Save WiFi

The FCC wants to require device makers to lock down WiFi-capable devices with DRM and we need to stop them.

The FCC has proposed rules that will require device makers with wifi -- Software Defined Radios (SDRs) -- to cryptographically lock down the software that controls those devices so as to prevent users from reflashing the devices with software of their choice. This means not only wifi routers, but also many phones, tablets, laptops, and any number of new devices that are wifi capable would now be required to implement a low level DRM system that prevents users from reflashing or modifying the operating system and/or firmware on those devices.

We have been fighting for years the unjust laws that serve to protect companies that use DRM to restrict users. This new regulation goes beyond protecting those who use DRM, this would be a law requiring device makers to implement low level DRM technology to restrict users from upgrading the operating system and firmware of many devices. The FCC's own example in the guidelines states that device makers will need to: "Describe in detail how the device is protected from “flashing” and the installation of third party firmware such as DD-WRT". Software Security for UNII Devices.

Fortunately, the FCC is accepting public comments on this issue. The deadline for comments is August 16th, so we need to act quickly. Thanks to people from OpenWRT, ThinkPenguin, LibreCMC, and elsewhere, we already have some momentum building around this issue. But we need to come at this problem both singularly and together by growing a coalition that helps spread a more unified message to the FCC as well as encouraging supporters of those organizations and groups to submit comments to the FCC.

Bad precedent for FCC

The FCC is going beyond what is fair or reasonable with these requirements. While their intent is to prevent users from being able to make use of the radio device in ways that violate FCC rules, they have imposed a set of requirements that are far broader reaching than preventing use of the radio device alone. The provided example they give in their own documentation is cryptographic lockdown that would prevent a user from installing firmware/operating system DD-WRT, which in addition to sending signals to the radio part of the device, also hosts a suite of other useful unrelated functionality. THis is bad in and of itself, but, with memory becoming cheaper and more functionality being built into circuit boards, it is easy to see how the FCC's rules could quickly effect a wide array of devices outside of the home routers references in their example -- that is, any device that can be used as an access point, such as a cell phone or a tablet, will be required to lock down their system in ways that will surely extend beyond simply the narrow functionality of the radio itself.

We should find out: Does the FCC have authority to impose such a broad rule? Are there legal objections we can cite?

How this is bad for individuals and disrupts the market

These regulations are especially oppressive to small companies and to free software developers. Individuals and small companies wanting to make changes to their own products, or want to build custom devices, or provid custom services will not be forced out of the market if they don't wish to use proprietary software or if they will be required to pay licensing fees to those who control the DRM signing keys that allow the upgrading of software and firwmare on the devices.

Whose with us?

Organization plus point of contact

• Free Software Foundation, Joshua Gay
• LibreCMC, Bob Call
• OpenWRT, contact?
• American Radio Relay League, Chuck Skolaut or Dan Henderson

Organizations we want to support this

• American Radio Relay League
• EFF
• Demand Progress
• New America Foundation/OTI
• Center for Democracy and Technology
• Berkman Center
• OTI
• Free Press
• Prometheus Radio (and similar?)
• Public Knowledge

Criticism of the proposal

• Marko Schütz-Schmuck

Resources

• FCC page with comments and notices for the proposed rules

• Amongst other requirements, the proposed rule will require applicants to "Describe in detail how the device is protected from “flashing” and the installation of third party firmware such as DD-WRT". Software Security for UNII Devices.

• Call for comments states:

 We propose to modify the SDR-related requirements in Part 2 of our rules
 based in part on the current Commission practices regarding software
 configuration control.  To minimize the potential for unauthorized
 modification to the software that controls the RF parameters of the
 device, we propose that grantees must implement well-defined measures to
 ensure that certified equipment is not capable of operating with
 RF-controlling software for which it has not been approved.  [ . . . ]
 We seek comment on these proposals. 

News and Blogs

• http://www.cnx-software.com/2015/07/27/new-fcc-rules-may-prevent-installing-openwrt-on-wifi-routers/
• https://news.ycombinator.com/item?id=9959534
• https://www.reddit.com/r/technology/comments/3euyd5/new_fcc_rules_may_prevent_installing_openwrt_on/