Hello everybody and welcome back to Everything Hamradio. A while back I wrote an article aboutÂ Broadband-HamnetÂ and what it was an idea that I had about its use. I have also talked to a few people about it and read quite a bit about it. There was even a post on the ARRL a couple weeks ago about how it was used during a bike race. With such an awesome and useful thing, it seems like it can be coming to an end before it really gets off the ground. Today I saw this post on Wired.com this morning and it makes me wonder, so I thought I would share it with yall.
Hey FCC, Donâ€™t Lock Down Our Wi-Fi Routers
ON THE COASTAL edge of Tunisia, a signal bounces between 11 rooftops and 12 routers, forming an invisible net that covers 70 percent of the city of Sayada. Strategically placed, the routers link together community centersâ€”from the main street to the marketplace. Not long ago, the Zine el-Abidine Ben Ali government censored access to the Internet. The regime is gone now. And this free network gives the community unfettered access to thousands of books, secure chat and file sharing applications, street maps, and more.
The Sayada community network is part of the Open Technology Instituteâ€™s (OTI) Commotion Wireless project. The organization works with local groups to install mesh networks in communities across the globeâ€”from New York to India. Commotion Wireless uses routers that utilize and extend (among other things) OpenWRTâ€”an open source operating system with nonstandard features that make these unique networks possible. Reprogrammed and repurposed, the routers become something entirely new: a hub of information, a beacon of open access, and a symbol of freedom.
Now, the future of Commotion Wirelessâ€”and countless other programs and projects like itâ€”might be in jeopardy. Proposed rules by the Federal Communications Commission have digital watchdogs and open source advocates worried that manufacturers will lock down routers, blocking the installation of third-party firmwareâ€”including open source software like OpenWRT and DD-WRT.
The Reasoning Behind Locking Routers Down
In March of 2014, the FCC updated its requirements for U-NII devices operating on the 5 Ghz bandwidthâ€”a designation that covers a wide range of Wi-Fi devices and routers. FCC regulations arenâ€™t the sort of the thing you keep on your nightstand for a bit of light readingâ€”they are technical and dense. And so it wasnâ€™t until last month that Wi-Fi hobbyistspointed out some regulatory language that might affect the open source community:
â€œManufacturers must implement security features in any digitally modulated devices capable of operating in any of the U-NII bands, so that third parties are not able to reprogram the device to operate outside the parameters for which the device was certified.â€
On its own, the language isnâ€™t a deliberate war on modding. â€œIn this particular case, this is about safety,â€ said William Lumpkins, Sr. Member IEEE, IEEE Sensors Council/SMC Standards Chair. Most modern equipmentâ€”from laptops to planesâ€”emits radio frequencies (RF). And the FCC carefully orchestrates traffic to ensure signals donâ€™t get tangled up. Devices modified to operate beyond their intended parameters can cause interference with important systems (the FCC cites a 2009 case where user-modified devices were getting in the way of Doppler Weather Radars).
RF modding could also interfere with â€œmedical devices like pacemakers, optical implants, diabetic insulin regulators, and a slew of other medical devices,â€ Lumpkins said. â€œAn insidious person could also turn a radio into a white noise generator and not allow anyone to use Wi-Fi/Bluetooth within a 1500 foot radius, which is what a few well-intentioned theater owners tried last year.â€
It isnâ€™t unusual, Lumpkins said, for the FCC to take steps to keep devices operating within their intended parameters. What is unusual, Lumpkins added, is for the FCC to call outâ€”by nameâ€”specific software. But thatâ€™s exactly what the FCC did.
This March, the FCC published a guidelineÂ to help manufacturers meet the new requirements for the hundreds of new routers and access points that hit the American market every single year. One prompt read: â€œDescribe in detail how the device is protected from â€œflashingâ€ and the installation of third-party firmware such as DD-WRT.â€
And thatâ€™s a big red flag: DD-WRT, like OpenWRT, is a free,Linux-based firmware for wireless routers and access points. The two are widely used within the tinkering communityâ€”and they are important.
So, is the FCC mandating that manufacturers lock down the whole routerâ€”including its operating system? Not really. The guidance is more what youâ€™d call (badly worded) guidelines than actual rules. More importantly, guidances arenâ€™t written by the same people who write the actual regulations. In fact, the FCC explicitly told TechDirtâ€™s Karl Bode that itâ€™s fine with mods and open source software â€œas long as they do not add the functionality to modify the underlying operating characteristics of the RF parameters.â€ So, modding the operating system? Okay. Modding the RF parameters? Not cool.
The real worry is that major chip manufacturers will respond by saying ‘the easiest thing for us to do is lock down all the middleware rather than worry about where to draw the line.’
The real worry is that major chip manufacturers will respond by saying â€œthe easiest thing for us to do is lock down all the middleware rather than worry about where to draw the line.â€ That would potentially kill a lot of innovation and valuable uses,â€ wireless policy guru Harold Feldtold TechDirt.
A Broad Loss for Security, Tinkerers, and Society
And thatâ€™s a real concern. Especially as the FCC is currently considering a proposal that would expand the rules to anything with a software-defined radio. Which could apply to pretty much anythingâ€”because everything with Wi-Fi-capability is essentially a radio. The FCCâ€™s current Notice of Proposed Rulemaking (NPRM) seeks to â€œminimize the potential for unauthorized modification to the software that controls the RF parameters of [a] deviceâ€ by implementing â€œwell-defined measuresâ€ to ensure the equipment â€œis not capable of operating with RF-controlling software for which it has not been approved.â€
No word on what those â€œwell-defined measuresâ€ actually areâ€”or where the â€œradioâ€ ends and the rest of the device beginsâ€”but digital watchdogs are worried that the new rules could prompt manufacturers to lock down any computing devices with a wireless radio. Of course, if youâ€™re technically inclined (and most people who take the time to reflash routers are), itâ€™s not hard to pick digital locks that protect vendor programming. Itâ€™s just that breaking those locks opens tinkerers up to prosecution under the Digital Millennium Copyright Actâ€”a distinction comes with up to 5 years in prison and $500,000 fine. But thatâ€™s a whole other can of worms.
If manufacturers take the NPRM and the guidance as an invitation to lock down routers and Wi-Fi devices, it would be a huge loss to the tinkering community and a net loss to society.
The primary concern is this: If manufacturers take the NPRM and the guidance as an invitation to lock down routers and Wi-Fi devices, it would be a huge loss to the tinkering community and a net loss to society. Open source software gives users far more control over devices than proprietary vendor firmwareâ€”thousands of people have used open source firmware to unlock new functionality on cheap routers or breath new life into old access points.
â€œI personally use OpenWRT on my home wireless router because it provides more capabilities than the firmware that came pre-installed,â€ Oakland resident Kerrick Staley wrotein a letter to the FCC. â€œâ€¦OpenWRT, being open source, encounters far fewer vulnerabilities than manufacturer firmwares, and existing vulnerabilities are fixed quicker, meaning my home network stays more secure.â€
Staleyâ€™s not exaggerating about the security benefits. Open source systems are more easily audited by security researchers, and OpenWRT has occasionally beaten the big router manufacturers to market with security patches for their own hardware.
Itâ€™s not just the the high-tech nerds who are taking issue with the FCCâ€™s proposed rules. Wi-Fi routers are easy to repurpose as hotspots, wireless repeaters, network storage devices, and low-cost wireless networks; they can be cheaply and quickly patched together as a communication stopgap after emergencies. Which is why amateur radio operators have also stepped up to caution the FCC on its new proposed restriction to software defined radios.
The FCC is currently asking for feedback on the NPRM before the rules become lawâ€”so now is the time to pipe up. The FCC has already received tons of concerned comments from citizens and organizations around the nationâ€”most of them extolling the virtues of open source software and asking the FCC to make sure consumers arenâ€™t locked out of their own routers and Wi-Fi devices.
Yes, regulating the airwaves is importantâ€”especially as more and more Wi-Fi-enabled devices explode onto the market. But encouraging manufacturers (even unintentionally) to lock down entire devicesâ€”making every part of them, as opposed to just the radio, unmodifiableâ€”is the regulatory equivalent of using a rocket launcher to eliminate with a rat infestation. You might get the rats, but at what cost?
In this case, Iâ€™m hoping that open source communities donâ€™t wind up as collateral damage.
Want to voice your concern to the FCC? They are accepting feedback and comments on the NPRM until Oct. 9.
Thank you for visiting my page and please come back soon. If you haven’t done so already, don’t forget to subscribe to receive emails from me on when posts come out. Also, please like me on Facebook and follow me on Twitter, Google+ and LinkedIn. Links to all my social media pages can be found on the menu at the top of the page under Social.
Until next time…
73 de Curtis, K5CLM