FCC: You can still hack or flash your router

You may remember when there was concern with a new FCC rule that made it seem like you wouldn't be able to flash or hack your own router. The FCC has clarified some things:

This week marked the closing of the reply comment period in the Commission’s radio device approval modernization rulemaking. The comments and replies are largely supportive of the Commission’s proposals, but one particular element generated thousands of comments from individuals concerned that the proposal would encourage manufacturers to prevent modifications or updates to the software used in devices such as wireless local area networks (e.g., Wi-Fi routers). I’m pleased that this issue attracted considerable attention and thoughtful submissions into the record and would like to make it clear that the proposal is not intended to encourage manufacturers to prevent all modifications or updates to device software.

As I wrote last month, this proceeding has taken on a significance beyond the Commission’s original intent. One of our key goals is to protect against harmful interference by calling on manufacturers to secure their devices against third party software modifications that would take a device out of its RF compliance. Yet, as the record shows, there is concern that our proposed rules could have the unintended consequence of causing manufacturers to “lock down” their devices and prevent all software modifications, including those impacting security vulnerabilities and other changes on which users rely. Eliciting this kind of feedback is the very reason that we sought comment in an NPRM and we are pleased to have received the feedback that will inform our decision-making on this matter.

In my last post I recognized the need to work with stakeholders – particularly the user community – to address these concerns in a way that still enables the Commission to execute its mandate to protect users from harmful interference. I’m happy to say that the OET staff and I have spoken directly with some of these stakeholders in the last few weeks.

One immediate outcome of this ongoing dialogue is a step we’ve taken to clarify our guidance on rules the Commission adopted last year in the U-NII proceeding. Our original lab guidance document released pursuant to that Order asked manufacturers to explain “how [its] device is protected from ‘flashing’ and the installation of third-party firmware such as DD-WRT”. This particular question prompted a fair bit of confusion – were we mandating wholesale blocking of Open Source firmware modifications?

We were not, but we agree that the guidance we provide to manufacturers must be crystal-clear to avoid confusion. So, today we released a revision to that guidance to clarify that our instructions were narrowly-focused on modifications that would take a device out of compliance. The revised guidance now more accurately reflects our intent in both the U-NII rules as well as our current rulemaking, and we hope it serves as a guidepost for the rules as we move from proposal to adoption.

There is more hard work ahead of us as we finalize rules, and we welcome continued input from manufacturers, users, technologists, and others.

The Revised Rules

This is good news.

1 Like