[giantrobot]

The why is simple: Power/frequency limits allow everybody to be able to use personal consumer devices without licensing and without preventing other people from using their devices. If you modified your WiFi to blast out a 10W signal across multiple channels at your house, you completely ruin my ability to use Wifi at my house next door. Radio spectrum is shared by everybody.

As for reading there's CFR title 47 [0]. Parts 15 and 18 are germane for unlicensed radios and electronic devices. Parts 22 and 24 cover cellular devices.

The regulations don't explicitly say anything about firmware but to build devices that follow the regulations end user modifiable firmware is an implicit restriction. Even user serviceable antennas are restricted because radio device licenses cover not just the electrical output but total gain of the shipped antenna.

[0] https://www.ecfr.gov/current/title-47

[AnthonyMouse]

> The why is simple: Power/frequency limits allow everybody to be able to use personal consumer devices without licensing and without preventing other people from using their devices.

That explains why there are power/frequency limits, not why the device manufacturer should be deputized into responsibility for a sophisticated user's non-compliant device modifications.

Anyone can make an arc gap transmitter for morse code out of $3 in bits from any hardware store that will interfere with anybody else's radio devices in the vicinity. Anyone can buy ham radio equipment or built it from parts and do all kinds of non-compliant things with it. Then the FCC comes after you, not the hardware store or the device OEM.

Or more likely in the case of a WiFi device, comes after the person distributing custom firmware that purposely exposes a simple knob to allow unsophisticated users to exceed regulatory limits.

And if DD-WRT did that, they should expect a visit from The Government. But what should that have anything to do with Linksys or Netgear?

There aren't enough end users who know how to modify the firmware code themselves to matter, even if you make that "easy."

[giantrobot]

> There aren't enough end users who know how to modify the firmware code themselves to matter, even if you make that "easy."

This is just a silly statement. Go to an apartment complex sometime and browse the available WiFi networks. You'll see a huge number of them because everyone has the output power on their router set to the max value. There's plenty of places the 2.4GHz band is simply unusable because the noise floor is so high from a hundred base stations blasting out at full power.

If WifiBoost.exe could in tease that output power enough people would do it that WiFi or Bluetooth in some places would be completely unusable.

Modern radio basebands are largely software defined. The modulation/keying, power output, and transmitted bands are all defined in software. In order to sell that silicon as a Part 15 compliant device to end users the firmware needs to be locked. It's the digital equivalent of a fixed function radio. A manufacturer of a fixed function radio couldn't get a Part 15 license if it had a potentiometer on the back allowing you to dial up the output power, even if that potentiometer was locked under the case most people wouldn't open.

With an SDR the hardware plus software is considered the "device" for licensing purposes. If it supported unlocked or modifiable firmware it couldn't be easily/at all sold as a Part 15 device. It would be a different class of device and would require the end user to have a license to operate it.

[AnthonyMouse]

> You'll see a huge number of them because everyone has the output power on their router set to the max value.

None of these people are firmware developers. They used the setting that existed from the factory in their router or in something they downloaded from the internet, and in the vast majority of cases it wasn't even the second one.

> If WifiBoost.exe could in tease that output power enough people would do it that WiFi or Bluetooth in some places would be completely unusable.

Then WifiBoost.exe would be illegal and the developers would be subject to penalties.

It would also be ineffective, because you can't remove interference by increasing power. The "highest allowable power" setting is often the default because it gives the best range, and the purpose of allowing it to be set at all is so that the user can reduce interference at the expense of range by lowering the power level so fewer devices are overlapping.

It's hard to get people to avoid doing illegal things when breaking the law benefits them. It's not that hard when breaking the law is pointless and maladaptive regardless of whether or not they get caught.

It's notable that there have existed routers with completely open firmware and there is no epidemic of ordinary users installing shady firmware on them to violate regulatory limits. There is likewise full software defined radio hardware on the market, for which a license is required to transmit but not to buy it. Applying a different standard to consumer hardware which is available to exactly the same set of people makes no sense.

> With an SDR the hardware plus software is considered the "device" for licensing purposes. If it supported unlocked or modifiable firmware it couldn't be easily/at all sold as a Part 15 device. It would be a different class of device and would require the end user to have a license to operate it.

I'm not arguing about what the law currently is but rather about what it ought to be.

But I also think your analogy is flawed. If the manufacturer sells a device with a potentiometer whose maximum setting was within the regulatory range, or with a fixed power output, and then the user modifies the device to install one that can increase the power output, that should be on the user. So why is it different if the user modifies the device to install firmware that increases the power output?

You're essentially arguing not that the device can't include a potentiometer, but that the case has to be sealed so the user can't install one.

Which in turn prevents the user or any other third party from repairing the device or supporting it past when the vendor stops caring about it, inducing widespread security vulnerabilities as users commonly continue to use operational devices even after the hardware vendor stops issuing updates.

[giantrobot]

> You're essentially arguing not that the device can't include a potentiometer, but that the case has to be sealed so the user can't install one.

No I'm literally saying a company can't literally include a potentiometer that boosts power above the licensed levels. It doesn't matter if the case is sealed or screwed shut. The design will not get a Part 15 license and can't be sold. User modifiable firmware is the same thing as the power boosting potentiometer. If the user can boost the power the device is no longer a Part 15 device and needs a different license for sale and the user will require a license of their own to operate it.

It doesn't matter what you think the law should be that's what the law is. The FCC as a regulatory body doesn't care about FOSS, they care about keeping an easy to over exploit shared resource continue to have significant and extremely profitable use. If licensing keeps the system working but makes FOSS inconvenient they're going to err on the side of a working system. The FCC is far from perfect and title 47 regulations are far from perfect. But they don't exist for no reason and didn't just appear overnight to inconvenience FOSS enthusiasts.

[AnthonyMouse]

> User modifiable firmware is the same thing as the power boosting potentiometer.

It's a third party modification to the device. Why is it any different than any other modification to the device that could make it non-compliant? Why does the OEM have to prevent the user from modifying the device in this way -- notably by also preventing them from modifying it in many ways that aren't a compliance issue, which is by far the more common reason to modify the firmware -- but not prevent them from modifying it with a screw driver or a soldering iron?

> It doesn't matter what you think the law should be

It matters what people think the law should be because when regulators set policy that causes widespread security vulnerabilities in common consumer devices, we get to apply pressure to them using every means at our disposal until they do better.

> The FCC as a regulatory body doesn't care about FOSS

Regulatory bodies have to care about anyone they negatively impact who can marshal enough support to make them feel pressure. "Open source" is a lot of people, and a lot of major companies. Right to repair has seen some significant legislative support.

> they care about keeping an easy to over exploit shared resource continue to have significant and extremely profitable use.

Which user-modifiable firmware is no more a threat to than any other modification the user might make to the hardware, or for that matter the widespread availability of hardware you're intended to need a license to operate even though anybody who doesn't care about breaking the law can still buy it and use it.

> But they don't exist for no reason and didn't just appear overnight to inconvenience FOSS enthusiasts.

I don't think they exist for no reason. I think the OEMs like rules like that because they can point to it as the fig leaf for not allowing users to continue to maintain their own devices after the OEM stops supporting them, or add software features they would otherwise reserve to a more expensive model, because the OEMs would prefer that you buy a new one instead, or pay more. And that kind of regulatory capture causes me to advocate for its removal.