This summer, the Commission opened a rulemaking proceeding with the goal of modernizing our approval process for radio devices to help us keep pace with the accelerating introduction of an ever-expanding breadth of wireless devices and products into the marketplace.
The proposed rules will help the Commission not only better address the realities of device manufacture and use today but plan for the spectrum policy of the future. As Chairman Wheeler has announced, this month the Commission will consider a rulemaking on the use of higher-frequency bands for mobile and other uses that will “focus on developing a flexible regulatory framework that will allow maximum use of higher-frequency bands by a wide variety of providers,” including “hybrid shared models” to promote more flexible use in higher bands.
But flexible use requires manufacturers, users, and the FCC to be even more vigilant in monitoring and preventing harmful interference – and that’s where this new rulemaking proceeding plays a critical role. The rulemaking will establish for all device approvals a policy that the Commission has adopted for individual device categories over the last few years of requiring manufacturers to certify that a device cannot be modified by the installation of third party software in a way that causes those devices to create harmful interference.
For instance, in 2014 the Commission adopted a Report & Order in the U-NII proceeding establishing new rules for devices operating in the 5GHz band to address interference with FAA Doppler weather radar systems caused by modifications to RF devices. The Commission adopted a rule requiring manufacturers to implement security measures to ensure that “third parties are not able to reprogram the device to operate outside the [RF] parameters for which the device was certified.”
In that proceeding, the Commission declined to specify the technical solutions that a manufacturer would use to secure the device against modifications that could cause interference and specifically declined to require that manufacturers “lock down” or otherwise render a device inoperable if third party firmware is installed. In fact, a number of manufacturers filed comments in that proceeding explaining how some of their products already include security measures that prevent RF modifications without banning third party firmware installation.
Shortly after adopting the rules, OET staff issued guidance to applicants for equipment certification. The document included a series of questions (many proposed by commenters in the proceeding) intended to identify, among other details, “how the device is protected from ‘flashing’ and the installation of third-party firmware such as DD-WRT” that would modify the RF parameters in a way that would take the device out of compliance and cause harmful interference. This is consistent with the rule itself as well as the Commission’s preference not to prescribe specific security solutions or prevent a device from functioning in the event third party software is installed.
Nevertheless, our 2014 guidance on the 5 GHz rules has prompted some question as to whether the intent of the current proceeding is to ban third party firmware installation on devices, particularly for Wi-Fi routers. To be clear, it is not: like the U-NII rules we adopted, the proposed rules do not require device makers to prevent installation of third party firmware or otherwise favor specific security solutions.
Quite the contrary, the proposed rules would require manufacturers to select the security method they deem appropriate to prevent modifications that take the device out of compliance. They would further create a process by which third parties could seek approval for software modifications that alter the RF parameters in ways that do not conflict with a device’s certification. The goal of these proposed rules is to establish accountability in the certification process that reflects the realities of how these devices are used – and modified – today.
The cornerstone of a flexible use spectrum regime is interference prevention and, this requires that devices operate within their authorized parameters. The proposed rules aim to create a certification process that recognizes this goal without creating burdensome red tape for manufacturers and headaches for users while also allowing innovative solutions by 3rd party vendors. It’s critical that we get the details right, and we look forward to fielding comments in the record this fall.