Curious. The FBI wants Apple to open up its own software while the FCC wants wireless router manufacturers to lock theirs down. And both demands are unacceptable, misguided, and will ultimately fail. Why? When it comes to the former, well, we don’t have time to wade through that quagmire, but as to the the latter, we have to go back to 2015 …
FCC Rule Making
In August last year, the FCC issued a Proposed Rule titled Equipment Authorization and Electronic Labeling for Wireless Devices which proposed:
… updates to the rules that govern the evaluation and approval of RF devices. The Commission last comprehensively reviewed its equipment authorization procedures more than fifteen years ago. The RF equipment ecosystem has significantly expanded in that time, and the manner in which today's RF equipment is now designed, manufactured, and marketed—as well as the sheer number of devices subject to authorization—warrant the proposed rule modifications.
The part of this rule making that concerns us is that the FCC was planning to require manufacturers to lock down the software and firmware on systems with radio devices (Wi-Fi, Bluetooth, Zigbee, etc.) to prevent wireless products from being used in ways that would violate FCC rules, such as exceeding mandated maximum power output or using unauthorized frequency bands.
Lockdown, a Bad Idea
Why is this lockdown a bad idea? Because there are thousands of private users, academic researchers, and developers who rely on having wireless routers that are capable of modification. These modifications are to add functionality, fix bugs in the original product (all too common in consumer devices), and improve performance. However, the new FCC rules as written place a complex technical burden on manufacturers to comply and the only way to comply cheaply, is for the manufacturer to lock down their products completely rather than just the wireless components. The activist group Save WiFi outlined the issues:
What this mean for you as a user:
- your choices will be restricted
- you have to stick with the features provided by your router vendor's firmware
- you have to stick with the factory firmware which uses outdated software. you most rely on your router vendor for security fixes
- you will have no way to verify, what's running on your device. you could be under domestic or foreign agencies surveillance
What it means you as a business:
This ruling will force you to spend additional money and resources on:
- locking down all future devices
- locking down all current devices before June 2011
- recertify all current devices before June 2016
- either have special US version of your devices or lose marketshare elsewhere
- this raises serious competition and innovation concerns on the industry
- replacing any GPLv3 Software like Samba because of “Tivoization"
Goodbye Modding
And, indeed, all of that is what’s come to pass. TP-Link, one of the largest manufacturers of wireless routers and, as far as is known, the first vendor to make any mandated changes has started locking down their products so as to be in compliance with the FCC rules and, as feared, the products are completely locked down, not just their wireless subsystems. This was revealed on the Battlemesh mailing list by a TP-Link representative on February 17, this year.
This means that if you currently run an alternative operating system in your wireless router such as dd-wrt, you might want to acquire another unit from existing stock because future products may be much harder to mod or not be customizable at all.
So, in an attempt to cure problems that have never been widespread, to wit, wireless routers being modified to transmit at higher power levels than allowed or on unauthorized frequencies, the FCC has successfully made life harder and more complex for thousands of people. What’s even more ridiculous is that, without doubt, users will figure out how to hack most of these locked-down wireless routers.
Congratulations to the FCC for a job well done ... whatever it was they thought they were doing.
Comments? Thoughts? Suggestions? Send me feedback via email or comment below then follow me on Twitter and Facebook.