FCC Clears The Air With Wi-Fi Software Updates

A few months ago, the Internet resounded with news that the FCC would ban open source router firmware. This threat came from proposed rules to devices operating in the U-NII bands – 5GHz WiFi, basically. These rules would have required all devices operating in this band to prevent modification to the radio inside these devices. Thanks to the highly integrated architecture of these devices, Systems-on-Chips, and other cost cutting measures from router manufacturers, the fear was these regulations would ultimately prevent modifications to these devices. It’s a legitimate argument, and a number of the keepers of the Open Source flame aired their concerns on the matter.

Now, the FCC has decided to clear the air on firmware upgrades to wireless routers. There was a fair bit of confusion in the original document, given the wording, “how [its] device is protected from ‘flashing’ and the installation of third-party firmware such as DD-WRT.” This appeared to mandate wholesale blocking of Open Source firmware on devices, with no suggestion as to how manufacturers would accomplish this impossible task.

[Julias Knapp], chief of the FCC’s Office of Engineering and Technology has since clarified the Commission’s position. In response to the deluge of comments to the FCC’s Notice of Proposed Rulemaking, the phrase, ‘protected from flashing… Open Source firmware” has been removed from the upcoming regulation. There’s new, narrow wording (PDF) in this version that better completes the Commission’s goal of stopping overpowered radios without encroching on the Open Source firmware scene. The people spoke, and the FCC listened — democracy at work.

33 thoughts on “FCC Clears The Air With Wi-Fi Software Updates

    1. Could also be that the manufacturers are realizing that leveraging software that is actively maintained by others for free results in cost savings and positive public opinion. No longer are they wasting money on proprietary software licenses and software and hardware security development. Just build a good platform and let the customers develop the software that makes it great.

      1. A decade ago, it came down to “Use linux and pay for twice as much RAM and FLASH or pay for a QNX license”. Moore’s law has probably made that more linux-friendly than it used to be.

      2. @Justin
        For some reason I hadn’t thought of that. It makes a whole lot of sense. The folks who give a damn that the stock software is crap are the very people with the skills to flash custom firmware.

      1. Using Open Source does NOT always mean you are forced to publish and/or cite anything. Check the various copyrights and licenses out there; the BSD and MIT versions come to mind. For example, I could be using an open Unix derivative such as NetBSD in my home router or Internet connected product for sale, and I wouldn’t have to tell you anything about it. Microsoft and (even more blatantly) Apple do exactly that!

  1. I think it’s section 69:

    69. To ensure that the party responsible for the modification of a certified device is clearly identified, we believe modifications by third parties should not be permitted unless the third party receives its own certification. Accordingly, we propose two revisions of our current rules in order to eliminate two exceptions to this principle. First, we propose to revise Section 2.909(d), which allows a new party that performs device modifications without the consent of the original grantee to become responsible for the compliance by simply labeling the device with a statement indicating it was modified. We propose to instead require that such parties must obtain a new grant of certification for the modified device. The new grant of certification could use the same FCC ID with the consent of the original grantee pursuant to Section 2.1043 or obtain a new FCC ID pursuant to Section 2.1033 if consent is not obtained.129 We seek comment on this proposal. If this change is adopted, should parties that currently market devices with modified certification labels be required to obtain a new grant of certification for existing products?

  2. It was kind of a silly rule change in the first place since low cost 5Ghz power amplifiers are so widely available and more effective. If people are intent on breaking the rules they will.

    1. In practice, if there’s no problem, if basically nobody is actually doing this to increase transmitter power, then there’s no need for a law. Or certainly a broad, banning law. A regulation that allows you to stop people who actually do transmit too loud, sure, but no need to ban the very possibility, along with all the other possibilities for useful stuff.

      But that’s governments for you. That’s humans. “Ban it!” is a quicker reflex than an actual knee jerk.

      1. I’d be happy if the stock firmware would limit people to channels 1,6 & 11 unless they go through a couple hoops first. The business above ours has each of their routers set to channels 1,2,3,4,5, essentially devastating 2/3 of the spectrum.

    1. Using a better antenna with better cable does much more than flashing a new firmware for more power – and works both ways. WiFi doesn’t work like analog radio: in WiFi you can’t talk to what you can’t listen to.

        1. That is also true in the States and most places that have actually looked into it. Getting caught doing it in the UK is somewhat rare, they will not do anything until loads of people complain or one person shouts loudly. I tend to like that because if you are not bothering anyone what is the problem.

        2. There’s still a lot of leeway in many cases. Very few WiFi routers have good antennas on them because why have high performance when you can have good looks instead!

          But you are most certainly correct. There are EIRP limits in pretty much every western country, and plenty of eastern ones as well.

          1. There are exceptions to the power limits in the US for liscensed ameteaur radio operators. Some of the 2ghz spectrum routers use fall into ham territory. I can’t remember if there is 5ghz overlap off hand. There is an entire subgroup of ham operators that create LAN/PAN/WAN networks using an open source firmware on routers. They use these networks in both temporary and permanent configurations. Even with the ability to legally use higher power output many say you are better off with upgrades to the antenna rather then overpowering or amplifying the signal.

  3. Democracy at work? I disagree. The un-elected officials at the FCC decide to make a change and then decide to alter the change. This is not representative government – nor democracy.

    1. IEEE, IS and IETF boards are publicaly elected either.
      What’s your point?

      Sure the FCC’s RFCs and decision making isn’t as open a popen and transparent as the other orgs, but at least they give the appearance that the public has a voice in the process.

      1. The IEEE and IETF provide guidance, standards, and recommendations.
        They do not write laws that force compliance. That is a very VERY key difference. The laws that govern a country should be determined by some kind of democratic process. Sadly this isn’t the case anywhere really with the legislative branch giving only lip service during election campaigns. In any case these groups are hardly comparable.

    2. @Pabluski
      I’d say appointments are necessary to run a functioning government. If we voted on literally every position of power–from judges, to presidential cabinet members, to heads of every single government agency–we’d never get anything done but vote. Besides, the ones who appoint these people ARE elected!

      In any case, I agree the interests of end consumers aren’t the driving force of the decision-making here. Trouble is, damned if I can think of a way to fix this that doesn’t end with corporations and so forth lobbying the government to define public interest in their own interests, versus just lobbying for their own interests directly.

      Well, aside from nuking ourselves from orbit, eat the rich, etc.

  4. Having gone to read the post on the FCC website, this really doesn’t fix the problem. Wifi routers are largely integrated SOCs, including the radio. In current hardware designs, there’s no way to prevent software modification of broadcast power without changing the hardware design of the router, or locking out any third party firmware flashing altogether.

    And, there’s no incentive to change the hardware design to make custom firmware legal. The cost, either in developing a new SOC or in the increased BOM cost from having the radio separate makes the likelihood of manufacturers just locking down their hardware to meet compliance cheaply still a very real issue.

    So, no, not democracy at work. More like bureaucracy at work.

    1. It is actually possible, by using a driver that is signed and self-verifying, that talks to the radio. This driver is then a proprietary blob whose source is NOT released. This is pretty common in Linux routers anyways, so its simply for the device manufacturer to ensure these also verify itself so they have not been tampered with, for example via decompiler or hex editor.
      They don’t need to make it watertight, it should just be sufficently difficult to modify the driver.

      Preventing too strong broadcast Power is simple as the manufacturer setting the Power as strong as possible in software, and then adding a attenuation (maybe just a resistor) to the antenna output that is tuned in a way so it will make the strongest setting compliant, so there is no need to change the SoC circuity in any way.

      Its not broadcast Power that is the concern. Its more other parameters like channel, fequency, and also make sure that US sold routers should not ask for country, instead it should be factory permanently set on US.

      I guess new router designs will use a jumper under the casing for this, eg there is 2 rows of solder Connections with region names like “EU” , “US”, “ASIA”, etc… and then the factory just short-Circuit the correct country using solder, and then the signed driver or integrated radio firmware will adhere to this.

      The only thing that was a Little bit odd, is that if its possible to put the router in bridge mode (eg AP mode), a attestation is required. Mesh mode is uncommon, but not bridge mode. Maybe routers will start being shipped with the DHCP server permanently set to on to get around attestation.

    1. I don’t see where SDR would fall into this conversation. It sounds as though this only applies to firmware and routers. With SDR units I’m not aware of an open source firmware community anyway. There is a large open source software community but that’s different from firmware. If there is an SDR open source firmware community I still can’t make a good argument for calling any commonly used SDR units a router even though one could make a good argument to call a router SDR.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.