from the apparently-we-don't-own-the-hardware dept.
The Federal Communication Commission's (FCC) rules on Wi-Fi router firmware are having an effect on the market:
Network gear maker TP-Link will no longer allow people to install customized firmware on its Wi-Fi routers in the US – and the FCC is to blame. In a brief statement and FAQ posted this week, TP-Link – which is based in Shenzhen, China – said the FCC's revised rules on radio-based equipment makes user reprogrammable firmware illegal in America, and therefore it cannot sell in the US routers that can be re-flashed by their owners.
"Devices sold in the United States will have firmware and wireless settings that ensure compliance with local laws and regulations related to transmission power," TP-Link said. "As a result of these necessary changes, users are not able to flash the current generation of open-source, third-party firmware."
[...] The FCC earlier backed off a bit on the matter, but maintains it will not allow devices that can be re-flashed to operate outside authorized radio frequency bands. TP-Link, however, said that the FCC rules as they stand will not allow it to offer people the ability to reprogram their router firmware.
"The FCC requires all manufacturers to prevent users from having any direct ability to change RF [radio frequency] parameters (frequency limits, output power, country codes, etc)," TP-Link stated. "In order to keep our products compliant with these implemented regulations, TP-LINK is distributing devices that feature country-specific firmware."
Previously: New FCC Rules Could Ban WiFi Router Firmware Modification
FCC Clarifies Position on WiFi Routers: Okay to Modify OS but Not Radio Firmware
Related Stories
Hackaday sounds the alarm and along with ThinkPenguin, the EFF, FSF, Software Freedom Law Center, Software Freedom Conservancy, OpenWRT, LibreCMC, Qualcomm, and others have created the SaveWiFi campaign (archive.is capture, real link is at this overloaded server) , providing instructions on how to submit a formal complaint to the FCC regarding this proposed rule. The comment period is closing on September 8, 2015.
From Hackaday:
Under the rule proposed by the FCC, devices with radios may be required to prevent modifications to firmware. All devices operating in the 5GHz WiFi spectrum will be forced to implement security features to ensure the radios cannot be modified. While prohibiting the modification of transmitters has been a mainstay of FCC regulation for 80 years, the law of unintended consequences will inevitably show up in full force: because of the incredible integration of electronic devices, this proposed regulation may apply to everything from WiFi routers to cell phones. The proposed regulation would specifically ban router firmwares such as DD-WRT, and may go so far as to include custom firmware on your Android smartphone.
A lot is on the line. The freedom to modify devices you own is a concern, but the proposed rules prohibiting new device firmware would do much more damage. The economic impact would be dire, the security implications would be extreme, and emergency preparedness would be greatly hindered by the proposed restrictions on router firmware. The FCC is taking complaints and suggestions until September 8th.
Leave a comment for the FCC via this link to the Federal Register
The United States Federal Communications Commission (FCC) has published on their blog a clarification on their previous request for comments regarding modifications by end users of the firmware inside WiFi routers.
In short: the FCC does not intend to force device manufacturers to intentionally disable updates or modifications to the operating system. They do maintain that changes to the radio device firmware must be controlled to enforce spectrum requirements. The exact details have also been made available as a PDF. As a seasoned IT professional, open source community member, and amateur radio operator I'm glad to see the FCC issue this clarification and I personally think the compromise is sound and reasonable. The FCC publications can tell you why this is important so here is some info on what is likely to happen.
Heads up: the majority of manufacturers will probably lock the entire router down including the operating system because this will be the least cost mechanism available. It is quite likely that the average consumer WiFi routers will not meet the needs of high technology individuals but it also does not mean that these needs cannot be met at all. Some manufacturers will create routers without arbitrary restrictions on the operating system, and it is still possible to construct a modular WiFi solution using distinct components such as dedicated access points. This will certainly cost more but it is the reality of being an outlier in consumer markets.
In the interest of full disclosure: I am impacted because the proposed regulations don't protect ham radio operators in the 2.4GHz part of the spectrum, where there is overlap in usage with consumer (part 15) WiFi gear. I'm also impacted because I enjoy cheap hardware as much as the next person.
(Score: 3, Insightful) by Anonymous Coward on Sunday March 13 2016, @10:55AM
Intent isn't magic. Even if the FCC did not intend for this to happen, laziness and cheapness makes this type of response to the new rules an inevitability. The result will be fewer devices that respect the users' freedoms.
Instead of creating rules that have terrible practical effects and all sorts of collateral damage, it is better to punish offenders when they are found, even if that is often difficult. A good-faith effort to design the software so that the user can't break the rules without re-flashing should be good enough in most cases, and it would not have all this collateral damage. If someone decides to make an effort to break the rules, that is on them; don't punish everyone for that.
(Score: 2, Insightful) by Anonymous Coward on Sunday March 13 2016, @11:10AM
Dearest Pleeb,
Replacing the firmware in your router would result in the removal of our tracking and monitoring abilities. These capabilities provide us with the information necessary to provide you with the best possible Internet and shopping experiences, which are double plus good.
Sincerely,
Anonymous Guardian and Benefactor
(Score: 5, Insightful) by Anonymous Coward on Sunday March 13 2016, @01:47PM
Oh, to be so young and uninformed again. Look, reflashing the router firmware and upping the signal output will allow us to create a mesh net in the event that the government decides to change regimes without our consent and shut down the net.
This is about an attack on mesh networks under the guise of protecting everyone from "rogue baddies" who would interfere with their neighbor's wifi signal -- As if you couldn't just make a directional jammer out of any transmitter, and are still pretending that many software defined radios aren't cheaper than routers. Point being, it's just another threat narrative designed to manufacture consent, like "turrism!" or "drrrugs!", etc.
Anytime the government is "afraid" that someone might do something, they're lying to you about what that something is. "Someone might shoot up a school!" => "Everyone might have the ability to resist a regime change!"
(Score: 0) by Anonymous Coward on Sunday March 13 2016, @05:50PM
Yeah I'd have thought a "malfunctioning" (plausible deniability anyone? ;) ) microwave oven could do a lot more damage to the WiFi band. Compare how much power your router draws and how much a microwave oven draws.
As for interference due to rogue stuff going past power limits- you get that already if you have tons of normal WiFi devices in the same spot. Big fucking deal. The more people some idiot annoys with "custom firmware" the more likely he will get caught.
And from the security perspective, it's WiFi, hardly anyone really cares about security not even the WiFi consortium themselves - evidence is their laughable protocols (WPA2 PSK is not secure[1]). All despite the concepts of TLS/SSL being around for so long. Nobody has seriously implemented this: http://mobile.slashdot.org/story/11/08/03/1551250/ibm-to-unveil-secure-open-wireless-at-black-hat [slashdot.org]
http://it.slashdot.org/comments.pl?sid=457132&cid=22455074 [slashdot.org]
[1] http://www.howtogeek.com/204335/warning-encrypted-wpa2-wi-fi-networks-are-still-vulnerable-to-snooping/?PageSpeed=noscript [howtogeek.com]
(Score: 2, Interesting) by pTamok on Sunday March 13 2016, @11:33AM
Given that manufacturers already have to comply with differing regulations in differing parts of the world, I hope that it is a viable option (in business terms) to offer re-flashable routers outside the USA.
If there are good business reasons for doing so (i.e. it is sufficiently profitable), then there might be a push for the locked rf stage to be separated from the re-programmable parts, so that modifying the firmware cannot change the rf behaviour. It would have to be pretty profitable, though, as increasing the component count and number of production steps increases costs.
(Score: 2) by Nerdfest on Sunday March 13 2016, @02:33PM
How about we actually get the law fixed so that the illegal stuff is punished rather than the equipment that *might* be used to do it. Seriously, if boosted signals are causing problems, start hunting them down and punishing people. This is a poorly disguised attack on freedoms.
(Score: 5, Insightful) by JoeMerchant on Sunday March 13 2016, @01:15PM
Manufacturers have had long-standing work arounds for FCC compliance in the US - for instance: handheld radios have been manufactured with multiple band restrictions in software, and "jumpers" on the PCB control which bands are active. Since the FCC makes "user reprogrammable" radios illegal, the jumpers are replaced with surface mounted 0402 resistors, remove or replace the right resistors and get the region restrictions you desire, including none.
Same could be done on routers - remove an 0402 and get reprogrammability back... if TP Link wanted to.
🌻🌻 [google.com]
(Score: 3, Informative) by Runaway1956 on Sunday March 13 2016, @01:57PM
Netgear. They have a variety of routers available. If you search for "open router", they are easy to flash to either Tomato or DD-WRT. Everything is configurable from either of these network interfaces.
And, here, I want to put in a plug for Netgear. They are the only router company which actively supports customer modificaitons. Make your router do what YOU want it to do.
http://www.myopenrouter.com/node [myopenrouter.com]
Before you start flashing, BE SURE that you've read through the documentation at least twice.
(Score: 0) by Anonymous Coward on Sunday March 13 2016, @04:08PM
It might be the case that the U.S. government might be more lenient on U.S. based companies than on foreign companies that offer the same product.
(Score: 1, Interesting) by Anonymous Coward on Sunday March 13 2016, @06:48PM
But soon all you will have are older models and at some point the supply will either dry up, or not be worthwhile.
FCC will win and beat down innovation, in the end.
(Score: 2) by bitstream on Sunday March 13 2016, @02:25PM
The headline should been "TP-LINK Won't Sell Reprogrammable WiFi devices in U.S because of FCC Firmware Rules". Router isn't the same as WiFi access point. The router I think of without any qualifiers is a big metal box with 128 RJ45 jacks and various optical plugins with loud fans or for home use one that separate networks from a collision domain.
Anyway, Make these device chips have separate areas for the radio and the routing handling. The reason to do this at chip level is to reduce cost. Because more chips will mean more cost. While changing the chip is cheaper in volume production.
Oh btw.. mesh networks is an interesting thing. Might make it hard to control ;)
(Score: 2) by fnj on Sunday March 13 2016, @03:18PM
Funny, that's not what I think of at all. A router to me is something with two network interfaces, packet inspection/selective forwarding, and packet header rewriting. Period. Anything more than that is either multiple routers in a box, or the addition of network switches, a firewall, etc.
A "network interface" could be an ethernet port, a WiFi transceiver, etc.
I happen to like separation of focused functionality (pretty much the same as Unix philosophy), so IMHO, yes, combining a router with a WiFi access point is, to me, stupid.
The most that combining makes sense to me is a router with a firewall.
(Score: 1, Insightful) by Anonymous Coward on Sunday March 13 2016, @04:43PM
I suppose that for many householders, the untidiness entailed by your approach outweighs the flexibility, longer time until obsolescence, and easier troubleshooting that it affords.
Some people use Wi-Fi in order to have fewer wires. For them, having the access point separate from the router is unappealing because it implies an additional Ethernet cable and another power supply, which in turn requires another mains outlet and possibly the use of an outlet strip where one wouldn't have been needed (outlets commonly coming in pairs). A single unit must be cheaper to manufacture, besides.
Standing with those who dislike nests of wires are, I suppose, people who prefer the appearance of a single box to that of two, three or four (modem + router + Wi-Fi AP + VOIP ATA), and people who assume the former is simpler to live with. For those who aren't good at cable management, that assessment can easily be correct. Ever broken the tab off an RJ-45 connector, then used it anyway?
(Score: 1, Informative) by Anonymous Coward on Sunday March 13 2016, @04:30PM
This is not about FCC or TP-Link, it is about lazy people who only think inside the box.
1) Get a RPi, wireless adapter and IPFire. Done you have "WiFi Router". Mets FFC requirements and completely "flashable".
2) Get a Jaguar Atom. USB3 wireless adapter and Debian. Again you are done.
3) Get a small foot print desktop or an old K6-2, a couple wireless adapters and Debian, toss is few network cards, you have multiple wireless networks (Entertainment, Kids, Business, Guest, Adults), with full controlled access between them.
TP-Link's "lie" is that they want to make a single all-inclusive board, instead for two... A router that third party flash-able and radio that is not. If they were smart they would make a type of 3) above, allow the user to add extra networking as needed.
(Score: 0) by Anonymous Coward on Sunday March 13 2016, @06:22PM
TP-Link's "lie" is that they want to make a single all-inclusive board, instead for two
But TP-Link's "truth" is they need to stay competitive regarding price in the consumer market where "plug it in and it works" is a basic requirement for 99% of its customers. This is why they use an all-inclusive board.
(Score: 0) by Anonymous Coward on Monday March 14 2016, @12:09PM
But you are missing the point. TP-Link already makes all the parts. From nano USB2 to big USB3 wireless adapters. Their wireless routers already has USB and USB3 ports. So it is purely packaging not cost.
RPi + Wireless + IPFire is about $50 retail. Why buy at $250 box. So sure TP-Link is staying completive.
PS: It will cost them less in the long run to make two parts. That way, when the radio is updated, they just have to get that through FCC "sign-off". SO, desktop, laptop and WiFi router, one shot. The router part can be foot into home market: router, NAS, thin client, chrome"book", kangaroo. roku, ...
(Score: 2) by pendorbound on Monday March 14 2016, @02:02PM
They already make pretty much "two parts." Every access point I've ever looked inside had a dedicated chip for the actual radio portions. Frequently (but not always) it's on some kind of daughter card. That part is what gets FCC certified. They can change out the rest of the device without having to re-cert.
TP-Link's interpretation of the FCC's mandate is that because the firmware for that WiFi chip is loaded at boot from the Linux OS running on the main CPU, they have to lock the whole thing down so you can't make the OS load a "wrong" firmware. Seems a little silly considering under Linux, just about any WiFi device can be forced to load alternative firmware with different radio parameters.
(Score: 2) by MostCynical on Sunday March 13 2016, @10:27PM
And, when something goes wrong and a non-technical person in the house wants the internet back, how many things need to be re-set, re-booted, logged-in, how many passwords are needed? How much knowledge? How long does iit take?
Are you always home? Can you trouble shoot for your spouse or children from the bus or train (often without mobile coverage, so bo remote logins.. Oh, the box is off anyway?)
Tl;dr one box, back online ina few minutes...
"I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
(Score: 0) by Anonymous Coward on Monday March 14 2016, @12:00PM
Uptime of my equipment is over 180 days on average. I power cycle on software update "to be sure". Last time something went "wrong" it was the cable modem, not any of internal networking. But on the other hand I do make it simple to reset, all on a single UPS, power cycle UPS and all parts are power cycled.
Now if I can get my wife from plugging in her hair drier to UPS. :)
(Score: 2) by pendorbound on Monday March 14 2016, @02:14PM
Assuming the implementer has any skill, uptime should far exceed your average consumer-class router. I use separate access points for the WiFi part (like real, honest to Dog AP's, not routers...), and the main router w/ separate NIC's for the WiFi network gets rebooted less than twice a year, usually because the cable modem connection flaked out, and I'm rebooting everything "just to be sure."
If ever there is a problem and tech support (me) isn't available, everything's tested to come up automatically on startup. There's nothing manual that requires any skill. Just power cycle it, same as you would a consumer-class router. Just runs a lot better and does a bit more not trying to run on the bare minimum amount of CPU & RAM they could get away with shipping.