dd-wrt – Techdirt (original) (raw)
Router Company Lazily Blocks Open Source Router Firmware, Still Pretends To Value 'Creativity'
from the unintended-consequences dept
Last fall, you might recall that the hardware tinkering community (and people who just like to fully use the devices they pay for) was up in arms over an FCC plan to lock down third-party custom firmware. After tinkering enthusiasts claimed the FCC was intentionally planning to prevent them from installing third-party router options like DD-WRT and Open-WRT, we asked the FCC about the new rules and were told that because modified routers had been interfering with terrestrial doppler weather radar (TDWR) at airports, the FCC wanted to ensure that just the radio portion of the router couldn’t be modified.
The FCC stated at the time that locking down the full, broader use of open source router firmware entirely was absolutely not their intent:
“Our rules do permit radios to be approved as Software Defined Radios (SDRs) where the compliance is ensured based on having secure software which cannot be modified. The (FCC’s) position is that versions of this open source software can be used as long as they do not add the functionality to modify the underlying operating characteristics of the RF parameters. It depends on the manufacturer to provide us the information at the time of application on how such controls are implemented.
The FCC also updated the guidance in question (pdf) and penned a blog post that tried to explain all this. But while the FCC may not have intended to block third-party firmware, many worried that because many routers have “system on chip” — where the CPU and radio exist in a single package — router vendors would “solve” the problem by just taking the cheapest and easiest path and locking down firmware entirely. And that’s precisely what appears to be happening — at least with one router manufacturer.
Gearmaker TP-Link recently posted a notice to the company’s website announcing that as of June of this year, it would be locking down firmware installations on its routers entirely. In a statement, the company blames the FCC for the fact it’s taking the lazy route and annoying its more technically-proficient customers:
“The FCC requires all manufacturers to prevent user from having any direct ability to change RF parameters (frequency limits, output power, country codes, etc.) In order to keep our products compliant with these implemented regulations, TP-LINK is distributing devices that feature country-specific firmware. Devices sold in the United States will have firmware and wireless settings that ensure compliance with local laws and regulations related to transmission power.”
Again, TP-Link could work with the community and developers to ensure users can mod everything but radio parameters, but it’s being cheap and lazy. The company’s statement then adds insult to injury by pretending it still values the community’s “creativity”:
“As a result of these necessary changes, users are not able to flash the current generation of open-source, third-party firmware. We are excited to see the creative ways members of the open-source community update the new firmware to meet their needs. However, TP-LINK does not offer any guarantees or technical support for customers attempting to flash any third-party firmware to their devices.”
So, hey kids, we’re locking down your ability to be creative starting this June, but go be creative! In one blow, TP-Link is not only alienating a large number of potential customers, but making networks less secure (since custom firmware tends to be more secure and updated more religiously among the tinkering faithful).
I’ve reached out to the FCC for comment, but wasn’t able to glean any more detail from the agency beyond what has already been said. And while the TP-Link lockdown may have not been the FCC’s plan or its fault directly, it may very well be a very ugly, unintended consequence. It’s a shame that an agency that has been a bit more consumer friendly in terms of opening up other hardware and beefing up broadband competition didn’t spend more time thinking this through.
Fortunately, TP-Link isn’t exactly a brand favorite for most router buyers anyway, and the company’s language leaves some wiggle room to suggest that while “the current generation” of open-source third-party firmware won’t work on routers made after June 1, future versions of this same firmware may. TP-Link also appears to be the only vendor doing this (so far at least, please correct me in the comments if this has changed). With any luck, a few competing router vendors will see this as an opportunity to not be lazy and alienate customers — but to compete by providing gear that still respects a user’s freedom to tinker.
Filed Under: dd-wrt, fcc, firmware, open source, open-wrt, router
Companies: tp-link
No, The FCC Is Not (Intentionally) Trying To Kill Third-Party Wi-Fi Router Firmware
from the unintended-consequences dept
Thu, Sep 3rd 2015 06:01am - Karl Bode
For a few months now a rumor has been circulating that the FCC is intentionally planning to ban third-party custom router firmware. Wi-Fi hobbyists (and people who just like a little more control over devices they own) have long used custom, open source firmware like DD-WRT or Open-WRT to bring some additional functionality to their devices, with the added bonus of replacing clunky router GUIs. Custom firmware is also handy in an age when companies like to force firmware upgrades that either eliminate useful functionality, or add cloud-features and phone-home mechanisms a user may not be comfortable with.
But at last July’s BattleMesh 8 event, Wi-Fi enthusiasts noticed the clunky wording of an FCC NPRM (notice of proposed rulemaking) discussing the FCC’s plan to modify the rules governing RF devices. The NPRM in question (pdf), like all NPRMs, is basically the FCC’s way of fielding questions about potential rule changes. It’s important to understand no rules have actually been passed yet before committing gadget-nerd seppuku.
It’s also important to note the FCC’s motivation here is primarily safety, not to be a bureaucratic hardware-enthusiast buzzkill factory. The FAA found some illegally modified equipment operating in the unlicensed bands was interfering with terrestrial doppler weather radar (TDWR) at airports, and pushed the FCC to update its rules governing radios accordingly. But with many routers having systems-on-a-chip (SOC) where the radio isn’t fully distinguishable from other hardware, Wi-Fi hobbyists are worried that a ban on modifying a device’s radio could result in a blanket ban on modifying the device:
“Like all government regulations, the law of unintended consequences rears its ugly head, and the proposed rules effectively ban Open Source router firmware. The rules require all relevant devices to implement software security to ensure the radios of devices operating in this band cannot be modified. Because of the economics of cheap routers, nearly every router is designed around a System on Chip ? a CPU and radio in a single package. Banning the modification of one inevitably bans the modification of the other, and eliminates the possibility of installing proven Open Source firmware on any device.
And these concerns aren’t entirely unjustified, thanks to a few troubling phrases buried in both the NPRM itself, and previous FCC guidance (pdf), which asks vendors questions like:
“What prevents third parties from loading non-US versions of the software/firmware on the device? Describe in detail how the device is protected from ?flashing? and the installation of third-party firmware such as DD-WRT.
So yes, it’s understandable that sloppy FCC engineer wording has some people nervous. But as folks like Stanford lawyer and software engineer Jonathan Mayer have noted, shitty wording during a conversation about potential rules does not automatically equate to shitty rules. Meanwhile, one needs to apply some common sense, and ask if an agency on a uncharacteristic pro-consumer tear — fresh from a battle over one of the most important open platform fights of our time (net neutrality) — would seriously think that banning all personal hardware freedom is a nifty follow up.
Curiously nobody seems to have asked the FCC what they think about all of this. So I asked, and the FCC offered me this admittedly clunky statement (note the underlined bit):
“(FCC rules) require that the devices must ensure that under all circumstances they comply with the rules. The majority of the devices have software that is used to control the functionality of the hardware for parameters which can be modified and in turn have an impact on the compliance of devices. Our rules do permit radios to be approved as Software Defined Radios (SDRs) where the compliance is ensured based on having secure software which cannot be modified. The (FCC’s) position is that versions of this open source software can be used as long as they do not add the functionality to modify the underlying operating characteristics of the RF parameters. It depends on the manufacturer to provide us the information at the time of application on how such controls are implemented. We are looking for manufacturers of routers to take more responsibility to ensure that the devices cannot be easily modified.”
So in essence the FCC is saying that third-party firmware is just fine, just as long as it’s not pushing the radio outside of legally-mandated parameters and causing a safety hazard. I also talked a little bit about the FCC’s plan with Public Knowledge lawyer and FCC wireless policy guru Harold Feld, who spends more time wading through FCC NPRMs and telecom policy wonkery than any expert I know. Feld agrees that killing custom firmware isn’t the FCC’s intentional goal. That said, he’s also quick to note there’s still reason for concern if the rules aren’t crystal clear:
“This is, of course, why the FCC does notices of proposed rulemaking and seeks comment from the parties and affected stakeholders. Especially on technical engineering matters like this, it isn’t a matter of something being baked already. The FCC is responding here to a real world issue: we had problems with illegally modified equipment interfering with terrestrial doppler weather radar (TDWR) at airports. Naturally the FAA freaked out, and the FCC responded to this actual real world concern.
But at the same time, we don’t want the FCC to accidentally write rules that are over-broad or subject to misinterpretation by companies. The real concern here is not some government conspiracy to wipe out open source or mandate encryption. The real worry is that major chip manufacturers will respond by saying “the easiest thing for us to do is lock down all the middleware rather than worry about where to draw the line.” That would potentially kill a lot of innovation and valuable uses.”
The nifty part? This being an open conversation, the FCC is fielding comments on the proposed rule changes. And if you’re a hardware owner looking to protect your right to modify devices you own, you can head here to comment on the NPRM at the FCC website. You can also file a comment in the Federal Register, but need to do so before midnight, September 8.
Update: It appears the FCC decided to begin Labor Day weekend backend system upgrades shortly after this story was posted, meaning their public comment system is offline until next week. Fortunately it appears that the comment deadline had previously been extended, and users concerned about the FCC’s upcoming rules regarding third party open source firmware have until October 9 to make their voices heard.