Only if the manufacturer insists on connecting the radio directly to the "general purpose" part of the computer, instead of using a more fixed/limited radio. If the radio is isolated, there's no need to lock down the rest of the device. But developing a fixed function radio will probably add a penny to the cost of each unit. So whether you can run openwrt will come down to whether linksys cares more about their pennies or your freedom.
For example, Japan. Afaik, the fcc permits the sale of such devices, as long as they are not in "jp" mode. Would the proposed regs prevent setting a laptops locale to jp?
The new rules would effectively stop users in the future from flashing third party firmware altogether. Right now with $100 of equipment you can get around the signature checks as its just being done in firmware. In the future you won't be able to because companies will (likely) have to adopt tougher and tougher measures including tech from Intel and others. Intel designed its tech to be licensed out to others not in the X86 world. That effectively locked down Intel hardware already and no recent generation hardware can be completely free'd. LibreBoot is a 100% free BIOS that only works on older laptops because the lead developer can't port it to newer hardware due to locks that can't be overridden. The signature checks are done in hardware and you can't even just wipe out the firmware. No firmware means check fails means system doesn't turn on.
Yep. I think it's much worse than stallman's ever envisioned it though. He is under the impression we can fix it. The reality is likely otherwise which is why we need to drum up massive support for this. The rules in some part have already taken effect which means not only will we all need to send comments in on this but there will need to be further campaigns to undo rules already in effect.
The FCC is asking for comments on this proposal. The most important thing you can do is comment on the FCC's proposal and tell them you want to be able to control your computing devices. Will you do this?
2. Start your comment by respectfully asking the FCC to not implement rules that take away the ability of users to install the software of their choosing on their computing devices. Additional points of emphasis you should consider adding:
- Wireless networking research depends on the ability of researchers to investigate and modify their devices.
- Americans need the ability to fix security holes in their devices when the manufacturer chooses to not do so.
- Users have in the past fixed serious bugs in their wifi drivers, which would be banned under the NPRM.
- Billions of dollars of commerce, such as secure wifi vendors, retail hotspot vendors, depends on the ability of users and companies to install the software of their choosing.
3. Enter your name and address. This is a public comment and your personal information provided will be publicly available.
Once you've submitted your comment, make sure to encourage others to submit comments opposing these restrictions on computing devices. Use the #SaveWifi hashtag on Twitter or your favorite microblogging services.
The rules do nothing of the sort. The guidelines state that the hardware manufacturer must make certain that reasonable efforts have been made to keep the device from trampling over radar systems, etc. The guidelines state that one route to do so is to have the firmware locked down in its entirety, but there are other ways to do so. Atheros chips, for example, do not expose the functionality that would require the chips to be locked down. Wireless researchers will almost certainly have the licensing in place to do investigation and modification. Device makers choosing not to update their devices should honestly be handled through tort; a few lawsuits against companies making defective routers will get makers to shape up. Buggy devices can and should be handled similarly. Finally, with your point regarding secure wifi vendors and the like, those would be the manufacturers and would by definition have access to all of those settings.
This campaign reminds a lot of the bad old days of Microsoft and spreading Fear, Uncertainty, and Doubt. This is not an evil policy that has nefarious purposes, it's about making sure people don't intentionally use their devices that will cause damage to the neighbors on the bandwidth spectrum. Also, keep in mind that the unlicensed regions were not created for communications, but rather so that medical and industrial heating devices have some range of frequencies to operate magnetrons, etc, without disrupting sensitive communications. Wifi uses them mostly because they do go unused the majority of the time.
>>Wireless researchers will almost certainly have the licensing in place to do investigation and modification.
Most/Alot of research, especially security research is one with out the manufacturers permission,I highly doubt they will have licensing in place to do investigation.
>>Device makers choosing not to update their devices should honestly be handled through tort; a few lawsuits against companies making defective routers will get makers to shape up.
You may want to consult a lawyer on that, since most of the manufacturers EULA explicitly indemnify them from this type of liability. If this was possible Microsoft should be bankrupt by now. My 2.5 year old Samsung phone has need seen an update for over a year, many security problems have been found both Samsung and my carrier say "Buy a new phone" yet somehow I think me attempting to sue them for not updating the device will be less than successful. Instead the best option I have is a Custom non-OEM ROM that is still being updated.
>>reasonable efforts have
Most of the people posting in support of this measure, including yourself seem to have a vastly different defination of "reasonable" that people like myself for who are open source / open hardware advocate. I bet you believe secure boot, UEFI and other measures are "reasonable" as well.
>> This is not an evil policy that has nefarious purposes, it's about making sure people don't intentionally use their devices that will cause damage to the neighbors on the bandwidth spectrum
The Road to hell is paved with good intentions, it may not be the FCC's goal to lock in hardware and to prevent users from replacing OEM operating systems, we can call it an "unintended consequence" if you wish. At the end of the day however it is a distinction with out a difference. If this rule is adopted, innovation, consumer freedom, and consumer security will suffer.
> Also, keep in mind that the unlicensed regions were not created for communications, but rather so that medical and industrial heating devices have some range of frequencies to operate magnetrons, etc, without disrupting sensitive communications.
The unlicensed regions were created because they absorbed RF very highly due to water and oxygen. The fact that we transmit in them in spite of the fact that from an RF perspective they totally suck is a tribute to the the fact that engineering ingenuity is far easier than navigating government regulation.
"Comment deadline extended to October 9."
No. Comment deadline extended to SEPTEMBER 9. No idea where October came from.
(If someone can show otherwise, please let me know.)
FCC should be working to massively expand the unlicensed ranges instead of clamping it down more. The amount of innovation and economic activty in the unlicensed bands is massive. They should be working on taking back the TV HD and SD frequencies and leave the tinkerers alone.
They are doing that, but the tinkerers are interfering with more important frequencies like RADAR used by weather providers and ATC... Locking down the frequencies so they can't possibly interfere isn't at all at odds with opening up new ranges for better service. I know a few people over at Mimosa (GBPS wireless backhaul providers) so I've seen a lot of progress in advocacy for new spectrum.
They are. There is a big thing in my town about the FCC trying to buy the local PBS station from the university. They already made everyone switch to digital a few years back which saved a lot of bandwidth (and made most channels unwatchable without a giant antennae.)
Expanding the unlicensed bands isn't incompatible with clamping down on how devices can operate on those bands. A key insight we've gained since part 15 was promulgated is that the technologies for sharing and using spectrum without central allocation work a lot better when devices can assume everyone on the band will follow certain rules.
The model for the future that maximizes capacity of the spectrum isn't just more unlicensed spectrum, but imposing basic rules on unlicensed spectrum like we do on roads. One thing people forget is that road rules aren't just about safety, they're about keeping traffic moving smoothly. Exactly the same principles apply to cognitive radios.
The link doesn't load (connection timed out), so I'm only going by the headline - do they also want to "lock down" software defined radios, like the HackRF?
>For a device to be certified as an SDR, in addition to demonstrating that the device complies with the applicable technical requirements, the applicant must also demonstrate that the device contains security features to prevent the loading of software that would allow the radio to operate in violation of the Commission's rules.
Much of the radio spectrum is shared. As an overly-simplified explanation, that means only one transmitter may be in operation at a time, or the frequency in question in that area will be useless.
Spectrum is also segmented and some segments require a license to use. The FCC (and all the other foreign national bodies that regulate radio) do so for the good of everyone. If they did not, we could not turn our lights on and use a cell phone or watch TV at the same time ;)
Also, the rules have been around for a long time. This is an old problem.
You can't do that, you can't shift monumental costs on the other party in order to also shift blame for an imaginary problem.
Here we have imaginary problem (wi-fi "interference"), we have FCC who wants to shift blame for it to somebody else, so they try to force measures on users which, if properly enforced, will cost them tens of billions USD in collateral damage.
Because mind you, 99,9% users reinstall their OS a) not to mess with wi-fi, and b) to derive some personal gain from it. Where they got the right to sabotage millions of people?
I don't think the FCC cares if WiFi routers interfere with WiFi. I think they're concerned about modifying the router to work outside of the ISM band, which has other users.
For example, WiFi routers used to be able to operate on the same frequencies as TDWR weather radars. They were supposed to listen to the frequency for a while, and not use it if it was near enough to a radar installation to cause interference. People modified their routers to skip the listening phase, and introduced interference with the weather radars.
Now nobody gets those frequencies. The average hobbyist could apparently not bother to understand the rules or the consequences of their actions.
(TDWR is safety-critical, used to compute surface winds near runways at major airports, giving pilots and ATC critical information about whether or not they could safely attempt a landing. If you hit wind shear 100 feet above the ground, you crash. Your quest for slightly faster WiFi speeds has the ability to kill someone.)
It's a radar system, there is not much it can do if people are transmitting on the same frequencies as it's listening on. It sends out a pulse, it listens for the response. It doesn't know that your WiFi traffic isn't a return signal from a raindrop. And it has to be quite sensitive, because raindrops are small and are not exactly purpose-built radio reflectors.
The previous approach to monitoring for wind shear conditions was to have a surface station at the airport, and hope that the conditions at the surface station were the same along the entire final approach corridor. Sometimes this was true. Sometimes it wasn't and people died. Aviation is a lot safer these days, even though we fly many more planes in the same airspace. Even an imperfect technology adds to the safety calculus.
Giving that safety and capacity up so you can use a shitty low-power low-bandwidth frequency in the 5GHz wifi band is not appealing to me. (There are plenty of full-power, 80MHz-wide frequencies that are WiFi-only. Use those!)
The FCC should have never allowed sharing to begin with. It was nice of them to try, though, given that much of the US is not in interference-range of TDWR stations.
And when open up a spectrum analyzer and look at how much power is on the wifi bands around me, it sure looks like interference is an actual thing. So it seems to me that interference is a real problem, which is why we have the FCC regulating this stuff in the first place.
The right they have, by the way, is that we the people created the FCC to solve the problem of radio interference:
Now it could be that there are better ways to solve the problem. But given the people totally losing their shit in classic "ehrmegerd guvmint steelin my freedums" style, I am wondering if this issue belongs in my bucket labeled "antivax, fiat money, 911 truth, etc".
The "imaginary problem" (I don't know how imaginary it is) is people modifying software so that their devices interfere with other, licensed frequencies.
Personally, I don't think there are many people that will buy an SDR and amplify the signal outside of legal ranges. I also think that any people that will do that are also capable and willing to that without the convenience of SDR.
I can imagine this theoretically being a problem with wifi routers: "Download this custom build of OpenWRT and this custom wifi driver, and you can get wifi without interference from your neighbors".
And when someone proposes a viable technology that could actually work the way Reed contemplates, we can and should review these kinds of regulations.
Right now, today, in the real world, it doesn't matter whether the phenomenon we commonly call interference is a property of radio waves or a property of the receivers we use or the will of benevolent aliens watching us in their lab. The fact is that it causes communications systems not to work properly.
UWB should, in theory, be able to pump a lot more bandwidth down the same wires. Both the cable companies and the phone companies would be salivating at a system that effectively automatically avoids nulls on coax or twisted pair.
However, UWB requires highly accurate, synchronized clocks. Keeping those clocks in sync is non-trivial.
The fact that they could never get it to work over wire means that they had no hope over wireless.
What would be the effect of the Ultrawideband that exists today on other devices using the relevant radio frequencies, absent that regulation? Put another way, what was the justification for imposing such a restrictive rule?
> what was the justification for imposing such a restrictive rule?
This is a totally worthless question to ask about a law or rule.
The general form would be "why was the law created?"
And of course, there's never a law with the (disclosed) purpose of killing all kittens, giving money to friends or destroying an enemy. On the contrary, every law is always spun on some kind of "will you think of the children".
The only good question you can ask about a law:
"What are its consequences?"
Interestingly, your first question was more in this sense.
I believe that Silhouette's question was rhetorical. The answer, of course, is that UWB radio broadcast significantly impair conventional heterodyne radio receivers.
The effect would be an increase in the noise floor. Narrowband incumbents claimed it would be very disruptive, UWB advocates claimed it would be slight. I don't have the expertise to say who's correct, but find myself more suspicious of the side with billions invested in narrowband spectrum that could be made obsolete, and less suspicious of the academic researchers advocating UWB.
Years ago, when CB radio was all the craze, manufacturers would publish manuals with amplifiers tell you NOT to move a certain wire to a certain place because it would change the frequency or boost the power beyond the legal limits of CB operation. This caused all kinds of havoc on those airwaves until the FCC clamped down on them. So, yes they can do that.
Yep. Linear amplifiers are absolutely terrible at spewing noise all over the RF range. Growing up, I lived about a quarter mile from the freeway, and there were times where certain TV channels were absolutely unwatchable due to interference from these rather illegal setups.
CB users also like modifying their equipment to use the amateur bands. Sometimes the 10m band is essentially unusable because of interference from CB users.
The end result is very similar to the WiFi situation, they ruined it for everyone. Now it's difficult for licensed amateur radio operators to buy amplifiers for use with low-power transceivers. The FCC has rules about what the minimum power input to amplifiers can be, and require manufacturers to go to great lengths to prevent the amplifier from working on CB frequencies. This reduces performance and reliability, and increases expense, all to prevent something no licensed amateur would do.
That said, the FCC has only a minimal enforcement budget, so there are plenty of illegal CB amplifiers readily available on eBay. The rules only hurt legitimate American companies and users of licensed radio services.
People aren't paying attention to what this is for. It's to prevent people from modifying RF devices, transmitters, from operating at power levels and frequencies, or other technical things, from interfering with other devices and outside the bounds of their intention. It's to protect devices from interference that was prevalent in the days when radio was first invented, and for decades afterwards.
Back here in the real world we understand that the most cost effective manner for device manufactuers to comply with this moronic regluation is to lock down the entire device.
Phone, Routers, Tablets and even some Laptops will be shipped with out the ability to change the operating system, or firmware. As that will be the cheapest way to comply with the regulation and since less than 1% of the customers ever bother changing there will be no backlash
This will be a nightmare for Computer security, and innovation.
I hope you love botnets becuase the FCC is creating the next wave of them with this moronic regulation.
Back here in the real world we understand that the most cost effective manner for device manufactuers to comply with this moronic regluation is to lock down the entire device.
What real world do you live in? Because in the real world I live in, the kind of component and firmware we're really talking about here are probably bought in as a ready-made part by whoever makes that phone, laptop, router, etc. They might not have any access to reprogram it at all.
What these kinds of regulations are effectively saying that if they do have that ability then for the device to remain properly certified for use as required by the regulatory authority there must be safeguards to prevent certain types of potentially harmful change or you "void the warranty" from a regulatory point of view. In that case, you revert to the default position you were in anyway, which is that you have to get the device and its software properly approved before you can lawfully use it.
The FCC doesn't require it directly, but since it's the cheapest way to achieve what the FCC does require it's what the manufacturers will all do. That's the point.
And at the same time it locks down devices where radio and processor are connected – you won’t be able to modify the software on some Android devices at all anymore.
This is NOT acceptable.
Punishing people for sending on illegal frequencies: Okay.
Restricting what people can do with devices they paid for: NOT OKAY.
What if what they want to do with the device they paid for is modify it to send on licensed frequencies?
Do any android devices use open source firmware for their cellular radios? I was under the impression that all cellular radios worked only with closed source firmware + closed source radio driver, in which case _you already_ can't modify some of the software on any android device?
Because in some devices, to restrict the baseband from interfering, you also have to lock down the OS to the point where the user can’t modify it.
Also, another example: You recently saw the post on Hacker News how someone collected images from weather satellites by modifying a normal satellite receiver? This would not be possible under the new rules.
People should be punished for doing illegal stuff, not for being able to do illegal stuff.
Nowadays every integrated transceiver is an SDR. It's much cheaper to build hardware that works over a range of frequencies and limit those frequencies via software than it is to make multiple SKUs of hardware that are hardware limited to a specific frequency.
Every transmitter I can think of requires FCC type certification. If you're a police department, you can't build your own radio to use on the spectrum you've obtained from the FCC, you have to buy something that's type-certified. Similarly, you can't just go ahead and transmit on the unlicensed bands, that also requires type certification. SDRs are sold as test equipment; using them as radio transmitters is generally illegal.
Now if you're a licensed amateur radio operator, SDRs are great. You are completely allowed to use them to transmit on any frequency for which your license class allows. But there is a special provision in the laws for amateur radio operators; we are specifically licensed to build our own equipment. (And keep in mind that the use case for amateur radio service is limited by the same law; if you're not using it to establish 2-way communication with another amateur, you're doing something illegal. There are exceptions, though, and the FCC doesn't seem too picky. WSPR and other propagation beacons are strictly one-way affairs, but are tolerated.)
Because in some devices, to restrict the baseband from interfering, you also have to lock down the OS to the point where the user can’t modify it.
I don't think "My decisions have made it hard for me to comply with this reasonable regulation so I shouldn't have to" is a very good argument.
People should be punished for doing illegal stuff, not for being able to do illegal stuff.
There is not much constructive use for something that would breach these regulations. Contrary to some of the FUD being posted in this thread, the regulations don't appear to be about custom firmware for the UIs or even signalling on a device. They're about the control software for the radio itself, to ensure it plays nicely with everyone else. That software is typically extensively tested and certified before being licensed for use, and any supplier whose software didn't work properly in the field could expect a very rapid and unsympathetic response from the authorities.
What a lot of people fail to understand is how disruptive a radio device that doesn't follow the standards can be. I worked for a radio network operator for a while. One day I got into work to find there were widespread reports of radios not operating properly across a major city. Someone was transmitting something out of spec and causing sufficient interference to effectively bring down the whole network. Do you know what happens at that point?
This is what happened that day. Real people got into real vehicles and started moving around a search pattern with relatively crude sensors, trying to locate the source of the interference. And then when they found it, they had to figure out how to shut it off. That involved gaining access to premises where the rogue device was located. Ideally you do that with the consent of the residents, because the operator of the rogue device may not even realise that it's not behaving correctly. Worst case, you're looking at forcing entry, which means bringing in other public services who are allowed to do that sort of thing with the appropriate authorisations, which in turn have to be sought from the appropriate authorities before anyone can move. And then once you've got into the premises you still have to find the device itself, and then you have to figure out how to turn it off.
Contrary to any movies you've seen, this process can take a considerable time, probably at least several hours unless you're very lucky. During that time the entire system will be operating at reduced capacity, if at all. Think about the range of a modern cell phone, and consider that any device that can transmit over that range can also interfere with the control channel for any signalling system within its range. Also consider that we're talking about changes that might increase the power and therefore the range of the device, or might change the device so it's using different frequencies and disrupting other forms of transmission/communication, not just whatever it was designed to work with originally.
Bottom line: even one small rogue device on a radio network can cause serious disruption over a wide area, and not all devices covered by these regulations will be small or have relatively low-powered transmitters. Imagine a whole city block or business park where wireless devices didn't work all day. Imagine a whole city where mobile/cell phones weren't reliable. Imagine a major incident where emergency services couldn't communicate properly to co-ordinate their response because their radios didn't work, or where the entire response was delayed by several minutes because no-one could find a landline to even call the emergency services in the first place. You get the idea. And just to be clear, this is not some paranoid fear of a hypothetical problem. It actually happens, just fortunately not very often, thanks in large part to the kind of regulatory regime we're talking about here.
It's true that with any sort of government regulation you have limitations on individual freedom. Laws do that, and should never be made lightly. But at the risk of ending on an inflammatory note, consider that while people can hold strong views on whether private individuals should be allowed by law to own and shoot guns, and reasonable people can debate the pros and cons of that, no reasonable person thinks it's a good idea for anyone who wants one to be allowed a WMD where they can push a button and kill everyone in a city. There simply aren't any good uses for that kind of technology, and the damage one person can cause to others is wildly disproportionate to any personal freedom given up by someone who for some reason wants such a device even though they can never use it. Obviously I'm not suggesting the threat from a rogue radio transmitter is comparable to the threat from a nuclear bomb, but it really is a significant risk and even potentially a matter of life and death.
> * Contrary to some of the FUD being posted in this thread, the regulations don't appear to be about custom firmware for the UIs or even signalling on a device*
Note that vendors are required to "Describe in detail how the device is protected from 'flashing' and the installation of third-party firmware such as DD-WRT."
This is specifically about blocking all use of custom firmware.
That seems reasonably clear in what it's talking about, or at least what they're intending to cover. For example:
"The Commission proposed to require that an applicant for certification explicitly describe the RF device's capabilities for software configuration and upgradeability in the application for certification. This description would include all frequency bands, power levels, modulation types, or other modes of operation for which the device is designed to operate, including modes not enabled in the device as initially marketed. Also, an applicant for certification would have to specify which parties will be authorized to make software changes (e.g., the grantee, wireless service provider, other authorized parties) and the software controls that are provided to prevent unauthorized parties from enabling different modes of operation."
There's no reference to specific firmware platforms like DD-WRT or OpenWRT there.
Is this a case of some documents describing preliminary consultations and others a final situation that differed from what was contemplated originally?
For that matter, is it actually the case that some routers don't fully isolate the radio control software as intended by the regulations, in which case installing custom firmware like DD-WRT or OpenWRT really would be a risk, in which case the intent of the regulations really would be to prohibit the installation of that custom firmware in that particular context because it does present exactly the threat they are trying to control?
It's on fcc.gov, so it's probably legit. It dates back to March, so it's conceivable that it's been modified or superseded since then; I haven't been able to find anything to indicate so, but I'd be happy to be wrong.
Basically, there seems to be a lot of confusion stemming from blogs that heard about the document that I posted, but only linked to the document that thejosh posted. I found this doc via the CNXSoft post that appeared on HN yesterday [1], which mentioned the "protected from flashing" line and linked to Etherpad notes from a presentation, which linked to the U-NII Device Security v01r02 document that I posted above. It's kind of a ridiculous chain, so I can see why people were confused. You're right that none of the documents directly linked in this thread talk about blocking custom firmware; when people are talking about that, they're thinking of the U-NII Device Security document, not the "Equipment Authorization and Electronic Labeling for Wireless Devices" proposed rule.
> Is this a case of some documents describing preliminary consultations and others a final situation that differed from what was contemplated originally?
Possibly. They may also be describing different aspects of the FCC's evolving wireless policy. I haven't followed the rabbit hole deeply enough to determine for sure whether the FCC is still currently on track to block custom firmware, but it appears that they were as recently as March.
> For that matter, is it actually the case that some routers don't fully isolate the radio control software as intended by the regulations, in which case installing custom firmware like DD-WRT or OpenWRT really would be a risk
Oh, yes, certainly. Most of these firmwares are designed to be useful for users all over the world; IIRC, the one I use (Tomato) lets you select your region from a pull-down, and then enables the channels appropriate to your claimed region. (You can achieve the same thing by downloading the manufacturer's firmware intended for a different region; custom firmware is not required.)
I think this was well-meant on their part, but I agree that it is a problem, and it makes sense for new routers to block access to block access to unauthorized channels on a level that custom firmware can't touch. I just think that blocking custom firmware entirely is throwing the baby out with the bathwater.
But legit what? For example, I don't see any indication of whether it's an existing policy, a draft/proposal for future policy (which is what most of this discussion seems to be about) or something else. Who is required or recommended to read it? What happens if they don't do what it says?
Most significantly, it also doesn't seem to specify what constitutes a U-NII Device for the purposes of these rules. It would be bad if the rules had the effect of blocking custom firmware on something like a wireless router when that device included a self-contained radio component that was a black box and itself constrained to follow the normal rules for transmission equipment. On the other hand, if we're talking about running custom firmware on that radio component and/or on the main device but with the ability to reconfigure the radio component to perform outside the authorised spec, it seems to me that prohibiting the installation of that firmware is exactly what is intended, and for good reasons.
Yep, that's exactly the problem. We even have a few posters in this discussion talking about how they hate these new requirements because it means they can't run their routers illegally anymore. A lot of the fuss seems to be that the draft documentation of things that hardware vendors should consider and put in their certification request is, "what happens if an end user installs a third-party firmware like dd-wrt." They're seeming to take that as prohibiting all third-party firmwares, instead of prohibiting third-party firmwares on devices that require binary blobs. A router maker who has a baseband that can't be modified wouldn't be affected by this at all.
I've already covered a lot of this in my response to Silhouette, so I won't repeat it here, but:
> We even have a few posters in this discussion talking about how they hate these new requirements because it means they can't run their routers illegally anymore.
Are you under the impression that the sole purpose of custom router firmware is to access restricted channels? Custom firmwares contain many very useful, legitimate tools, and also happen to enable region-shifting for users who want to keep their old router when they move, which unfortunately lets malicious or ignorant users access locally unauthorized channels.
As for the rest, the U-NII Device Security document I posted above is pretty clear about prohibiting all unsigned firmware, explicitly including DD-WRT.
Manufacturers don't care about whether end-users have the ability to install stuff like OpenWRT on their products, so if the easiest way to comply with the regulations is to lock them down altogether they'll do it. It's the users who lose out, and they're not the ones who are designing the products in the first place.
Why do people keep bringing thinks like OpenWRT into this? The regulations here are about the firmware in the radio components themselves, not any particular firmware running on a specific end user device that happens to include such a component.
The firmware running on the end user device and provided by its manufacturer probably doesn't even have access to the firmware running on the radio component in many cases, in which case the kind of regulations we're talking about would make no difference at all to that device.
If the main device firmware does have access to reconfigure the radio component, these regulations are a good thing, because it means you can afford to let end users swap out the main device firmware without risking them breaking the radio with adverse consequences for everyone else nearby. If you didn't have that safeguard, the only safe thing to do would be to lock down the entire device in exactly the way you're describing.
You are arguing against the regulatory framework that makes your desired outcome practical to achieve.
Here's a draft of the rules where they specifically ask how You will
prevent end users from installing DD-WRT.
Third-Party Access Control: What prevents third parties from loading
non-US versions of the software/firmware on the device? Describe in
detail how the device is protected from “flashing” and the installation
of third-party firmware such as DD-WRT.
And so I ask the same to you that I asked to 'PhasmaFelis, who seems to have been the first poster of that link in this discussion: what is the actual legal status of that document (which unlike others linked here does mention DD-WRT by name), and to which devices does/would it apply?
As far as I am aware, they (or the developers of the software they use) are free to seek the necessary regulatory approval to operate a radio running their choice of software instead. They just have to play by the same rules as everyone else. Running open source software is completely orthogonal to having the proper regulatory approvals to transmit radio signals.
Bad behavior is already banned. People behave badly nonetheless.
Reading some of the other comments in the thread; two things become clear to me. People causing their devices to behave badly have no idea what the ramifications are, lacking knowledge in both regulatory issues ("what's DFS? what's TDWR?") and RF-related issues ("jacking up the power can't cause spurious emissions!") [note]. These people should not be modifying their radio equipment, they don't have the understanding required to do so safely.
That said, you can be licensed by the government to prove that you understand these things, and then the government gives you free reign to build your own equipment and basically do whatever you want. If I were modifying my WiFi equipment for Part 97 operation (questionably legal for various reasons I won't go into), I'd know to look for things like: interference with primary users of the frequencies, spurious emissions, permissible RF exposure limits, and so on.
"Unlicensed" doesn't mean you can do whatever you want. People seem to think it does, however, and the FCC has a very tiny enforcement budget, so it seems natural to go after the device manufacturers rather than the end users. The device manufacturers already pay to have their devices certified, a few more hoops don't matter to them (and save the taxpayers money), and a well-locked device will prevent even the most ignorant hobbyist from causing plane crashes, so I understand their logic.
I am probably going to write them a letter opposing the changes, but mostly from the perspective of amateur radio operators rather than "I can do whatever I want in my own home".
[note] Let me share some choice quotes from elsewhere in the thread:
"Sounds like those TDWR systems are in dire need of an upgrade if that's enough to cause fatalities."
"The hardware should know the amplitude of the input signal and what maximum gain can be applied to it before these detrimental effects set in. [...] I'm not going get a multi-gigahertz-capable scope costing tens of thousands of dollars just to tweak my home router."
I understand the ethical conflict here. I'm generally liberal in my views and tend to favour lighter regulation by default, so personally none of these issues sit easily with me. I believe technology is neutral and how it is employed is what counts, so my usual stance is that freedom should be the default and with that freedom must come responsibility. But I'm also a pragmatist.
You can debate the merits of useful technologies that are also dangerous. Many technologies have both negative and positive applications. Sometimes in reality those technologies are used more often for negative purposes. We then get conflicts where the same tool that can protect an individual from harm can also harm others and/or protect the individual from the consequences of their harmful actions. We also get rather different kinds of conflict where a technology can be a net benefit to society because it helps many people but that comes at a high cost a few innocent people who will lose out in some way.
However, when there is nothing to balance in how a technology is employed, when realistically it can only be used for harmful things or it causes wildly disproportionate harm, I think the ethical stance must change as well. Some things can't be fixed afterwards, and in that case mere deterrence isn't always enough and I do think formal regulation can be justified.
> However, when there is nothing to balance in how a technology is employed
But in this case there is:
- open firmware
- security research
- running radios outside their regulated envelope without interfering e.g. because you're building a directed link between two sites in a rural area. With locked-down device you can't do that even if you got a permit. You'll have to buy more specialized, more expensive hardware
In many cases, especially with lower-end routers, the firmware running on the end user device is the firmware running on the radio component - there is no seperate radio CPU.
In those cases, restricting the use of unapproved firmware seems to be exactly what these regulations are supposed to do, and as I've argued elsewhere, I think it is a reasonable step to take given the damage one ignorant user can cause with these systems.
It feels very much like a knee-jerk reaction. Oh no, they're taking our wifi away, instead of figuring out why the regulations are proposed, and why there are unintended consequences far beyond a little noise at the edges of the wifi spectrum. Additionally, they don't want to realize that like you described, the cheapest way is to put in a radio that doesn't need a binary blob to operate, because router makers are sure as hell not going to pay for the expensive re-certification process after every software update.
It does NOT restrict you from modifying the software. Read section 24.
"The Commission proposed that certain changes in layout, included components, operating software, or variations in overall electrical or mechanical constructions that do not substantially change the overall function of the device do not require a new FCC ID."
"The Commission proposed to continue to permit Class I permissive changes for those changes that do not degrade the device parameters normally reported in an equipment authorization application (including a decrease in the fundamental emissions that does not increase spurious emissions; an improved spurious emission performance; minor variations in the enclosure or components; and software changes that do not affect RF parameters)."
All of that says that a manufacturer can make certain changes to software and hardware without having to get a new authorization. It says nothing about what the user is permitted to do.
Yes, and the cheapest way to be compliant with that is to put the wifi chips in its own locked box, separate from the rest of the phone. There are several chips available right now, like the ath9k series, that already work like this. This issue really is a tempest in a teapot.
The relevant passage is "Describe in detail how the device is protected from 'flashing' and the installation of third-party firmware such as DD-WRT." The FCC is specifically mandating that all custom firmware must be blocked.
A) The relevant portions of the rules only apply to the 5 ghz band. 2.4 ghz doesn't have that set of rules.
B) The document is not hard and fast rules, it's a set of guidelines to ensure that the device cannot operate out of the rules. So, putting the radio controls in a separate unflashable baseband chip would be ensuring that the radio is only operated by authorized software, while the rest of the router is operated by other software.
One of the requirements for hardware vendors is "Describe in detail how the device is protected from 'flashing' and the installation of third-party firmware such as DD-WRT."
They are explicitly trying to illegalize custom router firmware, even though all the things that need to be prevented could be handled by separate hardware lockouts that wouldn't affect the legitimate uses of DD-WRT.
That page states that it's a set of general guidelines, not hard, definite rules. All of the examples, like flashing dd-wrt, are essentially asking, have you thought about x, y, and z? Tell how so. It's almost certainly perfectly acceptable to state, "we use a discrete chip for our wifi system without any way to upgrade the firmware, so if a user does flash their system, the wifi chip cannot be made to drive outside of legal parameters." A hardware lockout is definitely one way to comply with the guidelines.
People aren't paying attention to what this is for. It's to prevent people from using encryption to obfuscate and share their illegal data, and other criminal things, and from interacting with other criminals outside the bounds of the manufacturers intention. It's to protect devices from crime that was prevalent in the days when the internet was first invented, and for decades afterwards.
Most radio modules would have an embedded firmware that in addition to the radio handling, should enforce regulatory constraints (i.e preventing the use of 5GHz DFS channels if radar use is detected).
Building these firmware images is something you are (usually) only equipped to do under NDAs from the silicon manufacturer (or only done by request from the manufacturer).
My understanding (and what I have gathered from previous threads on the subject) is the FCC is going after the embedded radio firmwares, and mistakenly (or due to extreme lack of knowledge) named OpenWRT,DD-WRT as offenders.
Otherwise, the effect of this would be to outlaw PCIe and USB WiFi, Bluetooth etc. cards/adaptors unless sold inside a computer with a locked bootloader.
>Otherwise, the effect of this would be to outlaw PCIe and USB WiFi, Bluetooth etc. cards/adaptors unless sold inside a computer with a locked bootloader.
Lenovo already does this for laptops, you have to use a Whitelist Wifi card, they claim it is to comply with existing regulations from the FCC, which this will expand.
It would only take a motherboard with a PCIe slot and an unlocked bootloader to circumvent that strategy. You would use it to flash the firmware in whatever device you want to unlock and then use it on the computer with the locked bootloader.
Laptops for example have an FCC label (take a look at the bottom of yours) as they have radio equipment on them in the form of a Bluetooth adapter/Wi-Fi adapter/3g modem.
If you look up that FCC ID, however, it will usually turn out to not be the ID of the laptop. It will be the ID of the wifi adaptor, and it was the wifi adaptor maker that got the certification, not the laptop maker.
It is that wifi adaptor maker that is responsible for ensuring that the radio stays in compliance.
The laptop maker generally will only need to deal with the rules from part 15B, unintentional radiators. The laptop maker won't have to lock down the laptop OS.
Most laptop manufacturers now have a whitelist in the BIOS to prevent the use of wireless adapters that didn't ship with the machine. (Lenovo, HP and Toshiba definitely do this.) Up until Sandy Bridge it was usually possible to patch this out with a modified BIOS update but now laptop BIOSes are signed and this is not possible.
The quadcopter problem is easy to solve, jail time for repeat offenders.
But they are now making laws to ensure the bulk of the population commits a few felonies each day, changing your phone software from stock, changing your router software from stock = prison? How exactly does that harm/help society?
If you want to jail offenders then there has to be a law or regulation for that. This is that regulation.
How does this harm society? Imagine your wifi router becoming useless cause your neighbor decides to modify his and boost his output which overpowers yours. Plus adding additional frequencies that render your wireless phone useless.
Imagine (and be terrified of) your neighbor sneaking over at night and smothering you with a pillow. Let's ban pillows! Bonus: the ban will stop those vicious pillow fights.
You are pretending such things I mention don't happen but they happened all the time before the FCC came into being and happened often during the CB craze. In fact, I still occasionally hear of such things.
Imagine there were no regulations. Such things would be rampant as they were in the past.
Your example of the CB craze ignores the fact that there were plenty of regulations at that time -- there were actually more then than there are now. They were totally ignored.
For instance, back then you were required to have an FCC license to operate a CB radio, but not one user out of a thousand bothered to get one.
I'm not ignoring it at all. It's my point that, if those CBers couldn't modify their equipment, many of those issues would not have come up. Being an illegal operator is a different story unrelated to this topic.
Yes, and have you checked to see what the end result of the emissions are on the main harmonics. If you're overdriving your amplifier, there's a good chance the distortion harmonics are sending into the 7.3 ghz band and 12 ghz band, which are both used by satellites, and can cause interference due to the sensitivity of communications.. This is one of the many problems with these modifications, and why the FCC is making enforcement; driving circuitry outside of its range can and does cause problems more severe than annoying your neighbor by making their connections a bit worse.
If the hardware register being in range causes the circuit to be out of its range, that's a hardware problem. It's not my problem. The FCC should take that up with the hardware designer.
I don't supply the input signal to that amplifier; it's all within the router. The hardware should know the amplitude of the input signal and what maximum gain can be applied to it before these detrimental effects set in. It should not permit higher gains than that.
I trust that it doesn't, and don't give a shit beyond that.
I'm not going get a multi-gigahertz-capable scope costing tens of thousands of dollars just to tweak my home router.
Why should the FCC take that up with the hardware designer? Should the police take it up with Ferrari when people use their cars to speed?
You should operate your hardware within the limits specified by your local laws. Saying "I trust my hardware won't do anything wrong and don't give a shit beyond that" is not acceptable.
Your attitude towards the problem is exactly why the FCC is making these rules. Enough people not caring about the rules is why the FCC is putting their foot down and saying that hardware makers have to make their devices a black box.
I care about the rules and I assume that the hardware takes care of them. The hardware is FCC certified and legal for sale to consumers.
I don't think that the hardware has to be a black box to be compliant; it just has to disallow combinations of parameters that are outside of the legal (or technically correct) area.
If the chips themselves enforce this, then we can still have a device on which you can run OSS firmware.
And anyway, that's the right way to do it! If the hardware doesn't enforce the rules, and you're relying on the black box combination of hardware and software, that is less safe. Maybe exploits can be found to get around the software, and then -- wee -- let's crank that amplifier until it glows, and use illegal channels, etc.
"If the chips enforce this" -- at this point, you're talking about hardware that is only really usable in one country. Yes, the US market is large and important, but it's not the only one.
This is why things are done in firmware, so the factory can configure particular runs of boards for legal sale in whatever country they're attempting to manufacture to sell in that day. Now, for the sake of it being cheaper, many devices may have just one big firmware blob: this is more common in devices like wifi routers than other things (e.g. cell phones).
I am a researcher in RF-related technology: my personal views are that the radio firmware should be kept separate from the rest of the software running on the device (fairly similar to what many phones do with a separate baseband), with the ability to upgrade the radio bits being restricted to a) the manufacturer and b) users that the FCC has approved to make such modifications -- this would provide a sane way to certify groups who can make these changes, both for research purposes and for the OEMs that are integrating the RF capabilities into some larger consumer device.
In addition, there's many times where we've purchased hardware and performed modifications in-house to the control software, specifically because we DO have a license from the FCC to do things outside of what would be allowed for normal consumers. Forcing special hardware runs for things that aren't locked down and can be used by the couple hundred groups (if that) in the country who do this sort of thing is going to be even more prohibitively expensive.
Finally, I'm extremely aware of the thought processes that would lead manufacturers to lock everything down if they're forced to lock anything down, and this could be mostly worked around by making the manufacturer of the RF hardware (who typically isn't the company selling you a device) responsible for those protections. They won't have any desire or ability to touch the other parts of a device, so they won't really be technically able to lock them down in the best case scenario. This gives a lot of freedom for the higher-level software to be kept in a state where it's easy for users to modify.
Right, make it illegal to operate your device in a way that causes interference. Don't make it illegal to modify your device and don't make it illegal to manufacture a device capable of being modified.
I doubt it. Actually getting an SDR with transmit capabilities up and running takes a lot more time, effort and intelligence than launching a drone does.
I'm not too worried, like all prohibited substances and devices (except maybe weapons of mass destruction) there will always be ways to get what you want if you want.
Especially since from the headlines it appears that they're considering a software based approach.
Umm, no. Such laws legitimize prohibition (by definition) and represent and form public opinion and can thus be harmful even if they are loosely enforced.
Exactly what are you disagreeing with? Going by your comment you seem to think that I said that a ban would have no effect at all. I did no such thing, and I would suggest that you read more carefully next time.
So, umm, no I can't actually get access to a XTC in my country where it is prohibited?
Of course I can. Even if/while such laws effect more than only a ban on the substance in question.
And they won't. Access points will just go back to the slightly more expensive method of using a wifi chipset with an asic and/or preinstalled non-upgradable baseband, and life will go on. The ath9k family, which is what's recommended for things like libreboot-based systems show that these exist. If they're spinning their own circuitry, they're going to have to get fcc approval anyways, and will have to make sure that their access point isn't terribly designed and spewing RF all over the spectrum because they don't understand what happens when you overdrive transistors.
There are types of wireless communication other than wifi that are still unlicensed. Not having access to SDR makes it much more difficult to develop those. Also, locked down chips cannot be trusted in security sensitive settings.
