[FCC] More on the European WiFi regulations

Toke Høiland-Jørgensen toke at toke.dk
Mon Oct 12 17:00:52 PDT 2015


Hi everyone

So I've spent the last couple of days reading up on the European WiFi
regulation, and tried to summarise the relevant parts. This is probably
overlapping somewhat with stuff posted elsewhere, but I tried getting it
all in one place to improve my own understanding of the issues, and
thought it might be useful for others. I guess I am mostly hoping that
this can help get the ball rolling on figuring out how and what to do at
the European level.

Note that this is mostly my own interpretation of the all this; and I am
most certainly not a lawyer, nor am I terribly familiar with the inner
workings of the European Union (but am finding this journey of discovery
quite fascinating). Please do not hesitate to correct me where I'm
wrong, and/or to fill in gaps in the below. And yeah, sorry for the long
information dump.

- The directive pertaining to radio equipment certification is Directive
  2014/53/EU which needs to be implemented by member states by
  June 2016. The full directive text is available here:
  http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32014L0053
  (substitute your language code for /EN/ to get the translated
  version).

- Article 3.3 of the directive has a set of extra requirements that are
  applicable to *some types* of radio equipment. The power to specify
  *which* types of equipment is covered by which of these points is
  delegated to the European Commission in accordance with article 44 of
  the directive.

  It appears that the previous legislation has defined two classes of
  radio equipment (see
  http://ec.europa.eu/growth/sectors/electrical-engineering/rtte-directive/):
  Class 1, which has no restrictions and includes the 2.4Ghz band as
  well as the 5Ghz band from 5.47-5.725 Ghz. And Class 2, with more
  restrictions, which includes frequencies from 5.15-5.35 Ghz.
  Presumably these classifications will be kept going forward. However,
  how it pertains to the different requirements in article 3.3 of the
  new directive I don't know. And I'm not sure that has actually been
  defined yet.

- The points of article 3.3 are potentially both good and bad. The
  problematic one for the firmware issue is "(i) radio equipment
  supports certain features in order to ensure that software can only be
  loaded into the radio equipment where the compliance of the
  combination of the radio equipment and software has been
  demonstrated." There is an introductory recital (which is *not* part
  of the directive proper) that says, in relation to this, that
  "Verification by radio equipment of the compliance of its combination
  with software should not be abused in order to prevent its use with
  software provided by independent parties." (point 19).

  Of the other requirements in article 3.3 the following could arguably
  be leveraged to push for more openness: "(d) radio equipment does not
  harm the network or its functioning nor misuse network resources,
  thereby causing an unacceptable degradation of service;" and "(e)
  radio equipment incorporates safeguards to ensure that the personal
  data and privacy of the user and of the subscriber are protected;".

- Article 4 specifies that the manufacturer must document the compliance
  "of intended combinations of radio equipment and software" and that
  "the information shall precisely identify the radio equipment and the
  software which have been assessed". Article 4 also refers to article
  17, which in turn says that "Where the radio equipment is capable of
  taking different configurations, the conformity assessment shall
  confirm whether the radio equipment meets the essential requirements
  set out in Article 3 in all possible configurations."
  
- Article 16 of the directive says that there is (or will be) a set of
  "harmonised standards" which can be published in the "Official Journal
  of the European Union". Any equipment in conformity with this
  harmonised standard is automatically presumed to be in conformance in
  all member states (overriding any member state rules AFAICT). What
  this means (again, AFAICT) is that member states can potentially be
  more lenient when assessing equipment (in their interpretation of the
  problematic clause 3i for instance), but cannot prevent something that
  has been certified to comply with the harmonised standards from being
  marketed. So any mandate of openness (like that proposed in the
  CeroWrt letter to the FCC) would have to be at the EU-wide level *as
  well as* the member state level.

- I contacted the Swedish government to get access to their plans for
  how to implement the directive into law. They referred me to
  http://www.regeringen.se/rattsdokument/departementsserien-och-promemorior/2015/07/promemoria-genomforande-av-radioutrustningsdirektivet/
  (in Swedish) which contains a memorandum describing this.

  It basically says that the directive will be implemented in a way that
  delegates the assessment of compliance *and* the actual definition of
  which rules equipment needs to follow to the government agency
  regulating telecommunications ("Post- och telestyrelsen" roughly
  equivalent to the FCC I guess). The reasoning is that the actual
  requirements are both liable to change (by decisions made by the
  European Commission) and too technical and detailed to be in the law.
  
  The introductory recital (19) has so far *not* been carried over to
  the memorandum. The memorandum is currently in a hearing phase
  (deadline Thursday), and I am working on a response that points out
  this omission, which will hopefully be submitted by my university.

- As far as doing anything about all this, the only public statement I
  have come across is this blog post:
  https://juliareda.eu/2015/10/dear-european-governments-dont-endanger-free-and-open-wifi-networks/
  -- that post includes a call to action (which I took inspiration from
  to start collecting all this info) and an email address to forward
  information to, which I've CC'ed on this email.

  It would appear that (extrapolating from the Swedish case) the main
  target for lobbying efforts would be the government agencies
  implementing the rules governing which devices have to comply to which
  parts of the directive. Both at the European and member state level.
  But yeah, not really my area of expertise. Anyone with better ideas?


Thoughts and comments welcome!

-Toke


More information about the FCC mailing list