Seriously, the FCC might still ban your operating system

Eric Schultz // Dec 09, 2015

A few weeks ago Julius Knapp of the FCC responded to the furor in the free, libre and open source software communities related to the agency's proposed rules on banning WiFi device modification. In his response, he sought to reassure the community that their proposals will not restrict open source firmware on devices.

I'm heartened that the FCC seems to want to listen to the community's needs and I appreciate Mr. Knapp's response. Sadly though, I wish that the agency had listened to the substantive concerns of the community. In fact, despite the kind, collaborative words of the post, the underlying facts are the same: the FCC's proposal still likely bans open source, third-party firmware, as designed, and takes away all access to the radio software from users.

The response

It's important that we understand what exactly Mr. Knapp said in order to understand what changes have been made. I'll highlight important parts.

I'm pleased that this issue attracted considerable attention and thoughtful submissions into the record and would like to make it clear that the proposal is not intended to encourage manufacturers to prevent all modifications or updates to device software.

While intent is not meaningless, there's a reason the social justice community has the phrase "intent isn't magic." The definition, in short, is that the intent of the behavior is not nearly as important as the result. In this case, we don't even have to go very far to see that the result is just as bad as ever. In the second paragraph:

One of our key goals is to protect against harmful interference by calling on manufacturers to secure their devices against third party software modifications that would take a device out of its RF compliance.

For all of the reasons I've previously mentioned, requiring manufacturers to "secure their devices against third party software modifications that would take a device out of its RF compliance" is not a straightforward request. In fact, it will require using DRM-like technology on devices to prevent prevent users from taking a device out of RF compliance. Like all DRM, it is anti-user, anti-Free, Libre and Open Source Software (FLOSS) and anti-innovation.

There are a few changes referenced in the blog post that are seem positive at first but their changes are superficial at best. One part of the blog post that is remotely positive is the FCC's change to the previous guidance on U-NII , or 5Ghz router, rules. The FCC modified the guidance in order to take out a specific mention of banning DD-Wrt. Sadly, the change has no substantive improvement for users. The FCC makes very clear in their updated guidance that changes to software that control the RF parameters, including drivers, must be under the control of the manufacturer.

Another change to U-NII guidance says that there may be "agreements with a third-party" to allow replacement of software. But this only helps limited, very large third-parties with strong relationships with manufacturers. After all, a manufacturer is still required to explain to the FCC, in sufficient detail, that the modifications will keep the device in compliance. If they do not prevent those modifications, they could lose the ability to sell the device in the US. Why would a manufacturer take on that sort of risk by spreading the ability to modify the device software broadly?

My thoughts

The issue at hand with the FCC's proposal isn't whether users should run their devices in a manner outside of authorization: They most certainly should not. Instead, it's whether consumer owned devices should be under the control of users or under the control of manufacturers. The FCC's proposal in effect says deputizes manufacturers to make it more difficult for users to engage in a number of activities, most of which are legal. I support fairly punishing operators who operate a device in outside of authorization. But taking the decision on how a device functions away from a user is an extreme solution when it's unclear the problem even exists.

Perhaps most frustrating in the response from the FCC is that there is no acknowledgement that what they demand is anti-consumer and anti-user. Indeed, they haven't once publicly acknowledged the validity of the legal use cases that users have been concerned about being eliminating. The folks at the FCC are exceedingly educated; they're smart enough to know that you can't create software that says "always allow legal use-cases and always prevent illegal use-cases." Why they give such short shrift to valid use-cases and the principle of access to the public airwaves befuddles me.

Questions I don't have answers to (but would really like)

Since the response from the FCC has been so lackluster, I've created a set of questions. If the FCC moves forward on the current path of forcing device lockdown, the FCC should publicly answer these questions. This would provide users with some assurance that the FCC actually understands and appreciates the consequences of what they are proposing.