The Internet Architecture Board (IAB) welcomes the efforts of the FCC to  simplify its procedures and to accelerate the verification processes  associated with Radio Frequency devices.

We note, however, that there  may be additional clarification needed in one aspect of the proposed  rule making. As set out in Paragraph 20 of Notice of July 21st, the  document proposes that device manufacturers "incorporate software  security features that permit only those parties that have been  authorized by the manufacturer to make changes to the device's technical  parameters."   

The IAB welcomes the focus on security, but notes that software security  features of this type must be broad enough to permit device firmware  updates by parties other than the manufacturer itself. This is necessary  first because a manufacturer ceasing operation would otherwise leave all  hardware orphaned from update, which itself poses significant potential  security risks.

It is also necessary because many radio frequency  devices originally intended for one set of use cases have been adapted  by the experimental and open source communities for new uses. Closing  off this source of innovation and advancement is clearly counter to the  interests promoted by the FCC.    We encourage the FCC to amend this plan to require both software  security features and a clearly defined program by which authorization  for access to these update features can be granted; this program should  be as simple as possible, so that open source communities, academia, and  other experimental efforts may be sustained. 

More in this category: PRIVSEC »