Hide Techdirt is off for the long weekend! We'll be back with our regular posts tomorrow.

No, The FCC Is Not (Intentionally) Trying To Kill Third-Party Wi-Fi Router Firmware

from the unintended-consequences dept

For a few months now a rumor has been circulating that the FCC is intentionally planning to ban third-party custom router firmware. Wi-Fi hobbyists (and people who just like a little more control over devices they own) have long used custom, open source firmware like DD-WRT or Open-WRT to bring some additional functionality to their devices, with the added bonus of replacing clunky router GUIs. Custom firmware is also handy in an age when companies like to force firmware upgrades that either eliminate useful functionality, or add cloud-features and phone-home mechanisms a user may not be comfortable with.

But at last July’s BattleMesh 8 event, Wi-Fi enthusiasts noticed the clunky wording of an FCC NPRM (notice of proposed rulemaking) discussing the FCC’s plan to modify the rules governing RF devices. The NPRM in question (pdf), like all NPRMs, is basically the FCC’s way of fielding questions about potential rule changes. It’s important to understand no rules have actually been passed yet before committing gadget-nerd seppuku.

It’s also important to note the FCC’s motivation here is primarily safety, not to be a bureaucratic hardware-enthusiast buzzkill factory. The FAA found some illegally modified equipment operating in the unlicensed bands was interfering with terrestrial doppler weather radar (TDWR) at airports, and pushed the FCC to update its rules governing radios accordingly. But with many routers having systems-on-a-chip (SOC) where the radio isn’t fully distinguishable from other hardware, Wi-Fi hobbyists are worried that a ban on modifying a device’s radio could result in a blanket ban on modifying the device:

“Like all government regulations, the law of unintended consequences rears its ugly head, and the proposed rules effectively ban Open Source router firmware. The rules require all relevant devices to implement software security to ensure the radios of devices operating in this band cannot be modified. Because of the economics of cheap routers, nearly every router is designed around a System on Chip ? a CPU and radio in a single package. Banning the modification of one inevitably bans the modification of the other, and eliminates the possibility of installing proven Open Source firmware on any device.

And these concerns aren’t entirely unjustified, thanks to a few troubling phrases buried in both the NPRM itself, and previous FCC guidance (pdf), which asks vendors questions like:

“What prevents third parties from loading non-US versions of the software/firmware on the device? Describe in detail how the device is protected from ?flashing? and the installation of third-party firmware such as DD-WRT.

So yes, it’s understandable that sloppy FCC engineer wording has some people nervous. But as folks like Stanford lawyer and software engineer Jonathan Mayer have noted, shitty wording during a conversation about potential rules does not automatically equate to shitty rules. Meanwhile, one needs to apply some common sense, and ask if an agency on a uncharacteristic pro-consumer tear — fresh from a battle over one of the most important open platform fights of our time (net neutrality) — would seriously think that banning all personal hardware freedom is a nifty follow up.

Curiously nobody seems to have asked the FCC what they think about all of this. So I asked, and the FCC offered me this admittedly clunky statement (note the underlined bit):

“(FCC rules) require that the devices must ensure that under all circumstances they comply with the rules. The majority of the devices have software that is used to control the functionality of the hardware for parameters which can be modified and in turn have an impact on the compliance of devices. Our rules do permit radios to be approved as Software Defined Radios (SDRs) where the compliance is ensured based on having secure software which cannot be modified. The (FCC’s) position is that versions of this open source software can be used as long as they do not add the functionality to modify the underlying operating characteristics of the RF parameters. It depends on the manufacturer to provide us the information at the time of application on how such controls are implemented. We are looking for manufacturers of routers to take more responsibility to ensure that the devices cannot be easily modified.”

So in essence the FCC is saying that third-party firmware is just fine, just as long as it’s not pushing the radio outside of legally-mandated parameters and causing a safety hazard. I also talked a little bit about the FCC’s plan with Public Knowledge lawyer and FCC wireless policy guru Harold Feld, who spends more time wading through FCC NPRMs and telecom policy wonkery than any expert I know. Feld agrees that killing custom firmware isn’t the FCC’s intentional goal. That said, he’s also quick to note there’s still reason for concern if the rules aren’t crystal clear:

“This is, of course, why the FCC does notices of proposed rulemaking and seeks comment from the parties and affected stakeholders. Especially on technical engineering matters like this, it isn’t a matter of something being baked already. The FCC is responding here to a real world issue: we had problems with illegally modified equipment interfering with terrestrial doppler weather radar (TDWR) at airports. Naturally the FAA freaked out, and the FCC responded to this actual real world concern.

But at the same time, we don’t want the FCC to accidentally write rules that are over-broad or subject to misinterpretation by companies. The real concern here is not some government conspiracy to wipe out open source or mandate encryption. The real worry is that major chip manufacturers will respond by saying “the easiest thing for us to do is lock down all the middleware rather than worry about where to draw the line.” That would potentially kill a lot of innovation and valuable uses.”

The nifty part? This being an open conversation, the FCC is fielding comments on the proposed rule changes. And if you’re a hardware owner looking to protect your right to modify devices you own, you can head here to comment on the NPRM at the FCC website. You can also file a comment in the Federal Register, but need to do so before midnight, September 8.

Update: It appears the FCC decided to begin Labor Day weekend backend system upgrades shortly after this story was posted, meaning their public comment system is offline until next week. Fortunately it appears that the comment deadline had previously been extended, and users concerned about the FCC’s upcoming rules regarding third party open source firmware have until October 9 to make their voices heard.

Filed Under: , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “No, The FCC Is Not (Intentionally) Trying To Kill Third-Party Wi-Fi Router Firmware”

Subscribe: RSS Leave a comment
37 Comments
Ninja (profile) says:

Some routers are next to useless with their original firmwares. But usually even if the stock firmware is satisfactory, good 3rd party firmware such as tomato or dd-wrt can produce little miracles. I had a wrt54 from Linksys a while back and it was already a tad old but dd-wrt gave it a fresh start. For me it felt like I had bought a new router. Since then I always look for firmware alternatives for my routers (or those I get to config).

Still, I find it a little troubling:

We are looking for manufacturers of routers to take more responsibility to ensure that the devices cannot be easily modified.”

This is incredibly broad wording. They mean they want manufacturers to take steps to prevent firmware from making the devices send waves at a higher output than safety guidelines (as far as I can see) but this can be done by physically limiting the output to the desired power levels. If the proposals are better worded then firmware will be left alone to be changed and tinkered at will. Public participation is imperative if we want better regulations and laws.

Machin Shin (profile) says:

Re: Re:

“They mean they want manufacturers to take steps to prevent firmware from making the devices send waves at a higher output than safety guidelines (as far as I can see) but this can be done by physically limiting the output to the desired power levels.”

There are issues though with trying to physically limit that. There are cases where you can legally go above what is normally allowed. For example, if your using directional antennas and building a point to point wifi connection you are allowed to use more power than if your just blasting out in all directions.

Talking of antennas though, the antennas make it hard to physically limit the power of the broadcast because if you change the antenna you can change the broadcast power even though the internal chip thinks it is sending the same amount.

I’m sure there are some others that can explain this far better than me. Personally, I’m right around that area of knowledge where you could say, “I know just enough to be dangerous”.

Anonymous Coward says:

Re: Re: Re:

The term you are looking for is ERP, that is effective radiated power. This the power that would be required with an omnidirectional aerial required to give the same signal strength at a receiver as it sees when targeted by the directional aerial. This number is useful in radio work because it allows calculation or estimation, of how far away the directional signal can be received in the direction the aerial is pointed.

Ninja (profile) says:

Re: Re: Re:

I thought about it but I’ve seen those types of antennas and they usually have an amplifier built in (or at least the ones I saw had). Not sure if it is lawful but doesn’t it fix the issue? The router provides a determined limit, the directional antenna amplifies it? I’m in the hypothetical field here so feel free to correct me.

Machin Shin (profile) says:

Re: Re: Re: Re:

A directional antenna will increase the broadcast power even without an amplifier being built in. It is because the power is being directed instead of just going everywhere, as a result it is much stronger in that one direction.

Kind of like how you take a Mag light and remove the top, the light shines in all directions but pretty weak. You put the reflector on it and suddenly it seems much more powerful in the direction that you point it, but the power output at the light bulb is the same.

Derek Kerton (profile) says:

Re: Re:

The wrt54 was THE main target router, where dd-WRT could stretch its legs to its full functionality. The wrt54 was huge in its day, and had the most volume of sales, plus it was hackable!

It is still a favorite for this reason, but of course, better hardware has supplanted it.

Now, many OEMs like Asus basically use DD-WRT as their firmware, just a branded version.

Anonymous Coward says:

Given how the anti-circumvention laws have been abused by manufacturers, and their preparedness to abuse the legal system to stop people modifying what they sold them, this could still be a law open to abuse. Being compliant with the law is not a lot of help if your options are stop when threatened or end up bankrupt because your attacker will keep a lawsuit going as long as possible through the appeals process.

beltorak (profile) says:

> The (FCC’s) position is that versions of this open source software can be used as long as they do not add the functionality to modify the underlying operating characteristics of the RF parameters.

The problem with *this* wording is that the capability *does* exist in the hardware. Software defined radios are about all that exist any more, and what’s legal in one jurisdiction is illegal in another. Japan’s “channel 14” for WiFi is a great example.

So at best it still seems like overbroad, sloppy thinking. Another case of trying to ban a tool that has legitimate uses, instead of addressing the instances of bad behavior.

Nop (profile) says:

“So in essence the FCC is saying that third-party firmware is just fine, just as long as it’s not pushing the radio outside of legally-mandated parameters and causing a safety hazard.”

I’m a former modem designer. The problem is that the easiest way for the OEM to meet that requirement – & show the FCC compliance people that they’ve met it, is to lock down the firmware so that it can’t be updated. This is why people are, rightly, freaking out about this.

TwelveBaud (profile) says:

you can head here to comment on the NPRM at the FCC website. You can also file a comment in the Federal Register, but need to do so before midnight, September 8.

Umm, no, you can’t. By some mysterious coincidence, the FCC has taken their docketing, comment filing, et cetera, Web apps offline until 8AM, September 8.

Oh, and while I have you here…

Our rules do permit radios to be approved as Software Defined Radios (SDRs) where the compliance is ensured based on having secure software which cannot be modified. The (FCC’s) position is that versions of this open source software can be used as long as they do not add the functionality to modify the underlying operating characteristics of the RF parameters.

It looks like that statement says they’re cool with things like OpenBTS and Osmocom, which use software-defined radios to emulate cell towers, and other similar projects. But most consumer-grade WiFi base stations aren’t commonly considered software-defined radios and aren’t submitted for approval under SDR rules.

Christopher Waid (user link) says:

Things are as bad as they were proported to be

I take issue with saying this is being blown out of proportion. The savewifi.org campaign has been working with developers from Qualcomm, legal experts who have dealt with past FCC rules, one of the largest router manufacturers, OpenWRT, LibreCMC/LibreWRT, the FSF, the EFF, ThinkPenguin, and other impacted parties. And it won’t just impact routers either and is likely to extend to laptops and other devices.

As one of the people who’ve been working on the http://www.savewifi.org campaign for a month I know that the time to act on this was last year when prior related rules were passed. The community has entirely missed the boat on this and there are already rules that will turn things upside down.

Regardless of what is the intent the practical outcome is that companies are already being forced to lock down devices. Routers which are now shipping are coming with digital locks in place and replacing the firmware isn’t possible without special equipment to directly overwrite the flash chips.

There is a lot of confusion going on about the rules because there are multiple rules and multiple deadlines. There is also Europe and Canada which are also planning to pass identical or similar rules.

Nobody has suggested that this is a conspiracy. What is serious is the impact the rules which have already passed will have and those which are being proposed now. Go to http://www.savewifi.org and comment on the current propose rules so that we have a chance at influcening the FCC’s decision on the final rules.

Once all this is done we have further work in Canada, Europe, and the United States to get rules stopped there and rules already passed overturned in the United States.

Christopher Waid (user link) says:

Deadline has been extended

I also have one other comment to make about the FCC comment period. The FCC comment site is going down this week. It’ll be down until September 8th. The comment period was automatically extended to September 9th. However thanks to to the work of various parties being impacted there has been a further extension until October 9, 2015 and November 9, 2015.

https://www.federalregister.gov/articles/2015/09/01/2015-21634/extension-of-time-for-comments-on-equipment-authorization

“Starting Wednesday, September 2nd at 6pm EDT, interactive public-facing
web applications hosted at the FCC will not be available. We will work
to have these web applications upgraded and available again by the
morning of 8am EDT on Tuesday, September 8th.”

So from September 9th to October 9th people should be able to file
comments directly through the FCC website. “Electronic Filers: Comments
may be filed electronically using the Internet by accessing the ECFS:
.”

Obviously the fjallfoss.fcc.gov/ecfs2 site above will not work since it
is not yet September 9th.

Sheogorath (profile) says:

You forgot to underline something

“We are looking for manufacturers of routers to take more responsibility to ensure that the devices cannot be easily modified.”
That’s the FCC basically saying they won’t be banning users from doing what they want with the equipment they bought. If you’d underlined that as well, it would help to calm the panic.

Kythyria says:

I’d say this is a perfect application for those one time programmable flags some chips have. Design the radio chip to read its limits from a bunch of those.

Then you can program them in the factory without having to have a bunch of different boards for different regions.

Unfortunately, such radios probably don’t exist… but chips with facilities to restrict to manufacturer-approved firmware do.

Moritz says:

There is a German saying:

“Gut gemeint ist das Gegenteil von gut gemacht.”

Translates to “A good intention is the opposite of well done.”

I don’t believe in the good intentions of all involved parties, but even if you would do so this piece of … opens the door for all those who want to ban open Projects like Freifunk etc.

You cannot make sure that the RF parameters stay in a valid Range, if you allow custom firmware. So requiring the manufacturer to make sure that nobody can modify the Firmware to make something harmful will result in making it impossible for me to run OpenWRT and Cyanogenmod. Collateral demage.

If that really becomes law that you are not allowed to build hardware that allows the user to do bad things then I promise I’ll do my very best to proove that all products can be altered that way. Then we can sue all manufacturers that we don’t like. And by the way: Why just stop at RF devices for such a law? I’d like to see Heckler&Koch explaining why their devices cannot be used to harm People or the safety in international air traffic.

Ashkan says:

not so true

The Commission proposed to eliminate exceptions to the principle that certified devices could not be modified by third parties unless the third party receives its own certification. It proposed to revise § 2.909(d), which allows a new party that performs device modifications without the consent of the original grantee to become responsible for the compliance by labeling the device with a statement indicating it was modified, with the requirement that the party obtain a new grant of certification.

Edi (profile) says:

cs go account

Group of talented Counter Strike: Global Offensive players
Our csgo accounts service has been created by group of talented Counter Strike: Global Offensive players, who reached global elite rank at their main csgo accounts and now we decided to go in for cs go account rank boost. cs24h.com provide fast and safe creating of cs go accounts for our clients. You can purchase a fresh cs go unranked account for a lower price, thanks to our game providers, or you can purchase cs go account with a selected rank. All cs go accounts are delivered within 20 minutes. If you have any questions concerning accounts please feel free to contact us on SKYPE . Every cs go accounts provided by us are made by hand with no use of any kind of 3rd party software. So there is NO POSSIBILITY TO GET VAC BAN

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...