What's new

The FCC is asking for comments on a proposal to require manufacturers to lock down computing devices

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Verbatim from the FCC document - so this is all moot if the device does not support impacted bands - remember 5GHz is three (some would consider 4) blocks - the UNII-1, UNII-2 (and extension), and UNII-3 - so perhaps the comments back to FCC are clarification on what specific channels/blocks/frequencies would this apply to, or is this going to be applied across the entire 5GHz band.

SOFTWARE SECURITY REQUIREMENTS FOR U-NII DEVICES

I. INTRODUCTION
On March 31, 2014, the Commission revised the rules in Part 15 that permits U-NII devices in the 5 GHz Band.1 As part of that revision, the Commission required that all U-NII device software be secured to prevent its modification to ensure that the device operates as authorized thus reducing the potential for harmful interference to authorized users.2 Although, the Commission refused to set specific security protocols, the methods used by manufacturers to implement the security requirements must be well documented in the application for equipment authorization. In this document, we provide general guidance on the type of information that should be submitted in the equipment authorization application.3 The security description provided in the application must cover software security, configuration, and authentication protocols descriptions, as appropriate. This guidance applies to master and client devices. Special circumstances that apply only to client devices are also addressed.

II. SOFTWARE SECURITY DESCRIPTION GUIDE
An applicant must describe the overall security measures and systems that ensure that:
1. only properly authenticated software is loaded and operating the device; and
2. the device is not easily modified to operate with RF parameters outside of the authorization.
The description of the software must address the following questions in the operational description for the device and clearly demonstrate how the device meets the security requirements.4 While the Commission did not adopt any specific standards, it is suggested that the manufacturers may consider applying existing industry standards for strong security and authentication.​
 
And I think the real solution will most likely come from the chipset vendors (Broadcom, Marvell, QC-Atheros, Mediatek, Realtek, Intel, etc) as setting and locking the regulatory domain is best done there in the wifi chip itself, rather than at a device level with bootloaders/locked drivers, etc...

FCC is not the bad guy here - the UNII bands, along with the ISM bands are national, if not global, resources, and having these open to unlicensed devices has been a tremendous boost to productivity. They have an obligation to prevent misuse of this global commons, at least in their area of responsibility, and they're trying be a good job of it.
 
Merlin
I do get this error msg from the FCC website
Date and time of error: Sun Aug 30 13:01:10 EDT 2015
Requester's browser type: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
Called from: http://www.snbforums.com/threads/th...s-to-lock-down-computing-devices.26712/page-2
Parameters specified: RequestTimeout=500
Diagnostic information: Variable CALLEDFROMFRAME is undefined.
The error occurred on line 16.​

I updated the link - I posted the search result link instead of the direct device link, so it was only working for me.
 
That's basically how I read it on second review - and it seems to be focused mostly on the UNII-2 blocks, which a vendor could just lock out those in the chip/radio sections.

FCC's intent is to open up that UNII-2 band, but they want to have some confidence that devices will behave well there...

Then they need to revise that public form. Flat out asking "What are you doing to prevent users from flashing DD-WRT" is no way of reassuring the community, as it implies a will on their part to see manufacturers actually do block users from flashing DD-WRT and the likes.

That particular section wasn't present in last year's version of the form I had received.
 
I already understood uni band segmentation, but had to search for a more detail explanation on what is UNI-2 band? , and did find out a more clear explanation on the FCC web site, the whole document is very interesting to read and learn from the different type of unlicensed operations.
Be advise it is a long document, but you always have the index tab to find what you want. I did read completely the article.

https://apps.fcc.gov/edocs_public/attachmatch/FCC-13-22A1.pdf
or
https://www.fcc.gov/document/5-ghz-unlicensed-spectrum-unii
 
Last edited:
Then they need to revise that public form. Flat out asking "What are you doing to prevent users from flashing DD-WRT" is no way of reassuring the community, as it implies a will on their part to see manufacturers actually do block users from flashing DD-WRT and the likes.

That particular section wasn't present in last year's version of the form I had received.

Merlin
When I read their proposal, the very first time, they use DD-WRT as an example of 3rd party software. It did sound as I understood , very implicate to read something like that. Then the next morning it was reformatted only as a 3rd party software only. Honestly, that was dearly annoying to me.

Sorry, I never did saved the original proposal otherwise, I would share it with you.
 
And I think the real solution will most likely come from the chipset vendors (Broadcom, Marvell, QC-Atheros, Mediatek, Realtek, Intel, etc) as setting and locking the regulatory domain is best done there in the wifi chip itself, rather than at a device level with bootloaders/locked drivers, etc...

FCC is not the bad guy here - the UNII bands, along with the ISM bands are national, if not global, resources, and having these open to unlicensed devices has been a tremendous boost to productivity. They have an obligation to prevent misuse of this global commons, at least in their area of responsibility, and they're trying be a good job of it.

Agree
 
jegesq

Your link redirects EVERYONE ELSE TO something else from the FCC, and not the Federal register were people could comment and send their proper comments ON THIS MATTER.

In my opinion, your links are disruptive....

Oh, calm down. The links for public comments are matters of public knowledge. If people want to use your links, great. However, the way one submits comments to the FCC that may be longer or which contain attachments is to use the FCC's Electronic Comment Filing System (ECFS), and as of five minutes ago, this link still was working: http://apps.fcc.gov/ecfs/upload/display. The Docket No. for the Proposed Rulemaking at issue that we're talking about is Docket No. 15-170. So I'm not directing anyone to links that pertain to anything other than proposed rulemaking docket in question.

And as I wrote, the time for public comment has been extended to November 9 (it was set to cut off on September 8, but in response to several petitions, the FCC extended the time for comments for two months). So it's not like the house is on fire and we all need to post immediately.

Rather than reacting negatively to what some post here, myself included, or urging people to rush through their comments to the FCC, perhaps it's better to just take a deep breath, and give some serious thought to what one is going to say and perhaps, as SFX2000 has done, actually read the text of the proposed rules and gain a better understanding than you seem to have about the frequencies that are of concern to the FCC and those which are located adjacent to the frequencies used in 5ghz routers in North America (which are not the radar bands, but which at the upper fringe of the lower band and the lower edges of the upper band, can conflict with civilian aviation, military and weather radars, and hence the need for DFS and TPC to be implemented). before you freak out or purport to tell me what I can and can't post here. We all need to read the rules carefully and gain a better understanding of what the issue is before commenting to the FCC if those comments are going to be meaningful.

The proposed rules from the FCC are densely and badly worded IMHO, and while we can all just give a knee-jerk reaction based on what we read in news blurbs and simply say "this is bad", perhaps, as R. Merlin just noted, it's going to require a closer reading of these proposed rules to get a better understanding of what the FCC is really trying to accomplish. The fact that the rulemaking staff who wrote this stuff chose to call out DDWRT specifically is disturbing and has certainly led to some of the confusion.

I have been digging around a bit on several other sites and reading the rules, and looking for other views on the subject, and found this message thread posted on the Hacker News forums, which is a very interesting take, and consistent with what the Asus folks have evidently conveyed to R. Merlin:

Posted by jonathanmayer 33 days ago:
(Background: I'm a computer security lawyer at Stanford. This ain't legal advice.)
This is a misunderstanding. The FCC has not tried to ban Wi-Fi device modding. What it might be requiring is locked-down radios. And only radios.
The phrasing of the recent guidance is unfortunately ambiguous, and calls out DD-WRT by name. But the original rules are clear [1], and staff guidance cannot trump Commission rules.
What's more, an attempt to ban third-party software would be inconsistent with the FCC's previous policy. The agency fined Verizon, for instance, when it tried to block third-party tethering apps [2].
[1] https://apps.fcc.gov/edocs_public/attachmatch/FCC-14-30A1.pd...
The software must prevent the user from operating the transmitter
with operating frequencies, output power, modulation types or
other radio frequency parameters outside those that were approved
for the device.

[2] https://www.fcc.gov/document/verizon-wireless-pay-125-millio...

So perhaps the only thing that the proposed rules will actually require is that the manufacturer lock down the radio code so that unauthorized channels, transmit power and modulation type cannot be altered.

It's clear we all need to take a deep breath, calm the hell down, and actually read the proposed rules more closely. I'd recommend reading through the rest of the postings at the Hacker News forum on this subject, as well as reading the particular rule's actual text, as SFX2000 has done, particularly in light of the information conveyed to R. Merlin by Asus.
 
Last edited:
If routers become completely locked down, what happens to the people who buy a router where the company that made it, stops releasing firmware updates after about 2 years?
What do you do when there is a exploit that can be carried out remotely on your router, and the company that made it is not willing to patch it, and the locked down nature of it is preventing you from running a more secure alternative firmware. Routers tend to get abandoned by the companies that make them, long before the hardware becomes obsolete.
 
Red Pope:

In answer to your earlier question about radar and potential interference from wifi devices, part of the genesis of the current rule-making push, at least insofar as it pertains to wifi routers, has at least some of its roots in studies done by the FCC that have been reported earlier and which resulted in earlier rules regarding channel use and power transmit levels, and the requirements that DFS (Dynamic Frequency Selection) and TPC (Transmit Power Control) algorithms be added to firmware/radio coding of consuer routers. You can read a bit more about that at https://www.fcc.gov/document/5-ghz-unlicensed-spectrum-unii

In early 2009, Federal Aviation Administration (FAA) reported interference to their Terminal Doppler Weather Radar (TDWR) that operates within the 5.60-5.65 GHz band. Early field studies performed by the National Telecommunications and Information Administration’s (NTIA’s)
Institute for Telecommunications Sciences (ITS) and FAA staff indicated the interference sources were unlicensed U-NII devices that incorporated dynamic frequency selection (DFS), from different manufacturers, and operated in the same frequency band as these Federal radar systems.

You asked what "legitimate interests" could the FCC have in preventing interference with military, civil aviation and weather radar, and hopefully this information will give you a better idea of what I was talking about when I said that there are other "legitimate concerns" at play in my first message in this thread. And it's not just the 5ghz band that is of concern. For example in North America, there is a ban on using any 2.4ghz channel above 11 (or below 1). The EU allows channels in the 2.4ghz band up to 13. Channel 14 is only permitted in Japan.
Yet a lot of consumer routers that were sold in years past in the U.S. , and many wifi cards for laptops and desktops actually allow end-users to set their devices to use these unauthorized channels in regions where such use is illegal (and I use the word "illegal" because such use is in fact illegal and can subject the end-user to civil forfeiture actions up to $25K per offense). Essentially, while you may own your router, the FCC owns the airwaves and has the right to regulate usage of those airwaves. Basically every time one operates on a locked channel in the U.S., you're breaking the law. And yet, even though this is well known and we shouldn't do it, there are even some users of SNB who proudly proclaim that they will run their routers on whatever channels they see fit, damn the consequences, and at the highest power levels they can achieve, even if that conflicts with civil or military or weather radar. And of course it's not just the public safety/military issue; there's also the issue that the government has sold off huge chunks of the airwaves to private companies that also have an overriding interest to insure that their commercial interests aren't interfered with (such as Sirius which has in the past tried to get the FCC to go after 2.4ghz unlicensed use (see http://www.geek.com/news/satellite-radio-worried-about-wi-fi-547502/). See also https://en.wikipedia.org/wiki/List_of_WLAN_channels.

My point is that there are a lot of issues at play and this isn't just the FCC saying screw you to consumers. It all comes down to controlling SDR (software defined radio) and how the public policy can best be achieved, and so far, the FCC seems to have targeted the easiest way to go about that, i.e., require manufacturers to impose limits on what can and can't be added to radio devices. The question though remains, what is the best way to balance public interests against private uses of these unlicensed spectrums. So that's why I say this issue really does require some careful thought and not just a knee jerk reaction.

IMO, it's a very good thing the FCC decided to extend the time to comment for another two months, because we really all need to study what the FCC is actually proposing to do.
 
Last edited:
If routers become completely locked down, what happens to the people who buy a router where the company that made it, stops releasing firmware updates after about 2 years?
What do you do when there is a exploit that can be carried out remotely on your router, and the company that made it is not willing to patch it, and the locked down nature of it is preventing you from running a more secure alternative firmware. Routers tend to get abandoned by the companies that make them, long before the hardware becomes obsolete.

Let's all take a deep and collective breath... I don't think it is as bad as everyone is thinking.

First off - it's not just the 3rd party Router/AP modding community that is impacted here, it's the Maker Boards that support WiFi, it's 3rd Party ROM's for Android Phones/Tablets, and there are vendors that support these groups, both at a board level, as well as a chipset level - it's academics and independent researchers that want to make things better for everyone - there's a lot of people and companies and universities that all have a stake in this issue.

As for me, I would like to get more clarification on the language of the proposal, and better discussion of what is driving the concerns of the FCC, as some of the language is vague and overly broad on the scope. I've dealt with the FCC in the past, and usually their wording is quite concise and specific, and these documents are not.

We could all take the libertarian view and see this as a power grab and the knee jerk reaction is "hands off my wifi!"

I don't believe the FCC is there to hinder innovation, at least I hope not.. this is not typically how the FCC works.. but I've seen them throw out strawman proposals to engage the public, and this might be one of them.

So if, and when, you do submit comments, and in the US, as a citizen, this is your right, give it some thought and consideration as these are taken into the next steps on how the FCC will move. Don't flame them, that just gets ignored... be reasonable and thoughtful in what you say.
 
Then they need to revise that public form. Flat out asking "What are you doing to prevent users from flashing DD-WRT" is no way of reassuring the community, as it implies a will on their part to see manufacturers actually do block users from flashing DD-WRT and the likes.

That particular section wasn't present in last year's version of the form I had received.

It's a legit concern for the FCC, as many open firmware resources do not honor regulatory domains, and as a result interfere with licensed owners of that particular spectrum... it might be radar, it might be other 2-way users, but in general, agencies like the FCC need to keep bounds - and within those bounds, ensure that devices meet requirements - for example, in UNII-2, DFS/TPC still needs to be maintained, even within the new requirements here in the US that relax power constraints...

This is more of an issue with UNII than it is with ISM, but still a valid concern... third party firmware generally ignores regulatory domains, or allows those to be easily bypassed..

Longer view - FCC is wrestling with a lot of policy and governance issues - including White Space use in licensed spectrum, which can be a boon to unlicensed wireless, as well as commercial interests trying to leverage into the public commons - e.g. LTE-U and such...

They're asking for input, and I think this is an earnest ask to the community...
 
If routers become completely locked down, what happens to the people who buy a router where the company that made it, stops releasing firmware updates after about 2 years?
What do you do when there is a exploit that can be carried out remotely on your router, and the company that made it is not willing to patch it, and the locked down nature of it is preventing you from running a more secure alternative firmware. Routers tend to get abandoned by the companies that make them, long before the hardware becomes obsolete.

That has happen already! but at corporate level.

A Quick listing of recent negative events involving Router makers in the last 2 years.

Respectfully to the Asus and Linksys community.

Example: Corporate discriminatory firmware updates that backfires. Yet, this router still locked. No alternative for 3rd firmware.

1- Linksys EA3500.
http://arstechnica.com/gadgets/2012...roar-drops-cloud-from-default-router-setting/


2- Corporate Tinkering with Power-Output Levels

Netgear complain to the FCC consist ASUS CORPORATE in not been in compliance with the FCC rules.
This event is noticeable and it is all about Power-Output Levels.
The Fine was issue by the FCC to ASUS.
Netgear proved their point.

http://www.pcworld.com/article/2046...tting-fraudulent-test-results-to-the-fcc.html

Final result by the FCC.

http://www.commlawgroup.com/news/73...reless-equipment-provider-violating-marketing

http://www.techhive.com/article/289...the-fcc-fined-the-router-maker-last-year.html

Who was the culprit? 3rd party software or corporate router makers?
Current Events do show the results.
You be the Judge!
 
Last edited:
With a proper-class US amateur radio license (easy to pass the test), and operating in the US, you can run gobs of radiated power legally in most of the 2.4GHz "ISM" band under FCC Part 97 rules (not Part 15 for unlicensed). And you can get a commercial license to do the same - public safety has lots of robots and air-to-ground in 2.4GHz at higher power (EIRP) than Part 15 permits.

Amateur Radio (HAMs) don't use 2.4GHz due to received interference within this 2.4GHz multi-service shared use band. HAMs have 1.9GHz and other small bands which are exclusively for HAMS.

2.4GHz not exclusively for unlicensed ISM and WiFi.

But the same FAA-based, safety inspired restrictions apply to the upper portion of the band. Regionally,
 
This is one policy issue that folks are concerned with, but there are others also to consider...

1) LTE-U/LTE-LAA - this is LTE (4G) in unlicensed spectrum - targeted towards the UNII bands, but nothing stops Mobile Carriers from also using the 2.4GHz ISM band - if you're worried about WiFi, this really should be on your radar...

2) Ongoing Monetization of unlicensed spectrum - Big Cable is doing a pretty good job on this one - between making CM-WiFI gateways mandatory, offering both private and public SSID's, they're now moving towards WiFi only plans as this builds out.

This is part of an ongoing tread - and might be one of the reasons why FCC is moving on WiFi with 3rd-Party firmware... there's big money from big companies going into the unlicensed space, and for many, this could be a concern - as monetized unlicensed access will put an additional strain and burden on incumbent users (e.g. people here) - this additional usage will raise the noise floors (reducing range) and add congestion to what is getting to be an ever increasing usage by all - and when you toss the IoT devices into the mix...
 
FCC is on the take. $BBB from the spectrum auctions disappears into their coffers. Auctioning the God-given RF ether.

Next the EPA will sell the air we breathe.
 
FCC is on the take. $BBB from the spectrum auctions disappears into their coffers. Auctioning the God-given RF ether.

Next the EPA will sell the air we breathe.

That's one perspective perhaps... but I'd like to think that the FCC is a bit better than that - yes, spectrum auctions have put a lot of money into our government coffers... and this helps balance the budget, and that means we all pay less taxes, eh?

What I do know, having dealt with the FCC on a couple of projects, is that they are very receptive to input from the public - they're required to, it's in their charter - so raise a voice directly... it is your right to do so.

Also, FWIW, if one feels strongly enough, hit up your Representative and Senators, and that makes even a better impression, they will take consideration here -- but again, but thoughtful in your comments and objections.

With the Representative/Senators - I've always got a response back, not a form letter, but a signed response in Snail-Mail - I make my comments there, and yes, I do it often for issues I care about - just costs a stamp..
 
FWIW, if one feels strongly enough, hit up your Representative and Senators, and that makes even a better impression, they will take consideration here -- but again, but thoughtful in your comments and objections.

With the Representative/Senators - I've always got a response back, not a form letter, but a signed response in Snail-Mail - I make my comments there, and yes, I do it often for issues I care about - just costs a stamp..

Just saying - our congress critters - they work for our vote - and a smartly written letter means a lot... better than feedback over the internet..

As an example - I had serious objections to the TSA's X-Ray Backscatter body scanners, and raised up safety issues for citizens and the TSA folks combined - and we've seen results - my letter was based on sound science and economic factors in a concise format - not more than a page.

The FCC, like every other US Govt Federal Agency, they really dread having to deal with a congressman/senator (or their aides) asking about what they're doing, because they must respond, and in in my experience, those responses are relayed back - again, with a written letter...

Civics and Science for the Win!
 
With a proper-class US amateur radio license (easy to pass the test), and operating in the US, you can run gobs of radiated power legally in most of the 2.4GHz "ISM" band under FCC Part 97 rules (not Part 15 for unlicensed). And you can get a commercial license to do the same - public safety has lots of robots and air-to-ground in 2.4GHz at higher power (EIRP) than Part 15 permits.

Didn't use to be... First Class Radiotelephone License with Broadcast and Radar endorsements - needed to have those for work stuff back in the day - lot of those requirements have been sunsetted as FCC make things more specific to the station rather than the operator - but I still have my callsign.. I'm not a HAM per-se, but I do keep in touch with the local ARRL chapter, and believe it or not, one should reach out to them as well...
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top