Save WiFi
The FCC wants to require device makers to lock down the software and firmware on computers with radio devices (wifi, bluetooth, etc) and we need to stop them. #savewifi
Comments have been filed and we are now working on reply comments, which are due November 9, 2015
- List of comments and exparte filings.
- FCC Notice of Proposed Rulemaking (NPRM): http://transition.fcc.gov/Daily_Releases/Daily_Business/2015/db0722/FCC-15-92A1.pdf
- Federal Register comment page: https://www.federalregister.gov/articles/2015/08/06/2015-18402/equipment-authorization-and-electronic-labeling-for-wireless-devices
- Here are the proposed rules from the NPRM that we are going to comment on: Save_WiFi/Rules
- Here is the list of all specific request for comment the FCC has made in this NPRM: Save_WiFi/RFC
- Here is where we are drafting specific language for our letters and comments to the FCC: Save_WiFi_letter_language
- Here is joint letter we're creating to submit to the FCC on the NPRM: Joint Letter
- Send your comments to the FCC.
- Prepared questions for meeting with the FCC (tentative date: second week of September).
- Comment deadline: October 9, 2015
- Reply Comment Deadline: November 9, 2015.
- Join the discussion mailing list!
- Help filling these tables for a GNU hardware recommendation (solution = Libre Hardware Boards + extra wifi)
Contents
More info
The FCC has proposed rules (ET Docket No. 15-170) that will require device makers with WiFi and other Radio Frequency (RF) devices to cryptographically lock down the RF-controlling software on those devices so as to prevent users from installing the software of their choice. This means not only routers, but also many phones, tablets, laptops, and any number of new devices that are wifi capable would now be required to implement a low level DRM system that prevents users from re-flashing or modifying the operating system and/or firmware on those devices.
We have been fighting for years the unjust laws that serve to protect companies that use DRM to restrict users. This new regulation goes beyond protecting those who use DRM, this would be a law requiring device makers to implement low level DRM technology to restrict users from upgrading the operating system and/or firmware of many devices.
Fortunately, the FCC is accepting public comments on this issue. The deadline for comments is September 8th, so we need to act quickly.[1] Thanks to people from OpenWRT, ThinkPenguin, LibreCMC, and elsewhere, we already have some momentum building around this issue. But we need to come at this problem both singularly and together by growing a coalition that helps spread a more unified message to the FCC as well as encouraging supporters of those organizations and groups to submit comments to the FCC.
- FCC Notice of Proposed Rulemaking (NPRM): http://transition.fcc.gov/Daily_Releases/Daily_Business/2015/db0722/FCC-15-92A1.pdf
- Federal Register comment page: https://www.federalregister.gov/articles/2015/08/06/2015-18402/equipment-authorization-and-electronic-labeling-for-wireless-devices
Bad precedent for FCC
The FCC is going beyond what is fair or reasonable with these requirements. While their intent is to prevent users from being able to make use of the radio device in ways that violate FCC rules, they have imposed a set of requirements that are far broader reaching than preventing use of the radio device alone.
We should find out: Does the FCC have authority to impose such a broad rule? Are there legal objections we can cite?
How this is bad for individuals and disrupts the market
These regulations are especially oppressive to small companies and to free software developers. Individuals and small companies that want to make changes to their own products, to build custom devices, or to provide custom services will be forced out of the market if they don't use proprietary software or if they are required to pay licensing fees to those who control the DRM signing keys that allow the upgrading of software and firmware on encrypted devices.
Talking points
These talking points have been expanded into language which could be used for jointly crafting letters. See: Save WiFi letter language
These are a set of talking points against the proposed rules. Once improved (and verified!), they can be used for crafting communications.
- The rule prevents device owners from fixing their device in a case where the device is transmitting in an illegal manner. Since they are liable for operating a device that is violating the law, their only choice to is to stop using the device.
- The rule prevents security fixes if a router is found to be insecure. This could manifest itself through intentionally created backdoors used for industrial and national espionage.
- Firmware from manufacturers is often full of holes. Security experts recommend installing third-party firmware[2]
- A manufacturer isn't required to provide fixes to the user even if the device is found to be insecure or operating outside of authorization
- Manufacturers will often not patch routers with serious security holes [3]
- Prevents companies from buying US routers and reflashing with custom firmware to then sell or rent to an end user, a somewhat common occurrence.
- Discourages innovation and research in the US in wireless technologies, such as mesh networking
- Community implemented the fq_codel algorithm for eliminating bufferbloat-based network congestion by using a version of OpenWrt [4]. The fixes for this are now in the Linux kernel [5].
- Mesh networking research depends on low-level access and modification of kernel on the router.
- Vendors have not developed mesh networking support; instead it's been done primarily by the community on open and modifiable drivers and firmware/ [6]
- Research into wireless networking requires low-level access to drivers and firmware.
- Nearly 7,200 academic articles related to open drivers and firmware. The research cannot occurred without the ability to modify the device's software.
- (I think) Ham radio operators are allowed to operate at a higher power in portions of the unlicensed spectrum than non-licensed operators. This requirement prevents them from modifying low cost routers for operating long range wifi networks, such as would be useful in a disaster situation.
- The law permits amateur radio operators to increase the transmit power on commercial routers beyond its regular limits, where the wifi frequencies overlap with frequencies. This system works particularly well for emergency communication. See Broadband-Hamnet.
- Broadband-Hamnet uses a mesh networking protocol so this interacts with the issues on innovation
- The law permits amateur radio operators to increase the transmit power on commercial routers beyond its regular limits, where the wifi frequencies overlap with frequencies. This system works particularly well for emergency communication. See Broadband-Hamnet.
- No FCC complaints about improper usage of routers were related to flashing third-party firmware. Most were related to commercial wifi providers breaking the law. In some cases, the official router web administration for the routers used in the complaint had a UI for operating in an illegal fashion. For example, it was possible to turn off all DFS or allow test operation on all possible channels which are both wildly irresponsible to place in a standard router UI.
- The key problem necessitating the rule change, the need to make sure DFS is running near airports with Terminal-area Doppler Weather Radar (TDWR), is primarily relevant for those operating a wifi router outside within a mile or so of 45 airports in the US.
What this mean for you as a user:
- your choices will be restricted
- you have to stick with the features provided by your router vendor's firmware
- you have to stick with the factory firmware which uses outdated software. you most rely on your router vendor for security fixes
- you will have no way to verify, what's running on your device. you could be under domestic or foreign agencies surveillance
What it means you as a business:
This ruling will force you to spend additional money and resources on:
- locking down all future devices
- locking down all current devices before June 2016
- recertify all current devices before June 2016
- either have special US version of your devices or lose marketshare elsewhere
- this raises serious competition and innovation concerns on the industry
- replacing any GPLv3 Software like Samba because of "Tivoization"
Who is with us?
Organization plus point of contact
- Free Software Foundation, Joshua Gay
- libreCMC, Bob Call
- OpenWRT, contact?
- American Radio Relay League, Chuck Skolaut or Dan Henderson
- Software Freedom Law Center (SFLC), J.D. Bean
- Telecommunications Industry Association, April Ward (Note: They're against us)
- Note: the rule change also simplifies how a number of pieces of hardware are certified which probably explains their support. Are we sure they're actually in favor of the changes we're opposed to?
- prpl Foundation, Eric Schultz
- EFF, Nate Cardozo
Organizations we want to support this
- American Radio Relay League
- Demand Progress
- New America Foundation/OTI
- Center for Democracy and Technology
- Berkman Center
- OTI
- Free Press
- Prometheus Radio (and similar?)
- Public Knowledge
- OSI
- Information Technology Disaster Resource Center
- Red Hook Initiative
- International Association of Emergency Managers - Honored Broadband-Hamnet in 2013
- Broadband-Hamnet - mesh networking for hams
- Amateur Radio Emergency Data Network
Hams
- Adam Leibson, KC1EDT
- Chip Rosenthal, KE5VHV
- Martin Rothfield, W6MRR
Resources
- Call for comments states:
We propose to modify the SDR-related requirements in Part 2 of our rules based in part on the current Commission practices regarding software configuration control. To minimize the potential for unauthorized modification to the software that controls the RF parameters of the device, we propose that grantees must implement well-defined measures to ensure that certified equipment is not capable of operating with RF-controlling software for which it has not been approved.
Related
These are different NPRMs or discussions which are unrelated but might help us better understand the NPRM we have on hand.
- "Describe in detail how the device is protected from “flashing” and the installation of third party firmware such as DD-WRT". Software Security for UNII Devices.
There are also reports of similar rules of concern in other regulatory jurisdictions:
- Industrial Canada: RSS-247
- EU: 2014/53/EU (June 2016)
Publicity, News, and Blogs
- http://www.cnx-software.com/2015/07/27/new-fcc-rules-may-prevent-installing-openwrt-on-wifi-routers/
- https://news.ycombinator.com/item?id=9959534
- https://www.reddit.com/r/technology/comments/3euyd5/new_fcc_rules_may_prevent_installing_openwrt_on/
- http://hackaday.com/2015/08/31/fcc-introduces-rules-banning-wifi-router-firmware-modification/
- https://www.reddit.com/r/technology/comments/3isbif/the_fcc_is_asking_for_comments_on_a_proposal_to/
- https://news.ycombinator.com/item?id=10139679
- https://www.freetalklive.com/ Saturday August 29th (call in)
- Free Software Supporter - Issue 89, September 2015
- http://hackaday.com/2015/09/02/save-wifi-act-now-to-save-wifi-from-the-fcc/
- http://tllts.org/ Linux Link Tech Show Wednesday September 2nd (did interview on savewifi campaign)
- https://plus.google.com/+fedora/posts/Aen26sXiDVn Fedora project g+page
- https://blog.ninux.org/2015/09/02/la-fcc-contro-i-firmware-open-source-fai-sentire-la-tua-voce/ Italy
- https://www.thinkpenguin.com/gnu-linux/save-wifi-fcc-attempting-criminalize-freedom-new-regulations ThinkPenguin's blog on the issue
- https://www.techdirt.com/blog/wireless/articles/20150831/07164532118/no-fcc-is-not-intentionally-trying-to-kill-third-party-wi-fi-router-firmware.shtml
- http://m.heise.de/newsticker/meldung/Funkregulierung-Angriff-auf-alternative-Software-2803189.html German
- http://jxself.org/ Links to LibreCMC blog post
- https://librecmc.org/librecmc/wiki?name=Save_WiFi LibreCMC blog post
- https://www.extremetech.com/computing/213351-new-fcc-rules-could-ban-dd-wrt-and-router-modification
- Linux For The Rest of Us, show aired on September 2nd
- Linux LUG Cast, show airing on the 18th at 9PM EST
- Kernel Panic, show airing on the 19th at 10PM EST
- http://arstechnica.com/information-technology/2015/09/fcc-accused-of-locking-down-wi-fi-routers-but-the-truth-is-a-bit-murkier/
- http://electronicdesign.com/blog/write-fcc-now-save-wi-fi?utm_rid=CPG05000000265010
- http://www.jupiterbroadcasting.com/87321/how-we-got-started-with-linux-las-381/ Jupiter Broadcasting
- http://podnutz.com/lftrou190 - FCC talk will air on the September 9th episode release
- http://news.slashdot.org/story/15/09/11/2219210/open-source-router-firmware-openwrt-1505-released September 11th OpenWRT 15.05 release, Slashdot up-voted thread discussing FCC issue and SaveWifi campaign
- https://www.freedomsphoenix.com/Media/183316-2015-09-15-09-15-15-james-paul-christopher-waid-jay-kalafus-video.htm Freedom Phoenix on the FCC and savewifi - talk with Christopher Waid
- https://www.freedomsphoenix.com/Media/183360-2015-09-15-09-16-15-josh-gay-paul-rosenberg-charles-goyette-listen.htm Freedom Phoenix on the FCC and savewifi - Talk with Josh Gay
- http://arstechnica.com/information-technology/2015/09/fcc-open-source-router-software-is-still-legal-under-certain-conditions/ 2nd article by Ars Technica, better than the first, but far from perfect
- http://www.wired.com/2015/09/hey-fcc-dont-lock-wi-fi-routers/ Wired also did an article on the issue
- https://juliareda.eu/2015/10/dear-european-governments-dont-endanger-free-and-open-wifi-networks/ article on the Non-equivalent 'directive' for the rules
- http://esr.ibiblio.org/?p=6860 Eric Raymond's post on the issue
- http://www.regeringen.se/rattsdokument/departementsserien-och-promemorior/2015/07/promemoria-genomforande-av-radioutrustningsdirektivet/ Swedish version of the law
- http://wwahammy.com/seriously-the-fcc-might-still-ban-your-operating-system/ Eric's update on why the FCC's response will make no difference- and the campaign continues on...
Media contacts / groups we should contact to get publicity / organizations
- IEEE Spectrum contacted, they are investigating
- Off The Hook on Wednesdays at 7PM-8PM EST http://wbai.org/playernew.html, contacted them by email, phones have been non-functional for some weeks
- Linux Action Show, contacted, waiting for reply
- Bad Voltage, done, unknown URL
- Hacker Public Radio, scheduled, unknown air date
- Going [GNU]Linux, contacted, waiting for reply
- [GNU]Linux Game Cast, contacted, waiting for reply
- Android Central, need to contact still
- Knight Wise, contacted, waiting for reply
- Admin Admin, need to contact still, looks like UK show
- System AU, need to contact still (overseas show)
- XDA, need to contact still
- https://www.ifixit.com/, contacted, waiting for reply
- wsj.org, contacted, waiting for reply
- npr.org, contacted a Peter Biello @ NPR who wrote an article on DHS intimidating a library operating a Tor relay, see if he maybe wants to do a story on this
- nyt, contacted and waiting for reply
This page was a featured resource in August 2015.