EU Radio Lockdown Directive
Radio signals are everywhere and increasingly many devices connect using wireless and mobile networks or GPS. Legal regulations of the usage of radio signals are increasing, too. Now, a European directive wants to revise and extend them by demanding device manufacturers to check each device software's compliance. At first sight, this may sound reasonable but it has highly negative implications on user rights and Free Software, fair competition, innovation, environment, and volunteering – mostly without comparably large benefits for security unfortunately.
Many organisations and companies signed our Joint Statement against Radio Lockdown Directive in which we have formulated several proposals to EU institutions and EU member states with concrete steps to solve these issues.
Briefly about the directive
In May 2014 the European Parliament and the European Council passed the Radio Equipment Directive 2014/53/EU. Its main purposes are harmonisation of existing regulations, improving security of radio spectra, and protection of health and safety. All EU members states have to implement the directive in national law until 12.06.2016 with a transition period of one year. The countries usually have some room for interpretation in the implementation process. The directive itself is not bad, and we support its aim at large. However, when it comes to the details of the software compliance assessment it seems that the lawmakers disproportionally disadvantaged users' rights and fair competition.
In fact, almost all devices which can send and receive radio signals (WiFi, mobile network, GPS...) are affected. The crunch point is in Article 3.3(i): radio equipment shall support "certain features in order to ensure that software can only be loaded into the radio equipment where the compliance of the combination of the radio equipment and software has been demonstrated". This implies that device manufacturers have to check every software which can be loaded on the device regarding its compliance with applicable radio regulations (e.g. signal frequency and strength). Until now, the responsibility for the compliance rested on the users if they modified something, no matter if hardware- or software-wise.
Dangers for Free Software
The radio equipment directive 2014/53/EU will have a negative effect on users and companies. Because device manufacturers will have to assess every software regarding its compliance with existing national radio regulations (Art. 3.3(i)), we expect it to become impossible or very hard for users and companies to use alternative software on devices they bought – routers, mobile phones, WiFi-cards and the laptops they are built in, or almost all Internet-of-Things devices in the future.
This not only is a severe burden for those affected but also violating the customers' rights of free choice. They will be locked in to software of the manufacturers because they cannot choose the software and hardware independently anymore. This aspect is crucial because alternative, especially Free Software, often satisfies special requirements regarding security, technical features and standards, or legal demands.
The status quo erects high barriers for customers to control their soft- and hardware. Increasingly many devices use radio signals, among them very sensitive ones like mobile phones, personal computers, household equipment, or the internet access gateways in homes and companies. For the sake of security and fair competition we have to make sure that people can always choose the software they want to run on their devices without additional constraints, as long as the software does respect current laws (see the chapter about security).
We see negative outcomes of this directive already. Several manufacturers have installed modules on their devices checking which software is loaded. This is done by built-in non-free and non-removable modules disrespecting users' rights and demands to use technology which they can control. For the future we are afraid of modules not only checking software but for example also the exact location or behaviour of the owners. In the end that would make it harder or impossible to exchange software which works against one's interests, like spying on the respective user or business.
Dangers for competition
There are many companies dependent on the usage of alternative and Free Software firmware on devices. Among them are wireless network providers, creators of more secure mobile operating systems, or programmers of custom-tailored and more efficient software solutions for existing hardware. All of them might be hindered and economically discriminated against by larger manufacturers with their infuse software. Alternative software is the foundation of many companies' products, and we should prevent economic disadvantages for them.
Especially for smaller and medium-sized businesses we expect negative outcomes. First because of the dangers if their software is not or heavily delayed being assessed by manufacturers. Second due to the expectable high costs for those manufacturing enterprises having to assess each and every firmware thoroughly (see recital 29). This will also have an additional negative impact on start-up businesses.
Concerning legal affairs we assume difficulties with existing license conditions, for example with the GNU General Public License. It requires all parts of the software to be under the same or a compatible license. Manufacturers having to include proprietary non-compatible software parts then might infringe the terms of the GNU GPL. This could force manufacturers not willing or able to include proprietary software parts to rewrite these huge parts from scratch which is impossible for many businesses and would hinder progress as it heavily slows down development.
Innovation, Volunteering, Sustainability
If the directive becomes effective without necessary exceptions (see below) this will affect basic conditions for innovation negatively. Progress is achieved by learning from past developments and walking new paths. If all communicative devices are locked down, a huge area of innovation will be too.
Same applies to charity initiatives and organisations depending on using custom software on devices they bought. Efforts of volunteer associations, for example Freifunk helping people in need to connect to the internet, may be rendered void or at least handicapped severely. Since we are sure that this implication was not intended by the European institutions we ask for necessary changes.
Furthermore, alternative software on radio (and also non-radio) devices also promotes a sustainable economy. There are many devices still in working order which do not receive updates from the original manufacturers anymore. In most cases, Free Software firmware has a much longer support period which prevents users and customers having to dispose still working electronic equipment. In return, this also improves the security of users since older hardware still receives security updates after a manufacturer stops supporting those.
Speaking about security
We are in favor of the directive's aim to improve security of radio devices but not at the unbalanced expense of users' freedom and security in other areas. Firstly installing alternative software mostly helps increasing the devices' security. Secondly we are convinced that such strict regulations are not necessary for typical consumer products with limited radio output power. And thirdly we believe that such technical restrictions will not hinder those people willingly violating applicable radio regulations.
Especially Free Software firmware projects are very advanced in terms of security measures, no least because technical errors get fixed quickly in collaborative and transparent processes. Alternative software solutions mostly have much longer security support cycles than the default manufacturer firmware. Many Free Software projects that are programming firmware for consumer devices address high security demands by offering special features the default software does not support. So instead of promoting security the current state of the radio equipment directive disables users and businesses to choose more secure software for their devices. If a software on a device actually violates a radio regulation it would be the more efficient way to support the software's creators instead of restricting users' independence on a massively broad level.
We formulated several proposals to EU institutions and EU members states. Many organisations and businesses support these goals and signed our Joint Statement against Radio Lockdown. We invite your organisation or company to also express your opinion.
What we expect of EU institutions
We ask the European Commission to adopt delegated acts - as empowered by the European Parliament and Council (Art. 44) - which either
- make general exceptions for all Free Software not developed by the manufacturers of the respective radio equipment themselves but from other companies or individuals.
- do not shift the responsibility for the software's regulatory compliance from the users to the manufacturers when making changes to the default configuration. Software and hardware should not be treated differently in that respect.
What we expect of EU member states
We ask member state legislators to
- interpret the directive's provisions so that Free Software can still be installed on radio devices without discrimination, and users' rights are safeguarded. As pointed out in recital (19), third party software providers, such as Free Software projects, shall not be disadvantaged.
- make sure that small and medium-sized manufacturers will not be burdened disproportionally by being forced to assess each and every alternative software.
- make sure that users are not forced to install non-free software.