[Discuss] FCC update re: modifications of device software

[sronan at panix.com (Stephen Ronan)]

fyi  -s

Clearing the Air on Wi-Fi Software Updates
https://www.fcc.gov/blog/clearing-air-wi-fi-software-updates

by: Julius Knapp, Chief, Office of Engineering & Technology
November 12, 2015 - 12:09 PM

This week marked the closing of the reply comment period in the 
Commission's radio device approval modernization rulemaking. The 
comments and replies are largely supportive of the Commission's 
proposals, but one particular element generated thousands of 
comments from individuals concerned that the proposal would 
encourage manufacturers to prevent modifications or updates to 
the software used in devices such as wireless local area networks 
(e.g., Wi-Fi routers). I'm pleased that this issue attracted 
considerable attention and thoughtful submissions into the record 
and would like to make it clear that the proposal is not intended 
to encourage manufacturers to prevent all modifications or 
updates to device software.

As I wrote last month, this proceeding has taken on a 
significance beyond the Commission's original intent. One of our 
key goals is to protect against harmful interference by calling 
on manufacturers to secure their devices against third party 
software modifications that would take a device out of its RF 
compliance. Yet, as the record shows, there is concern that our 
proposed rules could have the unintended consequence of causing 
manufacturers to "lock down" their devices and prevent all 
software modifications, including those impacting security 
vulnerabilities and other changes on which users rely. Eliciting 
this kind of feedback is the very reason that we sought comment 
in an NPRM and we are pleased to have received the feedback that 
will inform our decision-making on this matter.

In my last post I recognized the need to work with stakeholders 
-- particularly the user community -- to address these concerns 
in a way that still enables the Commission to execute its mandate 
to protect users from harmful interference. I'm happy to say that 
the OET staff and I have spoken directly with some of these 
stakeholders in the last few weeks.

One immediate outcome of this ongoing dialogue is a step we've 
taken to clarify our guidance on rules the Commission adopted 
last year in the U-NII proceeding. Our original lab guidance 
document released pursuant to that Order asked manufacturers to 
explain "how [its] device is protected from 'flashing' and the 
installation of third-party firmware such as DD-WRT." This 
particular question prompted a fair bit of confusion -- were we 
mandating wholesale blocking of Open Source firmware 
modifications?

We were not, but we agree that the guidance we provide to 
manufacturers must be crystal-clear to avoid confusion. So, today 
we released a revision 
https://apps.fcc.gov/kdb/GetAttachment.html?id=zXtrctoj6zH7oNEOO6De6g%3D%3D&desc=594280%20D02%20U-NII%20Device%20Security%20v01r03&tracking_number=39498
to that guidance to clarify that our instructions were 
narrowly-focused on modifications that would take a device out of 
compliance. The revised guidance now more accurately reflects our 
intent in both the U-NII rules as well as our current rulemaking, 
and we hope it serves as a guidepost for the rules as we move 
from proposal to adoption.

There is more hard work ahead of us as we finalize rules, and we 
welcome continued input from manufacturers, users, technologists, 
and others.