TP-Link blocks open-source router firmware to comply with new FCC rules
Other manufacturers are quietly blocking open-source firmware, too.
If you're a fan of third-party software that adds functionality to a Wi-Fi router, your options just got smaller. The Federal Communications Commission has new rules designed to make sure routers operate only within their licensed frequencies and power levels. TP-Link is complying by blocking open-source firmware like the Linux-based OpenWRT and DD-WRT from its routers. That’s the easiest way for router manufacturers to comply.
FCC backed off of banning open-source firmware
The FCC didn’t just start tightening router regulations for no reason. Public Knowledge’s Harold Feld told TechDirt that “the FCC is responding here to a real-world issue: We had problems with illegally modified equipment interfering with terrestrial doppler weather radar (TDWR) at airports. Naturally, the FAA freaked out, and the FCC responded to this actual real-world concern.”
In March 2015, an FCC Software Security Requirements document, issued the following instruction to router manufacturers applying for a license to sell their devices: “Describe in detail how the device is protected from ‘flashing’ and the installation of third-party firmware such as DD-WRT.”
The FCC was criticized and a Save WiFi campaign argued against the new rules. The FCC insisted it wasn’t banning open-source router firmware, telling Ars Technica that “versions of this open-source software can be used as long as they do not add the functionality to modify the underlying operating characteristics of the RF [radio frequency] parameters.... We are looking for manufacturers of routers to take more responsibility to ensure that the devices cannot be easily modified.”
In November 2015, the FCC issued an updated version of the document that doesn’t appear to ban the firmware. It instructs router manufacturers to:
Describe, if the device permits third-party software or firmware installation, what mechanisms are provided by the manufacturer to permit integration of such functions while ensuring that the RF parameters of the device cannot be operated outside its authorization for operation in the U.S. In the description include what controls and/or agreements are in place with providers of third-party functionality to ensure the devices’ underlying RF parameters are unchanged and how the manufacturer verifies the functionality.
Blocking open-source firmware is the easiest option
Unfortunately, as Kathy Giori, senior product manager at Qualcomm Atheros, told Ars Technica: “The easiest way [for router manufacturers] to comply is to lock down the whole platform. Just lock down the whole thing and the FCC is happy.”
Router manufacturers haven’t wanted to comment on the record about this, but it appears that TP-Link, Rosewill, and Netgear, at least, have quietly rolled out updates that prevent unauthorized firmware installation on existing routers.
TP-Link is now the first router manufacturer to come forward and say it’s “limiting the functionality of its routers” in the United States to comply with FCC regulations. Open-source firmware installation won’t be allowed. TP-Link even posted an official FAQ on the subject, noting that “the regulation affects all manufacturers marketing routers in the U.S.” I wouldn’t be surprised to see other router manufacturers confirm the same thing soon—or just not comment as they begin shipping locked-down routers.