[Battlemesh] Forced firmware lockdown in EU already passed
laurent at guerby.net
Mon Sep 7 16:20:35 CEST 2015
On Sun, 2015-09-06 at 10:50 -0700, Mitar wrote:
> > This is not that clear cut in EU: enforcement of Article 3 (3) list
> > "essential requirements" is delegated to proposals of which equipment
> > will affected by the EU Commission, and these proposals can be blocked
> > either by the council or the parliament. Also in the preamble (19)
> > states clearly that software verification should not be abused to
> > prevent third party software. See below for quotes.
> But preamble is not a directive, no? And directive does not contain any
> such language.
> Also, how do you see in practice that both Article 3 (3) and preamble
> (19) would be possible? The only way I see it for a manufacturer to do
> that is to accept firmware images signed by a key from EU Commission.
> And then it leaves to EU Commission to decide which 3rd party software
> is still compliant.
> The other options are just to prevent 3rd party firmware images. Or to
> require binary blob drivers for WiFi. None of those we really want. So
> how exactly do you see that the wording in current directive is not
> problematic? How would you in an ideal world implement this in practice
> for WiFi devices? If I understand you correctly, what you are saying is
> that we should hope this applies only to SDRs and not WiFi?
First the EU commission could just decide that the list of devices
subjected to (i) will stay empty, which it is until the commission
writes a list of devices subjected to (i) and that list is not
opposed by council nor parliament.
It could say that "compliance" is automatically "demonstrated" for free
software firmware with an up to date regulatory domain file. File which
could be provided in open format in open data at the EU level somewhere.
It might decide to waive the requirement for all SDR type devices
(pretty hard to have a SDR market if you don't do that).
Same for devices unable to reach more than 1 Watt conducted power
(about all OpenWRT hardware, mos tubiquity does 23-27 dBm conducted).
Competition laws are quite strong in the EU, that's why there's
preamble (19), a measure killing competition might not be liked
by courts in the end.
Another thing is that up to now I've never heard about a compliance
case linked to free software firmware use (as most proprietary firmware
offer the user plenty of ways to bypass local regulations anyway).
So the case to ban it is pretty weak.
And you can create a powerful radio generator on most frequencies
with less than $10 of non radio specific hardware, random URL:
We just have to make sure that the EU commission and politicians
are aware that there are concerned citizens and industry and academia
about what the commission will do with Article 3 (3) (i).
More information about the Battlemesh