(Background: I'm a computer security lawyer at Stanford. This ain't legal advice.)
This is a misunderstanding. The FCC has not tried to ban Wi-Fi device modding. What it might be requiring is locked-down radios. And only radios.
The phrasing of the recent guidance is unfortunately ambiguous, and calls out DD-WRT by name. But the original rules are clear [1], and staff guidance cannot trump Commission rules.
What's more, an attempt to ban third-party software would be inconsistent with the FCC's previous policy. The agency fined Verizon, for instance, when it tried to block third-party tethering apps [2].
The software must prevent the user from operating the transmitter
with operating frequencies, output power, modulation types or
other radio frequency parameters outside those that were approved
for the device.
I agree that the FCC is concerned—as to some devices, in its present rules and guidance, and as to all certified equipment, in the proposed rules I mentioned in another comment—only with software that can affect radio compliance characteristics.
For many devices, however, the practical result is likely to be the same as an outright prohibition on software modifications. Manufacturers of devices for which there is limited market demand for compatibility with third-party software have few incentives to incur the extra costs and certification risks of designs that provide for tamper resistance only where required, rather than for the software and firmware as a whole.
The situation in Verizon is distinguishable because the handsets involved were already designed to support third-party applications with limited privileges, and also because Verizon was a Block C licensee with network access obligations, not an equipment grantee.
The software would not be preventing non-approved transmitter behavior if the software supported the loading of custom firmware that can implement non-approved transmitter behavior. Here is the full paragraph from which you quoted:
Manufacturers must implement security features in any digitally
modulated devices capable of operating in any of the U-NII bands, so
that third parties are not able to reprogram the device to operate
outside the parameters for which the device was certified. The
software must prevent the user from operating the transmitter with
operating frequencies, output power, modulation types or other radio
frequency parameters outside those that were approved for the device.
Manufacturers may use means including, but not limited to the use of
a private network that allows only authenticated users to download
software, electronic signatures in software or coding in hardware
that is decoded by software to verify that new software can be legally
loaded into a device to meet these requirements and must describe the
methods in their application for equipment authorization.
Thanks for the analysis. We shouldn't treat the baseband CPU code any differently than the user OS. Inherently we loose software control of one of CPU's, often with DMA, and arguably the radio is the the most important hardware.
For cost-saving reasons, on most WiFi access points the radio is part of the main SoC and is controlled by code running on the main CPU. So it's going to mean an end to router firmware modding in practice.
You don't have to be omniscient to realize an action might have a consequence that wasn't intended. I don't go 100MPH on city roads because I don't have to be omniscient to realize I might end up killing someone even if I don't intend to.
So OF COURSE regulators should consider ways in which their reulations might cause unintended harm. This is a major reason why US Federal regulators almost all have mandatory public comment periods -- third parties might be able to point out some of these unintended consequences. Regulators might not always make the right decision, but they should at least be making informed decisions.
The attitude should be "We considered that possible outcome and the benefits outweigh the harms (or not)", rather than GP's "well that shitty outcome sucks, but guess what? Not my problem".
I honestly cannot believe the idea that regulators should be considering both positive intended and negative unintended consequences of regulations is controversial.
Look at item #2 under "Third-Party Access Control" which states a home router manufacturer must answer this question:
"What prevents third parties from loading non-US versions of the
software/firmware on the device?
Describe in detail how the device is protected from “flashing” and the
installation of third-party firmware such as DD-WRT."
What they're doing is requiring home router manufacturers to claim their device cannot be flashed to gain FCC approval. Theoretically, the FCC could penalize router manufacturers that allow their routers to be flashed. These manufacturers would then no longer be allowed to sell their devices in the USA.
Unbelievable that it actually calls out community firmware as a threat, and DD-WRT by name. There has to be a story behind the genesis of this rule. I mean, these ROMs have been around for well over a decade now with no ill effects I'm aware of. That's not something that the FCC is going to be inclined to spontaneously regulate if someone weren't pushing for it.
What you're seeing here is a policy that came into full flower in World War II but has been a part of radio since the beginning. It's the idea that all paths must be pursued to maintain absolute mastery of signals intelligence on communications channels used by the public. It's as full an example of imperial military doctrine as you will encounter anywhere. This unfortunately puts the military interests of the United States directly against the civil rights of United States Citizens.
Oh yeah, also. It's pretty settled case law that your first amendment rights do not apply to broadcast radio signals.
Is that the military, or is that just the fact that we only have so much radio spectrum (it's basically a public good) and everybody wants a piece of it? Have you taken a look at the U.S. Frequency Allocations map recently?
I have heard that the current system woefully misallocates bandwidth and that Full Frequency Spread Spectrum transmission would help with that. Of course the current system of government granted monopolies on spectrum allocation would have to go away. And that is a political event of low probability of occurence. At least this week.
Probably somebody who has the spectrum right above the 2.4GHz ISM band complained.
Given the overcrowding of the 2.4GHz spectrum, I suspect that people were starting to use DD-WRT to run on Channel 14, which is a no-no in North America.
I don't know of any WiFi chips that explicitly allow you to go below channel 1 (I know of a few that would let you go below if you twizzled the PLL directly, but generally that was very hackish) and they certainly never test there.
Whereas, nobody designs a WiFi chip that doesn't actually go to Channel 14.
Is there evidence that people are causing actual problems by doing either of those things? I know they could be bad in theory, but if there have been no problems or only mild problems, a wait and see approach seems more appropriate than trying to get in front of it with regulation.
Does that really say DD-WRT in particular is a threat? I take it simply as saying DD-WRT is the poster child.
While I like DD-WRT, if you can flash DD-WRT you can flash anything, and arbitrary code breaks all possible chain-of-trust models.
The FCC has a long history of moving for more restricted hardware as a way of regulating the airwaves, one of its chief jobs. As a ham & commercial radio operator it drives me up the wall, but I understand why they do it.
I hate HN's tendency to be perfectly intelligent and rational most of the time, yet become infuriatingly obtuse and cultish any time we brush near ideology.
Obviously the FCC does not care about who you trust.
The code that ships in consumer routers is really awful security-wise compared to something like OpenWRT, though, and that's not ideology - it's the commercial reality of the consumer router market. Security costs money and it's not visible to the consumers buying the routers, so the manufacturers don't bother.
Keep in mind, these are the same idiots at the FCC who (forcibly) gave us the RP-SMA connector, on the grounds that if the user can't buy a compatible connector at Radio Shack, they won't be able to install a better antenna.
It's the bureaucratic equivalent of Apple's habit of inventing new proprietary Torx screws, which keep users out of their gadgets for the 2-3 weeks it takes the Chinese to come up with new screwdrivers.
Have you ever actually done extensive repair of mobile devices? I'm actually glad they changed the screws; Phillips screws that small strip pretty easily and then you're actually locked out of the device. the newer style screw allows for more torque and lower chance of stripping by far.
Nothing wrong with Torx screws. I'm talking about "security features" added to them at various times by various vendors (Apple's not the only guilty party) that serve no purpose but to keep owners, hobbyists, and independent repair shops out of their devices.
So the FCC is very interested in reducing the security of routers and getting all users of routers hacked. Good job FCC, you are the best. I guess they are concerned about the router firmware letting you configure routers in such a way as to cause interference. The proper way to address that is to inform the makers of router firmware and force them to comply, I am sure the US government is more than capable of doing that, even if the FCC is not.
> To whom is the UI accessible? (Professional installer, end user, other.)
What professional installer? Consumer routers are all set up so the user configures it. Making the distinction between the end user and the installer sounds like the way DOCSIS locks the firmware of cable modems so the network operator has complete control over it.
I also wonder if this is the part of the FCC's plan to put data in the white space of other bands. The argument has always been that it's too difficult to coordinate all the different radios to prevent one accidentally transmitting where it isn't supposed to. But sending out frequency maps is easier when you can limit the number of different radios to just a few authorized vendors.
The word "home" does not appear anywhere in that document. I assume this document applies to all WiFi routers sold in the United States capable of U-NII frequency use.
You're correct. I used the word "home" because that's typically where these devices are used and the market that will be most effected. The FCC makes no distinction between devices meant for home use vs. other markets.
How large a proportion of people are able to de-solder surface mounted components and replace them? I'm not asking how many can learn to do so and get the equipment, but how many who knows how to do it and have the equipment.
No policies like this are made with the expectation they'll stop everyone. They just want to raise the barrier sufficiently.
If you open most SOHO routers today (mid-to high end ones) the baseband processor and the RF stuff will be on a daughter board, in many cases it will be the same or very similar mini-PCIE cards that you find in most laptops.
The FCC has an open rulemaking proceeding that would expand these requirements beyond the 5 GHz U-NII devices covered by the OET document to all Part 15 devices. See paragraphs 45 and 46 on page 18 of the Notice of Proposed Rulemaking (FCC 15-92):
We propose to modify the SDR-related requirements in Part 2 of our rules
based in part on the current Commission practices regarding software
configuration control. To minimize the potential for unauthorized
modification to the software that controls the RF parameters of the
device, we propose that grantees must implement well-defined measures to
ensure that certified equipment is not capable of operating with
RF-controlling software for which it has not been approved. [ . . . ]
We seek comment on these proposals.
Unflashable firmware means you cannot remove backdoors. Given that the NSA has abused router backdoors in the past, it's not far-fetched to see this as a push from the NSA and related agencies to protect themselves. We've also seen around the world that governments are ready to great lengths to protect their surveillance abilities.
This goes far beyond the standard limitations of restrictions preventing people from innovating. It directly inhibits their ability to protect themselves or avoid conflicting interests between the manufacturer and the user (example: many wifi routers are now, without consent of the household, public access points). Especially if firmware is going to remain closed source (I see no reason why it wouldn't), this is troubling news.
I personally use OpenWrt on my home wireless router because it provides more capabilities than the firmware that came pre-installed. It also has a consistent interface, so I didn't have to re-learn how to configure my router when I upgraded. This gave me a lot more choice when upgrading—I didn't have to worry about staying with the same manufacturer to avoid loosing certain capabilities or having to learn a new interface. Also, OpenWrt, being open source, encounters far fewer vulnerabilities than manufacturer firmwares, and existing vulnerabilities are fixed quicker, meaning my home network stays more secure.
Not being able to install OpenWrt on newer devices will make setting up my home network far more frustrating the next time I upgrade my hardware. And on a broader scale, it'll stifle competition—upstart manufacturers will have trouble selling their solutions because businesses won't want to migrate to new software. If OpenWrt eventually becomes defunct because no new devices support it, then the situation will be even worse, because new manufactures won't have a reference point to base their firmwares off of. So these new regulations are actually very anti-competitive given the place open-source firmwares like OpenWrt play in the market.
Allowing end-users to install open-source firmwares is really important. Please reconsider your regulations against it.
This is backwards. Instead of regulating devices they should just enforce the law and penalize those who break it. If you're found to be violating FCC regulations you pay a fine. This is pretty standard stuff. The top-down can't-trust-users thing is such bullshit.
The government lets me own a semi automatic rifle but I can't run non-standard firmware on my router because I might hurt someone.
And of course vendors still need to update the software, so people will just hack that method. Of course you will be violating the DMCA anti-circumvention statue, so it will be a felony. Not to mention this sounds like effectively mandating tivoization which would prevent them from shipping gplv3 code.
Vendors having to come up with an actually secure remote update procedure (rather than ad-hoc secret protocols and "factory passwords")? This is beyond the "greats" like Samsung or LG even.
This is interesting because certain parts of the bandwidth for wifi routers crosses into the bandwidth for amateur radios. So in some instances these devices fall under Part 15 (consumer devices) and sometimes under Part 97 (amateur radio) depending on the operator and how it is used.
Some HAMs use hacked routers to implement "broadband hamnet" (http://www.broadband-hamnet.org/) ... theoretically they could transmit from one of these routers at 1500W (in practice much less I presume, and the rules say you have to use the minimum power necessary) ... this regulation would effectively strip them of devices and force the use of devices blessed with a "SDR" label, if I understand it correctly. Facepalm for the masses.
I've always wondered what the FCC status was of devices like Sparkfun's esp8266 based boards. [0] They are all based around the same ultra cheap Chinese wifi chip. Seems like trying to make vendors lock down their consumer routers is pointless when the market is flooded with products that don't have such restrictions.
I don't think it's about protection; it's power needing to stay relevant.
If we let this happen, they will continue to roll more and more things into their regulatory sphere. It's almost a law of nature. Eventually they will tell SDR owners that they need a 'license' (because bla bla safety).
The same "logic" will be applied to other gadgets. Open source cars, open baseband, and ultimately, open brain implants. Casualties in the war on general purpose computing.
It seems that there's an enormous amount of awesome stuff that comes from China these day that U.S companies would never make because they're scared of the feds. Another example would be these new highly advanced consumer drones.
Isn't this as ridiculous as saying all Android phones should be un-flashable and locked-down since you could increase transmit power in the Linux shell, or laptops are no longer allowed to boot Linux, since you could just use your built-in WiFI to jam others. There has to be a line drawn somewhere, how do you really classify a router as a router?
The more "dangerous" WiFi modules are probably not router chips, since they are usually based on closed-source drivers/firmware, but rather ones like the ath9k ones.
Possibly the only good thing that this will accomplish is the emergence of open source hardware/software "routers".
The real compromise that everyone could settle for here, I think, would be to split the router's firmware into "baseband" and "control" parts, where all the regulatory stuff only applies to the baseband. Y'know, just like with smartphones.
Ah yes, lets add all the problems of vulnerable basebands to wifi routers too. No issues there.
Edit: And the possibility for purposeful maliciousness on the part of the baseband manuf. And after all, all a closed system like a baseband does is increase the cost of replacing it. It might be out of reach of you and me, but is it out of reach of everyone?
There's a reason it's called a "compromise." The FCC has a completely orthogonal set of things it cares about, none of which are software freedom. If you don't give them something like a baseband firmware, the alternative is that the entire router is the baseband firmware.
Immediately assuming we must give something up is a poor way to proceed.
If we had made that assumption in the past, the clipper chip[1] would have been a "success". After all, the NSA doesn't care about software freedom either.
I suppose I just disagree with the sentiment that "something is pretty bad already, so we should allow regulation to make it worse".
I don't think that is a good idea.
Right now, not all control is given to the WiFi firmware (where it exists), but I don't expect the situation with regards to WiFi firmware and open source will improve at all with the FCC adding more requirements.
The point is that regulation won't make it worse. Even without regulation they're already putting more into the closed firmware than either of us is comfortable with, and putting frequency and power limits into ROM or the closed firmware isn't taking away any meaningful freedom.
The biggest concern with the base band is when it can be used to infect or steal data from the rest of the system. Maybe concerns could be eased if communication between baseband and rest of the system were set up so as to make that impossible.
As long as you have something you can't control (some closed blob) it will only increase security risks. That's not a solution at all. And baseband in common handsets is a horrible abomination.
"Closed" and "out of your control" aren't identical.
You could have, for example, an OS that ships the source to its baseband firmware as part of it, where the baseband firmware has a deterministic build process that produces an object SHA-identical to the signed blob, assuming the signature is out-of-band.
With such a setup, you wouldn't be able to replace the firmware yourself on a production device... but you'd be able to modify the firmware source, submit a pull request, and determine that your change made it into the next version of the blob by doing the deterministic build yourself. Basically exactly the same idea as verifiable release binaries for things like Tor.
In practice, currently you have neither control, nor the source for it. On the contrary, as was already published about mobile devices, baseband has access to the main system memory (which is a spooky thing).
It might be a solution, but what vendor would go to such lengths (instead of just implementing signature check and denying any kind of custom software) if they are not legally abide to do that?
I think they already do that to some extent. The problem is that the Wi-Fi chipset have to be designed to support signed baseband firmware and the like.
As much as I understand the point of protecting shared spectrum from abuse, has there been many, if at all, instances of custom firmware causing interference issues? If not, this just feels like another attempt at reigning in control over the users and taking away freedom from them.
IF the FCC was better at the main job, allocation, maybe there would not be any abuse at all
IMO FCC is the one abusing the spectrum by allowing it to be "owned" by private companies that "buy" huge swaths of the spectrum and never develop it, it just sits there unused for decades at a time.
Spectrum belongs to all persons, it should not be "owned" by a few huge companies
Maybe custom firmwares make it too easy to enable wifi channel 14, or channel 12 and 13 under higher power settings.
When routers are insecure and could be easily updated over the internet by a malicious entity, one could imagine a scenario where a state hacks a lot of routers and tries to cause as much interference as possible.
If you have (root) access to a router, what's to stop you from circumventing software blocks on higher channels / power settings?
Don't try to enforce hardware behavior in software, especially if you're concerned with security. Instead, enforce limits on power and channels in the hardware itself.
Of course, the FCC won't do that because it will cost manufacturers money on region customization. And screwing big companies is harder than screwing consumers.
Isn't DD-WRT and OpenWRT just router firmwares? AFAIK they don't actually flash or touch the baseband.
The limitation for local regulation can (and should) be done in the base band, many routers will have (or at least used to have) different base bands for North America, Europe, Asia and "Other World" regions.
The router OS it self knows only how to talk to the baseband but it doesn't handle the RF part on it's own it just own.
DD-WRT doesn't know what QAM is or what beamforming is it just knows how to trigger certain flags in you BBP to put it in a specific mode.
Seems to me that all that needs to be done to comply with this ruling is for router manufacturers to ensure that the baseband complies with US regulations and that you cannot unlock these features with software which should be easy enough to achieve by just having a dedicated version for the NA market if they don't have it already.
And it's not like it's new I've only seen a few routers that DD-WRT allows you to actually unlock channel 14 in 2.4ghz is only allowed in Japan, even if channel 14 appears in the selections in many cases it won't do anything and either the radio won't work at all or it will fallback to the default channel.
The baseband such as it exists in wireless routers either doesn't run code (ath9k) or relies on the host CPU to upload a firmware image. None of the radios have their own non-volatile storage for their firmware.
I am sure $ANY_COMPANY_MAKING_ROUTERS will truly care about this and somehow (for the first time in their existence) pull real security experts out of thin air to make their products secure enough to be actually impossible to re-flash to a custom firmware...Right...
I don't think so. I just read the tivoization section (section 6), and skimmed the rest. The only thing allowed to prevent modifications is if it is physically not designed to do so.
After watching this video [1] my hatred of GPL is at a whole new level. However, couldn't a company skate around the requirement by simply not providing any way to update the system? Or more likely a vendor could provide a way to upload a new version BUT the released source would only account for the base system minus the features that came pre-installed.
I'm a supporter of GPLv3 so I'll try and give a few counterpoints. His argument wasn't that GPLv3 is a bad license but that, for him, GPLv3 was not a logical extension of GPLv2.
However, Linus's interpretation of the GPLv2 in that video was only coincidentally in line with the FSF at the time. The goal of the FSF has always been to ensure user's freedoms above all else and I feel the GPLv3 better accomplishes that end than the GPLv2. From the perspective of the FSF, hardware manufacturers discovered a loophole in the GPL which allowed people to ship GPL code while denying users their freedoms.
I understand that for many developers there's a balance to be struck. Some developers don't care how their work is used and the MIT, BSD, or DWTFYW licenses are perfect choice for them, but some developers decide that they want to be sure that not only will they get source code back but also that their work wont be used to harm users and they're the perfect candidates for the GPLv3.
Yes? Just release the source code, sign the bin using a private key and validate the key before installing that firmware.
It isn't Fort Knox, but look at how long it took to break the PS3 which utilised a system like this (years). While people may find other ways of gaining root and can subsequently disable this check, it would take third party firmware from "trivial to install" to "a damn pain in the ass."
Heck if they REALLY cared just enable things like SELinux and move a lot of root processes into other users.
The GPL doesn't protect your right to run the modified code if the mere act of running modifying code is made illegal.
The GPL means that you have a license to do so from the person who owns the rights to the code, but that doesn't mean the government cannot prevent you from exercising that right.
IANAL, but I think it would be reasonably easy for them to get away with this on the grounds that they are "only" preventing activity that is already illegal. (Not to mention that many hardware manufacturers blatantly violate the GPL as it is already).
> The GPL doesn't protect your right to run the modified code if the mere act of running modifying code is made illegal.
If you cannot comply with the terms of the GPL, you cannot distribute the GPL'd software at all. If the FCC prohibits you from distributing the tools and information necessary to build the source code as required by the GPL, then you have to stop using that software in your product. The FCC does not have the power to authorize copyright infringement like that.
You are correct, but that exemption is in the GPL itself so there's no issue. It's possible to ship GPLv3 code with locked down hardware if local law requires it.
Thank you Tom Wheeler, just when I thought there was the slightest chance you might be on the side of the consumer...
While this is probably the most effective route to curb the behavior, it also seems like the most sleazy. If you didn't want DD-WRT allowing non-region channels, why didn't you go after them directly? Probably because the uproar would have been deafening. Instead you go after the router manufacturers because they're easier to control. If you can remove their product from the market, you can instantly curb the behavior.
To be fair, DD-WRT isn't an FCC licensed entity, so I don't think there's much the FCC could actually do to them directly.
There's no license to revoke, and I don't think we want to be in a world where the FCC can issue a civil forfeiture for simply publishing code to the web.
The router manufacturers are the FCC licensees, so going after them is the easiest route to compliance.
(The other option, going after users who are broadcasting on disallowed channels or above rated power levels, is practically untenable due to issues of scale.)
Shouldn't DMCA shoot this in the head? My right to repair is essentially eliminated when they can completely lockdown the firmware. The second they decide to stop releasing updates, I no longer even have the ability to repair.
The "right to repair" under the DMCA is not freestanding like the rights to free speech or a jury trial. It's an affirmative defense (https://en.wikipedia.org/wiki/Affirmative_defense) to an anti circumvention charge brought under the DMCA.
Maybe having such a free standing right would be good policy, but it's not current US law.
This is likely because the FCC's regulations cover "intentional radiators" (i.e. hardware devices designed to emit radio signals). They don't have the authority to regulate software that may be available independently of that hardware.
You could easily see these rules as going much further than OpenWRT, basically anything with a radio transmitter is fair game so that's all the way from USB wifi dongles to laptops and computers that come with installed wifi. After all whether it's a linux driver or OpenWRT doesn't seem to matter at all in this sense.
A couple more steps and Cory Doctorow will be found to be right.
It's probably worth (re)watching Cory Doctorow's talk at 28c3: The Coming War on General Computation. He mentions this issue around the 23:45 mark, but the whole talk is great.
Looks to me like the only solution in this case is to build your own: a box with PCI slots, pfSense OS, ethernet cards, and a PCI wifi card. Screw the feds!
When Mikrotik doesn't sell any devices that have both 2.4GHz and 5GHz radios out of the box, I don't think you can classify them separately from "build your own", unless you want to talk about how their cheap 2.4GHz-only devices stack up against the kind of D-Link devices that they give away for free when you buy a modem.
(And btw, Mikrotik's software is nothing special compared to OpenWRT. Hardware NAT support is about all you get last I checked, and it's not worth it.)
Right now I'm using a standalone access point as a glorified 802.11 ethernet bridge. I'd love to put the WiFi in my router (running linux) but I can't find any PCI or USB cards that are supported that don't have really lame limitations (like 4 or 8 stations max supported).
Then just throw away your router unless it's also acting as a server. A dirt-cheap ath9k router will perform just as well and can almost be powered by USB, or you could get something a little nicer and have dual-band WiFi and gigabit Ethernet for under $60. (eg. https://wikidevi.com/wiki/TP-LINK_TL-WDR4300 )
Ok, I understand where the FCC would have an interest in regulating peoples ability to easily screw around with transmission power or frequency. But why does it have to extend to the rest of the firmware. Can we at least agree on the middle ground where the radio firmware can be locked, but the rest of the firmware is open to modification.
3 years ago I switched to TomatoUSB firmware, and since then I power cycled my router to get it to work again exactly ZERO times. It just works. I use default power and band, and I am not using any special features of the TomatoUSB, the only reason I run it is because it's rock solid, unlike EVERY stock OEM software I ever tried.
On a more interesting note, why are stock OEM firmwares so incredibly bad? I mean, there are open source alternatives they can use, or just write there own stuff that works. You would think that a large company like Linksys or Netgear would have at least one programer worth something working for them. No?
Doesn't locking down wifi radios basically outlaw software-defined radio (SDR)? How can SDR exist without infinite control over "modulation types"?
I'm not sure that it is possible to truly lock down a radio to a particular modulation type. Transmitters aren't magic. They cannot be DRMed. They don't even run software. Send them the voltage and they send the signal.
Essentially any user-configurable SDR transmitter is sold as "measurement equipment", "non-certified technology sample" or "Class A unintentional radiator". In all cases it means that it's user's responsibility to obtain relevant transmitter licenses and/or ensure that such device does not behave like transmitter and meets all relevant EMC requirements.
This would be really bad for consumers' security in light of the current fashion of deploying poor quality firmware full of bugs and dropping support for a product after it has been on the market for a couple of months.
I thought that the linux-wifi people had made some good efforts at regulatory compliance by signing the rules list. While this doesn't nearly make breaking the rules impossible, it makes it enough of a pain to do so that many people won't. The FCC could then go after bad actors who distribute modified blobs with one of those "Notice of Proposed Forfeiture: $25,000" actions the way they sometimes do with CB radio amplifier clowns, rude ham operators, and those pirate FM transmitter hoons who seem to be competing in a contest to demonstrate the worst engineering practices.
There are two different documents referred to in the FCC document that the article links to.
The one that talks about preventing loading third party firmware only applies to 5 GHz wifi routers, not 2.4 GHz wifi routers.
The one that applies to 2.4 GHz routers looks like it only requires that software (built in or downloaded) not be able to modify operation to operate beyond the equipment authorization.
Manufacturers of 2.4 GHz routers should be able to achieve that fairly straightforwardly without taking away the ability to run third party firmware.
Why is this any different from the situation with GSM (where you are sort-of required to run proprietary software and not allow anyone to flash any "bad" firmware to get a certificate)? Sure there is the ISM frequency band, but a lot of wifi hardware is physically capable of violating both: the allowed frequency and power regulations (which btw can be different in different countries).
Not that I approve this new rule - just saying that it's a natural extension of another existing rule.
1) for GSM (and all other 3GPP radio interfaces), regulatory control is completely on the network side. Network says when, where and at what power MS must/can transmit. And significantly deviating from network-dictated parameters does not get you anything worthwhile (except in situations that are totally outside of what normal consumer can reasonably do, like attaching 30dBi directional antenna to GSM phone).
[Edit: 802.11whatever STA radio is also somehow controlled by AP, but anybody can set-up their own AP without specific license and bandwidth allocation to do so]
2) Cellular phones are typically more strictly certified than WiFi devices.
If you're in the U.S. and use channel 14, my understanding is that you're interfering with someone else's spectrum. So this isn't like a right such as arms-bearing; it's more like trespassing.
It is in NA there is a lock beyond channel 11, Europe allows upto 13, C14 is only available in Japan.
The sad part is that most wifi cards won't even able to see anything on C14 none of my phones or laptops see the network on a router which is confirmed to have an open baseband.
But on most router's I've seen the baseband doesn't actually operate on C14 even if you set it up it just defaults back to it's default channel, 12 and 13 can usually be accessed these days on NA routers as well.
Basically every time you operate on a locked channel you are breaking the law, channel 14 in the US the only one which is flat out forbidden (most likely due to overlap with military communication), while 12 and 13 are restricted.
As a consumer this sucks, but it is also unfortunate for licensed ham radio operators who actually are legally allowed to use greater power on certain frequencies (almost certainly more power than these devices could ever output)
On a related note, time to start voting for small government. BATF has been abusing their regulatory power for a long ass time now. Need to reign in these branches.
Would OpenWRT run on the Pi or on the CPU in the WiFi dongle?
Assuming the former, I don't see how there would be a problem here. It is the WiFi dongle that is the certified Part 15 device, and you would not be modifying that device. You would be using for exactly what it is designed and certified for: sticking it into a computer's USB port to provide WiFi access to that computer.
The FCC's airwaves though. I have my share of ill will towards the FCC, but fact of the matter is while the router might be yours the airwaves are the FCC's to rule.
Rule by mandating locked down buggy horrible proprietary software? Absolutely ridiculous. And of course people will just hack the proprietary channel of updates, because of course it will still be flashable. The obvious answer is, make it illegal to use software to do illegal things. Don't outlaw software freedom.
Then protect the airwaves, not my router from myself. It shouldn't be much harder than shooting down illegal radio channels, am I wrong? If someone runs a router on channel 14 and it interferes with some legal signal, then they can go out, track down the source and fine the person who runs the router. Make fines high enough to scare most people to use illegal bands, make some example cases in media. If you can't make example cases then why bother?
Is it even about using put the radio into an illegal mode? OpenWRT has been around since 2004. One does notice those facist in the US governement pushing for weaking security so that the government can spy on everybody... Until there is real and actual data to back up the misuse of open source software, I must say to the FCC "liar, liar, pants on fire!"
This is a misunderstanding. The FCC has not tried to ban Wi-Fi device modding. What it might be requiring is locked-down radios. And only radios.
The phrasing of the recent guidance is unfortunately ambiguous, and calls out DD-WRT by name. But the original rules are clear [1], and staff guidance cannot trump Commission rules.
What's more, an attempt to ban third-party software would be inconsistent with the FCC's previous policy. The agency fined Verizon, for instance, when it tried to block third-party tethering apps [2].
[1] https://apps.fcc.gov/edocs_public/attachmatch/FCC-14-30A1.pd...
[2] https://www.fcc.gov/document/verizon-wireless-pay-125-millio...