Stop Bad Laws Before They Start

With everything else going on this summer, you might be forgiven for not keeping abreast of new proposed regulatory frameworks, but if you’re interested in software-defined radio (SDR) or even reflashing your WiFi router, you should. Right now, there’s a proposal to essentially prevent you from flashing your own firmware/software to any product with a radio in it before the European Commission. This obviously matters to Europeans, but because manufacturers often build hardware to the strictest global requirements, it may impact everyone. What counts as radio equipment? Everything from WiFi routers to wearables, SDR dongles to shortwave radios.

The idea is to prevent rogue reconfigurable radios from talking over each other, and prevent consumers from bricking their routers and radios. Before SDR was the norm, and firmware was king, it was easy for regulators to test some hardware and make sure that it’s compliant, but now that anyone can re-flash firmware, how can they be sure that a radio is conformant? Prevent the user from running their own firmware, naturally. It’s pretty hard for Hackaday to get behind that approach.

The impact assessment sounds more like advertising copy for the proposed ruling than an honest assessment, but you should give it a read because it lets you know where the commission is coming from. Reassuring is that they mention open-source software development explicitly as a good to be preserved, but their “likely social impacts” include “increased security and safety” and they conclude that there are no negative environmental impacts. What do you do when the manufacturer no longer wants to support the device? I have plenty of gear that’s no longer supported by firmware updates that is both more secure and simply not in the landfill because of open-source firmware.

Similarly, “the increased capacity of the EU to autonomously secure its products is also likely to help the citizens to better protect their information-related rights” is from a bizarro world where you can trust Xiaomi’s home-automation firmware to not phone home, but can’t trust an open-source replacement.

Public comment is still open, and isn’t limited to European citizens. As mentioned above, it might affect you even if you’re not in the EU, so feel free to make your voice heard. You have until September, and you’ll be in some great company if you register your complaints. Indeed, reading through the public comments is quite heartening: Universities, researchers, and hackers alike have brought up reasons to steer clear of the proposed approach. We hope that the commission hears us.

88 thoughts on “Stop Bad Laws Before They Start

  1. It is idiocy such as this, among countless other examples, that is the reason governments should ever only be in place to ensure rights and liberties are preserved. Nothing more, nothing less. In recent decades it is only true that they do the exact opposite. Which means it is now our responsibility to remind them, and force them to adhere to their only real job.

    1. Unfortunately with the radio spectrum your liberties and expectation to live through a plane trip are potentially impeded by a moron with a transmitter jacked up to 11 on the wrong frequencies. So drawing that nice definitive line of yours isn’t so easy. Same thing with rights to privacy and libel cases – at what point does it become fine to definitively label someone as a murderer/wife beater/etc, or interfere in and broadcast their lives because apparently everyone else wants to know what is doing now? Or even what side of the road you drive on – you could argue your liberty is being curtailed- its your right to go where ever you please however you please. All things are about finding the right balance of risks/reward and personal/community satisfaction.

      Don’t like this idea, but at the same time I can see a very valid justification for something along these lines. Heck HAM radio couldn’t exist without some regulation on what frequencies, power, where etc. You would end up never making a connection that wasn’t 100% preplanned via some other communication method and causing interference in something else potentially vitally important if the airwaves were true unregulataled freeforall..

      1. Oh please. If your airplane falls down because of a 1-2 Watt transmitter on-board, there’s something seriously wrong with the hardware of the plane not being hardened against EMI.

        1. Who said anything about 1-2 Watt – if there are no regulations multi KW fry everything nearby is possible.
          And it doesn’t take all that much power to futz with navigation signals enough the onboard system looses accuracy as sat navigation is a relatively weak signal to begin with.

          1. You could make a tiny multi-kilowatt transmitter that fits in a backpack. Really. Something that blasts RF without shielding or filtering. But powering it… you would need a lot of extension cords to plug into the aircraft power outlets, they shut down when the draw hits 100 Watts (and often less).

        2. SDR is broad. It’s not just receivers and not just micropower gransmitters.

          Any transmitter has the potential to be modified. But in the old days it required some level of capability, and the raw transmitter often was expensive and not at the corner store.

          With SDR a lot is fairly accessible and cheap, and “mods” may be more likely from someone grabbing off the shelf software. Not just a chance at malicious software, but many end users don’t know radio laws or have tge skill to know what’s going on.

          The real.problem here is how do you make things safe without locking out people who actually have the right and skillset to make modifications?

          1. You’re unlikely to have a high power transmitter in the airplane with you in the first place. Certainly no consumer devices even emit more than 1-2 Watts, and the plane systems are supposed to be resilient against such interference.

            Even a software defined radio is still hardware dependent. You’re not going to switch a cellphone or a tablet to mess with GPS or ILS or the cockpit radio because it’s at an entirely different frequency than what the circuit is built for. Even if you could switch the oscillator, the antenna and the filters are built to exclude out-of-band frequencies and you’re unlikely to output much anything.

          2. Don’t forget that the unlicensed public aren’t even allowed to buy radio transmitters that subject their users to high SAR. The FCC mandates 1.6 W/kg and the EU gives 2.0 W/kg with a whole body maximum of 0.4 W/kg.

            These devices have to be hardware limited and tested for the SAR. You can’t make an “EMI weapon” out of commodity hardware without some serious hardware modification.

          1. @TearTox I am very sceptical about that GPS report. Sound like a make-up job to point an accussing fingaer again. The next one will be China.

        1. Are you sure about that, The Ham radio world is subsiding under the interference already generated by the uncontrolled billions of switched mode power supplies built into appliances and chargers. These frequencies are slowly creeping up in the everpresent search for more digital bandwidth, soon it will reach the FM band and after that comes the Airband. There is another example with the problem caused by 11meter CB transceivers that have been modified to work on the 10meter Ham band where High power amplifiers are available. Uncontrolled reconfiguring of Router/modem transmitters could produce serious problems and needs careful consideration rather than a hysterical rant.

          1. That’s not the same thing. Radio interference is making it harder for hams to receivers to separate out weak radio signals. The supposed concern on an airplane was that signals were going to get into electronics that weren’t even supposed to be receiving radio waves in the first place and cause malfunction.

          2. It’s illegal to cause interference, and illegal to produce devices that do bad things when exposed to interference. Covered both sides by law already. So are you having a problem with law-breakers? The people who hold the law in high regard, and will definitely take careful note of any new laws and make sure not to fall foul of them.

        2. Can a plane fly in a radio shitstorm – sure as long its not bad enough to harm the onboard electronics.
          But can it fly safely when its navigation, and communications are cut or deliberately being buggered (some idiot/’terrorist’ will if it is trivially easy to do) – not really
          – For one thing airlines don’t carry huge amounts of spare fuel so a buggered up gps could steer them enough off course that by the time you can visually see the landmass there isn’t enough fuel to end up where you are supposed to go (your compass – assuming its proper magnetic so unaffected can be several degrees off without making it obvious the GPS is buggered a few degrees over an ocean is a very large error (though that is assuming malicious use of there being no rules – just jamming the GPS you will be flying WWII style (and end up as lost as they did needing to do circles and find landmarks – and that should be irritating but alright on fuel capacity).

          -Then there’s the oh shit we need to land but I can’t hear/talk to the airport so I have to guess if a runway will be clear and just land on my own initiative.. So asking for two pilots to do the same at the same time and end up with two dead planes, or just collide with the plane just about to take off in which case one dead plane is certain but maybe the one on the ground will have many surviviors.

          -Or Oh the weather is really foul so a visual landing is rather hard and the pilot doesn’t know his positional aids are being buggered with – could miss the runway entirely and end up in the nearby industrial estate etc (if it was significantly wrong and the pilot can see properly they should be able to abort but bad weather or subtle error so you only miss be a small amount will be hard to spot and large aircraft (or high speed jets) frequently don’t have much margin of error in how far along the runway they can touch down and still stop – and its just as important to hit somewhere near the middle so all the wheels are on the runway – go sticking one side down on the grass and the brakes won’t work as effectively).

          1. For someone having deliberate jamming equipment on the ground, it is impossible to prevent.

            But commodity hardware is not designed, or is designed against, interfering with ILS, GPS, voice communications etc. by the very design of the hardware. It has legal and practical output power limits, frequency filters, tuned antennas, etc. that simply won’t work with the wrong frequency even if you did tricks with the software.

            There is no reason to limit SDR for consumer devices on the fear that someone tries to down an airplane using a hacked cellphone. It just won’t happen.

          2. Who is paying you for this nonsense! All aircraft electronics has to be hardened against lightning strikes, never mind rogue RF. The environment that planes fly in is full of all sorts of RF from radar to satellite transmissions, to other aircraft. The sort of hardware that a passenger could get through security would never be able to generate more than 1 or 2 watts, even if they were allowed to leave the batteries in! Imagine trying to carry a battery powered 1KW transmitter through security! It would look like a bomb to the scanner and you would be whisked off to jail immediately! I don’t think you have any idea how aircraft work.

          3. People forget that it’s much easier to make a software defined radio that LISTENS over a wide band.

            Making an efficient and powerful software defined radio transmitter that works from 50 MHz to 5 GHz is practically impossible. Most transmitters are highly tuned for their optimum frequency range, and deviating from that is always a compromise. Take for example a typical IoT device antenna:

            https://eu.mouser.com/datasheet/2/238/ant-868-oc-lg-ccc-ds-1842537.pdf

            It has a peak performance between 862 MHz to 876 MHz. The antenna is most efficient for transmitting at 874 MHz. Outside of that range, the return loss of the antenna eats your signal (Figure 4.). If you have a device that uses this antenna, you simply can’t turn it into a GPS jammer because the antenna doesn’t work at 1500 MHz.

      2. The line is not always definitive. Hence why we have governing bodies here in the states that are SUPPOSED to be able to govern themselves locally. Generating roughly 50 statewide experiments in law (and more to the point county specific), and regulation based on the will of the people, hence preserving the freedoms of the people to govern themselves. NOT one giant sweeping nationwide (sometimes global) law that will force all people to adhere to arbitrary terms not decided by intelligent people with concern for their way of life and continuity of freedoms, liberty, but instead enacted and enforced by a handful of idiots far away with zero concern for any of that whatsoever.

        I think you miss the point just a little bit and try to take things out of context. IT IS NOT UP TO SOME SELF APPOINTED BODY TO FORCE IT’S WILL UPON THE PEOPLE.

        which is why many of us that tinker, experiment, and push the abilities of modern technology are frustrated by sweeping regulation that smashes any ability to pursue our own ambitions.

    2. That is , by far from the responsibility of any Government . I quote: “A government’s basic functions are providing leadership, maintaining order, providing public services, providing national security, providing economic security, and providing economic assistance”

      1. FCC Title 47, Part 15.203 Antenna requirement.
        “An intentional radiator shall be designed to ensure that no antenna other than that furnished by the responsible party shall be used with the device. The use of a permanently attached antenna or of an antenna that uses a unique coupling to the intentional radiator shall be considered sufficient to comply with the provisions of this section.”

        The reverse polarity connector has now become common enough that the FCC no longer considers this an effective measure. They’ve just delayed the ruling, because there are no real means to comply with the regulation. Everyone would need to have their own proprietary custom connectors that nobody else is allowed to make or sell, and still that doesn’t prevent anyone from just making an adapter out of an existing connector.

    1. They restricted you from increasing the power of the radio output beyond legal limits. It was speculated that this meant closed source everything. This speculation was proven to be incorrect as (surprise!) this can easily be locked with hardware.

        1. I (also) live in Germany and not sure how dissolving the EU would help in any way. It will just shift the bureaucracy back, at an increased cost. Sure, a country without EU would be easier to control from the inside, but much easier from the outside as well. Which I guess is the point of all this -exit rethoric.

          Every time some stupid proposal is presented, people try to use this argument against EU, ignoring the fact that the benefits far outweigh the nuissances: expanded market, unified laws, distributed bureaucracy, free movement of people and goods, stable pricing, resource pooling. I could go on, but that’s not the point. I’m open to other suggestions and actions that would provide something better.

          1. All that is a benefit to Germany, not so much to all the other nations.

            The common market and currency has the effect of fixing prices between countries, but it doesn’t fix the differences between state expenditure overhead so a Euro is effectively worth more in Germany and France than it is in Finland or Italy. That drives business and jobs towards the central states, and especially towards Germany with a self-amplifying effect: a wealthy nation has lower social costs, needs proportionally less taxes, can sustain lower prices.

            Dissolving the Eurozone would be a boon to all the peripheral nations. Allowing them to have independently floating currencies and their own market rules would let the import/export prices adjust by the real cost of doing business in each country. In fact, Sweden is doing half of that by refusing to use the Euro despite the fact that they agreed to switch over “at some point” – and they’re doing tremendously well.

            But splitting up the Euro and giving back national soveregnity would be a disaster for Germany, so it cannot happen at any price.

          2. In fact, many of the smaller countries, especially in the east and south were tricked into joining the EU and Euro by promising cheap loans to fund their failing economies. Their purpose in the union is to take as much debt as possible, which has the effect of creating more money, which is then gobbled up by the banks and businesses in the richer countries – especially in Germany. It’s a roundabout way of running the money press to make yourself rich without causing hyperinflation at the same time – something Germany learned not to do shortly after WW1.

            That was the entire point behind the PIIGS insolvency crisis. They were taking too much debt too fast, so they had to be bailed out with more debt so they could keep importing more stuff from guess who…

          3. I agree with Dude it really doesn’t benefit most of the member states of the EU, its certainly not equitable in distribution of wealth/taxation and the EURO was a terrible idea when it was implemented – if you control your own currency you can adjust its value in many ways to keep the local economies solvent. But when the wealth, industrial capabilities and standard of living divide between all the members was so vast, and their governance isn’t well sorted it just makes a mess.

            All money is a polite fiction between people of course – but they need to be in the same book talking the same metaphorical language for the single currency to work. If the governance of the EU was properly representative of its members, and they had sufficient freedoms locally – Like the UK’s many devolved governments or the US where each state has fairly good control of local affairs and should feel like they have a say in the national ones too then maybe it can work. Rather than enriching only the faceless often unelected bureaucrats that run the EU and the most powerful nations in it.

          4. Just to clarify though, I can see its uses – for one thing Europeans haven’t tried systematically killing each other off in wars for longer than any other time I’m aware of in history..

            Its just the current implementation of a European state is broken. As the EU is straddling that awkward line of being in complete control of much of its member nations while not being accountable to them really. Either the EU needs to be just a comprehensive trade/mutual defence/safety standards entity or a properly structured Europe wide democracy, so local people feel they have a say in local and national elements and actually do get some degree of control through doing so.

          5. > distributed bureaucracy

            Reality is, the EU regulations have to be implemented into law by each of the member states individually, so there’s just as much bureaucracy as without. This has the side effect that most countries simply ignore bits of the regulations they don’t like, and the EU can’t really do anything about it. But, when the regulations are in favor of the political and economical elites they are implemented by the letter and even beyond the letter, claiming that the EU demands it. The latter usually happens with copyright and IP law.

            The problem with EU bureaucracy is that most of the public doesn’t know how the EU works, they don’t know what their MEPs are doing out there, what their politics are, what the factions are, and whether they’re winning or losing. The distributed, obscured and confusing nature of the system means that people actually have a hard time following what the heck is happening, and even if they did, the democratic power of an individual voter in any individual member state is virtually zero anyways.

            A MEP doesn’t need to respect the voters’ will, and the MEP has little if any power over what the unelected EU bureaucrats do, and the EU bureaucrats have little if any power over the individual member states that interpret and implement the regulations, so it’s an entirely pointless, ineffective, counter-productive system that is anti-democratic and harmful to most of its members. It remains chiefly because it benefits the political elites of each member state, and the largest economy in the union which is Germany.

          6. > for one thing Europeans haven’t tried systematically killing each other off in wars for longer than any other time I’m aware of in history..

            European wars happen with a frequency of roughly once in a hundred years. It’s about the time it takes for the generation of the previous war to die, then their children have children, and that generation looks around and goes “Wait, what are we doing here? Why is that country exploiting my country? Who made this agreement?…”

            We’re at that point just about now. The next two decades will very likely see a new European war.

          7. Just to be clear, I only live in Germany, I am not a German, but come from one of those ‘exploited EU countries’. Absolutely none of my friends abroad, regardless of the country, wants any kind of “-exit”. And the “exploitation” was happening even before the union. I think people are too quick to point the finger outside instead of doing an introspection.

            Regarding Germany, I am kind of impartial to what they want from the EU, my opinion is that they want to have as many countries inside regardless of what it costs them. I don’t feel a ‘connection’ to the country, allegiance or patriotism. I’m just happy with the way they handle most things, as are many expats living here.

            I think the dissolution of EU will benefit only a very small percentage of the europeans, but will benefit entities that compete with the EU. Perhaps the single currency is a bad idea – for some countries – but I haven’t run the numbers to see if it really is.

          8. >the “exploitation” was happening even before the union

            That’s the point though. The membership simply keeps perpetuating the status-quo. The politics that go against the people’s interest are now forced by appealing to the higher authority, shifting the blame upwards. Meanwhile the opposition is derided because they oppose the union, making even reasonable claims sound like you want to implement national socialism.

          9. Dude on the wars front I’m not talking long lasting major wars between many nations – just any conflict between any nation in Europe (and not necessary happening inside Europe either – colonies). And that number is frequently less than a handful of years in the areas of history I know much about – Europe being so large in nation count spats that come to violence have been far to common, though often shortlived.

            One I agree dissolving the EU isn’t going to really help most Europeans at least in the short term (maybe not even in the longer term – though being connected to but in greater control of your corner of global trade shouldn’t be that bad – probably more local industries using local materials to create for local people as it saves on paperwork and import/export costs).. But the EU as it currently stands is completely broken. But it refuses to notice this, or take any steps to deciding exactly what it is supposed to be (is it a Federated states of Europe, a standards and trade body (that nobody ever enforces anti-competition/ subsidy controls properly etc) – or just a great con for the unelected bean counters, bureaucrats, and big business to rob the rest of us blind under the guise of a friendly unified Europe, while the hot-air generators (MEP) get to earn an astonishingly good salary for doing nothing much.

          10. @Dude I’ve always figured the EU was cooked up by Germany and France as a way to rule Europe by force of money after trying and failing to do it for a few hundred years by force of arms.

            Would be nice if HaD would bring their comments into the modern era without these stupid limits on reply levels, and an edit/delete option.

          11. > I’m not talking long lasting major wars between many nations – just any conflict between any nation in Europe

            Then you should brush up on your history. A short list: Macedonia, Kosovo, Ukraine, Georgia, Chechnya, Yugoslavia, the Cyprus missile crisis, The Troubles, The Basque conflict…

            >But the EU as it currently stands is completely broken. But it refuses to notice this, or take any steps to deciding exactly what it is supposed to be

            Systemantics 101:

            “The Fundamental Law of Administrative Workings (F.L.A.W.): The real world is what is reported to the system. The system has a severely censored and distorted view of reality from biased and filtering sensory organs which displaces understanding of the actual real-world.”

            From this follows:

            “The Functional Indeterminacy Theorem (F.I.T.): In complex systems, malfunction and even total non-function may not be detectable for long periods, if ever.”
            “The Fundamental Failure-Mode Theorem (F.F.T.): complex systems usually operate in a failure mode.”

          12. And if you want to learn from systemantics, there’s one last very important point:

            http://www.draftymanor.com/bart/systems6.htm
            “The longer a system exists, the more its primary goal becomes self-preservation.”
            “The more people who are served by a particular system, the greater the resistance to changing that system… and, bizarrely, this is so whether that system works or not.”

            The EU is at this stage, where so many people are involved in the system that even if it doesn’t work at all, many people would suffer from dismantling it, and so they resist changing it at any cost. Crucially, most of those people are involved in politics, whereas most of the people who would benefit from dismantling the EU are not. The latter can only vote for the former, who once elected become dependent on the system, so the system has organized itself to resist any attempt to dismantle it democratically.

            For an example, when the UK announced brexit, the Finnish government quickly voted to make their EU membership an article of the constitution, so it cannot be changed without a 3/4 majority, or a simple majority over two consecutive parliaments, making the process last at least 8 years before the decision can even be made. In other words, they intentionally threw out their means of jumping out should the EU start to sink under their feet. They literally gave away their sovereignty by constitution to prevent the EU-skeptics from pulling a FIXIT.

  2. Maybe I dumb, but I cannot figure out a way to leave feedback there, as a free-text. I’ve completed the questionnaire but i saw no option to leave a summary comment.

    1. Ugh, probably tuned the questionnaire into making you either look mildly positive towards the idea, or a reactionary ignoramus.

      There goes my idea of making lists of routers supported by alternate firmwares, vs manufacturer support of routers 2-5 years old, and calculating days since vulnerabilities were announced and the time until they were patched, including anything remaining unpatched. I’m betting they’d get scores of like 7000 vulnerability days vs 200 vulnerability days for the alternates user supported.

      Then do the same for phones.

      Then point out that since manufacturer support is absofuckinglutely useless over a reasonable device lifetime, that they contribute probably a kilogram of e-waste per person a year to landfills, were it not for user self-support holding back half of it.

  3. This is just a law proposal so far.
    So if the EU accepts it or not is hard to say, though the EU tends to be a bit more towards the “let people do as they please” side of the street.

    But the thing that annoys me more about the EU than this law proposal, is the fact that they aren’t actually clearly linking to the actual law proposal itself! They have the feedback, they have what group is handling the process, they have what category it belongs to, and a rough summery too as well as the risk assessment, but not the proposal itself…

    I do not want to go about hunting down a law proposal that should have just had a link over to it.

    I do not fault Hack a day here, since this article here links to the “About this initiative” page over at official EU site. But why the EU haven’t included at least a link to the actual proposal in the “About this initiative” page is beyond me… (Unless one needs to create an account to just view it, but that is stupid to be fair…)

    1. That is undoubtedly done on purpose to confound people wanting to assess the directive and leave feedback.

      So – a laptop or desktop PC has WiFi in it, and Bluetooth probably, so has to pass RED.

      A mobile phone similarly (plus a dirty big 2W radio transceiver).

      So are they really saying – you can’t load any software onto your PC’s, you can’t load any apps onto your phones (but you can ask the manufacturer to do it)?

      Seems like they haven’t thought this one through.

      1. The ability to alter the radio operation involves the firmware (EFI/BIOS), the OS, and the device drivers. You can load any apps you want, but changing the operating system or downloading unapproved hardware drivers for it becomes illegal.

        It’s not just about routers and IoT gadgets. Installing Linux on a regular PC becomes illegal if the PC comes with any sort of integrated radio transmitter like wi-fi or bluetooth.

  4. commenting on the EU proposals is a waste of time. they always go their way regardless of the comments.
    the only ones who have a say are big corporates and political entities. the plebs count nothing.

      1. But that works two ways now, politicians are known not to read bills they vote for so voters can as much lie their ass off about what’s in them as lobbyists can disguise the rent seeking pigopoly it seeks to create.

  5. I remember when municipalities introduced laws limiting satellite dishes, as if they could legislate laws of how radio works. The point was “eyesore” they gave no thought to people wanting or needing reception.

    This seems like that. They don’t have a bigger picture.

    And surely this is where relevant organizations step in, to inform the lawmakers, so they can make proper decisions. That will have greater impact than a bunch of comments that just say “don’t do it”.

    You can’t have “SDR” without software, though we are seeing a shift to SDR where tye software is in firmware, like all those Silicon Lab single IC receivers.

    1. If I’m understanding their point, they want the software/firmware to be certified against misuse: dirty spectrum, bricking, malware takeover. They believe that the manufacturers can do that better than us. While the intention might seem good, the execution is really bad.

      If I would be in power, I would propose a law that requires all manufacturers to open their firmware after EOL, or if significant deficiencies can be proven, either due to malevolence or ignorance. Why not before EOL? Because there might be some IP involved, but once you EOL a product you effectively give up on that property and retire a product for which people already paid.

  6. The thing to do here is make sure they cannot enforce any such new law. Get a community of people ready to defy any such law, a huge secret operation to ensure a supply of non-tyrany-compliant parts and devices can be reliably smuggled in. If the EU sees that a law they were thinking about will be unworkable because defiance will be so widespread it will probably back down, they’re more pragmatic than some other multi-state groups/governments. And if they don’t back down then we’d have sufficient infrastructure in place to make them unable to enforce in practice anyway.

    1. > If the EU sees

      There’s the first fault in your thinking. Systemantics 101: reality is what is reported to the system. The EU does not “see” – it operates within its own reality that has nothing to do with what happens out there in the real world.

  7. European beaurocrats are seriously ill if they can’t make new regulations. It’s sad that only great things in UE – common market and open borders are under attack but stupid ideas and laws are multiplicating every year.

  8. Wasn’t it an EU law a few years ago that forced websites to post a pop-up forcing you to accept terms and conditions before accessing their content? That reminds me of the book Catch 22, where one of the officers forced everyone to to sign an alliegence pledge every time they went to the mess hall.
    Basically, if this goes through, I agree to the terms and conditions just by using a device, and these terms may change at any time without notification, and if install non authorized software I will be in breach of contract, on a device that radio home that I broke the law.

    1. I guess you’ve not actually bothered to read one of those pop-ups. You’re not accepting terms and conditions, you’re accepting cookies, or denying cookies. It’s really more your terms and conditions to the website.

      1. A lot of those pop ups only give you the option to accept, there’s no button for “I’m happy to deny the cookies and I understand that this means I will have to log in manually and you won’t save my shopping cart.”

  9. Thinly veiled attempt to defang right to repair and open-source “competition”.

    Surely they will need to build many more prisons to house all the new lawbreakers should this pass.

  10. Like everyone one else the ACTUAL proposal is yet to be read but having limitations on who can alter firmaware in a transmitter is not necessarily a bad thing if it’s implemented correctly.

    There are lots of users of the spectrum that have a right to have the part of the spectrum they pay money to use exclusively not interferes with.

    Many years ago CB operators needed to be licensed, still today Amature radio operators need to be licensed and depending on your qualifications you may or may not be able to modify a transmitter or build your own. And there are good sensible reasons for this.

    Of course there will always be edge cases and that’s just a fact of life.

    Protecting the spectrum is important Your 2w transmitter probably won’t bring an airplane down but it might stop your neighbor’s internet connection. Or just cause interference to another service.

    All laws should be examined fully and adjusted to be sensible.

    It may be that the time has come that if you want to alter the firmware in your radio device you need to have an amature raido license or something similar.

    1. I don’t agree. “Radio device” now includes basically any modern computer (phones, any laptop or whatever with a WiFi card) and also routers and similar things. Requiring amateur radio licenses just to update some component of those would be a significant barrier to, well, lots of things.

      1. This is why sensible discussion needs to be had and not just “throwing the baby out with the bath water “ . There are components (firmware etc) that can be altered with no effect on the radio and that should be free to do but if your adjusting the radio (and that’s pretty loose term these days) than there should be some accountability.

        The challenge is defining the line where x is acceptable and y isn’t. But to say all or nothing is a dangerous place to be for both sides.

    2. Manufacturers selling home use equipment are not going to spend money developing a system that allows licensed people to modify their devices. And they certainly aren’t going to spend even a penny more per-device implementing such a system. There is no profit in that for them. They will just build devices that are too locked down for any user to modify and when the original firmware is no longer good enough the device becomes just that much more landfill.

  11. The situation gets considerably worse with commercial gear as you typically can only get updates if you purchase expensive support contact’s. One of the best examples is with Juniper Networks, who released a number of versions of ScreenOS with what appear to be back doors put in by the NSA:

    https://www.zdnet.com/article/congress-asks-juniper-for-the-results-of-its-2015-nsa-backdoor-investigation/#:~:text=Recap%20of%20the%202015%20Juniper%2DNSA%20backdoor%20scandal&text=Following%20public%20pressure%2C%20Juniper%20later,devices%20and%20decrypt%20VPN%20traffic.

    If you buy a Juniper device that has a compromised version of the OS, good luck getting them to even give you the fixed version of that release, no less the last release version before the EOLed the device.

    These devices are also notorious for barfing on OS updates. When you get to know them you learn a few tricks to both test to see if a given version of the OS will run before committing to it, and some tricks to get new versions to run.

    Their support people will spend more time telling you how sorry they are that they are unable to assist you than it would take to assist you. I guess that is understandable, but I do find it humorous in a sick kind of way.

    Also if you do manage to find a less compromised version of the OS be prepared for the configuration and how you implement many things to be significantly changed. You wind up back down near the bottom of the learning curve again. The internet has many examples of boilerplate settings for assorted things, but sadly many of them lack the one critical piece: Which version of the OS that example works with.

    Consumer devices are much simpler and I have yet to see them try and sell a firmware update for one, and in general, previous configurations are plug and play with firmware updates.

    One other point that is interesting in this law that wants to make user supplied firmware illegal is that the vast majority, I would be tempted to go out on a limb and say almost ALL consumer grade routers run software that is either fully or mostly open source which I see as being essentially user or community supplied. Am I the only person who finds it funny that the manufacturer who supplies none to a small amount of the software is presumed to know better than the community that has supplied all or the bulk of the software?

    The thing is pragmatically it would be next to impossible for someone on the outside to be able to ID the exact hardware and software running on a router unless the design is beyond sloppy. So unless the router has an amp built in that can put out illegal amounts of power that my be questioned, and that is in the hardware of the router, how is anybody going to know what you are running. It is like trying to limit people to running FCC certified gear in the US. It is almost an impossible task. Right up there with UL regulations for anything that carries power. Do you think every power cord and extension cord you own is UL certified? Lofty laws to pass but just about impossible to enforce.

  12. Calm the heck down. Every laptop computer is a radio. No one can stop you from bricking your device if you own a hammer or a rock or a bathtub. What a stupid article.

  13. There was a similar consultation in the US by the FCC, most of the replies (90%) were against a radio lockdown. The FCC ignored the consultation results, and implemented a radio lockdown.

    In 2019, the European Commission made a public consultation with similar results. Now they do a second questionnaire with biased questions.

  14. The idea is to prevent rogue reconfigurable radios from talking over each other, and prevent consumers from bricking their routers and radios.

    Lets be realistic. The idea is to limit customers ability to modify things they own, so that intentionally disabled features stay disabled, and intentionally bricked devices stay bricked, and devices no long supported by servers or security patches become useless

  15. I think they are barking up the wrong tree here, restricting the human users. We will soon (if not already) have AI-enabled IoT devices with radios. It’s not a massive leap from there to AI bots reconfiguring the radio to get better throughput/range. Once these things start shouting louder and (mis)configuring their radios with no test equipment to verify that the spectral emissions are conformant, all hell will break loose.

    Yes they will pass type approval when in the test lab, but what happens after that?

  16. Change of plan. Support this… make a fuss, say it needs to go further, convince the lawmakers that every line of code has to be approved by law, and submitted for review in a public forum, and may not be changed without another hearing to review the changes. Manufacturers should also pay a yearly license fee equal to 10% of the gross income of all devices containing radios and code, and will be subject to monthly compliance inspections. All employees must be security vetted for connections to foreign intelligence organisations and extremist groups. New hires are subject to a 2 month paid waiting period while this vetting is carried out. Principal officers of the regulated companies may travel only with the consent of the government and will be restricted to approved countries, where they will be monitored against honeytrap blackmail operations for their own safety and to prevent being coerced into inserting infringing code into their products. Let’s get really SERIOUS about this ;-)

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.