TP-Link agrees to allow third-party firmware in FCC settlement
The US Federal Communications Commission (FCC) has announced a settlement with network-hardware manufacturer TP-Link, covering both the company's non-compliance with FCC transmission-power regulations and the company's plan to lock-out third-party firmware—including open-source firmware projects like OpenWrt. "While
manufacturers of Wi-Fi routers must ensure reasonable safeguards to
protect radio parameters, users are otherwise free to customize their routers and we support TP-Link’s commitment to work with the open-source community and Wi-Fi chipset manufacturers to enable third-party firmware on TP-Link routers.
" Under the settlement agreement, TP-Link will pay a $200,000 fine for shipping WiFi routers that could be configured to run above the permitted power limits, but it will also have to cooperate with open-source firmware projects to make sure they remain installable. TP-Link had moved to block user-installed firmware in March as its first attempt to satisfy the FCC's complaint about non-compliant power settings.
Posted Aug 1, 2016 19:25 UTC (Mon)
by rvfh (guest, #31018)
[Link] (6 responses)
Posted Aug 1, 2016 20:18 UTC (Mon)
by drag (guest, #31333)
[Link] (5 responses)
FCC believes that people shouldn't be able to fiddle around with transmitting radios without a license and are forcing hardware manufacturers to cover the costs of enforcement.
Posted Aug 2, 2016 2:39 UTC (Tue)
by Paf (subscriber, #91811)
[Link] (1 responses)
So, no, you can't make third party firmware do things which are illegal - but you are allowed to have third part firmware. And in fact companies (or at least this one) can't legally prevent you.
Posted Aug 2, 2016 15:23 UTC (Tue)
by drag (guest, #31333)
[Link]
Not for the actual radio itself. I am talking about /usr/lib/firmware firmware, not openwrt firmware.
In Cell phones they often use a separate embedded module that controls the radio separate from the OS. This represents a VERY significant risk to privacy and means that you really never are complete control of your phone.
It would be sad if such things happened to everything that has any radio transmitter on it.
Posted Aug 2, 2016 8:04 UTC (Tue)
by ledow (guest, #11753)
[Link] (2 responses)
All they are restricting is the power you can transmit at. That could literally just be a burned-in dB value or a set resistance on a circuit. There's no need to configure that as, by law, tweaking it beyond normal parameters is illegal anyway. It's like saying that a TV card isn't "open-source" because you can't tune it down to receive at 0.5MHz.
There's also nothing saying the radio power can't be adjusted, just that the MAXIMUM must be respected. As I say, if they do this by putting a certain resistance into a circuit, that still lets open-source firmware dial the transmission down, like managed Wifi systems do, to increase global throughput.
Open-source is not about "you need to be able to do control every possible theoretical function of the system". It's about "if proprietary firmware can do it, so should we be able to". And the maximum transmission level is not something that proprietary or open-source firmware should be able to exceed, because of the laws around this.
Historically, the maximum transmission level wasn't even implemented. Now it will be implemented in hardware or at least outside the scope of ANY firmware. That means proprietary and open-source firmware are back on a level peg again.
Sure, it means you can't exceed the maximum transmission level, but control of the device for any legal purpose isn't hindered at all.
Sometimes OS-evangelism goes too far. Even if you were to make an OS router yourself, you wouldn't be able to get it FCC certified without literally removing the capability for users to tweak the maximum transmission power level. So restricting that isn't about removing your software freedoms as much as making devices that are legal to use, buy and sell.
Posted Aug 2, 2016 8:29 UTC (Tue)
by jem (subscriber, #24231)
[Link]
And the frequencies you can use. Which differ from one country to another.
Posted Aug 2, 2016 15:27 UTC (Tue)
by drag (guest, #31333)
[Link]
Sometimes they care just about frequency and power, sometimes they care about a lot more then that. Depends on the device being sold.
I am much less concerned about 'OS-evangelism' and actual Freedom for people to innovate and move the technology forward as well as having the ability to protect oneself from the negative aspects of technology.
Posted Aug 1, 2016 20:32 UTC (Mon)
by gioele (subscriber, #61675)
[Link] (10 responses)
To streamline the manufacturing process, they could manufacture a generic version, then blow an efuse that permanently sets the radio parameters according to the limits imposed by the FCC transforming the box into a USA-only 100% FCC-compliant router.
Am I missing some fundamental detail?
Posted Aug 1, 2016 20:41 UTC (Mon)
by luto (guest, #39314)
[Link] (5 responses)
More fundamentally, I think that one of the issues that the FCC cares about is radar detection (i.e. turn off or switch channels when radar is detected), and I think that's generally implemented in software.
Posted Aug 1, 2016 21:08 UTC (Mon)
by pizza (subscriber, #46)
[Link] (2 responses)
The main thing the FCC is concerned about is out-of-band emissions. Within the legal bands, very few devices on the market come anywhere near close to the in-band power limits .
The thing is, unless the wifi chipset has some sort of onboard flash/efuse/etc holding parameters (and reads them without any software assistance) then the software can always muck with things. (I should know, I've written code to do said mucking with many times now)
Posted Aug 2, 2016 9:05 UTC (Tue)
by rcochran (guest, #105426)
[Link] (1 responses)
Richard
Posted Aug 2, 2016 9:55 UTC (Tue)
by farnz (subscriber, #17727)
[Link]
Because, for the purposes of 802.11, radar is only something you're supposed to notice in the 5 GHz band, not the 2.4 GHz band.
802.11 devices are only supposed to worry about radar when using bands where radar is the primary licensed user, and WLAN is a secondary permitted use; in the 2.4 GHz band, there's no primary licensed user, so 802.11 does not need to worry about interfering with the primary user. In the 5 GHz band, there are chunks where radar is the primary licensed user, and WLAN is permitted to use the spectrum as long as it does not interfere with radar operations; 802.11 has interpreted this as "when you detect radar on a channel, do not use it".
Thus, any radar detection on 2.4 GHz is wrong - the spec for 802.11 says to only do radar detection in the 5 GHz band; further, only 5 GHz devices are required to support channel change notifications and channel blacklisting, so reacting to radar detection in the 2.4 GHz band is not possible (you can't be confident that everything will respect the radar detection).
Posted Aug 2, 2016 15:58 UTC (Tue)
by jhhaller (guest, #56103)
[Link] (1 responses)
Posted Aug 8, 2016 21:27 UTC (Mon)
by Arch-TK (guest, #103811)
[Link]
Maybe I should just route all my internet traffic through every major government's security organisation and save on the hassle?
On a serious note, offloading this to a proprietary blob running on a locked down chip is not the solution, the FCC makes tweaking this stuff illegal, and finding out that you've been doing something stupid isn't that difficult for the government to do. I mean you're broadcasting EMF over air, if someone wants to know the source, they will find the source.
Basically, this is all still doable despite the FCC's requirements on locking everything down, which is why it is also illegal. Why not just make it illegal and leave it at that instead of introducing lots of rules which harm either privacy, security or customisability?
Posted Aug 1, 2016 21:06 UTC (Mon)
by micka (subscriber, #38720)
[Link] (2 responses)
Posted Aug 1, 2016 22:59 UTC (Mon)
by callegar (guest, #16148)
[Link]
Indeed, this can result in devices that have a reduced functionality when used abroad (namely, they may end up operating well below what the local rules allow).
Posted Aug 2, 2016 3:32 UTC (Tue)
by flussence (guest, #85566)
[Link]
In this case, that someone is TP-Link... they had all these free safety belts and chose to ignore them and write NIH crapware instead. The $200k seems justified.
Posted Aug 1, 2016 21:11 UTC (Mon)
by Jonimus (subscriber, #89694)
[Link]
Its the same reason TP-Link sold routers that had a built in region switch in the UI. It made it so they could produce one model for all regions rather than having to make multiple versions.
Posted Aug 2, 2016 9:20 UTC (Tue)
by brouhaha (subscriber, #1698)
[Link] (4 responses)
Posted Aug 2, 2016 13:40 UTC (Tue)
by Wol (subscriber, #4433)
[Link] (1 responses)
Foot-dragging and obstructionism is likely to trigger a storm at the FCC. That's one that the FCC get dragged in to, not one that they started ...
Cheers,
Posted Aug 3, 2016 8:30 UTC (Wed)
by zoobab (guest, #9945)
[Link]
Actually, according to last Battlemesh talk on the subject, the radio lockdown was started by an European Commission advisory committee (based on a study on wifi 5Ghz and radars interference). There is one american expert speaker who said the FCC did not not had enough man power to make scientific studies on this issue.
Posted Aug 2, 2016 21:54 UTC (Tue)
by makomk (guest, #51493)
[Link] (1 responses)
Posted Aug 2, 2016 23:19 UTC (Tue)
by mtaht (subscriber, #11087)
[Link]
http://fqcodel.bufferbloat.net/~d/fcc_saner_software_prac...
(in addition to 1300? 1700? filings from other orgs)
And later met in person with many of the top people there:
https://www.fcc.gov/ecfs/filing/60001306685
I am inclined to put this result in the "win" column, provisionally.
June 2 came and went, tp-link's router firmware returned to field upgradable, and other manufacturers did nothing to make flashing other firmwares any harder than it already was. Hopefully, our arguments buttressed the legal case ongoing at the time against tplink (I knew there was one, but not against whom, or over what, I hope to get more details).
This does not mean the war is won, however. Certainly binary blob firmware that completely controls the radio remains a problem - but progress is being made with the very thin firmware in the 802.11ac mt76 chipset, I am not aware of 5ghz ath9k chips requiring blobs, and other binary only firmwares are improving to support APIs that fq_codel on wifi needs.
http://blog.cerowrt.org/post/fq_codel_on_ath10k/
(Recently a few new *major* chipsets had wifi drivers submitted to the linux kernel, but I haven't looked at what, exactly the firmware controls. The state of most wifi drivers and firmware is thoroughly depressing - and a very smart and fast co-processor is seemingly needed to run at very high rates)
Five things I learned from this exercise:
1) If a legalistic solution can be vague, it will be. It then can be spun many ways for many audiences. Read Ed Bernays.
Still, sometimes what is said publicly, continues to matter, and the FCC has said some very nice things.
2) The FCC was not the enemy, but a harried organization attempting to fulfill its mandates. As minimally outlined, their problem was the FAA complaining about wifi interference with weather radars. The first solution was overbroad. They have a much better understanding of the roles of open source, third party firmware now - after the keruffle - of the usefulness of user control, better security, and more frequent updates.
The FCC has WAY bigger problems than linux wifi. The number of wireless capable devices requiring certification and testing is skyrocketing, among other things.
https://twitter.com/FCC is a good source for the FCC's other concerns.
3) If you really want attention in D.C., it is a good idea to make a good argument, with a lot of well known people, file it somewhere inside the agency's process, and then issue (buy) a press release, and make the biggest stink you can.
As it turned out many of the recommendations we made above cannot be implemented inside the FCC's mandates, but the FTCs.
4) Chipmakers can now no longer hide behind an argument that the FCC will not let them open up their firmware.
5) The best "proof of the pudding" I can think of would be to push through a new product with much more or entirely open wifi firmware through the FCC processes, using the CRDA library to enforce the rules. Lining up a vendor willing to try that has so far not happened, although I expected a few mt76 chipsets to enter the US by now, I have not been actively watching their RSS feed for progress.
All in all, honestly, I do think we moved the dial a few notches in the right direction, and I'm going to sleep pretty well tonight.
Posted Aug 3, 2016 8:10 UTC (Wed)
by mfuzzey (subscriber, #57966)
[Link] (2 responses)
I totally understand the necessity to regulate the spectrum to avoid interference to other users. But I think that if someone modifies their router to operate outside the rules *they* should be responsible, not the manufacturer.
It's like speed limits on roads. They are needed and drivers are responsible if they exceed them. We don't force manufacturers to only make cars that cannot exceed the speed limit.
Posted Aug 3, 2016 10:13 UTC (Wed)
by jezuch (subscriber, #52988)
[Link]
...yet.
BTW: it's not a new thing. http://spectrum.ieee.org/geek-life/history/the-man-who-in...
Posted Aug 3, 2016 11:05 UTC (Wed)
by davecb (subscriber, #1574)
[Link]
As usual with software, the boundaries can get awfully soft and fuzzy, and you have to work surprisingly hard to get what the lawyers call a "bright line" rule.
TP-Link agrees to allow third-party firmware in FCC settlement
TP-Link agrees to allow third-party firmware in FCC settlement
TP-Link agrees to allow third-party firmware in FCC settlement
TP-Link agrees to allow third-party firmware in FCC settlement
TP-Link agrees to allow third-party firmware in FCC settlement
TP-Link agrees to allow third-party firmware in FCC settlement
TP-Link agrees to allow third-party firmware in FCC settlement
TP-Link agrees to allow third-party firmware in FCC settlement
TP-Link agrees to allow third-party firmware in FCC settlement
TP-Link agrees to allow third-party firmware in FCC settlement
TP-Link agrees to allow third-party firmware in FCC settlement
TP-Link agrees to allow third-party firmware in FCC settlement
TP-Link agrees to allow third-party firmware in FCC settlement
TP-Link agrees to allow third-party firmware in FCC settlement
TP-Link agrees to allow third-party firmware in FCC settlement
TP-Link agrees to allow third-party firmware in FCC settlement
TP-Link agrees to allow third-party firmware in FCC settlement
TP-Link agrees to allow third-party firmware in FCC settlement
The FCC order does NOT say that TP-Link will allow third-party firmware!
The FCC order does NOT say that TP-Link will allow third-party firmware!
Wol
The FCC order does NOT say that TP-Link will allow third-party firmware!
The FCC order does NOT say that TP-Link will allow third-party firmware!
The FCC order does NOT say that TP-Link will allow third-party firmware!
TP-Link agrees to allow third-party firmware in FCC settlement
Or (a bit closer to the wifi case), if I modify my car to improve performance, whilst violating emissions and safety regulations I'm the one who's going to prosecuted, not the manufacturer because their car could be modified...
TP-Link agrees to allow third-party firmware in FCC settlement
Limits on capability or use?