America's crackdown on open-source Wi-Fi router firmware – THE TRUTH
El Reg looks at why and what the FCC wants to do. Plus: How you can get stuck in
Analysis America's broadband watchdog is suffering a backlash over plans to control software updates to Wi-Fi routers, smartphones, and even laptops.
In a proposed update [PDF] to the regulator's rules over radiofrequency equipment, the Federal Communications Commission (FCC) would oblige manufacturers to "specify which parties will be authorized to make software changes."
In addition, it proposes that "modifications by third parties should not be permitted unless the third party receives its own certification."
While the intent is to make the FCC's certification of the next generation of wireless equipment faster and more flexible, open source advocates were quick to notice that the rules would effectively force manufacturers to lock down their equipment and so remove the ability to modify software without formal approval from the US government. Such an approach goes directly against the open source ethos.
As a result, many are unhappy about the plans. The proposals, which are not yet set in stone, were approved for public comment in July, formally published at the start of August, and had a planned comment deadline of next week – 8 September.
Earlier this week, however, the FCC approved a one-month extension to the deadline and an additional 15-day reply period after consumer groups and equipment manufacturers made it clear that they needed more time to look at what was being proposed.
In a sign that the response has been significant, the named point of contact at the FCC's engineering and technology bureau, Brian Butler, is not answering emails or phone calls and has changed his out-of-office email to point people to the comment period extension.
Other FCC staff that would normally handle inquiries also seem to have gone AWOL just before a long weekend in the United States.
So what is this about?
Overall, the "Equipment Authorization and Electronic Labeling for Wireless Devices" proposal (ET Docket 15-170) is a forward-thinking plan to make sure that the FCC does not become a chokepoint for future devices.
The current rules were put in place 15 years ago, long before the explosion of smart phones and laptops and widespread use of Wi-Fi. Those rules require companies to apply to the FCC if they have a product that intends to use radio frequencies and get certification.
This is a good thing, as having no controls over what people can do with radio frequencies could cause all sorts of problems with interference. Think jammed police radios or intermittent air traffic control.
Every product approved gets its own FCC ID, which the manufacturer is then obliged to stick on the product itself (something that the FCC acknowledges is getting harder as the devices get smaller).
In recent years however, this system has become impossible to manage effectively. Smaller and cheaper chipsets have led to huge numbers of new devices and a shift to the wireless world. Today's phones, for example, can operate at several different radio frequency bands and include 3G, 4G, Wi-Fi, Bluetooth, GPS, and NFC (near-field communications).
In order to handle the jump in requests, the FCC changed its rules to allow for some self-certifying by companies, and some third-party certification. But it now feels this approach is also outdated, thanks to the fact that the latest devices often allow changes to wireless frequencies through software updates, as opposed to hardware/firmware.
The FCC identifies things like Google's Project Ara and the PuzzlePhone as a next generation of devices that will allow for quick and easy modifications by users themselves.
The regulator notes that the shift to software updates has proven extremely useful, since "it allows manufacturers to obtain approval of products with an initially limited set of capabilities and then enable new frequency bands, functions, and transmission formats to be added to already-approved equipment." However, it is concerned about things getting out of control, especially if it opens up its certification processes to allow more devices on the market.
Sponsored: The Nuts and Bolts of Ransomware in 2016