FCC forces TP-Link to support open source firmware on routers

TP-Link settles with FCC after blocking open source and violating power rules.

Jon Brodkin – Aug 1, 2016 8:40 PM | 55

A TP-Link router. Credit: TP-Link.

Networking hardware vendor TP-Link today admitted violating US radio frequency rules by selling routers that could operate at power levels higher than their approved limits. In a settlement with the Federal Communications Commission, TP-Link agreed to pay a $200,000 fine, comply with the rules going forward, and to let customers install open source firmware on routers.

The open source requirement is a unique one, as it isn't directly related to TP-Link's violation. Moreover, FCC rules don't require router makers to allow loading of third-party, open source firmware. In fact, recent changes to FCC rules made it more difficult for router makers to allow open source software.

The TP-Link settlement was announced in the midst of a controversy spurred by those new FCC rules. The new rules for the 5GHz band require router makers to prevent third-party firmware from changing radio frequency parameters in ways that could cause interference with other devices, such as FAA Doppler weather radar systems.

Router makers can comply with the new FCC rules by placing limits on what third-party firmware is allowed to do. Alternatively, hardware makers can comply by preventing the loading of open source firmware entirely—which is what TP-Link chose to do.

TP-Link didn't break any rules by blocking third-party firmware, but it did draw attention from the FCC's Enforcement Bureau by selling routers that made it possible for users to circumvent power limits. TP-Link software installed in certain routers "included a user setting that violated [commission rules] by permitting the user to change the country code for the router, thereby enabling the router to operate at a higher power than allowed on certain restricted Wi-Fi channels," the FCC said. After admitting the violation, TP-Link halted sales of the offending devices and issued software updates so that units already sold to consumers would comply.

TP-Link's violation related to rules for the 2.4GHz band rather than the new rules for the 5GHz band, an FCC spokesperson told Ars. But TP-Link's software updates also "precluded customer installation of third-party software, including open-source software," in order to meet the new 5GHz requirements, the settlement consent decree said.

This issue apparently became a bargaining chip in negotiations between TP-Link and the commission. In exchange for not facing further penalties, the settlement requires TP-Link to "work with the open-source community and Wi-Fi chipset manufacturers to enable consumers to install third-party firmware on their Wi-Fi routers," an FCC announcement said. TP-Link will have to investigate security solutions for 5GHz routers that permit third-party firmware while meeting the FCC's security rules related to radio frequency parameters.

The FCC trumpeted the settlement as proof that its rules shouldn't prevent consumers from using open source software. "While manufacturers of Wi-Fi routers must ensure reasonable safeguards to protect radio parameters, users are otherwise free to customize their routers and we support TP-Link’s commitment to work with the open source community and Wi-Fi chipset manufacturers to enable third-party firmware on TP-Link routers," FCC Enforcement Bureau Chief Travis LeBlanc said in the announcement.

Other companies have come up with ways to support open source firmware without being forced to do so by the FCC. Linksys has worked with chipmaker Marvell and the makers of OpenWrt to make sure its latest WRT routers can comply with the new rules without blocking open source firmware. Separately, chip design company Imagination Technologies is working with open source software makers to put third-party firmware such as OpenWrt into a virtual machine that's isolated from radio controls. But the Imagination Technologies project isn't ready for deployment, and most router makers haven't been as aggressive as Linksys in ensuring support for open source.