|
|
Subscribe / Log in / New account

Free-software concerns with Europe's radio directive

Free-software concerns with Europe's radio directive

Posted May 11, 2017 19:16 UTC (Thu) by glaubitz (subscriber, #96452)
In reply to: Free-software concerns with Europe's radio directive by flussence
Parent article: Free-software concerns with Europe's radio directive

> The quoted text only says they have to “support” radio operation within safe limits. As I read it, all that means for any decent Linux-based router is keep using the standard nl80211/CRDA stack and you're good.

Exactly. The regulators couldn't care less what you are running on your hardware. All they want is a guarantee that people cannot modify the radio part of their equipment such that the transmitter operates outside the legal limits.

Allowing devices transmit outside the legal limit is never going to be up for discussion as the frequency band is a shared medium and proper operation for all participating services and operators can only be guaranteed if everyone respects the rules issued by the regulators.

And if there is hardware that allows sideloading of unofficial firmware which can then consequently be used to manipulate the radio part, then this hardware is illegal and needs to be taken offline.

Anyone who thinks that this is about blocking free software hasn't understood the underlying set of problems at all.

Adrian

to post comments

Free-software concerns with Europe's radio directive

Posted May 11, 2017 19:58 UTC (Thu) by zlynx (guest, #2285) [Link] (3 responses)

> And if there is hardware that allows sideloading of unofficial firmware which can then consequently be used to manipulate the radio part, then this hardware is illegal and needs to be taken offline.

The law isn't actually that stupid is it? That would make microwave ovens illegal. Because you can jam the door sensor and run it with the door open, instantly hashing the 2.5 GHz band.

Manufacturers shouldn't be responsible for people doing stupid hacks.

Free-software concerns with Europe's radio directive

Posted May 11, 2017 22:07 UTC (Thu) by Cyberax (✭ supporter ✭, #52523) [Link]

If you try to actually do it, you'll find that your oven will immediately short and be rendered permanently inoperable.

The law mandates this safety feature for all microwaves.

Free-software concerns with Europe's radio directive

Posted May 12, 2017 3:14 UTC (Fri) by dps (guest, #5725) [Link]

In a similar vein you are likely to find a small class 3b laser inside yout DVD rewriter. Larger instances of this class of laser call for eye protection, laser on signs on doors and interlocks such that opennig the door turns the laser turned off. The power supplies, whcih do amps and lots of kV, are pronbably more dangerous that the light but those rules exist for good reasons.

A DVD rewriter is a class 1 laser device, which is completely safe, because the beam is confined within the DVD device and you don't need any door interlocks to own or use ir. There are almost certainly few impediments to you removing the covers and misusing the class 3b laser to damage yout eyes. You can damage your eyes with class 2 lasers too but that requires special effort.

I would think is it not unreasonable to ask manifacturers not to provide otions to violate the spectrum refulations out the box. Those using unofficial firwmare should definitely be resposnvble for enusring they sollow the rules.

Free-software concerns with Europe's radio directive

Posted May 15, 2017 11:18 UTC (Mon) by mxmehl (guest, #104271) [Link]

> The law isn't actually that stupid is it?

The incentives are good (make sure that the radio band is free from interferences) but the means are disproportionate and tackle the problem at the wrong end.

> Manufacturers shouldn't be responsible for people doing stupid hacks.

But RED's 3.3(i) is actually doing that. Manufacturers shall prevent users to do illegal things by locking down software access – while actually max. 0.5% of users intent to do stupid things. And those who really want to tweak their radio parameters in illegal ways will be able to circumvent this easily.

Free-software concerns with Europe's radio directive

Posted May 11, 2017 20:18 UTC (Thu) by zoobab (guest, #9945) [Link] (2 responses)

"And if there is hardware that allows sideloading of unofficial firmware which can then consequently be used to manipulate the radio part, then this hardware is illegal and needs to be taken offline."

Then good luck with any cheap SDR radio coming now.

This FCC/Radio directive comes from some European committee that wanted to solve the 5ghz weather radar and DFS problem, where we ended up locking ANY radio firmware for ANY frequency, even 2.4GHz.

And wifi manufacturers are not locking down the whole firmware, because it is cheaper.

Free-software concerns with Europe's radio directive

Posted May 12, 2017 7:32 UTC (Fri) by Adrien (guest, #82659) [Link]

SDR appears to be the motivation for this article. However, "classes of equipments" which shall be subject to it are still to be defined. We don't know what they might be and they might well include everything. Moreover, since the same hardware is used in several equipments, if it gets applied to phones, laptop might also have to use the same locked-down hardware.

Do you have more details about the origin of the FCC directive? Tracing the thing back to its root is very valuable. The further we got is early 2010s but the document isn't explicit about any issue. Knowing the root needs will help avoid getting the article being applied for something completely different.

Free-software concerns with Europe's radio directive

Posted May 15, 2017 21:56 UTC (Mon) by glaubitz (subscriber, #96452) [Link]

> Then good luck with any cheap SDR radio coming now.

Well, you are always free to challenge your local regulators agency. They have the equipment to trace down illegal senders and if they catch you, it can be expensive, very expensive, up to six figures in fines. I seriously wouldn't try to challenge the FCC or any of their international counterparts.

> This FCC/Radio directive comes from some European committee that wanted to solve the 5ghz weather radar and DFS problem, where we ended up locking ANY radio firmware for ANY frequency, even 2.4GHz.

No, it was the manufacturers who locked up the firmware.

> And wifi manufacturers are not locking down the whole firmware, because it is cheaper.

Actually, they are locking down the whole firmware because it *is* cheaper than adding an additional mechanism to lock the radio part.

Manufacturers have the problem that the allowable frequency spectrum varies by region which means they would have to manufacture different hardware components for every region. In order to reduce costs, they just shift this variation into software and lock out the firmware to make sure people cannot switch the radio part arbitrarily to a different country.

Whether the locking down is very efficient or can be easily worked around with hacks is a different story though.

Adrian

Free-software concerns with Europe's radio directive

Posted May 12, 2017 7:35 UTC (Fri) by Adrien (guest, #82659) [Link] (14 responses)

There are very few issues in practice and both EU and US regulators clearly state it. The lockdown is quite overkill.

We fully agree that the issues are when end-users misconfigure their device. There shouldn't be a presumption that they will however (and remember that it could already be the case but it basically never happens).

Free-software concerns with Europe's radio directive

Posted May 12, 2017 20:59 UTC (Fri) by rahvin (guest, #16953) [Link] (13 responses)

What precipitated this is there were WRT firmware for various routers that allowed configuration of the radio beyond the legal parameters. First time I saw these parameters in the DDWRT firmware that allowed you to raise the radio output above the limit the device was approved under I knew various governments would take action as soon as they encountered an interference problem caused by one.

I'm all for open access but the vast majority of people have no factual understanding of any of these parameters. They see an input box in their firmware that allows them to boost their wifi power so they can get a signal further out and a whole lot of people will do it even if it violates the agency approval. The person doing it has no idea that doing so can cause Doppler effects in other bands and potentially cause enough interference to cause real problems. If you asked your average retail wifi owner if they thought that little box by the computer could disrupt some critical service they would think you were pulling their leg or outright lying.

The easiest way to solve this for devices that basically every household owns but doesn't understand at all is to lock the radio down so it can't operate outside it's approved power limits and bands. Unfortunately we're probably going to have to live with that solution as it guarantees compliance whereas more flexible solutions cannot guarantee that someone won't figure out how to tweak the radio and distribute that tweak to the public. Personally I don't have a problem with this as long as the locks are in hardware or dipswitches on the board rather than software locks. Unfortunately most OEM's just take the easy way out and use signed kernels or propriety firmware's that block freedom.

Free-software concerns with Europe's radio directive

Posted May 12, 2017 21:45 UTC (Fri) by raven667 (subscriber, #5198) [Link] (5 responses)

> Unfortunately we're probably going to have to live with that solution as it guarantees compliance whereas more flexible solutions cannot guarantee that someone won't figure out how to tweak the radio and distribute that tweak to the public.

In my version of the world this is a non-goal, creating the restrictive devices that can make guarantees and putting the liability on the manufacturer seems unnecessary and foolish, while the manufacturer shouldn't present some obvious setting to the user that takes the device out of compliance, if the end user goes out of their way to modify the device to take it out of compliance that should be the liability of the user, not the manufacturer, which means that there is little incentive for the manufacturer to invest in lock-down technology.

Free-software concerns with Europe's radio directive

Posted May 15, 2017 22:10 UTC (Mon) by glaubitz (subscriber, #96452) [Link] (1 responses)

> In my version of the world this is a non-goal, creating the restrictive devices that can make guarantees and putting the liability on the manufacturer seems unnecessary and foolish,

No, it isn't foolish at all. The manufacturer has the necessary training to know regulations and the law. The normal end user usually doesn't.

End users can acquire the proper qualifications through an amateur radio license though. Then legislators actually do allow end users to design, set up and operate their own equipment. They are still expected to respect the limits of the frequency spectrum though. Otherwise it can be very expensive.

> while the manufacturer shouldn't present some obvious setting to the user that takes the device out of compliance, if the end user goes out of their way to modify the device to take it out of compliance that should be the liability of the user, not the manufacturer, which means that there is little incentive for the manufacturer to invest in lock-down technology.

No, I'm sorry, but that's basically a thought-terminating cliché. It's like saying "We don't need speed limits with fines attached to them, because there will still be people who will break the law and ignore the limit."

That's not the point at all that legislators and regulators have in mind. The idea is to make it as difficult as possible to modify the radio device in a way that it can be operated outside the spectrum. There are various ways to prevent that.

Of course, there will still be people who will be able to overcome these lock downs. But since this usually requires advanced technical skills, the number of users who will be able to do that is limited. For example, if you have to modify the hardware and replace parts to tune the radio part, it requires much more work to circumvent the lock down as compared to if the manufacturer allowed tuning by simply setting some values in the software.

Again, legislators and regulators are fully aware that they cannot protect against malicious users with 100% efficiency. But if they, let's say, achieve 75% efficiency, it's still much better than 10% efficiency. The remaining users that are willing to break the law will be traced down by the engineers at FCC when they roam around with their measurement equipment and punish violators with high fines.

The whole discussion isn't new and regulators aren't naive. The problem to keep the spectrum clean has existed for decades. The only thing that changed is that often the manipulation of the radio part can now be done in software as compared to older, analogue transmitters. Thus, legislators and regulators consequently adapted the laws to cover software modification as well.

Adrian

Free-software concerns with Europe's radio directive

Posted May 18, 2017 8:14 UTC (Thu) by oldtomas (guest, #72579) [Link]

> No, I'm sorry, but that's basically a thought-terminating cliché. It's like saying "We don't need speed limits with fines attached to them, because there will still be people who will break the law and ignore the limit."

Ahem. Actually, it's the driver who pays the fine, not the car manufacturer. So you seem to agree with raven on this?

Free-software concerns with Europe's radio directive

Posted May 16, 2017 9:52 UTC (Tue) by farnz (subscriber, #17727) [Link] (2 responses)

The trick then is to make it hard for the end user to modify the device outside compliance, such that if they do so, it's tamper-evident.

For example, current UNECE rules for speedometers say that a car can only be type-approved under UNECE rules if the speedometer cannot underread (claim that you're travelling at 29 kph when you're in fact travelling at 30 kph) with any tyres that physically fit in the wheel arches, and sets limits on the maximum overread if you're using manufacturer approved wheel and tyre combinations (IIRC, 10% plus 10 kph overread is permitted, so a car travelling at 50 kph can have a speedometer reading of 65 kph).

For a router, similar might require you to break part of the router case, then remove a screw and unsolder a connection. You've now done enough physical alteration of the device that it's evident that it's been changed, and therefore not the manufacturer's fault if it isn't RF-compliant.

Free-software concerns with Europe's radio directive

Posted May 17, 2017 3:25 UTC (Wed) by raven667 (subscriber, #5198) [Link] (1 responses)

The thing that makes software configuration desirable for wireless is that you are selling the same hardware designs for multiple applications in many jurisdictions with different rules, you probably don't want to require physical modification (dip switches again 8-) so that the same chip can be used with localized software in the US, Japan, Europe, Brazil, China, etc. The stock firmware doesn't need to provide an easy, user accessible setting for taking it out of compliance, so normal usage should not be a problem, but if you reflash it with your own software then for me that's sufficiently difficult and evidence to indicate you are taking liability into your own hands. If you reprogram it to do stupid stuff then your local regulator can sanction you based on the trouble you cause, but I don't see that the manufacturer needs take draconian measures to prevent this, like preventing firmware updates or making the hardware tamper resistant. If the vendor does firmware signing then there should also be a developer mode to allow unsigned firmware or to add your own key, which could require some physical modification, that's not unreasonable. The better car analogy is that cars are not physically prevented by their manufacturer from exceeding speed limits, the owner is responsible for how they drive and if you are out of compliance you can be sanctioned.

Free-software concerns with Europe's radio directive

Posted May 17, 2017 8:37 UTC (Wed) by farnz (subscriber, #17727) [Link]

Yep - and my described solution is basically "to disable the signed firmware requirement, break off this bit of plastic moulding. Undo the screw that's now exposed (and will be clearly visible to future buyers of the device, with scary words around it), and you can solder on a jump lead that disables signing and enters developer mode.

That puts it comparable to the car scenario - you have to do the equivalent of the metal bashing you have to do to make your speedo underread in order to enter developer mode, and the fact that you've done obvious physical damage to get there means that the manufacturer can argue that you knew what you were doing.

Free-software concerns with Europe's radio directive

Posted May 12, 2017 22:19 UTC (Fri) by pizza (subscriber, #46) [Link] (5 responses)

> What precipitated this is there were WRT firmware for various routers that allowed configuration of the radio beyond the legal parameters.

I'm typing this communicating through a completely-stock access point, purchased within the US, that allows itself to be configured outside "legal" parameters -- Uts UI allows the user to specify which country it's operating within, which means means I can easily configure it to go outside the US 2.4GHz ISM band, and the bits of the 5GHz ISM band that are off-limits in the US.

That said, even if I limit myself to "FCC" frequencies, I can also specifically instruct this device to exceed legal output power limitations on the 5GHz side of things -- certain sub-bands have different indoor/outdoor power restrictions, and the device itself has no way of knowing where it's actually deployed. Or what kind of antenna you've connected to the device. It's the user's responsibility to know what combinations are legal and properly configure an appropriate power limit, and that holds whether or not the radio control functionality is locked down or not.

(Incidently, the overwhelming majority of the devices supported by DD-WRT are physically incapable of exceeding in-band output power limitations, though the sidelobes if pushed to hardware limits might barely violate out-of-band limits. And at that jacked-up power level you're likely to have ruined your ability to actually communicate with the AP anyway)

Free-software concerns with Europe's radio directive

Posted May 15, 2017 21:43 UTC (Mon) by davecb (subscriber, #1574) [Link] (4 responses)

I think you're pointing out the most important thing in the discussuion: it is the user's responsibility to operate the device legally. The manufacturer can help to some degree, but unless they also ship a telepathy chip in the router, they can't know if the user has set it propertly.

Free-software concerns with Europe's radio directive

Posted May 15, 2017 21:49 UTC (Mon) by glaubitz (subscriber, #96452) [Link] (3 responses)

> I think you're pointing out the most important thing in the discussuion: it is the user's responsibility to operate the device legally. The manufacturer can help to some degree, but unless they also ship a telepathy chip in the router, they can't know if the user has set it propertly.

No, that's not how radio regulations work in most countries. Most legislators put the burden to lock the device on the manufacturer because they do not trust end users without the proper training.

Legislators do allow end users to take over responsibility for operating a radio safely with full access to the radio parameters if they have an amateur radio license, however.

Adrian

Free-software concerns with Europe's radio directive

Posted May 15, 2017 21:56 UTC (Mon) by davecb (subscriber, #1574) [Link] (2 responses)

That's certainly not the case in Canada, and I understand from US hams, in the 'States either. Citation?

Free-software concerns with Europe's radio directive

Posted May 15, 2017 22:17 UTC (Mon) by glaubitz (subscriber, #96452) [Link] (1 responses)

> That's certainly not the case in Canada, and I understand from US hams, in the 'States either. Citation?

Of course it is. It's one of the basic ideas of becoming a ham.

From [1]:

> B-001-005-002.... The holder of an Amateur Radio Operator Certificate may design and build from scratch transmitting equipment for use in the amateur radio service provided that person has the:
>
> *Advanced qualification*
> Basic and Morse code qualification
> Morse code withe Honours qualification
> Basic qualification

For Canada [2]:

> Basic Qualification: an examination of 100 questions.
>
> access all amateur bands above 30 MHz
> use a maximum of 250 watts DC transmitter input power
> build and operate all station equipment, except for "home-made" transmitters
> Basic with honours (80% or above score) - access to all amateur bands below 30 MHz
> There is no Morse code requirement on this test.
>
> Advanced Qualification: an examination of 50 questions.
>
> access all amateur bands below 30 MHz
> use maximum transmitter power of 1000 watts DC input
> build and operate transmitting equipment
> establish repeaters and club stations
> remotely control fixed stations, including the use of radio links
> There is no Morse code requirement on this test.

I'm a fully licensed hamradio operator myself (class A German license).

Adrian

> [1] https://www.hamstudy.com/freebasic/b-001-5.html
> [2] http://www.eham.net/newham/howtobecome

Free-software concerns with Europe's radio directive

Posted May 15, 2017 23:35 UTC (Mon) by davecb (subscriber, #1574) [Link]

Ah, we're saying the same things but arguing different points!

In Canada, everyone is required to obey the law[1], but only licensed people can build their own equipment, because they have demonstrated the ability to obey the law, by passing the appropriate exams.

I was making the point that *everyone* must obey the law: I read you as saying that hams have more priveledges, based on their *demonstrated expertise*, while manufacturers must limit their (unlicensed) customers' capabilities.

--dave
[1. For excample, the minister may "issue orders to persons in possession or control of radio apparatus, interference-causing equipment or radio-sensitive equipment that the Minister determines to be responsible for the harmful interference", to cease their unlawful linterference https://www.canlii.org/en/ca/laws/stat/rsc-1985-c-r-2/lat... at 5(1)l]

Free-software concerns with Europe's radio directive

Posted May 13, 2017 16:21 UTC (Sat) by Adrien (guest, #82659) [Link]

You already live with knives that can be used to stab people and cars that can be used to run over people too. The actual world, and the world that lawmakers understand, does not have such restrictions for everything.

But the regulators themselves say that these issues do not happen. There is absolutely no reason to add such restrictions.

And this only applies to devices sold in the EU. Not the ones brought across the border by individuals.

So:
- no reason strong enough for such a lock-down
- not an issue in practice
- no attempt to actually prevent possible issues anyway


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds