Difference between revisions of "Save WiFi"

From LibrePlanet
Jump to: navigation, search
(added link to inclusion in the mainline linux kernel)
(SFLC)
Line 51: Line 51:
 
* OpenWRT, contact?
 
* OpenWRT, contact?
 
* American Radio Relay League, Chuck Skolaut or Dan Henderson
 
* American Radio Relay League, Chuck Skolaut or Dan Henderson
 +
* Software Freedom Law Center (SFLC), J.D. Bean
 
* Telecommunications Industry Association, April Ward (Note: They're against us)
 
* Telecommunications Industry Association, April Ward (Note: They're against us)
 
** Note: the rule change also simplifies how a number of pieces of hardware are certified which probably explains their support. Are we sure they're actually in favor of the changes we're opposed to?
 
** Note: the rule change also simplifies how a number of pieces of hardware are certified which probably explains their support. Are we sure they're actually in favor of the changes we're opposed to?

Revision as of 08:15, 12 August 2015

The FCC wants to require device makers to lock down our computers with radio devices (wifi, bluetooth, etc) with DRM and we need to stop them.

The FCC has proposed rules that will require device makers with wifi and other Radio Frequency (RF) devices to cryptographically lock down the RF-controlling software on those devices so as to prevent users from installing the software of their choice. This means not only wifi routers, but also many phones, tablets, laptops, and any number of new devices that are wifi capable would now be required to implement a low level DRM system that prevents users from re-flashing or modifying the operating system and/or firmware on those devices.

We have been fighting for years the unjust laws that serve to protect companies that use DRM to restrict users. This new regulation goes beyond protecting those who use DRM, this would be a law requiring device makers to implement low level DRM technology to restrict users from upgrading the operating system and firmware of many devices. The FCC's own example in the guidelines states that device makers will need to: "Describe in detail how the device is protected from “flashing” and the installation of third party firmware such as DD-WRT". Software Security for UNII Devices.

Fortunately, the FCC is accepting public comments on this issue. The deadline for comments are due by end of day on September 7th, so we need to act quickly. Thanks to people from OpenWRT, ThinkPenguin, LibreCMC, and elsewhere, we already have some momentum building around this issue. But we need to come at this problem both singularly and together by growing a coalition that helps spread a more unified message to the FCC as well as encouraging supporters of those organizations and groups to submit comments to the FCC.

Bad precedent for FCC

The FCC is going beyond what is fair or reasonable with these requirements. While their intent is to prevent users from being able to make use of the radio device in ways that violate FCC rules, they have imposed a set of requirements that are far broader reaching than preventing use of the radio device alone. The provided example they give in their own documentation is cryptographic lockdown that would prevent a user from installing firmware/operating system DD-WRT, which in addition to sending signals to the radio part of the device, also hosts a suite of other useful unrelated functionality. This is bad in and of itself, but, with memory becoming cheaper and more functionality being built into circuit boards, it is easy to see how the FCC's rules could quickly effect a wide array of devices outside of the home routers references in their example -- that is, any device that can be used as an access point, such as a cell phone or a tablet, will be required to lock down their system in ways that will surely extend beyond simply the narrow functionality of the radio itself.

We should find out: Does the FCC have authority to impose such a broad rule? Are there legal objections we can cite?

How this is bad for individuals and disrupts the market

These regulations are especially oppressive to small companies and to free software developers. Individuals and small companies wanting to make changes to their own products, or want to build custom devices, or provid custom services will not be forced out of the market if they don't wish to use proprietary software or if they will be required to pay licensing fees to those who control the DRM signing keys that allow the upgrading of software and firwmare on the devices.

Talking points

These are a set of talking points against the proposed rules. Once improved (and verified!), they can be used for crafting communications.

  • The rule prevents device owners from fixing their device in a case where the device is transmitting in an illegal manner. Since they are liable for operating a device that is violating the law, their only choice to is to stop using the device.
  • The rule prevents security fixes if a router is found to be insecure. This could manifest itself through intentionally created backdoors used for industrial and national espionage.
    • Firmware from manufacturers is often full of holes. Security experts recommend installing third-party firmware[1]
  • A manufacturer isn't required to provide fixes to the user even if the device is found to be insecure or operating outside of authorization
    • Manufacturers will often not patch routers with serious security holes [2]
  • Prevents companies from buying US routers and reflashing with custom firmware to then sell or rent to an end user, a somewhat common occurrence.
  • Discourages innovation and research in the US in wireless technologies, such as mesh networking
    • Community implemented the fq_codel algorithm for eliminating bufferbloat-based network congestion by using a version of OpenWrt [3]. The fixes for this are now in the Linux kernel [4].
    • Mesh networking research depends on low-level access and modification of kernel on the router. (Add more details)
  • (I think) Ham radio operators are allowed to operate at a higher power in portions of the unlicensed spectrum than non-licensed operators. This requirement prevents them from modifying low cost routers for operating long range wifi networks, such as would be useful in a disaster situation.
    • The law permits amateur radio operators to increase the transmit power on commercial routers beyond its regular limits, where the wifi frequencies overlap with frequencies. This system works particularly well for emergency communication. See Broadband-Hamnet.
      • Broadband-Hamnet uses a mesh networking protocol so this interacts with the issues on innovation
  • No FCC complaints about improper usage of routers were related to flashing third-party firmware. Most were related to commercial wifi providers breaking the law. In some cases, the official router web administration for the routers used in the complaint had a UI for operating in an illegal fashion. For example, it was possible to turn off all DFS or allow test operation on all possible channels which are both wildly irresponsible to place in a standard router UI.
  • The key problem necessitating the rule change, the need to make sure DFS is running near airports with Terminal-area Doppler Weather Radar (TDWR), is primarily relevant for those operating a wifi router outside within a mile or so of 45 airports in the US.

Whose with us?

Organization plus point of contact

  • Free Software Foundation, Joshua Gay
  • LibreCMC, Bob Call
  • OpenWRT, contact?
  • American Radio Relay League, Chuck Skolaut or Dan Henderson
  • Software Freedom Law Center (SFLC), J.D. Bean
  • Telecommunications Industry Association, April Ward (Note: They're against us)
    • Note: the rule change also simplifies how a number of pieces of hardware are certified which probably explains their support. Are we sure they're actually in favor of the changes we're opposed to?
  • prpl Foundation, Eric Schultz

Organizations we want to support this

Resources

  • Amongst other requirements, the proposed rule will require applicants to "Describe in detail how the device is protected from “flashing” and the installation of third party firmware such as DD-WRT". Software Security for UNII Devices.
 We propose to modify the SDR-related requirements in Part 2 of our rules
 based in part on the current Commission practices regarding software
 configuration control.  To minimize the potential for unauthorized
 modification to the software that controls the RF parameters of the
 device, we propose that grantees must implement well-defined measures to
 ensure that certified equipment is not capable of operating with
 RF-controlling software for which it has not been approved.  [ . . . ]
 We seek comment on these proposals. 

News and Blogs