<html><head><meta http-equiv="Content-Type" content="text/html charset=windows-1252"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div>FYI</div><div><br class=""></div><div><br class=""><blockquote type="cite" class=""><div class="">
-------- Forwarded Message --------<br class="">
Subject: [IP] Global Internet Experts Reveal Plan for More Secure,<br class="">
Reliable Wi-Fi Routers - and Internet Letter to FCC Requests Mandates<br class="">
for Securing and Updating Wi-Fi Devices<br class="">
Date: Wed, 14 Oct 2015 08:51:43 -0400<br class="">
<br class="">
<br class="">
Global Internet Experts Reveal Plan for More Secure, Reliable Wi-Fi<br class="">
Routers - and Internet<br class="">
Letter to FCC Requests Mandates for Securing and Updating Wi-Fi Devices<br class="">
<br class="">
October 14, 2015 06:00 AM Eastern Daylight Time<br class="">
<br class="">
WASHINGTON--(BUSINESS WIRE)--In a letter submitted to the Federal<br class="">
Communications Commission (FCC), Dave Täht, co-founder of the<br class="">
Bufferbloat Project, and Dr. Vinton Cerf, co-inventor of the Internet,<br class="">
along with more than 260 other global network and cybersecurity experts,<br class="">
responded to the newly proposed FCC rules laid out in ET Docket No.<br class="">
15-170 for RF Devices such as Wi-Fi routers by unveiling a new approach<br class="">
to improve the security of these devices and ensure a faster, better,<br class="">
and more secure Internet.<br class="">
<br class="">
“The recommendations in this document would go a long way toward<br class="">
ensuring the existence of a highly performant, secure, and<br class="">
regulation-compliant Internet far into the future”<br class="">
<br class="">
The letter was filed during the agency’s public comment period on this<br class="">
issue.<br class="">
<br class="">
Dave Farber, former Chief Technologist of the FCC, supports the new<br class="">
approach, stating, “Today there are hundreds of millions of Wi-Fi<br class="">
routers in homes and offices around the globe with severe software flaws<br class="">
that can be easily exploited by criminals. While we agree with the FCC<br class="">
that the rules governing these devices must be updated, we believe the<br class="">
proposed rules laid out by the agency lack critical accountability for<br class="">
the device manufacturers.”<br class="">
<br class="">
“We can't afford to let any part of the Internet's infrastructure rot in<br class="">
place. We made this proposal because the wireless spectrum must not only<br class="">
be allocated responsibly, but also used responsibly. By requiring a bare<br class="">
minimum of openness in the technology at the edge of the Internet, we'll<br class="">
ensure that any mistakes or cheating are caught early and fixed fast,”<br class="">
said Dr. Vint Cerf, a co-inventor of the Internet and also Senior Vice<br class="">
President and Chief Internet Evangelist at Google.<br class="">
<br class="">
To improve accountability significantly while keeping the original<br class="">
intent of the regulation, the signatories, who also included Dr. Paul<br class="">
Vixie, Dr. Sascha Meinrath, Dr. Nick Feamster, Jim Gettys, Dr. David P.<br class="">
Reed, Dr. Andreas Petlund, Jeff Osborn, and other well-known industry<br class="">
experts, recommend the FCC mandate the following actions:<br class="">
<br class="">
1. Any vendor of software-defined radio (SDR), wireless, or Wi-Fi radio<br class="">
must make public the full and maintained source code for the device<br class="">
driver and radio firmware in order to maintain FCC compliance. The<br class="">
source code should be in a buildable, change-controlled source code<br class="">
repository on the Internet, available for review and improvement by all.<br class="">
<br class="">
2. The vendor must assure that secure update of firmware be working at<br class="">
time of shipment, and that update streams be under ultimate control of<br class="">
the owner of the equipment. Problems with compliance can then be fixed<br class="">
going forward by the person legally responsible for the router being in<br class="">
compliance.<br class="">
<br class="">
3. The vendor must supply a continuous stream of source and binary<br class="">
updates that must respond to regulatory transgressions and Common<br class="">
Vulnerability and Exposure reports (CVEs) within 45 days of disclosure,<br class="">
for the warranted lifetime of the product, or until five years after the<br class="">
last customer shipment, whichever is longer.<br class="">
<br class="">
4. Failure to comply with these regulations should result in FCC<br class="">
decertification of the existing product and, in severe cases, bar new<br class="">
products from that vendor from being considered for certification.<br class="">
<br class="">
5. Additionally, we ask the FCC to review and rescind any rules for<br class="">
anything that conflicts with open source best practices, produce<br class="">
unmaintainable hardware, or cause vendors to believe they must only ship<br class="">
undocumented “binary blobs” of compiled code or use lockdown mechanisms<br class="">
that forbid user patching. This is an ongoing problem for the Internet<br class="">
community committed to best practice change control and error correction<br class="">
on safety-critical systems.<br class="">
<br class="">
<br class="">
“Our fight for a free and open Internet began long before the invention<br class="">
and wide use of Wi-Fi home routers, whose manufacturers chose to base on<br class="">
open software. We are at an important inflection point in the history of<br class="">
the Internet. The FCC has an opportunity to take positive action that<br class="">
will increase the security and performance not only of these devices,<br class="">
but also influence how manufacturers develop secure Internet of Things<br class="">
while preserving an open Internet,” said Jim Gettys, Chairman,<br class="">
Bufferbloat Project.<br class="">
<br class="">
“Networking research and innovation fundamentally depend on the ability<br class="">
to modify firmware on CPE and deploy it in real-world settings in home<br class="">
networks,” said Dr. Nick Feamster, Acting Director of Center for<br class="">
Information Technology Policy at Princeton University.<br class="">
<br class="">
"The Internet is now effectively a battleground with end-users, our<br class="">
employers, our schools and our vendors on one side, and organized crime<br class="">
and nation-states on the other side. Our home gateways are often<br class="">
repurposed by our adversaries into weapons against us because these<br class="">
small, cheap plastic boxes are unpatchable, abandoned by their makers,<br class="">
and completely opaque. These devices are currently the Internet's public<br class="">
enemy #1. The plan proposed would significantly decontaminate our<br class="">
technology supply chain,” said Dr. Paul Vixie, CEO of Farsight Security,<br class="">
Inc.<br class="">
<br class="">
“The recommendations in this document would go a long way toward<br class="">
ensuring the existence of a highly performant, secure, and<br class="">
regulation-compliant Internet far into the future,” said Jonathan<br class="">
Corbet, Executive Editor, <a href="http://lwn.net/" class="">LWN.net</a>.<br class="">
<br class="">
“As the recent revelations about the ‘Moon Worm,’ ‘DNSchanger,’ and<br class="">
‘Misfortune Cookie’ and now the Volkswagen scandal illustrate, secret,<br class="">
locked-down firmware represents a clear and present danger to the<br class="">
security of the Internet,” said Ted Lemon, recent Area Director at the IETF.<br class="">
<br class="">
“If we raise the bar for firmware code quality, maintenance, and<br class="">
upgrades, we can finish beating bufferbloat, especially on Wi-Fi, deploy<br class="">
IPv6 faster, improve security, and build a vastly better Internet, for<br class="">
everybody,” said Dave Täht, Architect, CeroWrt, co-founder, Bufferbloat<br class="">
Project.<br class="">
<br class="">
If you care about this important issue and agree with our approach,<br class="">
please contact your local Congressional representative and share our<br class="">
letter with them. For media interview requests or other inquiries,<br class="">
please contact <a href="mailto:media@bufferbloat.net" class="">media@bufferbloat.net</a>.<br class="">
<br class="">
About the Bufferbloat Project<br class="">
<br class="">
The Bufferbloat Project is an international coalition of individuals,<br class="">
many who were instrumental in the development of the Internet, and<br class="">
several with Wi-Fi, deeply concerned about the future health, speed, and<br class="">
safety of the edge of the Internet. In operation for 5 years, and<br class="">
working primarily on third-party firmware, it has pioneered new<br class="">
algorithms, boosted safety and security, helped develop new standards,<br class="">
and worked to make as much of this new theory and code available as<br class="">
possible for all to use. For more information, please visit<br class="">
<a href="http://www.bufferbloat.net/" class="">http://www.bufferbloat.net</a>.<br class="">
<br class="">
-------------------------------------------<br class="">
Archives: <a href="https://www.listbox.com/member/archive/247/=now" class="">https://www.listbox.com/member/archive/247/=now</a><br class="">
RSS Feed: <a href="https://www.listbox.com/member/archive/rss/247/1046269-40d7dcf7" class="">https://www.listbox.com/member/archive/rss/247/1046269-40d7dcf7</a><br class="">
Modify Your Subscription:<br class="">
<a href="https://www.listbox.com/member/?member_id=1046269&id_secret=1046269-fa3d6698" class="">https://www.listbox.com/member/?member_id=1046269&id_secret=1046269-fa3d6698</a><br class="">
Unsubscribe Now:<br class="">
<a href="https://www.listbox.com/unsubscribe/?member_id=1046269&id_secret=1046269-81d3a774&post_id=20151014085158:556E0782-7272-11E5-B00D-B10D5BA8988E" class="">https://www.listbox.com/unsubscribe/?member_id=1046269&id_secret=1046269-81d3a774&post_id=20151014085158:556E0782-7272-11E5-B00D-B10D5BA8988E</a><br class="">
Powered by Listbox: <a href="http://www.listbox.com/" class="">http://www.listbox.com</a><br class="">
<br class="">
<br class=""></div></blockquote></div><br class=""></body></html>