought. If you'd underlined that as well, it would help to calm the panic.
[ link to this | view in chronology ]
Re: You forgot to underline something
It's tomato, tomahto depending on your political beliefs and what part of the government you're used to dealing with.
[ link to this | view in chronology ]
Re: Re: You forgot to underline something
If I believe that government intentions were what mattered, I would favor more government than I do. Most of the people I know who are skeptical of government actions don't think that it's because of malicious intent, but because of unfortunate consequences of perfectly benign intent. The people who make up the government, and the majority who vote them in, simply weigh things differently from the minority and can't imagine why the minority would even object.
[ link to this | view in chronology ]
Re: Re: You forgot to underline something
[ link to this | view in chronology ]
FCC is concerned about RF interference?
[ link to this | view in chronology ]
And most routers do not have combined radio and SOC. There is a huge problem because without the radio source you cannot update the version of Linux kernel used without a huge amount of work. It is already causing problems.
[ link to this | view in chronology ]
Then you can program them in the factory without having to have a bunch of different boards for different regions.
Unfortunately, such radios probably don't exist... but chips with facilities to restrict to manufacturer-approved firmware do.
[ link to this | view in chronology ]
There is a German saying:
Translates to "A good intention is the opposite of well done."
I don't believe in the good intentions of all involved parties, but even if you would do so this piece of ... opens the door for all those who want to ban open Projects like Freifunk etc.
You cannot make sure that the RF parameters stay in a valid Range, if you allow custom firmware. So requiring the manufacturer to make sure that nobody can modify the Firmware to make something harmful will result in making it impossible for me to run OpenWRT and Cyanogenmod. Collateral demage.
If that really becomes law that you are not allowed to build hardware that allows the user to do bad things then I promise I'll do my very best to proove that all products can be altered that way. Then we can sue all manufacturers that we don't like. And by the way: Why just stop at RF devices for such a law? I'd like to see Heckler&Koch explaining why their devices cannot be used to harm People or the safety in international air traffic.
[ link to this | view in chronology ]
Re: There is a German saying:
[ link to this | view in chronology ]
not so true
[ link to this | view in chronology ]
cs go account
Our csgo accounts service has been created by group of talented Counter Strike: Global Offensive players, who reached global elite rank at their main csgo accounts and now we decided to go in for cs go account rank boost. cs24h.com provide fast and safe creating of cs go accounts for our clients. You can purchase a fresh cs go unranked account for a lower price, thanks to our game providers, or you can purchase cs go account with a selected rank. All cs go accounts are delivered within 20 minutes. If you have any questions concerning accounts please feel free to contact us on SKYPE . Every cs go accounts provided by us are made by hand with no use of any kind of 3rd party software. So there is NO POSSIBILITY TO GET VAC BAN
[ link to this | view in chronology ]