The Federal Communications Commission is considering new restrictions that would make it harder for users to modify Wi-Fi routers, sparking controversy and an apparent misunderstanding over the FCC’s intentions.

The FCC's stated goal is to make sure routers and other devices only operate within their licensed parameters. Manufacturers release products that are certified to operate at particular frequencies, types of modulation, and power levels but which may actually be capable of operating outside of what they’ve been certified and tested to do.

The extra capabilities can sometimes be unlocked through software updates issued by the manufacturer, or by software made by third parties. Lots of users install open source firmware on routers to get a better user interface and better functionality than what is provided by the vendor, and the wording of the FCC’s proposal has some worried that such software will effectively be outlawed.

The FCC’s proposals would ideally prevent interference in wireless networks while not infringing upon the rights of users, and the FCC says making third-party router firmware illegal is not the intention.

A proposed rulemaking was issued July 21, kicking off a public comment period, whose deadline has already been extended from September 8 to October 9 because groups including the Consumer Electronics Association said they needed more time to study the issue. The rules would apply not just to routers but also to smartphones and other devices with radios enabling either cellular or Wi-Fi transmissions.

Unintended consequences?

The FCC's proposed requirement is for device manufacturers to “implement well-defined measures to ensure that certified equipment is not capable of operating with RF-controlling software for which it has not been approved.” Any RF device whose radio parameters can be controlled by software should have security features preventing unauthorized modification to those technical parameters, the proposal said.

More worryingly, an FCC document issued in March suggested that manufacturers should try to prevent loading of software like DD-WRT, one of the most popular open source firmware packages for routers. The “Software Security Requirements” document said that license applicants should have to “Describe in detail how the device is protected from ‘flashing’ and the installation of third-party firmware such as DD-WRT.”

DD-WRT can change the transmit power of a router. But instead of telling manufacturers to block only that functionality while allowing third-party firmware to run in general, the FCC document makes it sound like the commission wants to ban DD-WRT and similar software altogether.

This led to articles saying the rules “effectively ban Open Source router firmware” and represent “a concerted move to expel the many popular open-source firmware distributions and hardware configurations populating the Wi-Fi router space.”

But as TechDirt writer Karl Bode noted, the FCC’s current leadership, fresh off a big net neutrality move, seems highly unlikely to “ban all personal hardware freedom.”

The FCC kicked off this rulemaking because of interference problems at airports, telecom policy expert and senior VP of Public Knowledge Harold Feld told TechDirt.

“We had problems with illegally modified equipment interfering with terrestrial doppler weather radar (TDWR) at airports,” Feld said. “Naturally the FAA freaked out, and the FCC responded to this actual real world concern.”

The potential problem, Feld said, is that if the FCC writes rules that aren’t crystal clear, “major chip manufacturers will respond by saying ‘the easiest thing for us to do is lock down all the middleware rather than worry about where to draw the line.’”

FCC: Open source won’t be banned

Ars is attempting to schedule an interview with the FCC to explore this issue in more depth. So far, the commission has only told us that “versions of this open source software can be used as long as they do not add the functionality to modify the underlying operating characteristics of the RF [radio frequency] parameters. It depends on the manufacturer to provide us the information at the time of application on how such controls are implemented. We are looking for manufacturers of routers to take more responsibility to ensure that the devices cannot be easily modified.”

Public comments on the proposal can normally be found at this link, but not right now, as the FCC has taken a number of systems offline until September 8 as it performs a much-needed IT upgrade. After the October 9 deadline to submit initial comments, reply comments can be submitted until November 9.

Assuming the FCC does not intend to prevent installation of any and all third-party firmware, the commission will have to be careful in how it words its final rules. An overbroad ruling could give manufacturers incentive to lock down their hardware to the point where it would be difficult to install third-party software, even if that software doesn’t change radio-frequency parameters.

In the meantime, a Save WiFi campaign was started by free software advocates to encourage people to submit comments to the FCC. One commenter named Wesley Fowler told the FCC that its proposed restrictions “are entirely too broad… Third party firmware provides many bug and security fixes to devices that manufacturers are often slow to fix or have abandoned completely in regards to firmware changes.”

Third-party firmware can also add “different functionality and can allow for devices to be used to fill needs in manners that the manufacturer had never contemplated,” Fowler wrote.

The changes also sparked an e-mail list discussion among developers and users of OpenWRT, another open source firmware. Some worried that the FCC’s changes as described in the Software Security Requirements document would make it impossible for users to install third-party firmware.

Kathy Giori, a senior product manager at Qualcomm Atheros, was confident that manufacturers can lock down the radio frequency settings of devices without locking out all third-party firmware.

“The FCC really only cares about not modifying the power/freq to go outside stated regulatory rules,” Giori wrote on July 28. “So we have to find a way to keep general software updates and reflashing open while limiting any proliferation of binary images that have a means to break regulatory restrictions.”