Conservancy Co-Signs Response to Proposed FCC Rule Changes Affecting Wireless Devices
Last week, Conservancy joined the prpl Foundation and several other organizations in signing a comment filed in response to the Federal Communications Commission's proposed rules to restrict third-party modification of firmware in wireless devices.
The FCC's Notice of Proposed Rulemaking Proceeding No. 15-170, released on July 21, 2015, includes new provisions which would require wireless device manufacturers to prevent consumers and hobbyists from modifying the firmwares on those devices. The comment, drafted by prpl's Eric Schultz, notes that the FCC's rule would restrict wireless device owners and users to use firmwares chosen by manufacturers, regardless of whether superior, freely-licensed alternatives exist. The proposed rule would also limit manufacturers' own ability to use copylefted code in their devices firmware, thereby cutting them off from higher-quality code that would improve their products. Conservancy and prpl were joined by OpenWrt, DD-WRT/DD-WRT NXT, and the Open Source Initiative as signatories of the comment.
Conservancy's Executive Director, Karen M. Sandler, and President and Distinguished Technologist, Bradley M. Kuhn, each also personally signed on to another comment filed by Dave Täht, co-founder of bufferbloat.net and Dr. Vinton Cerf along with many other security and free and open source software dignitaries. The comment proposes an alternative to the FCC's new provisions, which would require vendors of software-defined radio (SDR), wireless, or Wi-Fi radio to make the complete source code for the device driver and radio firmware public as part of FCC compliance.
"Software by its very nature has bugs and will be vulnerable to attack," said Sandler. "The only way we can be confident that such a critical piece of our societal infrastructure is as safe as possible is if the source code is made fully available for review and can be fixed by anyone with authority when problems arise. The FCC's proposed rules are untenable, as highlighted in the comment Conservancy joins in with the prpl Foundation. The alternate proposal by Täht and Cerf, which is grounded in a deep understanding of how security issues really play out in this context, should be seriously considered by the FCC."