Hacker News new | past | comments | ask | show | jobs | submit login
Protest against the EU radio lockdown (blog.mehl.mx)
178 points by zoobab 15 days ago | hide | past | web | favorite | 72 comments

What would be the motivator for this kind of clause? I can't imagine radio-device manufacturers would appreciate the additional expense, and at least some of them must benefit from consumers buying those products specifically for customization.

Are the national governments pushing for more radio control? Is there some kind of crisis of radio abuse? Or is it an indirect way to give governments more punishment tools, by making radio modification a subversion of manufacturer controls, so you can be slapped with an additional charge if you ever use a custom radio device in a crime?

I haven't read the EU proposal, but for the corresponding US rule, the motivation was to reduce interference with other radio users. In many of these products, the radio is capable of frequencies, power levels, and modulation modes that are not legal, and the device relies entirely on the firmware not choosing an illegal combination to stay legal. People have used third party firmware to allow choosing illegal radio settings.

The regulations were written in the US to be compatible with open source and customization, only requiring that outside software not be able to set the radio to transmit outside the legal limits that applied to that type of device.

A router manufacturer does not have to lock down all the firmware to satisfy this. They can make it so that the "set radio parameters" part of the firmware is separate from the rest, with only the former being restricted. This is the approach the FCC encourages, rather than simply locking down the whole thing.

In fact, when TP-Link was making routers that could operate outside legal power levels, and the FCC went after them, the consent decree they agreed to required TP-Link to work with OpenWrt and the radio chipset manufacturers to ensure that they could build compliant routers without locking out third party firmware.

Basically the EU has discovered SDR (Software Defined Radio) and wants to limit its use.

The usual excuses are given, electrical safety, emission on protected bands...

Right, but why would they want to regulate SDR?

FUD. Fear, uncertainty, doubt

That's how. The question is "what problem do they think they're solving"?

maybe because they can be used for many nefarious purposes?

So can wheels.

You shouldn't ban general purpose technology because of particular bad uses.

“Regulate” != “Ban”

And in this case, the proposed regulation is:

“””[R]adio equipment [shall support] certain features in order to ensure that software can only be loaded into the radio equipment where the compliance of the combination of the radio equipment and software has been demonstrated.”””

Now I don’t think that’s a well written rule, but my problem is the specifics rather than the general idea. I think that either all broadcasts should be digitally signed, or it should not be possible for hackers to remotely modify many other people’s radios to broadcast false signals. (One-on-one modifications I don’t care about so much, but how do you write/pass such rules, given the difficulty getting people to care about or believe the scale difference between automated and manual hacking?)

The problem is that we already have regulations to avoid broadcasting on restricted/licensed bands.

In general, current regulation makes the owner of the equipment responsible for the broadcast.

This new regulation will just stifle development on SDR technologies

And the current regulations are impossible to enforce. If they would work we wouldn’t be in this situation.

> If they would work we wouldn’t be in this situation.

What situation? What crisis is happening I'm completely missing?

> “Regulate” != “Ban”

Imagine how ridiculous it would be to have a regulation on wheels that they must try to prevent being installed on non-approved devices.

I agree with you, but for anyone following EU rules and regulations, this ship has sailed a long time ago. Drugs, guns, radio are just part of a huge long list of "general purpose technology" that have been regulated out of existence.

That sounds like a hot take. I'm pretty sure most EU residents are very satisfied that they don't have to fea for their safety for gun violence when they walk home late at night or just in general.

>don't have to fea for their safety for gun violence when they walk home late at night or just in general.

Neither do "most US residents".

More to the point, your focus on guns is missing the larger point. There is very real and immediate dissatisfaction with the EU regulatory landscape. See: Brexit.

A lot of general purpose technologies are restricted to safe use.

Restricting it to safe use is what the preexisting law does.

Like what? I'm not being flippant here, I'm really in the dark. What harm can one do with an SDR, and how does the potential for abuse compare to e.g. a cell phone?

The availability of easily-hackable, low-cost Chinese hardware?

I'm not as familiar with EU law, but similar changes in the US were prompted by "Import hardware configured legally, but manufacturer winks / doesn't care about flashes to illegal specifications" scenarios (indeed, it may be a way to boost sales).

The correct legislative solution seems to mandate locked RF firmware... while also mandating customer access to tinker with the remainder of functionality.

This addresses the tendency for manufacturers to simply lock down everything as the cheapest path to legal compliance.

TBH, if you want a right to tinker with RF firmware, a ham (or equivalent) license seems a low (probably too low) but necessary and fair burden.

Disclaimer: Automated hardware unit tests and test devices, including RF tests for firmware developers, are bringing bread to my table.

Looking at this rule from another angle, I think the objective is to have a single entity to blame if interfering device is found. In this context this may seem rational -- all the firmware released that is mangling with intentional radiators needs to be tested to prove it is compliant. However, the method creates extra complexity for the device manufacturers and as time has shown -- does not really improve the matters in the long term, you will just get a fleet of devices running old firmware with unfixed bugs. Manufacturers often do not like it either, specially in the management.

I think it may be a classical example of "The road to hell is paved with good intentions" or Hanlon's razor*

* https://en.wikipedia.org/wiki/Hanlon%27s_razor

Allowed frequencies and transmit power varies in the world, so the cheapest way sell to all markets is to set a few different bits in firmware to make it fit for those regulations. That could be a factor.

This is what this change is about. It follows similar regulations in the US, btw. Smartphones should be mostly fine if the radios are controlled entirely by the baseband. Then changing the main OS cannot have any effect on the compliance of the device.

Also this feels like an ugly interaction with the right to repair. Old devices will become even harder to update and patch due to legal requirements.

We have existing regulations stating what is allowed on which frequencies.

Is there evidence that the devices prohibited by the proposal lead to widescale breaking of these regulations? And if so, is there evidence that this causes harm?

It's harsh to assume that people can not be trusted with SDRs and therefore we should ban them outright. I'd like these sorts of blanket bans to come with a strong evidence backed reason.

I am currently in the process of a obtaining a ham radio license specifically so I can experiment and innovate with SDRs and IOTs and be confident that I do so in compliance with the regulations. This proposal will make it much harder for ham radio enthusiasts and innovators to experiment and learn in a compliant way.

^ Above submitted as feedback

> Is there evidence that these devices lead to widescale breaking of these regulations? And if so, is there evidence that this causes harm?

Yes there is. A lot of people now import devices from countries with different frequencies causing a mess. This is especially a problem if frequencies are used for other purposes.

> A lot of people now import devices from countries with different frequencies causing a mess.

If they are already using devices that are not compliant with EU regulations, then I don't see how stricter regulations would solve this. This sounds like an enforcement issue. What prevents people from importing the very same non-compliant devices under the proposed regulations?

In fact, I can see more of this import happening as the domestic devices will now be more expensive and crippled.

You could destroy such devices at customs inspection. Currently such devices are legal. The use outside of the legal frequencies is not and enforcement is almost impossible.

It would be much easier to protest for the creation of a law that punishes the attempt to create or the creation of bad laws. After all when you propose a bad law, you can just propose it again and again and again until it gets implemented, then good luck getting rid of it.

As for "how do you define bad laws?". We know it's possible because we have constitutions. We know they can be expanded. We know it's possible to get people jailed if they violate rules, and legislators are people even if they tend to forget this little detail.

As for "but what about evil corporation that will not be stopped by the law?". Well, even corporation is the one that usually wants more laws and even discuss the laws that should stop them.

If you want any semblance of freedom under a State you need a way to make legislators think very long before legislating.

Reminds me of the ongoing fight over crypto-legislation.

"They only have to win once, you have to be vigilant and win every single time"

I also suspect that the current patent mess is a result of failing to win the continual defensive battle.

I'd be interested to hear from any law or political theorists regarding this seemingly deep flaw in the system. What could be done to mitigate it? How do we stop the same bad laws being proposed in slightly different forms again and again when vested interests combine with a poorly informed legislature?

>They only have to win once, you have to be vigilant and win every single time

The law is not a blockchain ledger. If bad law gets in, it can also get removed later.

It can be but it's an uphill battle the entire way and opponents try to shame crypto supporters with the Four Horsemen of the Crypto Apocalypse: Terrorists, Child Pornographers, Tax Evaders and Those Who Have Something To Hide.

Any objection to government surveillance is met with "Well you must be a member of or support the activities of" one or more members of the aforementioned groups. It's better to never let a bad law in than remove it later because people are irrational and bring these emotional arguments into play.

That takes a long time. In USA we've been trying to end drug prohibition for decades.

That's because there's a big amount of people, myself included, who feel like drug prohibition is good, all things considered. Not because "editing" the law is hard. (I am not American).

That doesn't make the situation different. All of these bad laws have supporters. (Largely because charlatans in government, law enforcement, and media constantly exaggerate dangers, but that's beside the point.)

By "bad law" I meant laws with absolutely no public support, not laws which are "objectively bad" (such thing made doesn't make sense)

There's plenty of public support for even the most dystopian laws.

That's not so easy for EU laws. The only body that can propose new EU laws is the European Commission, which ordinary voters have essentially no influence over. (Some of the non-EU Europe-wide bodies are even worse.)

But how can groups debate if a law is good or bad, isn't proposing such a law the way the debate is started? Maybe some bad laws have good intentions but some poor wording can have bad consequences.

Also why do we think constitutions are perfect, don't countries have to update them periodically to fix them?

Then let courts take stated intent of lawmakers into account and throw out cases where the application of the law is different from the stated intent.

I am not an expert, but I see a problem with this idea too, the lawmaker will need to also write what the intention is, then you can find loopholes in the text of what the intention is. or the intention could be very general so ambiguous to interpret. In some countries there is a way for the people to contest laws as unconstitutional and have judges not politicians decide.

the issue is the usual: eu is so far removed from constituents it's pointless to try and save it.

After a quick read, the amendment in this directive seems far too general to be enforced effectively. If you parse it with the FOSS principles and revoking the ability to flash or install LineageOS, OpenWRT, Tasmota etc., it is counter-intuitive to some of the principles empowering consumers e.g. restricting locked bootloaders by carriers.

If passed into law, it might make a test-case for sales of rogue drones but it won't be able to stop Baofeng handsets flooding a market. The EU needs reminding that restricting freedom in this way is a terrible idea.

Who in their right mind is thinking up of these stupid rules? Are they aware of the world around them? I assume no :-(

If this is approved, I expect a few other similar laws to protect the "common good". Car manufacturers should verify and approve all possible combinations of modifications. You shouldn't be able to increase your horsepower (and possibly kill more people), surely the car manufacturer should take the blame and responsiblity for whatever you do with your car ;-)

As a matter of fact our good EU government (overlords) should regulate and ban whatever is not safe for us, they know better.

Being in EU, I'm going to add my comment to the official link provided in the OP blog post and I encourage everyone in the EU to do the same.

The are going to be mandating GPS based speed limiters on all new vehicles for the EU, as has been reported recently.


This is bad for many reasons * Security, device manufacturers stop supporting updates after a certain while * The environment, lots of devices will become obsolete with no software updates. Free software provides such updates. This will contribute bad towards global warming. * Being able to experiment with hardware you own and run open source.

I remember that the FCC has a similar requirement, and that was one of the issues behind "no open source drivers for wifi modules"

This shouldn't affect OpenWRT if it uses a standard driver, unless I'm mistaken (or "radio equipment" means the whole thing and not just the radio module - but that's up to debate)

> I remember that the FCC has a similar requirement...

Which is better IMHO.

You can sue the FCC if you think they overstepped their bounds as opposed to getting a bunch of politicians behind the repeal of a bad law (which otherwise can only be overturned if it violates the constitution).

Or, as sometimes happens, the FCC realizes they made a mistake and/or "conditions on the ground" change and they decide to change the requirements -- also without involving the lawmakers.

You're probably right, and the FCC is more technically competent

the eu is really on a streak with counterproductive legislature atm

Does the Raspberry PI count as IOT?



That makes no sense. First of all the driver is ETSI which the UK is a big part of, secondly even a non EU country (Switzerland) is behind this. Even after Brexit the UK will likely adopt this.

Sure, but it'll also make it easier to revert.

Which doesn’t matter because it wouldn’t. The UK is master of crazy laws like this. Just consider the porn ID verification and more.

Change takes time, it may take 100+ years but I don't see why I would intentionally put even more barriers in front of a hard enough goal.

There's still time to oppose this.

> Yet another reason why I'm glad for Brexit.

If you think that Brexit will stop this, I hope you are right – but I very much fear you are massively underestimating the UK government's appetite for bad laws and bad process.

I think the argument is that with Brexit it's easier to change laws because you only have to deal with/convince one government instead of 30+ ones.


The EU becomes a worse and worse idea every year. It was good while it lasted. This will be the first year I vote for an anti-EU party locally. It pains me, but it's been enough already :/

Are they cool with you installing whatever you want on whatever you own - or are you in "cutting off the nose to spite the face" mode?

Have you read it? It would mean, for example, the end of OpenWrt.

What about the rest of recent terrible regulations and laws?

Then give feedback. The process is open for that reason. If you remove the EU from this you will have the insividual regulators ask for the same. Austria and Switzerland for instance push for this.

//edit: also even the proposed regulation would not prevent custom firmwares. You just meed to lock down the radio.

This. Article 13. Article 11. TTIP. CETA.

Stupid ideas coming out of EU are more and more frequent.

I don't want to give feedback. I want accountable and professional political representation that will not dare to come up with such ideas in the first place.

Politicians will always come up with dangerously worded good intentions every once in a while, regardless of which parliament it is — national or European. At least at the European level the number of folk that pick up on the risks of such articles is significantly higher than at the national level — especially for smaller countries.

Asking for feedback on complex legislature proposals is surely preferable to exclusively taking notes from meetings with lobby groups behind closed doors. Besides, national governments often ask for feedback on proposed laws too!

Each body that can introduce legislation represents a possible attack vector against our remaining freedom. Each additional tear of government is more distant from the voter, more difficult to oversee, communicate with and oppose.

I have to ask why should such piece of legislation exist in the first place? What problems of today does it aim to solve? What is the quantified impact of these problems that we need to adopt new regulation? I have read related documents and there is no such reasoning, just vague boilerplate.

The trade-off for delegating some of the national sovereignty to the EU is that as independent nations we cannot trade and deal with other powerful entities such as the US and China nearly as effectively. For example, a country like the Netherlands risks having trade deals dictated to them rather than negotiated as equals.

With the Brexit looming over the United Kingdom, already the effects of leaving the influence of the EU bloc behind are becoming clear, with the US attempting to dictate the terms of their post-EU trade deal.

Regulation such as this is necessary to harmonize the various national laws on this subject so manufacturers can target the single market of the EU without having to certify their gear in each member state. This is mentioned in the documents about this law as well (I've closed my browser tabs after submitting my feedback, but it's there). I'm not too well versed in this matter, but the net-benefit seems to be economic.

The EU and it democratic institutions can be vastly improved, but we are better of with them than without them — especially now.

The only way to achieve that is to regularly give feedback in areas you understand well. The representation that will not dare to come up with such ideas in the first place wont happen out of nothing.

What's your problem with CETA?

TTIP would have been a good step forward to harmonize US-EU-Japan regulations on a lot of things.

I'm not saying there were no problematic parts of trade agreements (US' strong intellectual protection and sort of lax food safety regulations are always a big worry for example).

>Austria and Switzerland for instance push for this.

This is the kind of law that's only pushed by wealthy countries like Germany or the UK. I live in a shithole which would never get a law like this. Getting rubbish like this, net neutrality, copyright reforms, etc. would never happen here on its own because we have much bigger fish to fry.

You say that but many EU countries had crazy laws on radio and telecommunications in the past.

The section in question lists different points and then says:

"The Commission shall be empowered to adopt delegated acts in accordance with Article 44 specifying which categories or classes of radio equipment are concerned by each of the requirements set out in points (a) to (i) of the first subparagraph of this paragraph."

So it says that the Commission has a way to decide which categories/classes of radios fall under e.g. point (i). This does not mean ALL radio devices would automatically be subject to the point (i).

Or am I missing something?

I am saying that you need to compare alternatives - in this case an (often authoritarian) anti-EU party.

Unless of course it violates the arbitrary, imaginary monopolies on abstract works and ideas.

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact