
TP-Link begins router firmware lockdown due to FCC proposed regulation - westbywest
http://ml.ninux.org/pipermail/battlemesh/2016-February/004379.html
======
esbranson
[https://libreplanet.org/wiki/Save_WiFi](https://libreplanet.org/wiki/Save_WiFi)

The FCC publishes a 90-page document on an extremely technical subject and
required any comments to be submitted within 7 weeks. It would take the
average aficionado several weeks just to find out about it.

The real issue here is that government agencies like the FCC are willfully
excluding all but the best organized (read: best funded) groups from
participating. And just like with Net Neutrality, no matter how many comments
are submitted by poor people, only when the rich (the companies) and the
powerful (President Obama) say something do they even bother to listen.

~~~
MCRed
Also, the FCC should not be able to make rules like this. This is why we have
a three branch system. Congress doesn't have the legal power, in the
constitution, to give agencies the power to make laws (Even if they call them
"Rules")

Increasingly over time these rules are becoming more and more draconian and
including things that most people oppose.

For instance, there was an outcry about CISPA and COPA that killed those
bills... so the FCC made an 800 page ruling on "net neutrality" and people
accepted it, because they wanted net neutrality. (And who has time to read 800
pages?)

~~~
chatmasta
I agree with you that the system of federal administrative agencies is a mess.
The top federal agencies hold amounts of power bordering on unconstitutional.
They seem to represent a rogue branch of government, or at least artificially
inflate the role of the executive branch. Of course, the point of the judicial
branch is to restrict expansions of power from the other branches.
Theoretically the judicial branch has the ability to restrict the capabilities
of federal agencies, but it's extremely unlikely we will ever see a heavy
ruling against them. There's wayyyyy too much special interest money entangled
in the agencies for that to happen.

Still, to play devil's advocate, the agencies _do_ have a purpose. They are
able to regulate industries that move faster than real legislation. They can
employ experts (as opposed to congressmen) to write the rules. Industries like
tech and pharmaceuticals are governed by extremely complex market dynamics.
The federal agencies that oversee them, such as the FCC (tech) and FDA
(pharmaceuticals) employ dozens of experts who are familiar with how the
industry actually works. They write the regulations because no other branch of
government possibly could.

Federal agencies make it possible for congress to write laws with stipulations
like "all matters pertaining to <EXTREMELY GENERAL DESCRIPTION OF INDUSTRY
SUBTOPIC> shall be subject to the regulations of the <FEDERAL AGENCY>
responsible for overseeing <INDUSTRY>." The agencies provide a way for
congress to defer the details of lawmaking to a more flexible, adaptable
agency that is actually familiar with the complex dynamics of the system being
regulated.

..... in theory, of course. Whether this works in practice is another
question. One could make the argument that no sufficiently complex market
should be subject to any regulation other than the natural market rules. One
could also argue that the ability of congress to defer lawmaking to agencies
is tremendously unconstitutional and enables them to enact laws with greater
breadth than should be possible.

Some reading I dug up on the subject:

[http://heritageaction.com/2011/11/issue-profile-
unconstituti...](http://heritageaction.com/2011/11/issue-profile-
unconstitutional-federal-agencies/)

[http://www.jpands.org/hacienda/comm19.html](http://www.jpands.org/hacienda/comm19.html)

tl;dr "Thanks, Roosevelt!"

~~~
dragonwriter
> Of course, the point of the legislative branch is to restrict expansions of
> power from the other branches.

That's almost exactly the opposite of the point of the legislative branch,
since the other branches have very little power _not_ explicitly granted by
the legislature, and the legislative branch principally acts by defining and
granting functions to the executive and judicial branches.

> Theoretically the legislative branch has the ability to restrict the
> capabilities of federal agencies

More to the point, federal agencies only exist because they are created by
Congress, and only have powers because they are given them by Congress.

Its not a theoretical power that Congress has over them, but a practical one
whose exercise is the only reasons the agencies exist and have any power at
all.

If Congress doesn't take action that you think it should against a federal
agency, that's because a sufficiently large portion of Congress doesn't _want_
to take that action, not because Congress has only a theoretical but not
practical power over the agency.

> but it's extremely unlikely we will ever see a heavy ruling against them.

Congress doesn't make rulings, that's the judicial branch. Congress has
substantially restricted the powers of commissions and even abolished them. (A
notable example being the one that served as a structural model for pretty
much all other "independent" regulatory agencies, the Interstate Commerce
Commission, whose powers were stripped in a series of deregulation movements
culminating in the abolition of the Commission in 1995.)

~~~
chatmasta
Yes you're right. I edited my comment, apparently while you were writing
yours, to correct myself. I meant to say judicial branch, not legislative.

~~~
dragonwriter
The judicial branch _also_ has made fairly sweeping rulings against both
individual regulatory agencies and the ways in which Congress structures (or,
rather, has structured in the past, since those rulings stopped the particular
practices at issue) regulatory agencies, their powers, and their relations
with Congress in general.

------
mightybyte
This is especially sad because the NYC Mesh project
([https://nycmesh.net/](https://nycmesh.net/)) to create a mesh network in NYC
uses TP-Link routers pretty heavily.

~~~
rsync
"This is especially sad because the NYC Mesh project
([https://nycmesh.net/](https://nycmesh.net/)) to create a mesh network in NYC
uses TP-Link routers pretty heavily."

Won't all of those existing TP-Link routers continue to work and be unlocked
to flash whatever you like on them ?

Further, aren't there sufficient TP-Link parts in the supply chain from the
last 4-5 years that you'll continue to be able to source them ?

Genuinely curious...

~~~
tux1968
Whatever the answer to your question, that's very short term thinking to a
longer term issue.

------
mbreese
I'd be hesitant to trust what comes from a CS rep regarding a manufacturer's
policy regarding the interpretation/compliance of an FCC rule. TP-Link may
have just decided to lock down their devices regardless.

I'm not saying this "report" isn't accurate... I'd just rather hear this from
someone other than a random CS chat.

~~~
throwaway2048
if there is any legal ambiguity whatsoever, they are going to play it safe

~~~
jsight
Yes, this rep is wrong. They started doing this before the FCC issue became an
issue.

------
narrowrail
On the OpenWrt wiki for the C7[0], which was last modified Jan 13, there is
this note:

" _Recent US firmware (e.g. Archer C7 v2 151014 US) do not install unsigned
firmware, including earlier versions of firmware and international versions.
Thank you, FCC. You need to use TFTP Recovery method to install OpenWRT until
somebody replicates what DD-WRT’s KrypteX is doing._ "

So, it certainly seems like this has been known for at least a month.

[0][http://wiki.openwrt.org/toh/tp-
link/archer-c5-c7-wdr7500](http://wiki.openwrt.org/toh/tp-
link/archer-c5-c7-wdr7500)

------
westbywest
Some people/organizations associated with this thread on ninux.org have a
Gofundme page to collect funds supporting their efforts in persuading more
coherent action from the FCC.
[https://www.gofundme.com/save_wifi_round_2](https://www.gofundme.com/save_wifi_round_2)

------
dbalan
Is this limited to devices sold in the US? They are going to impose it on
every other place that sells them?

Afiu tp-link has no obligations to manage two devices trees for a niche
community. Stubborn minority effect at play here. [1]
[http://fooledbyrandomness.com/minority.pdf](http://fooledbyrandomness.com/minority.pdf)

~~~
qb45
That's something I'm also wondering about.

IIRC, the first thing my stock WDR3600 firmware asked me about was which
country I am in, which means that frequency locking can be easily bypassed
(not power levels, though).

To make this as bulletproof as FCC wants they would have to make separate
firmware image for the US and prevent US firmwares from being "upgraded" to
non-US.

edit:

And this is exactly what they did:

 _Recent US firmware (e.g. Archer C7 v2 151014 US) do not install unsigned
firmware, including earlier versions of firmware and international versions.
Thank you, FCC._

Source: [http://wiki.openwrt.org/toh/tp-
link/archer-c5-c7-wdr7500](http://wiki.openwrt.org/toh/tp-
link/archer-c5-c7-wdr7500)

~~~
manyxcxi
Question: if a manufacturer has their radios/devices blessed by the FCC are
they blessing the software the comes a long with it?

Would there be a gray market for international versions of routers because
they're the exact same hardware and not as locked? If I'm a manufacturer I
certainly don't want a whole new BOM variation just for US devices if I can
solve the problem with software.

------
eli
[https://www.fcc.gov/news-events/blog/2015/11/12/clearing-
air...](https://www.fcc.gov/news-events/blog/2015/11/12/clearing-air-wi-fi-
software-updates)

TP-Link may well be locking down firmware, but it is NOT because the FCC is
forcing them to.

~~~
qb45
How do you know?

As your link says, they intend to prohibit selling hardware which can be
modified to violate FCC regs. Since 3rd party firmware allows such violations,
devices get locked down.

How else are you going to explain the existence of separate US firmware which
refuses to upgrade to international firmwares?

[http://www.dd-wrt.com/phpBB2/viewtopic.php?p=990535](http://www.dd-
wrt.com/phpBB2/viewtopic.php?p=990535)

~~~
eli
The link does not say that. The FCC is gathering information for a proposed
rule that could potentially impact hardware sold in the future. Nobody is
being forced to do anything yet. There is no rule that prevents DD-WRT from
being installed on a device.

So why is TP-Link locking down their firmware even though they aren't required
to? You have to ask them.

~~~
qb45
> So why is TP-Link locking down their firmware even though they aren't
> required to? You have to ask them.

If you read TFA you'll learn that somebody did just that.

    
    
      Adam Longwill 09:26:19 pm Wow. Thank you. I'm impressed with your digging
      And this limitation is due to FCC rule clarifications in 2015?
      And not some other reason
    
      Camille 09:28:15 pm Right, due to FCC

~~~
lanaius
You mean the original submitted article? Because in that article the person
asks IF they locked them down, not WHY. There's still no answer as to why TP-
Link thought it necessary to react to a nonexistent rule.

------
tplinkxy
And this is why, in a nutshell, linux should switch to GPL3.

Right now there is no issue for TP-link to "preenmptively" block their
hardware. If there was, they would think twice about it.

~~~
mariuolo
> And this is why, in a nutshell, linux should switch to GPL3.

Unfortunately, given the number of developers that would have to agree, the
fact that early contributions weren't attributed and the can of worms that
defining what a derivative work is opens, makes relicensing very unlikely.

~~~
iofj
Not really. Think about it. Only to remove restrictions from a license do you
need permission from the existing developers. To introduce extra restrictions
you don't need anyone's permission. If Linus chooses to accept a single patch
that's GPLv3, the kernel is GPLv3 from that point forward.

Linus has in fact done this to quite a bit of MIT licensed code.

Of course it only applies to future versions, and you could conceivably make
versions that have those patches removed.

------
jackinloadup
So sad, I got a nice tplink for my mother and installed openwrt to gain some
more control over the device. Unfortunate to see this support go away due to
government.

~~~
dogma1138
>Unfortunate to see this support go away due to government.

This support went away because people were abusing it running their routers on
forbidden bands at higher than allow transmission levels.

The vendors are doing what they can easily do now and it's block the firmware
modification since they can't replace the baseband/wifi cards as easily.

~~~
wyager
How many people do you actually think were doing this? It's not a common
enough problem that it's worth killing open router software.

If the FCC wasn't planning to stomp on router manufacturers, they wouldn't be
doing this. Make no mistake, it _is_ the government killing innovation here.

------
tlrobinson
There seems like a fairly large opportunity for manufacturers willing to
release products with sufficiently locked down baseband but a hackable host
OS.

Also, amateur radio operators are legally allowed to operate these devices
with modified firmware (including baseband). So why am I no longer allowed to
buy these?

------
shmerl
So arguments from FCC were bogus. It did result in locked devices. What's
next? Will other manufacturers do that as well?

------
slavik81
It's really annoying that Canadian policy on this matter is basically set by
the FCC. It's not like we're going to get unlocked routers when the US gets
locked ones, but we don't have a voice.

------
rogeryu
Can somebody explain what this means? I'm still confused. Firmware lockdown,
does it mean I can't install dd-wrt or something? Any other consequenses?

~~~
zymhan
Correct, no custom firmware, and it appears no downgrading your firmware to an
older version without this restriction.

It's a trap-door upgrade.

~~~
l3m0ndr0p
It's also a great way to keep the back-door open too!

------
manyxcxi
Well crap... I have two C7s. IMO there might not be (or at least have been) a
better mainstream router for the price.

~~~
AndyMcConachie
It's not cheap, but it's badass.
[https://omnia.turris.cz/en/](https://omnia.turris.cz/en/)

~~~
manyxcxi
The page says starting at 99 and I literally couldn't find a buy button fast
enough. After landing on the Indiegogo page and seeing how much it would cost
for a few of the features I'm interested in- yeah, I'll pass. It sounds like a
heck of a router but it got spendy fast.

~~~
AndyMcConachie
There's also this. [https://www.thinkpenguin.com/catalog/wireless-networking-
gnu...](https://www.thinkpenguin.com/catalog/wireless-networking-gnulinux)

------
hoodie
I needed to put together a VPN router because of an upcoming trip. Since I
didn't want to bring a "giant" 4 port router, I went looking for an OpenWRT-
compatible travel router. The TP-Link TL-WR710N and D-Link DIR-505L were my
two candidates. :)

I setup OpenVPN as a bridge and configured an SSID on it so when I connect to
it, it'll be as if I were still at home. (Same subnet so I have access to all
my printers, tv tuners, etc).

This is disappointing news. What I just did would not have been possible for
$15. I've been using OpenWRT for over 10 years and can't imagine ever using a
router without some sort of customizable Linux on it. I've learned so much
about Linux, networking, VPNs, etc from OpenWRT.

------
mtgx
I thought the FCC walked back on this?

~~~
MatthewMcDonald
My assumption: it's cheaper/easier for TP-LINK to disable all flashing of 3rd
party firmware than it is to implement restrictions based on the FCC's
narrowly-focused instructions.

------
pmontra
This means there won't be any firmware upgrade for those routers or that only
TP-Link signed upgrades will work?

Anyway, this was expected: it's the cheapest way to comply with the
regulations.

------
transfire
Doesn't the old gun argument apply here? They're just punishing the average
tech guy -- smart criminals will just find a away around it.

~~~
neeel
What's the gun argument

~~~
slazaro
Restricting the sale of guns makes it harder for the average person, but the
bad guys will always have a way.

~~~
mkhpalm
Its also the same argument regarding the war on drugs. It never works but
thats not really the point. The point is to create options to apply pressure
whenever government decides it wants to.

------
Tepix
So are there still good, cheap 802.11ac routers that OpenWRT supports well?
Now may be the right time to upgrade my 802.11n router.

~~~
tbyehl
I'm been replacing ASUS RT-N16s with RT-AC56Rs. $50 refurbs in-store at
Microcenter, $75 new from Walmart.com, well-supported by all the firmwares
that have ARM builds.

If you can't buy them that cheap the TP-Link Archer C7 has been a better
value... well, up until now.

~~~
narrowrail
According to the OpenWRT wiki:

[http://wiki.openwrt.org/toh/asus/rt-
ac56u](http://wiki.openwrt.org/toh/asus/rt-ac56u)

The BCM4352 (AC/AN chip) is not supported, which is part of the reason to get
one of these routers. Broadcom router chips are usually MIPS based, and also
heavy on the binary blobs (which may allow for dd-wrt support).

Edit: In fact, I can't find any image that supports this BCM4352 on dd-wrt
either:

[http://dd-wrt.com/wiki/index.php/Supported_Devices](http://dd-
wrt.com/wiki/index.php/Supported_Devices)

------
jsight
TP-Link started doing this months ago, and as far as I can tell they did so
before the FCC proposed regulation. Considering the time that it takes for a
company like this to start acting, I would be very surprised if the FCC
regulation has much to do with it at all.

It does make a good excuse for them, though, I guess.

------
g1n016399
Related:

[https://www.defectivebydesign.org/dmca-anti-circumvention-
co...](https://www.defectivebydesign.org/dmca-anti-circumvention-comment)

------
callesgg
To bad, Tplink makes quite nice hardware.

------
userbinator
I wonder how long until it's cracked. As the saying goes, "If there's a will,
there's a way."

