Protect freedom on radio devices: raise your voice today!

We are facing a EU regulation which may make it impossible to install a custom piece of software on most radio decives like WiFi routers, smartphones and embedded devices. You can now give feedback on the most problematic part by Monday, 4 March. Please participate – it’s not hard!

In the EU Radio Equipment Directive (2014/53/EU) contains one highly dangerous article will cause many issues if implemented: Article 3(3)(i). It requires hardware manufacturers of most devices sending and receiving radio signals to implement a barrier that disallows installing software which has not been certified by the manufacturer. That means, that for installing an alternative operating system on a router, mobile phone or any other radio-capable device, the manufacturer of this device has to assess its conformity.

[R]adio equipment [shall support] certain features in order to ensure that software can only be loaded into the radio equipment where the compliance of the combination of the radio equipment and software has been demonstrated.

Article 3(3)(i) of the Radio Equipment Directive 2014/53/EU

That flips the responsibility of radio conformity by 180°. In the past, you as the one who changed the software on a device have been responsible to make sure that you don’t break any applicable regulations like frequency and signal strength. Now, the manufacturers have to prevent you from doing something wrong (or right?). That further takes away freedom to control our technology. More information here by the FSFE.

The European Commission has installed an Expert Group to come up with a list of classes of devices which are supposed to be affected by the said article. Unfortunately, as it seems, the recommendation by this group is to put highly diffuse device categories like „Software Defined Radio“ and „Internet of Things“ under the scope of this regulation.

Get active today

But there is something you can do! The European Commission has officially opened a feedback period. Everyone, individuals, companies and organisations, can provide statements on their proposed plans. All you need to participate is an EU Login account, and you can hide your name from the public list of received feedback. A summary, the impact assessment, already received feedback, and the actual feedback form is available here.

To help you word your feedback, here’s a list of some of the most important disadvantages for user freedom I see (there is a more detailed list by the FSFE):

  • Free Software: To control technology, you have to be able to control the software. This only is possible with Free and Open Source Software. So if you want to have a transparent and trustworthy device, you need to make the software running on it Free Software. But any device affected by Article 3(3)(i) will only allow the installation of software authorised by the manufacturer. It is unlikely that a manufacturer will certify all the available software for your device which suits your needs. Having these gatekeepers with their particular interests will make using Free Software on radio devices hard.
  • Security: Radio equipment like smartphones, routers, or smart home devices are highly sensitive parts of our lives. Unfortunately, many manufacturers sacrifice security for lower costs. For many devices there is better software which protects data and still offers equal or even better functionality. If such manufacturers do not even care for security, will they even allow running other (Free and Open Source) software on their products?
  • Fair competition: If you don’t like a certain product, you can use another one from a different manufacturer. If you don’t find any device suiting your requirements, you can (help) establish a new competitor that e.g. enables user freedom. But Article 3(3)(i) favours huge enterprises as it forces companies to install software barriers and do certification of additional software. For example, a small and medium-sized manufacturer of wifi routers cannot certify all available Free Software operating systems. Also, companies bundling their own software with third-party hardware will have a really hard time. On the other hand, large companies which don’t want users to use any other software than their own will profit from this threshold.
  • Community services: Volunteer initiatives like Freifunk depend on hardware which they can use with their own software for their charity causes. They were able to create innovative solutions with limited resources.
  • Sustainability: No updates available any more for your smartphone or router? From a security perspective, there are only two options: Flash another firmware which still recieves updates, or throw the whole device away. From an environmental perspective, the first solution is much better obviously. But will manufacturers still certify alternative firmware for devices they want to get rid of? I doubt so…

There will surely be more, so please make your points in your individual feedback. It will send a signal to the European Commission that there are people who care about freedom on radio devices. It’s only a few minutes work to avoid legal barriers that will worsen your and others‘ lives for years.

Thank you!

There are 23 comments

  1. Pingback: Έρχεται το τέλος των custom rom και εφαρμογών με οδηγία της Ευρωπαϊκής Ένωσης! – iTechNews.gr /

  2. Zoobab /

    Too bad it is such short notice!

  3. Brexit /

    Another good reason for Brexit

    1. Max / Post Author

      Since the EU is a much larger market than the UK, it is very likely that a radio lockdown would also affect all devices sold in the UK – and probably even beyond the whole continent.

      1. vincent m /

        but presumably not illegal for UK citizens to unlock it then in that scenario. many firmwares are locked (e.g. Huawei VDSL modems) but you just grab the cable and the software and unlock it. If the UK leaves the EU and does not apply the law, then presumably it means that it would be legal to unlock the device.

      2. Max / Post Author

        RED does not make it illegal for users to unlock their devices, so that’s not relevant. It makes manufacturers responsible if you were able to upload a software which breaks applicable radio regulations, and thereby forces them to set up certain filters and locks to prevent that.

        The worst-case scenario (and wet dream of some regulators) I see: radio devices which are aware of their location and issue time-limited certificates to operate with tightly-defined radio settings, so a central database of radio devices. As long as that isn’t possible, an online signature check of all software running on such devices, comparable with Secure Boot – only this time, manufacturers are resposible if someone circumvented these hurdles. That’s not doom-mongering, you can find it in a few papers by ETSI and some regulating bodies.

        I think the hacker communities will still find ways how to upload some software, but it will be much harder for normal users to control their technology. It would be a huge step back for our way to a free digital society. So to be honest, I don’t care about whether it applies in the UK or not, as long as ~500 million people (and probably also users from Africa and the Middle East) suffer from their freedom being revoked.

      3. Random Dude /

        Isn’t London a leader in public surveillance – with insane amounts of cameras everywhere?

        I don’t think the UK needs the EU to go overboard with disconcerting tech decisions. And it won’t be save from them after Brexit.

  4. zoobab /

    „That’s not doom-mongering, you can find it in a few papers by ETSI and some regulating bodies.“

    ETSI being in the list of members of this RED, no surprise is they try to push for such measures.

  5. Pingback: Europe to make it illegal to change the OS on your wifi router, no more OpenWrt – LUNIVA FEED /

  6. jxjl /

    Will not such regulation cause violation of GPL licence? If yes, than the fight will be easy, you can lock your device, but forget on using linux or any oss, that you are used to – this would practically lead to crash of the whole market in EU.

    1. Anonymous Coward /

      Any software that is distributed under the terms of GPLv3 would be blocked from use in such devices.

      But software released under the terms of GPLv2 (as well as most of the permissive licenses such as BSD-style) would not include protections against the so-called „Tivoization“ effect.

      The Linux kernel, for example, is explicitly released under GPLv2 and NOT GPLv3.

    2. Max / Post Author

      Probably, yes. Please also see the legal study by Dr. Till Jaeger the FSFE has mentioned in their feedback: https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240030_en?p_id=380919

  7. Roger Plant /

    This is the most anti freemarket shit I’ve ever seen. If you control a router’s access points by proxy you can censor who you wish.

    The European Union is planning on censorship in the most underhanded way possible:

    1. Censor original thought through banning memes and forcing upload filters.
    2. Lock down all data that exists through GDPR preventing data flow and the understanding of correlative effects through private dissemination of ideas.
    3. Control your radio hardware so you are unable to edit operating systems installed on private and business networks.
    4. To remove any and all private data at the request of individuals from search engines in Europe for any frivolous reason, giving key people the right to be forgotten about completely, altering near-history by proxy.

    This create censorship by proxy. This gives governments the power to censor your internet activities, your business activities, and your personal liberties.

    The EU has become a nanny state, that is anti liberty, anti freedom, and anti thought. It is clear through these 3 back to back laws that this is the EU’s intention, to create a controlled harbour of illegal ideas, the control being on the private dissemination of ideas.

    The freedom and liberty of Europe is being attacked by the EU parliament, being accountable to no one. The European Union is a state of censorship and thought control, and should be rejected utterly.

    1. Ned Stark /

      Yes.

    2. Max / Post Author

      While I don’t agree with you that the EU as a whole is as bad as you describe, I recognise that recent legislations, especially in the field of digital politics, do not follow the demands of the majority of EU citizens. This is very unfortunate and decreases trust in the European Union.

  8. John NemECis /

    If it dates back from 2014, and is active for a long time now, why would it be relevant today?

    Aside from that, skimming the whole law list, there is no mention to post-sale OS check-up aside from the one you posted on your blog.

    The barriers were always there, but never really influenced the EndUser at the end. We do not have any issues yet, while we are 5 years further. Unless companies will start mass-abusing this law, I do not see any issues.

    They won’t be charging individuals because it is not worth the time and resources. So why even care? Can someone elaborate?

    1. Max / Post Author

      As you can read in the links with more information I’ve posted, the directive itself has been activated in 2016 and had to be transposed to national law in 2017. But the said Article 3(3)(i) is not in effect by now, since this has to be done with a delegated act by the European Commission.

      That is the reason why we don’t see many effects of RED right now as far as it concerns users rights. But the struggle for the exact definitions of some heavily debated articles is still going on.

  9. Spinz /

    I have no idea why fucking government and big companies/corpotion are making it hard for the community. Preventing us to install any software /modify our devices they should worried about more about climate control and pollution. We put them on the position were they at now and we have the power to take them out as well

    1. Marc /

      Well, this is it! It make me feel like the EU is undermined by the ‚big‘ companies/cooperations who exactly want to prevent you from doing FOSS on your devices. It’s their biggest competitor, so they need to find ways to limit it and now with political control. Very sad – btw, don’t support any politicians who are for this so check: pledge2019.eu

  10. Pingback: Episode 58 | This Week in Linux – TuxDigital /

  11. Fabian /

    How do I actually leave a comment there? I can see existing comments, but even if I’m logged in, I see no button to write anything.

    1. Max / Post Author

      You mean for the Commission’s feedback requst? Unfortunately the deadline of 4 March is over :/

  12. Games /

    I think too it’s a good reason for Brexit

Comment is closed.