We note, however, that there may be additional clarification needed in one aspect of the proposed rule making. As set out in Paragraph 20 of Notice of July 21st, the document proposes that device manufacturers "incorporate software security features that permit only those parties that have been authorized by the manufacturer to make changes to the device's technical parameters."
The IAB welcomes the focus on security, but notes that software security features of this type must be broad enough to permit device firmware updates by parties other than the manufacturer itself. This is necessary first because a manufacturer ceasing operation would otherwise leave all hardware orphaned from update, which itself poses significant potential security risks.
It is also necessary because many radio frequency devices originally intended for one set of use cases have been adapted by the experimental and open source communities for new uses. Closing off this source of innovation and advancement is clearly counter to the interests promoted by the FCC. We encourage the FCC to amend this plan to require both software security features and a clearly defined program by which authorization for access to these update features can be granted; this program should be as simple as possible, so that open source communities, academia, and other experimental efforts may be sustained.