Networking hardware vendor TP-Link says it will prevent the loading of open source firmware on routers it sells in the United States in order to comply with new Federal Communications Commission requirements.

The FCC wants to limit interference with other devices by preventing user modifications that cause radios to operate outside their licensed RF (radio frequency) parameters. The FCC says it doesn't intend to ban the use of third-party firmware such as DD-WRT and OpenWRT; in theory, router makers can still allow loading of open source firmware as long as they also deploy controls that prevent devices from operating outside their allowed frequencies, types of modulation, power levels, and so on.

But open source users feared that hardware makers would lock third-party firmware out entirely, since that would be the easiest way to comply with the FCC requirements. The decision by TP-Link—described by the company in this FAQ—shows that those fears were justified. (Thanks to Electronic Frontier Foundation Staff Attorney Nate Cardozo for bringing it to our attention.)

TP-Link's FAQ acknowledges that the company is "limiting the functionality of its routers."

"The FCC requires all manufacturers to prevent user[s] from having any direct ability to change RF parameters (frequency limits, output power, country codes, etc.)," TP-Link says.

TP-Link says that it distributes devices with country-specific firmware and that "devices sold in the United States will have firmware and wireless settings that ensure compliance with local laws and regulations related to transmission power."

TP-Link says the change will go into effect for routers produced on and after June 2, 2016, a date set by the FCC in guidance issued in November. "All devices partially or completely approved under the old rules cannot be marketed starting June 2, 2016 unless they meet the requirements of the new rules in all the bands of operation," the FCC guidance says. The new rules are from June 2014, but the requirements were phased in gradually.

TP-Link says the changes it is making mean that "users are not able to flash the current generation of open-source, third-party firmware." The company added one caveat, saying that it is "excited to see the creative ways members of the open-source community update the new firmware to meet their needs." But TP-Link did not say exactly what open source firmware makers must do to use their firmware on new routers, and it said the company "does not offer any guarantees or technical support for customers attempting to flash any third-party firmware to their devices."

TP-Link's FAQ appears to be the most explicit public statement a router maker has made about how it will comply with the new FCC requirements. "This is the clearest statement, but it's what we've been hearing for a while off the record. Part of the problem is that the router manufacturers won't talk on the record," Cardozo told Ars.

TP-Link's FAQ points out that "the regulation affects all manufacturers marketing routers in the US."

Eric Schultz, a free and open source software advocate who is involved with the Save Wi-Fi coalition, is not optimistic about open source developers being able to rewrite their software. "As for whether the open source community can meet the requirements, not without moving the entire radio controlling software to a separate processor like on a cell phone," Schultz told Ars today. "Doing so eliminates legal ways a user can use the radio such as most mesh networking research and use, ham radio usage such as in disaster recovery, Wi-Fi protocol experimentation, moving to different countries with different rules and, given the near-total insecurity of IOT, vital security research on the radio software."

We've asked the FCC for comment and will provide an update if we get one.

The FCC began instituting its changes after the FAA discovered "illegally modified equipment interfering with terrestrial doppler weather radar (TDWR) at airports," Public Knowledge Senior VP Harold Feld has said.

In addition to the requirement taking effect in June, the FCC has proposed new rules that would further clarify how router makers should treat user modifications. Final rules haven't been issued, but the initial proposal says that hardware makers should “implement well-defined measures to ensure that certified equipment is not capable of operating with RF-controlling software for which it has not been approved."

Cisco argues that open source software could be consistent with the FCC's goals. "There is nothing in the Commission's existing or proposed rules that would limit or eliminate the ability of a developer to use Open Source software, including software that controls radio emissions," Cisco said in an FCC filing in November.

But this would require a more locked-down approach than one in which users can modify the firmware, Cisco said. "The ability to review source code is not inherently incompatible with the notion of locking the integrity of a product against modification or tampering," Cisco wrote. "It is perfectly possible for a product to have source code that is capable of review by the public while that same code is secured inside the device against change by the end-users."

UPDATE: DD-WRT developer Sebastian Gottschall doubts whether TP-Link is actually blocking third-party firmware.

"TP-Link has not blocked the firmwares in any useful way," Gottschall told Ars. "Just the firmware header has been a little bit changed and a region code has been added. This has been introduced in September 2015. DD-WRT for instance does still provide compatible images... in fact it's no lock."

But as we noted earlier, TP-Link's FAQ says the new regulation does not apply to routers produced before June 2016, so the company may be planning further restrictions.