Posted on 07/06/2007 12:13:43 PM PDT by sourcery
Mobile-gadget makers are starting to take advantage of software-defined radio, a new technology allowing a single device to receive signals from multiple sources, including television stations and cell phone networks.
But a new federal rule set to take effect Friday could mean that radios built on "open-source elements" may encounter a more sluggish path to market--or, in the worst case scenario, be shut out altogether. U.S. regulators, it seems, believe the inherently public nature of open-source code makes it more vulnerable to hackers, leaving "a high burden to demonstrate that it is sufficiently secure."
If the decision stands, it may take longer for consumers to get their hands on these all-in-one devices. The nascent industry is reluctant to rush to market with products whose security hasn't been thoroughly vetted, and it fears the Federal Communications Commission's preference for keeping code secret could allow flaws to go unexposed, potentially killing confidence in their products.
By effectively siding with what is known in cryptography circles as "security through obscurity," the controversial idea that keeping security methods secret makes them more impenetrable, the FCC has drawn an outcry from the software radio set and raised eyebrows among some security experts.
"There is no reason why regulators should discourage open-source approaches that may in the end be more secure, cheaper, more interoperable, easier to standardize, and easier to certify," Bernard Eydt, chairman of the security committee for a global industry association called the SDR (software-defined radio) Forum, said in an e-mail interview this week.
The Forum, which represents research institutions and companies such as Motorola, AT&T Labs, Northrup Grumman and Virginia Tech, urged the FCC to back away from that stance in a formal petition (PDF) this week.
Those concerns were endorsed by the Software Freedom Law Center, which provides legal services to the free and open-source software community, staff attorney Matt Norwood said in an interview this week.
Still, in a white paper released Friday, the group says there's also good news for its developers in the FCC's rule: because it focuses narrowly on security-related software, it appears that programmers would not be restricted from collaboration with hardware makers on the many other kinds of open-source wireless applications. (Many 802.11 wireless routers that are under the FCC's control already rely on open-source systems for network management.)
Software-defined radios--also known as "smart" or cognitive radios--are viewed by some as the foundation for the next generation of mobile technology. Traditional radios use electronic hardware to process signals--for example, to transform a particular type of radio waves into a radio station's musical broadcast or to screen out interference.
Expanding radio's scope But software-defined radios put the brains of the operation into software that manages the signals being sent or received by the radio hardware. With that approach, new software downloads, as opposed to more labor-intensive hardware changes, could let radios do more than ever before.
Imagine, for instance, a single gadget that can deliver TV shows, terrestrial radio stations, cell phone calls and broadband, depending on how it's programmed; or a cell phone equipped with the intelligence to detect the strongest signals in a particular area and change the phone's settings to subscribe to them, regardless of whether they belong to a GSM, CDMA or some other type of network.
Although the software-defined radio industry has generally found welcoming treatment on the FCC's part so far, some security experts said the agency's recent take on open-source software is unjustified.
"Obscurity works best when the hackers can't test their attacks," said Peter Swire, an Ohio State University law professor who has written about the tensions between closed and open approaches to computer security. "For software like this, used in distributed devices, there should be no extra burden on open source."
There's also no clear evidence that the number of vulnerabilities in open-source software differs dramatically from that of proprietary software, said Alan Paller, director of research for the SANS Institute, which provides computer security training. (Some earlier studies have found that the generally more intensive scrutiny of open-source code can help keep its quality higher and vulnerabilities lower.)
"They should be defining it as software with reliable maintenance or software without reliable maintenance--that's the fundamental security issue," Paller said in a telephone interview. "If I don't have somebody I can call when I find out there's a vulnerability in my software, I'm dead."
Already in military use The term software-defined radio hasn't exactly made it into public consciousness yet, but the technology has been gaining traction in military and public safety spheres. Perhaps the highest-profile example is the Pentagon's Joint Tactical Radio System project, which is designed to give soldiers in the field the ability to shuttle voice, data and video across multiple networks.
Commercial offerings, however, remain in the early stages. About three years ago, the FCC awarded its first specialized software-defined radio license to a small firm called Vanu. That company went on to produce the first commercially available base station that can support multiple wireless standards--GSM, CDMA, iDEN and others--from a single piece of hardware, which it markets as a more cost-effective, time-efficient approach. According to the FCC, some CDMA mobile phone networks and wireless local area network devices are also using the technology in some form.
The new FCC rule, prompted in part by a petition last June from Cisco Systems, builds on software-defined radio ground rules established in 2001 and 2005.
The FCC has always worried that the technology's flexible nature could allow hackers to gain access to inappropriate parts of the spectrum, such as that used for public safety. So the regulators required manufacturers to submit confidential descriptions showing that their products are safe from outside modifications that would run afoul of the government's rules. Cisco's petition asked the regulators to clarify how use of open-source security software, whose code is by definition public, fit into that confidentiality mandate.
In response, the FCC decreed that open-source security software, too, cannot be made public if doing so would raise the risk that the FCC's rules could be sidestepped. Then the commission added: "a system that is wholly dependent on open-source elements will have a high burden to demonstrate that it is sufficiently secure to warrant authorization as a software-defined radio."
In its filing this week, the SDR Forum asked the FCC to allow radio makers to discuss their code in public, as long as they weren't intending to encourage rule-breaking. The group also urged a neutral stance on the security of open-source software, arguing that "academic inquiry and industry discussion coupled with a market test," not regulators, should decide.
The Cisco representative who petitioned the agency for the rule changes was not available for an interview with CNET News.com this week. Robert Pepper, the company's senior technology policy director, said he believed Cisco was comfortable with the new rule. An FCC spokesman said the commission had received and would review the SDR Forum's filing, but it was unclear when it would respond.
The FCC's latest move isn't the first time the open-source side of software radio has faced potential limits.
A few years ago, the agency issued rules that would have made it illegal to manufacture TV tuners and PCs that did not support the controversial "broadcast flag," an anticopying regime backed by the entertainment industry.
A federal appeals court threw out the rules. But if left in place or revived by Congress, they would threaten the ability of consumers to build their own unrestricted radio signal receivers, using the likes of a free software radio toolkit known as GNU Radio.
An attorney for the Software Freedom Law Center, which provides legal services to free and open-source software developers, said the regulators could have done far worse in their latest rule: the FCC acknowledged that the open-source platform may have "advantages," such as lower costs and development time, and it didn't outright ban open-source applications.
"I was gratified at least to see they've moved away from...all the rhetoric a few years ago about how the GPL is a virus and free software is un-American," said Software Freedom Law Center's Norwood.
The lingering concern from the manufacturers' side is that as long as the FCC discourages open discussions of security tactics, consumers will encounter delays or fewer choices in the new gadgets--or products laced with bugs that could have been caught with more collaboration.
The SDR Forum has cited the Secure Socket Layer (SSL), a widely used technique for securing e-commerce transactions, and the National Institute of Standards and Technology (NIST)'s public hash algorithms as evidence that open processes often yield the most highly successful security techniques.
Without similar freedoms for software radio makers, "there may be some people that will shy away or may delay some (software radio) pieces that go out there because they have this extra burden they have to go through," said Bruce Oberlies, chairman of the SDR Forum's regulatory committee.
The history of attempts in the modern computer age to establish security by obscurity have demonstrated this quite painfully to those who have tried it.
What I see is a whole bunch of potential government interference. All the government should care about is it works, otherwise BUTT OUT!!!!!
Whereas closed source code, such as Microsoft Windows, is completely invicible to hackers.
The airwaves would no longer be a limited resource, meaning there could literally be millions of independent broadcast stations transmitting without interfering with one another.
It would do for radio what the Internet did for computers.
That would be way more freedom than government bureaucrats could tolerate.
I don’t like the GPL. The BSD license is better for business. But I also don’t like obvious control of government party officials by certain vendors. It’s too much like the China model of government-business.
As for the idiotic arguments about closed source being better for security, they can’t stop the more knowledgeable developers with electronics experience from running closed source and injecting/analyzing packets and signals at lower levels.
Not only that, based on the Supreme Court decision that allowed the FCC to operate under its original authorizing law, the Constitutionality of the FCC would be invalidated. SCOTUS said it was Constitutional solely due to the fact that the broadcast spectrum was such a limited resource. Ultrawideband technology has the same effect at the hardware level.
It's time to totally rearchitect our wireless communications infrastructure--and eliminate the FCC as currently constituted.
This would make a great suprise attack from behind against the Fairness Doctrine.
ARF! I still have some of the E-Zines of VLAD (Virus Laboratories and Distribution) including the one where they cranked out the first WIN 95 infector about a day after Bill Gates proclaimed it invulnerable...
Those guys were the real deal too, they wrote all their stuff in Assembly Language.
BTW, How you been?
No, they would be raking in the revenue from the new licensees.
The current holders of commercial licenses would be the ones up in arms - more competition of both ad $$$, and listeners that drive the $$$.
As a previous poster noted, the only reason the USSC allowed the FCC to regulate the airwaves was because the limited bandwidth provided by analog technology made it a limited resource.
Digital technology would make it an unlimited resource, which would make the FCC unconstitutional.
For that reason alone, the FCC will not allow this technology to be utilized.
More like the usual three letter agencies are afraid that open source software radio may come up with snooper proof schemes that make their job harder.
Wazza big deal? SDR equipemtn has been for sale for some time...
More data at http://www.hamsdr.com/
The software defined radio does not create bandwidth or new spectrum by magic -Fm is still FM after all. Ultrawideband or DSSS or PRDSSS radios ‘dwell’ on any frequency for so short a time that interfrence is unlikely in the world of radio today.
Add a zillion new users however, and you are back to the same problem, not enough bandwidth........
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.