FCC: No Ban On Open Source Firmware - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Government // Cybersecurity
08:05 AM
Connect Directly

FCC: No Ban On Open Source Firmware

The FCC has issued revised rules to clarify its effort to modernize how it regulates radio-frequency devices.

6 Ways Big Data Is Driving Personalized Medicine Revolution
6 Ways Big Data Is Driving Personalized Medicine Revolution
(Click image for larger view and slideshow.)

The Federal Communications Commission on Nov. 12 offered reassurance that it's not trying to ban third-party router firmware in the wake of proposed rules that suggest otherwise.

In March, as part of the agency's effort to update its process for authorizing Unlicensed National Information Infrastructure (U-NII) radio devices, which operate in the 5GHz portion of the spectrum and include WiFi routers, the FCC sought to establish a framework for how it asks hardware vendors to comply with a software security rule adopted last year.

That rule requires hardware makers to implement security controls to ensure that "third parties are not able to reprogram the device to operate outside the [RF] parameters for which the device was certified."

While this falls squarely within the FCC's spectrum oversight responsibilities, it has alarmed those who use open source router firmware packages like DD-WRT, OpenWRT, or Tomato. Open source firmware can make routers more powerful and more useful, allowing users to implement functions that have been disabled or omitted by manufacturers. However, it could also be programmed in ways that would make routers interfere with wireless signals.

(Image: Pixabay)

(Image: Pixabay)

In this, software is no different from any other tool that can be misused. Yet the FCC is considering rules that would encourage manufacturers to limit that possibility.

Responding to concerns raised by the technical community, Julius Knapp, chief of the FCC's Office of Engineering & Technology, said on Thursday the agency has issued a revision of its proposed rules that aims to clarify the agency's focus on modifications that would make devices non-compliant.

"We were not [mandating wholesale blocking of open source firmware modifications], but we agree that the guidance we provide to manufacturers must be crystal-clear to avoid confusion," wrote Knapp.

Yet the issue goes beyond a contemplated security requirement. In July, the FCC proposed rules that would require makers' certified equipment to "implement well-defined measures to ensure that certified equipment is not capable of operating with RF-controlling software for which it has not been approved," in order to minimize the chance of unauthorized modification of the software that controls the radio-frequency parameters of the device.

Prominent technologists acknowledge that the FCC's rules need to be updated, but with an eye toward greater transparency and manufacturer responsibility. They point to the Volkswagen emissions scandal as an example of the consequences of lack of access to software source code.

[Read about the FCC cracking down on WiFi blocking.]

In a letter submitted to the FCC website last month, Dave Täht, cofounder of the Bufferbloat Project, and Vinton Cerf, co-inventor of the Internet, argue that "rather than denying users the ability to make any changes to the router whatsoever, router vendors be required to open access to their code (especially code that controls RF parameters) to describe and document the safe operating bounds for the software defined radios within the Wi-Fi router."

**New deadline of Dec. 18, 2015** Be a part of the prestigious InformationWeek Elite 100! Time is running out to submit your company's application by Dec. 18, 2015. Go to our 2016 registration page: InformationWeek's Elite 100 list for 2016.

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
11/16/2015 | 4:38:07 PM
easier said than done
Supply chains are longer than ever, and hardware documentation isn't getting any better.  Some of these chips don't have any more documentation than was needed to get the first demo board built.  Even if you have NDAs in place and the executives of the two companies have ordered everyone to cooperate, it is still often impossible to get the kind of documentation everyone in this story believes should be forthcoming, because it was never generated in the first place.  (I've been in that position with some pretty big brand name chip makers.  One didn't have a current data sheet because of a labor dispute with the company it acquired to get the chip.  Another couldn't get me a data sheet because the chip manufacturer wouldn't share it with his tech support organization outside of Taiwan.  And that was 15 years ago.)  The information about the registers in the RF chip may only exist in a post-it note stuck to somebody's monitor.  Or it may never have been translated from Chinese to any Western language.  FCC may well be requiring a new level of documentation, one that is beyond the imaginations of the people and companies who design this hardware these days.  It's definitely far outside the current cultural norm in the industry.
2021 Outlook: Tackling Cloud Transformation Choices
Joao-Pierre S. Ruth, Senior Writer,  1/4/2021
Enterprise IT Leaders Face Two Paths to AI
Jessica Davis, Senior Editor, Enterprise Apps,  12/23/2020
10 IT Trends to Watch for in 2021
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/22/2020
White Papers
Register for InformationWeek Newsletters
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Flash Poll