No, The FCC Is Not (Intentionally) Trying To Kill Third-Party Wi-Fi Router Firmware
from the unintended-consequences dept
For a few months now a rumor has been circulating that the FCC is intentionally planning to ban third-party custom router firmware. Wi-Fi hobbyists (and people who just like a little more control over devices they own) have long used custom, open source firmware like DD-WRT or Open-WRT to bring some additional functionality to their devices, with the added bonus of replacing clunky router GUIs. Custom firmware is also handy in an age when companies like to force firmware upgrades that either eliminate useful functionality, or add cloud-features and phone-home mechanisms a user may not be comfortable with.
But at last July’s BattleMesh 8 event, Wi-Fi enthusiasts noticed the clunky wording of an FCC NPRM (notice of proposed rulemaking) discussing the FCC’s plan to modify the rules governing RF devices. The NPRM in question (pdf), like all NPRMs, is basically the FCC’s way of fielding questions about potential rule changes. It’s important to understand no rules have actually been passed yet before committing gadget-nerd seppuku.
It’s also important to note the FCC’s motivation here is primarily safety, not to be a bureaucratic hardware-enthusiast buzzkill factory. The FAA found some illegally modified equipment operating in the unlicensed bands was interfering with terrestrial doppler weather radar (TDWR) at airports, and pushed the FCC to update its rules governing radios accordingly. But with many routers having systems-on-a-chip (SOC) where the radio isn’t fully distinguishable from other hardware, Wi-Fi hobbyists are worried that a ban on modifying a device’s radio could result in a blanket ban on modifying the device:
“Like all government regulations, the law of unintended consequences rears its ugly head, and the proposed rules effectively ban Open Source router firmware. The rules require all relevant devices to implement software security to ensure the radios of devices operating in this band cannot be modified. Because of the economics of cheap routers, nearly every router is designed around a System on Chip ? a CPU and radio in a single package. Banning the modification of one inevitably bans the modification of the other, and eliminates the possibility of installing proven Open Source firmware on any device.
And these concerns aren’t entirely unjustified, thanks to a few troubling phrases buried in both the NPRM itself, and previous FCC guidance (pdf), which asks vendors questions like:
“What prevents third parties from loading non-US versions of the software/firmware on the device? Describe in detail how the device is protected from ?flashing? and the installation of third-party firmware such as DD-WRT.
So yes, it’s understandable that sloppy FCC engineer wording has some people nervous. But as folks like Stanford lawyer and software engineer Jonathan Mayer have noted, shitty wording during a conversation about potential rules does not automatically equate to shitty rules. Meanwhile, one needs to apply some common sense, and ask if an agency on a uncharacteristic pro-consumer tear — fresh from a battle over one of the most important open platform fights of our time (net neutrality) — would seriously think that banning all personal hardware freedom is a nifty follow up.
Curiously nobody seems to have asked the FCC what they think about all of this. So I asked, and the FCC offered me this admittedly clunky statement (note the underlined bit):
“(FCC rules) require that the devices must ensure that under all circumstances they comply with the rules. The majority of the devices have software that is used to control the functionality of the hardware for parameters which can be modified and in turn have an impact on the compliance of devices. Our rules do permit radios to be approved as Software Defined Radios (SDRs) where the compliance is ensured based on having secure software which cannot be modified. The (FCC’s) position is that versions of this open source software can be used as long as they do not add the functionality to modify the underlying operating characteristics of the RF parameters. It depends on the manufacturer to provide us the information at the time of application on how such controls are implemented. We are looking for manufacturers of routers to take more responsibility to ensure that the devices cannot be easily modified.”
So in essence the FCC is saying that third-party firmware is just fine, just as long as it’s not pushing the radio outside of legally-mandated parameters and causing a safety hazard. I also talked a little bit about the FCC’s plan with Public Knowledge lawyer and FCC wireless policy guru Harold Feld, who spends more time wading through FCC NPRMs and telecom policy wonkery than any expert I know. Feld agrees that killing custom firmware isn’t the FCC’s intentional goal. That said, he’s also quick to note there’s still reason for concern if the rules aren’t crystal clear:
“This is, of course, why the FCC does notices of proposed rulemaking and seeks comment from the parties and affected stakeholders. Especially on technical engineering matters like this, it isn’t a matter of something being baked already. The FCC is responding here to a real world issue: we had problems with illegally modified equipment interfering with terrestrial doppler weather radar (TDWR) at airports. Naturally the FAA freaked out, and the FCC responded to this actual real world concern.
But at the same time, we don’t want the FCC to accidentally write rules that are over-broad or subject to misinterpretation by companies. The real concern here is not some government conspiracy to wipe out open source or mandate encryption. The real worry is that major chip manufacturers will respond by saying “the easiest thing for us to do is lock down all the middleware rather than worry about where to draw the line.” That would potentially kill a lot of innovation and valuable uses.”
The nifty part? This being an open conversation, the FCC is fielding comments on the proposed rule changes. And if you’re a hardware owner looking to protect your right to modify devices you own, you can head here to comment on the NPRM at the FCC website. You can also file a comment in the Federal Register, but need to do so before midnight, September 8.
Update: It appears the FCC decided to begin Labor Day weekend backend system upgrades shortly after this story was posted, meaning their public comment system is offline until next week. Fortunately it appears that the comment deadline had previously been extended, and users concerned about the FCC’s upcoming rules regarding third party open source firmware have until October 9 to make their voices heard.
Comments on “No, The FCC Is Not (Intentionally) Trying To Kill Third-Party Wi-Fi Router Firmware”
Some routers are next to useless with their original firmwares. But usually even if the stock firmware is satisfactory, good 3rd party firmware such as tomato or dd-wrt can produce little miracles. I had a wrt54 from Linksys a while back and it was already a tad old but dd-wrt gave it a fresh start. For me it felt like I had bought a new router. Since then I always look for firmware alternatives for my routers (or those I get to config).
Still, I find it a little troubling:
We are looking for manufacturers of routers to take more responsibility to ensure that the devices cannot be easily modified.”
This is incredibly broad wording. They mean they want manufacturers to take steps to prevent firmware from making the devices send waves at a higher output than safety guidelines (as far as I can see) but this can be done by physically limiting the output to the desired power levels. If the proposals are better worded then firmware will be left alone to be changed and tinkered at will. Public participation is imperative if we want better regulations and laws.
Re: Re:
“They mean they want manufacturers to take steps to prevent firmware from making the devices send waves at a higher output than safety guidelines (as far as I can see) but this can be done by physically limiting the output to the desired power levels.”
There are issues though with trying to physically limit that. There are cases where you can legally go above what is normally allowed. For example, if your using directional antennas and building a point to point wifi connection you are allowed to use more power than if your just blasting out in all directions.
Talking of antennas though, the antennas make it hard to physically limit the power of the broadcast because if you change the antenna you can change the broadcast power even though the internal chip thinks it is sending the same amount.
I’m sure there are some others that can explain this far better than me. Personally, I’m right around that area of knowledge where you could say, “I know just enough to be dangerous”.
Re: Re: Re:
The term you are looking for is ERP, that is effective radiated power. This the power that would be required with an omnidirectional aerial required to give the same signal strength at a receiver as it sees when targeted by the directional aerial. This number is useful in radio work because it allows calculation or estimation, of how far away the directional signal can be received in the direction the aerial is pointed.
Re: Re: Re:
I thought about it but I’ve seen those types of antennas and they usually have an amplifier built in (or at least the ones I saw had). Not sure if it is lawful but doesn’t it fix the issue? The router provides a determined limit, the directional antenna amplifies it? I’m in the hypothetical field here so feel free to correct me.
Re: Re: Re: Re:
A directional antenna will increase the broadcast power even without an amplifier being built in. It is because the power is being directed instead of just going everywhere, as a result it is much stronger in that one direction.
Kind of like how you take a Mag light and remove the top, the light shines in all directions but pretty weak. You put the reflector on it and suddenly it seems much more powerful in the direction that you point it, but the power output at the light bulb is the same.
Re: Re:
The wrt54 was THE main target router, where dd-WRT could stretch its legs to its full functionality. The wrt54 was huge in its day, and had the most volume of sales, plus it was hackable!
It is still a favorite for this reason, but of course, better hardware has supplanted it.
Now, many OEMs like Asus basically use DD-WRT as their firmware, just a branded version.
Re: Re: Re:
Yeah, it was incredible. I had the G one but they said the GL was better to use with dd. I still have it at home but it’s a bit battered. It’s a backup for when/if my current router decides to give up.
Given how the anti-circumvention laws have been abused by manufacturers, and their preparedness to abuse the legal system to stop people modifying what they sold them, this could still be a law open to abuse. Being compliant with the law is not a lot of help if your options are stop when threatened or end up bankrupt because your attacker will keep a lawsuit going as long as possible through the appeals process.
Rules are rules
It doesn’t matter what the intention is; once a rule is promulgated, the enforcers will enforce it — particularly after an administration change.
Re: Rules are rules
That’s why participation is vital. As opposed to just standing around hand-wringing.
Re: Re: Rules are rules
Yes, though standing around telling people that there’s no problem is equally counterproductive.
It’s certainly easier for a hardware manufacturer to disable all unsigned firmware than it is to ensure that third party firmware can affect feature X but not feature Y (where feature Y includes antenna boost, channels offered), particularly when manufacturer first party firmware needs to affect parameters for feature Y.
FCC site down
Interesting… your link for FCC comments is down until the 8th
> The (FCC’s) position is that versions of this open source software can be used as long as they do not add the functionality to modify the underlying operating characteristics of the RF parameters.
The problem with *this* wording is that the capability *does* exist in the hardware. Software defined radios are about all that exist any more, and what’s legal in one jurisdiction is illegal in another. Japan’s “channel 14” for WiFi is a great example.
So at best it still seems like overbroad, sloppy thinking. Another case of trying to ban a tool that has legitimate uses, instead of addressing the instances of bad behavior.
Gotta wonder
“gadget-nerd seppuku”
With a stick of RAM?
“So in essence the FCC is saying that third-party firmware is just fine, just as long as it’s not pushing the radio outside of legally-mandated parameters and causing a safety hazard.”
I’m a former modem designer. The problem is that the easiest way for the OEM to meet that requirement – & show the FCC compliance people that they’ve met it, is to lock down the firmware so that it can’t be updated. This is why people are, rightly, freaking out about this.
Umm, no, you can’t. By some mysterious coincidence, the FCC has taken their docketing, comment filing, et cetera, Web apps offline until 8AM, September 8.
Oh, and while I have you here…
It looks like that statement says they’re cool with things like OpenBTS and Osmocom, which use software-defined radios to emulate cell towers, and other similar projects. But most consumer-grade WiFi base stations aren’t commonly considered software-defined radios and aren’t submitted for approval under SDR rules.
Re: Re:
Re: Re:
Yeah, it appears that they’ve shuttered their back-end systems to do a labor day weekend upgrade. Fortunately it looks like I missed the fact that the deadline for comment had previously been extended to October 9.
Things are as bad as they were proported to be
I take issue with saying this is being blown out of proportion. The savewifi.org campaign has been working with developers from Qualcomm, legal experts who have dealt with past FCC rules, one of the largest router manufacturers, OpenWRT, LibreCMC/LibreWRT, the FSF, the EFF, ThinkPenguin, and other impacted parties. And it won’t just impact routers either and is likely to extend to laptops and other devices.
As one of the people who’ve been working on the http://www.savewifi.org campaign for a month I know that the time to act on this was last year when prior related rules were passed. The community has entirely missed the boat on this and there are already rules that will turn things upside down.
Regardless of what is the intent the practical outcome is that companies are already being forced to lock down devices. Routers which are now shipping are coming with digital locks in place and replacing the firmware isn’t possible without special equipment to directly overwrite the flash chips.
There is a lot of confusion going on about the rules because there are multiple rules and multiple deadlines. There is also Europe and Canada which are also planning to pass identical or similar rules.
Nobody has suggested that this is a conspiracy. What is serious is the impact the rules which have already passed will have and those which are being proposed now. Go to http://www.savewifi.org and comment on the current propose rules so that we have a chance at influcening the FCC’s decision on the final rules.
Once all this is done we have further work in Canada, Europe, and the United States to get rules stopped there and rules already passed overturned in the United States.
Re: Things are as bad as they were proported to be
“I take issue with saying this is being blown out of proportion.”
Yeah I’m really not saying this is being blown out of proportion.
I’m only taking issue with websites that reported that these rules were final (when this is an in-process NPRM), and those claiming the FCC is INTENTIONALLY trying to ban all third-party custom firmware.
Totally agree that the vague wording could be a HUGE problem.
People still believe the FCC is intentionally being malicious here, though I’ve been picking the brains of FCC-focused lawyers who claim that’s conspiratorial thinking. If the FCC is engaged in a Machiavellian plot to intentionally ban all third-party firmware, I imagine that should make itself apparent pretty soon.
At which point I’ll write up a follow up post admitting I’m a total sucker.
Re: Re: Things are as bad as they were proported to be
It doesn’t matter in the slightest what the intention is. I’m sure that the people who framed the kiddy-porn laws didn’t intend them to be used to prosecute 15 year old kids for sexting their boyfriends, & put them on Sex Offender registries for the rest of their lives, but that’s how they’re being used anyway. I doubt that the people who wrote the DMCA intended it to be used as a stick to bully small content-creators, or as a way to eliminate Fair Use, but there are stories every week on this site about it being used in those ways.
With laws & regulations, ‘intent’ doesn’t matter.
Re: Re: Re: Things are as bad as they were proported to be
This one gets me all riled up…
http://www.telegraph.co.uk/news/uknews/3333366/Half-of-councils-use-anti-terror-laws-to-spy-on-bin-crimes.html
Re: Re: Re: Things are as bad as they were proported to be
“It doesn’t matter in the slightest what the intention is.”
Absolutely it does. If the INTENTION isn’t malicious, it’s much more likely you can get the government to listen to reason and change the wording during the NPRM.
If the intention IS malicious, they’re much less likely to field public input since the government heart wants…what the government heart wants.
Re: Re: Re:2 Things are as bad as they were proported to be
I agree that you shouldn’t think that the FCC is being malicious. It’s not about being malicious, it’s about unintended consequences.
Their motivation is “broadcast on disallowed frequencies and at excessive power must not be allowed.” The easiest and simplest way to achieve that goal is to disallow unsigned firmware– it’s the suggestion offered in the FCC technical document itself. Unless the FCC for some reason mandates allowing third party firmware (while banning third party firmware that affects certain radio features), then it will lead to less third party firmware allowed.
Not because they’re being malicious, but because the consider following their rules on spectrum to be more important than allowing third party firmware.
Deadline has been extended
I also have one other comment to make about the FCC comment period. The FCC comment site is going down this week. It’ll be down until September 8th. The comment period was automatically extended to September 9th. However thanks to to the work of various parties being impacted there has been a further extension until October 9, 2015 and November 9, 2015.
https://www.federalregister.gov/articles/2015/09/01/2015-21634/extension-of-time-for-comments-on-equipment-authorization
“Starting Wednesday, September 2nd at 6pm EDT, interactive public-facing
web applications hosted at the FCC will not be available. We will work
to have these web applications upgraded and available again by the
morning of 8am EDT on Tuesday, September 8th.”
So from September 9th to October 9th people should be able to file
comments directly through the FCC website. “Electronic Filers: Comments
may be filed electronically using the Internet by accessing the ECFS:
.”
Obviously the fjallfoss.fcc.gov/ecfs2 site above will not work since it
is not yet September 9th.
Re: Deadline has been extended
Note that I missed the fact the comment period has been extended until October 9. So people have plenty of time to comment.
You forgot to underline something
“We are looking for manufacturers of routers to take more responsibility to ensure that the devices cannot be easily modified.”
That’s the FCC basically saying they won’t be banning users from doing what they want with the equipment they bought. If you’d underlined that as well, it would help to calm the panic.
Re: You forgot to underline something
Understand that many people (especially those whose primarily interactions is with the nastier agencies like the NSA) want to believe the government is ALWAYS acting with malicious intent. So to them, that sentence says the exact opposite, and suggests the FCC could be pushing manufacturers themselves to ban the firmware.
It’s tomato, tomahto depending on your political beliefs and what part of the government you’re used to dealing with.
Re: Re: You forgot to underline something
Understand that many people believe that the government doesn’t have to act with malicious intent to do something that has bad effects. The ill consequences can be unintended, or they can simply be negative outcomes that the government agency feels are outweighed by accompanying positive outcomes. Unfortunately, many times different people weigh the pros and cons differently; the FCC may well believe that losing third party firmware is a small price to pay to ensure that spectrum isn’t being used improperly or transmission power too great. Others of us may feel that the risk of occasional abuse is worth having the freedom of third party firmware.
If I believe that government intentions were what mattered, I would favor more government than I do. Most of the people I know who are skeptical of government actions don’t think that it’s because of malicious intent, but because of unfortunate consequences of perfectly benign intent. The people who make up the government, and the majority who vote them in, simply weigh things differently from the minority and can’t imagine why the minority would even object.
Re: Re: You forgot to underline something
The NSA people, or any of the “nastier agencies” of the US government, all believe that they’re acting with benign intent, trying to keep people safe. They think that the risk of terrorism is so great, and they trust themselves not to do anything bad with incidentally collected data (that they promise to discard) any more than you would think that the IRS, or the school board, or the Census Bureau, or any other government agency would do negative things with your data.
FCC is concerned about RF interference?
Really? Since when? They don’t seem to be too concerned about Harris building RF gear designed to interfere with public communications! I guess Harris donates money to the right people.
The problem is with radio firmware which companies have been trying to hold back source code for. Not the SOC firmware.
And most routers do not have combined radio and SOC. There is a huge problem because without the radio source you cannot update the version of Linux kernel used without a huge amount of work. It is already causing problems.
I’d say this is a perfect application for those one time programmable flags some chips have. Design the radio chip to read its limits from a bunch of those.
Then you can program them in the factory without having to have a bunch of different boards for different regions.
Unfortunately, such radios probably don’t exist… but chips with facilities to restrict to manufacturer-approved firmware do.
There is a German saying:
“Gut gemeint ist das Gegenteil von gut gemacht.”
Translates to “A good intention is the opposite of well done.”
I don’t believe in the good intentions of all involved parties, but even if you would do so this piece of … opens the door for all those who want to ban open Projects like Freifunk etc.
You cannot make sure that the RF parameters stay in a valid Range, if you allow custom firmware. So requiring the manufacturer to make sure that nobody can modify the Firmware to make something harmful will result in making it impossible for me to run OpenWRT and Cyanogenmod. Collateral demage.
If that really becomes law that you are not allowed to build hardware that allows the user to do bad things then I promise I’ll do my very best to proove that all products can be altered that way. Then we can sue all manufacturers that we don’t like. And by the way: Why just stop at RF devices for such a law? I’d like to see Heckler&Koch explaining why their devices cannot be used to harm People or the safety in international air traffic.
Re: There is a German saying:
The English saying is: “The road to hell is paved with good intentions.”
not so true
The Commission proposed to eliminate exceptions to the principle that certified devices could not be modified by third parties unless the third party receives its own certification. It proposed to revise § 2.909(d), which allows a new party that performs device modifications without the consent of the original grantee to become responsible for the compliance by labeling the device with a statement indicating it was modified, with the requirement that the party obtain a new grant of certification.
cs go account
Group of talented Counter Strike: Global Offensive players
Our csgo accounts service has been created by group of talented Counter Strike: Global Offensive players, who reached global elite rank at their main csgo accounts and now we decided to go in for cs go account rank boost. cs24h.com provide fast and safe creating of cs go accounts for our clients. You can purchase a fresh cs go unranked account for a lower price, thanks to our game providers, or you can purchase cs go account with a selected rank. All cs go accounts are delivered within 20 minutes. If you have any questions concerning accounts please feel free to contact us on SKYPE . Every cs go accounts provided by us are made by hand with no use of any kind of 3rd party software. So there is NO POSSIBILITY TO GET VAC BAN