FCC Support for Hackable Wireless Routers Is a Win for All of Us

A round of applause for the Federal Communications Commission. Here, FCC Chairman Tom Wheeler speaks at the Mobile World Congress 2015 in Barcelona.

David Ramos/Getty Images

It’s increasingly dawning on people that they don’t really own a lot of the goods they buy, not in a world where software is infiltrating everything and can be modified at the whim of the seller. Amazon can remove books people have “purchased” for their Kindles. Apple decides what software you’re allowed to load on an iPhone. Coffee-machine companies try to prevent customers from using competitive refills. And our legislators and regulators rarely seem to notice, much less block, such control-freakery.

So it’s a breath of fresh air when the government steps in and tells a manufacturer it should allow, even encourage, customers to modify devices that most of us use in our homes and businesses: Wi-Fi routers that let us do our computing and communications without being tethered to a wire.

That just happened in a case at the Federal Communications Commission, and it’s a very, very good thing. If ever we needed the ability to modify a device by changing the software it shipped with, it’s this one. Many if not most routers are grossly insecure. Installing third-party operating software (sometimes called firmware) is sometimes the only way to plug gaping security holes. Moreover, changing the firmware can radically improve a router’s overall capabilities, such as creating community networks in places Big Telecom is slow to serve, and ensuring local communications in disasters. One of the most important community networks in the world, Guifi.net, in Spain’s Catalonia region, wouldn’t exist without hackable routers.

Last year, router maker TP-Link started locking down a Wi-Fi router that users had modified. When asked to explain this, the company blamed the FCC. People who believe in open technology—hardware and software that users can modify, as opposed to things that manufacturers totally control—became a bit panicked, especially because it seemed possible that the FCC was in fact encouraging such lockdowns.

Much to the activists’ relief, it now appears that this was a false alarm. While it’s entirely possible that routers could someday become impossible to modify (or at least it could someday be illegal for users to modify them), that day hasn’t arrived—and under current FCC policy it’s not going to happen. The case, settled in what’s called a “consent decree,” turned out to be even more important in the end, because it made clear that the regulators were moving in the right direction, with an expansive, not restrictive view of customer rights.

I won’t get into the details of the FCC’s agreement with TP-Link, but here’s a short summary. (For this, I’m relying on the superior depth in these matters of Harold Feld, senior vice president at Public Knowledge, a Washington-based organization that promotes free speech and an open Internet.)

The FCC had cracked down on TP-Link for violating rules regarding another aspect of router function, in which a device could push out radio waves that might interfere with other devices. So TP-Link just locked down everything in the software, which solved the initial problem but went far beyond what was necessary. But the company essentially blamed the FCC for what it had done. That, combined with a disturbingly worded FCC proposed rule, looked like bad news for the tinkerers of the world.

Open technology advocates responded with entreaties to the FCC including a “Save WiFi” campaign to prevent what they worried would become a general lockdown of not just these devices but just about anything else with a radio in it. People sent comments to the FCC begging the commissioners to recognize the value of modifiable technology.

Meanwhile, several other router companies said they weren’t contemplating the same move as TP-Link. Linksys, which makes a popular model used by many in the open-source world, said it was going to meet the FCC’s standards for power output and frequencies, but wasn’t going to stop people from otherwise modifying those models.

The issue was settled firmly, at least for now, in the FCC’s Aug. 1 consent decree in the TP-Link case. The agency required the company to acknowledge that it wasn’t required to lock down the software beyond preventing people from making what could be specific, potentially dangerous changes to frequencies the routers emit. Moreover, Feld points out, TP-Link is obliged to “work with the FCC to develop a means to meet the security requirement and support 3rd party software, particularly open source software.”

Feld, on a private mailing list (he gave me permission to quote this), said the lessons from this case are important. The FCC has made it clear that it supports third-party and open-source software. The agency has responded in a heartening way to the open-source community. And there seems to be a shift under way in the FCC’s fundamental culture, if a modest one, toward more openness and accommodation of people and projects that aren’t controlled by highly centralized telecommunications industry that has all but captured the agency in recent decades. Open technology people don’t get the credit they deserve for preserving your rights in the halls of power, and in this case they’ve made some genuine inroads.

It may not last, of course, given political realities. And the FCC has a long, long way to go before it becomes truly independent of the telecom giants. But at least in this small but important case, we’ve seen progress. That’s a start.