· 6 years ago · Mar 26, 2019, 02:20 PM
1Message actions Reply to sender Reply to list or to sender and all recipients Forward the message Open in new window
2Subject: [RadioDirective] IETF mailing list?
3Contact photo
4From Dave Täht <dave@taht.net> Date Sat 10:52
5Message Body
6Could someone from here post some information about this problem
7to the ietf mailing list? I can help draft something...
8
9https://www.ietf.org/mailman/listinfo/ietf
10
11But I'm heavily involved in this - which y'all should also care about
12
13https://lwn.net/SubscriberLink/783673/0e7d178ea322e386/
14
15On Thu, Mar 14, 2019 at 06:13:14PM +0100, Max Mehl wrote:
16Dear all,
17
18As you know, I would like to create a summary of all received feedback.
19However, the vast amount of 276 opinions doesn't make it easy to get a
20good overview, and one likely will miss something.
21
22Therefore, I have scraped all public feedback [^1] and collected in as
23one CSV file, ready to be viewed as a spreadsheet or further analysed.
24Also, all attachment have been downloaded. For your convenience I have
25attached the CSV file; the code and attachments can be found here:
26
27 https://git.fsfe.org/max.mehl/ec-feedback-scraper
28
29Please help me find interesting, valuable, surprising, unpleasant and
30otherwise noteworthy feedback!
31
32Best,
33Max
34
35
36[^1]: https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038_en
37
38--
39Max Mehl - Programme Manager - Free Software Foundation Europe
40Contact and information: https://fsfe.org/about/mehl | @mxmehl
41Become a supporter of software freedom: https://fsfe.org/join
42
43"link","id","date","by","type","org","orgsize","transno","country","text","attachment"
44"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F241499_en?p_id=380919","F241499","4 March 2019","Goran Jelic-Cizmek","EU citizen","","","","Croatia","As a researcher at a university and a free software advocate and developer, I am strongly against Article 3, provision 3(i). This provision would force radio equipment manufacturers, which encompasses mobile as well as personal computers, which nowadays are becoming increasingly versatile, to make it impossible to run any kind of code on them other than the one provided by the manufacturer themselves.
45 This would severely damage the future development of free software, as many users today opt for running custom software on their personal devices, for personal, as well as practical reasons. Furthermore, a major part of the Internet's infrastructure, along with the top 500 supercomputers in the world, run on free software, such as various GNU/Linux distributions, and it would be impossible for a manufacturer to certify all of them.
46 Additionally, many manufacturers drop support for older devices after a certain period, making them insecure as well as limited in features, which then forces users to obtain newer ones, which can be both economically wasteful for the user, and unfriendly for the environment. Using custom software, however, can potentially give new life to an older device, sparing the user and the environment from such troubles.
47 Finally, devices which run code which cannot be altered pose a significant risk to the sovereignty of a nation: as there is nothing preventing a foreign agent from potentially compromising an equipment manufacturer, and because mobile devices (which are, technically speaking, radio equipment) are so prevalent, the possible privacy and security implications of external influence are dire.
48 Therefore, I would urge you to drop provision 3(i) of Article 3, so as not to shift the responsibility for the software's regulatory compliance from the users to the manufacturers when making changes to the default configuration of a device, and to make sure that users are not forced to install non-free software.",""
49"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F241180_en?p_id=380919","F241180","4 March 2019","Till RIEDEL","Academic/research institution","Karlsruhe Institute of Technology","Large (250 or more)","869975425127-08","Germany","As researchers in the field of ubiquitous computing and IoT we have been relying on the ability to change the fireware of off the shelf radio devices. Eg. the FP7 research project COBIS, which pioneered the IoT aproach, we were already using wifi routers which were extended with custom radios. This was only possible by using extensible after market firmware.
50In other projects e.g. on device free activity recognition we are relying on fireware which allows us to access the channel state information of radio chips. This is custom firmware which needs to is uploaded for research purposes.
51I can continue this list. Article 3(3)(i) of the Radio Equipment Directive 2014/53/EU is a huge hazard to research! It will hinder innovation in the EU!
52On a side node the directive will also be a great challenge to the open hardware movement and new kinds of business models that separate hardware and software.
53I urge the commission to continue allow (and even encourage) the possibility to change the firmware of radio equipment. It should be made clear, that changing the code might lead to violations of the Radio Equipment Directive , but this will be also possible and even more likely if people build their own equipment from scratch from components (which is easy).",""
54"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F241103_en?p_id=380919","F241103","4 March 2019","Keith Murray","Non-EU citizen","","","","United States","In the same way that a consumer is exercising their right to take their car into a repair shop that is not owned by the manufacturer, a consumer should be able to develop, and implement a new operating system on their router or other devices. Given the history of open source software, and the percentage of the world that is run by linux and open source software, open source has proven themselves to be reliable and secure.
55Specifically focusing on routers: they have a history of being poorly maintained by the companies which produce them, and are frequently very vulnerable. Practices such as using the same default password on all produced routers of a specific kind show a history which prioritizes sales over security. Given this, consumers need the ability to have an alternative OS provider which prioritizes security, and has a history quickly patching new vulnerabilities. (This gets worse when you consider IOT devices where the producing companies frequently go under and no longer can support or patch their devices, assuming they were one of the few IOT devices that cared about patches to begin with)
56The presences of an alternative OS forces router manufactures to compete and roll out more frequent security updates, as well as new features when applicable. This offers consumers a safer and more diverse market. It also makes it easier for new competitors to enter the market if a branch of an open source OS realizes they have a solid product that delivers better than the current market.
57Product manufacturers also frequently end support for devices well before their consumer base retires use of those devices, leaving many users in a position of being forced to purchase a newer more expensive model or keep their current functional model at the risk of introducing security vulnerabilities. This drives up costs on each iteration and leads consumers in a modern smart phone like problem where new phones are too expensive to migrate towards, but their current phones are not allowed to be maintained. Alternative OSs also prevent situations where a company purposefully destroys their old devices forcing users to upgrade.
58In whole, this proposal may seem to have a good intent but it clearly is lead astray by closed source advocates who do not have an end consumers interest. It also seems to be poorly thought out when it comes to the implications towards common linux based alternatives, on but not limited to wifi routers.",""
59"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240894_en?p_id=380919","F240894","4 March 2019","Hauke Mehrtens","Non-governmental organisation (NGO)","OpenWrt Project","Small (10 to 49 employees)","","Germany","The OpenWrt project provides a Linux based open source firmware for embedded devices like home routers, customer premises equipment and IoT devices with a focus on security and freedom for the end user. The OpenWrt project tries to enforce the local regulatory restrictions based on the vendor provisioned data found on the device. Currently OpenWrt is used as a base for about 10% to 30% of all home routers and CPE device sold world wide. Most of the Wifi access point chipset manufacturers have an official supported SDK based on OpenWrt. OpenWrt and its derivatives have a much higher market share than the competing and much more closed solution form Google (Google Wifi) and Comcast (RDK-B). The OpenWrt project is mostly driven by people located in the EU. OpenWrt is also used by many small companies and start ups to provide services like wireless hotspots and other innovative solutions on re flashed consumer devices, because they can not afford to build their own hardware.
60OpenWrt was started as a hobby project and is still mainly driven by the software engineers improving and extending the system in their spare time. This was only possible because it was easy to install software on their home routers and other wireless devices. Still today most of the development is happening on cheap consumer devices. Universities and other researcher need access to the wireless chip at a low level to perform research and create usable implementations which solve problems like airtime fairness. Currently OpenWrt supports many hundreds of different devices, support for most of these devices was added by hobbyist and not the vendors of these devices.
61We see a great danger in this regulation for our project, because this would prevent us from improving the Wifi on these consumer devices and most likely make it impossible to install OpenWrt on consumer devices at all. Most of the Wifi chipsets from silicon vendors do not support a clear division between the radio part and the general purpose software. Normally the same hardware is sold worldwide and the local regulatory restrictions are implemented in the vendor software running on the main CPU in the main Linux operating system, not even in the firmware of the wifi chipset.
62If the vendor is responsible to make sure that only certified software can operate the radio part of the devices the easiest and cheapest solution for the device vendor is to sign the complete firmware of the system, restrictions to only boot signed firmware images is already possible with many available chips and does not increase the costs of the hardware.
63 Most vendors will not sign third party firmware, because it would be extra effort for them to verify the third party system and they could be liable if the signed third party system does not behave like required.
64 Many vendors will not be interested to support third party software on their hardware because they would like to have a better control over their customers and the software and services their customers are able to use.
65If the vendor has to certify all installed software, Internet security for EU citizens will be reduced because it will be more expensive for vendors to update the complex software. In addition it will be impossible for the end user to install own secure software like OpenWrt after the vendor stopped support for the hardware, OpenWrt supports some devices since more than 10 years.
66We therefore strongly urge you to adopt ""Option 0"" and stay without any delegated acts pursuant Article 4 or Article 3(3)(i).",""
67"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240680_en?p_id=380919","F240680","4 March 2019","Jakub Kozdrowicz","EU citizen","","","","Poland","If you want developers to cease to buy on EU market and supply themselves abroad then that's the way to do this.
68Also that's the way to stifle innovation as young people that will come after us old developers will have no means to easily modify existing devices to practice at home.
69Whoever will really want to modify devices will continue to do so with older or foreign equipment, and the rest (market and students) will suffer the consequences of your overregulation yet again.
70You'd better implement basic income federation-wide to stop the influx of immigrants to germany and level-off wages and fight poverty than this nonsense...",""
71"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240530_en?p_id=380919","F240530","4 March 2019","Matteo Calabrese","EU citizen","","","","Italy","In my opinion this extreme regulation leads to an unjustifiable restriction of the freedom of use we have on the devices we own. The right to repair is already being undermined by a ferocious consumism and programmed obsolescence. With the inability to make what we want of what we buy, we are inevitably embracing a very passive form of consumism, the worst kind of one. All the negative outcomes, such as increasing amount of electronics that cannot be brought back to life being discarded and being unable to modify a piece of software to one's needs, should be borne to mind when taking an important decision like this. I understand that health and safety must be safeguarded, but it is definately possibile to do so without limiting the freedom of the consumer.",""
72"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240502_en?p_id=380919","F240502","4 March 2019","Laurits Br??cker","EU citizen","","","","Denmark","I find it very worrying that an owner of a given piece of electronic equipment would not be able to freely run the software he wants on his own equipment under this directive. This is a basic freedom in regards to computers, which ensures that you, as a human, is in control of the computer, and not the other way around. Allowing manufacturers to dictate what software may be run on their hardware creates an unjust power balance between the manufacturer and the consumer.
73This means that if a manufacturer ever drops support for a product of theirs, it would not be possible to make it work again without the approval of the manufacturer. Combined with the wide scope of the directive that encapsulates almost all equipment with a radio transmitter or receiver, it would not be allowed to install your own operating system on an unsupported old phone, replace the software in an old and broken internet router, or even install software on your laptop without manufacturer approval.
74I am not necessarily against better regulation of radio equipment, but I firmly believe regulations should exist to protect the consumers from abusive tactics from the market, not encourage them.",""
75"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240381_en?p_id=380919","F240381","4 March 2019","Lars Kruse","Company/business organisation","Silicann Systems GmbH","Small (10 to 49 employees)","","Germany","We are a small company developing and manufacturing industrial sensors. Our products focus on innovative network applications.
76We enjoy the fortunate situation of being based in a city with a university, a makerspace and a vibrant wireless community (""Freifunk""). The university is useful for giving our potential future employees a good formal basic education. But every single technical employee we hired during the last ten years, received a rich amount of informal education through the local makerspace and the local wireless community. Both places provide a fertile environment for either broad or highly specialized technical expertise that we as a company need in order to stay innovative and competitive.
77 The local wireless community relies on the legal availability of wireless devices, that can be equipped with modern, feature-rich operating systems (e.g. OpenWrt) supporting cutting edge implementations of the most recent wireless standards.
78 The proposed policy options 1 to 4 will put an end to the legal availability of devices required for wireless communities. It will also cause a shift of attention in other technically oriented communities (e.g. maker spaces) away from networking devices towards other mechanical or electrical devices. This will quickly drain the excellent supply of people with the gift of having acquired a broad range of informal experience in the field of networking in their youth. Small companies like ours that rely on a constant influx of in-depth and passionate experiences in new technical technologies from young employees will suffer greatly from this loss.
79Additionally the regulatory options 1 to 4 will cause the effect of ""Tivoization"" (products being shipped based on FLOSS software while being technically restricted from upgrading these systems on their own). This condition poses a legal conflict with wide-spread software licenses like the GPL-3. This will reduce the current rich ecosystem of available software components being used by most producers of wireless devices around the world and thus hamper innovation significantly.
80 Sadly the regulation proposal does not even mention such grave effects on the open source hardware and open source software ecosystem in its assessment of impacts.
81This regulation proposal should be postponed for 20 or 30 years until the field of wireless networking moves away from being an area of intense and fruitful innovation into the field of universal disposability and uniformity. Thus the baseline option 0 is currently the best option for our society in this field of technology.",""
82"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240229_en?p_id=380919","F240229","4 March 2019","Marc??l Str??hle","EU citizen","","","","Austria","This is very unnecessary and would stifle long-term innovation by keeping people from learning how to work with e.g. open Android devices.",""
83"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240198_en?p_id=380919","F240198","4 March 2019","Sebastian Nielsen","EU citizen","","","","Sweden","Also, a update on my previous feedback:
84Some people here have expressed their concern about insecure devices on the internet due to manufacturers no longer supporting them with security updates and also enviromental impact.
85This can be solved by having the directive that every firmware must have a ""best before"" date, where passed, the radio transmitter device (router, mobile phone or similiar) will shut down and refuse to start up unless flashed with a new firmware that has a new ""best before"" date, which of course must be signed by the manufacturer.
86This prevents old devices, which lack the updates required to function securely on the internet, from posing a danger to the internet at large (zombie infections and such) without needing to allow Citizen to load unauthorized software to the devices.
87For the enviromental impact, its easy by requiring a depoist when purchasing a Electronic device, the depoist should be calculated based on enviromental impact, and the depoist will be returned when the device is exchanged for a new device (trade-in) where the depoist will be assigned to the new device instead, or where the device is turned in to any seller for recycling.
88 This prevent old ""deactivated"" devices whose firmware have passed its best-Before date, where the manufacturer stopped providing updates for it and thus become unuseable due to the above ""best Before"" date lock, is thrown away and ends up in the landfill.
89The depoist must be high enough to make people choose to turn in devices instead of throwing them away.",""
90"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240193_en?p_id=380919","F240193","4 March 2019","Martin Kennedy","EU citizen","","","","United States","I am an EU citizen (United Kingdom and Poland) and open-source developer who has lived in the United States for most of my life.
91Quoting Article 3(3)(i) of the Radio Equipment Directive 2014/53/EU:
92[R]adio equipment [shall support] certain features in order to ensure that software can only be loaded into the radio equipment where the compliance of the combination of the radio equipment and software has been demonstrated.
93As someone who works extensively with wireless routers and embedded devices, and who has seen how damaging similar regulation has been in the United States, I strongly disapprove of this Article of the Directive. Embedded radio devices have rapidly become the basis of practically all useful consumer connectivity, but when the power to modify the software in those devices is stripped from the consumer, that utility is threatened. The freedom of consumers to modify the software that runs on ones own devices is an obligate component in the development of many pieces of emerging technology, and as this development does not necessarily have to align with the interests of hardware manufacturers, it is a direct benefit to consumers in the EU.
94While pieces of software such as OpenWRT and Android-based smartphone ROMs were originally created in order to keep manufacturers accountable to the consumer base, as development has rolled on, they have been increasingly useful in supporting the creation of standards -- whenever we can control our hardware directly, we can also determine which patterns of use are most desirable, and collaborate on implementing those patterns. Open-source communities are unique in their interest in cooperating to generate utility, as opposed to corporations, which largely compete to generate profits. The fruits of this collaborative work are shared with manufacturers as well. When our ability to modify the software on our devices is threatened, so will be our ability to work together to outsmart the profit imperative in favour of utility - and the latter, I would assume, is also the interest of the EU.
95I fear for what will happen if this Article is put into effect. New devices will be harder to support and keep secure, increasing electronic waste; old devices will be more likely to become incompatible with newer ones; consumers will pay higher prices for the same utility, because manufacturers will be able to sell the same hardware with different software and soft-lock some utilities for the purpose of price discrimination; and mesh networking communities like Freifunk, Guifinet, and the like will be hamstrung as they are suddenly forced to depend on manufacturers for their continued existence.
96All of these costs will, of course, be merely for the benefit of preventing interference and health issues; problems for which, by the way, the EU has already issued (and its member states implemented) directives to prevent.
97Please choose wisely and reject this Article from this Directive.",""
98"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240167_en?p_id=380919","F240167","4 March 2019","Ilja Bekman","EU citizen","","","","Germany","Concerning INCEPTION IMPACT ASSESSMENT - Ref. Ares(2019)476957 - 28/01/2019
99 * In the section ""Likely social impacts"" there is an omission of negative impact on the group of non-corporate software and firmware developers, who do not manufacture their own hardware and are not able to provide compliance in advance - thus stifling innovation and promoting monopolization of the software and firmware. Restriction on the circle of the developers might also lead to negative impact on security aspects, and is of debatable benefit.
100* in the section ""Problem the initiative aims to tackle"" there are references to safety relevant equipment, but this does not make all equipment impacted by the regulation safety relevant.
101* Regulating the power output of the equipment is more effective in achieving the goal of protecting radio frequency access and radio safety than regulating the flexibility of the devices.",""
102"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240151_en?p_id=380919","F240151","4 March 2019","Miguel Cruz","EU citizen","","","","Netherlands","I write with great concern about this proposal, specifically as it concerns the right and ability to install open source firmware in wifi routers and access points. I believe it will operate directly counter to all four stated objectives:
1031. Stimulating the market and new technological developments. A large share of technological developments in computer networking have come from the open source community, and many European companies depend on and contribute to open source router firmware. Stifling this development will set the EU behind other markets.
1042. Creating consumer trust. The proposition that consumer trust is currently undermined by the ability to install open source firmware into networking devices appears to be highly questionable. What does undermine consumer trust is the proliferation of security problems in poorly vetted or unmaintained vendor-supplied firmware, a problem which is solvable by installing an actively maintained open source replacement.
1053. ""Ensuring that Innovation and research does not compromise the demonstrated level of safety at the moment of placing on the market."" The general trajectory is that the level of safety of a networking device begins degrading from the moment it is released on the market, as vulnerabilities in the software are discovered and exploited, and are often addressed slowly or not at all by the manufacturer. Preventing the installation of open source alternatives that remedy these vulnerabilities only exacerbates the problem.
1064. Harmonising conditions for market access. Placing additional restrictions on device manufacturers beyond those which are already customary worldwide - in response to an invented problem which has not been demonstrated to exist in any significant manner - to the detriment of user and network security, and with no plausible advantage for users, will result in reduced competition, increased grey market imports of noncompliant devices, and less confidence in the EU as a technology marketplace.
107Furthermore, this proposal will increase harmful E-waste by causing devices to become obsolete when their manufacturers stop producing firmware updates, rather than at the actual end of their useful lives, which is often many years later.
108It sends a message that the EU opposes grassroots and user-led software development, and supports only the right of well-funded corporate entities to participate in the productive side of the digital marketplace.
109It undermines freedom of speech and increases the risk of corporate surveillance of individuals by making it more difficult for ISP customers to control and monitor crucial networking equipment in their own homes and places of business.
110In short, I believe this is a critically ill-conceived initiative which would have far-reaching deleterious effects on computer security, innovation, privacy, the environment, and the EU digital economy.",""
111"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240150_en?p_id=380919","F240150","4 March 2019","Luk???? Pavljuk","EU citizen","","","","Czechia","I believe that most options of this initiative could endanger the liberty of the Europian Union citizens to own and modify the software of their devices. Such modification is a move that is becoming more and more popular and important, both, due to the lack of wider software configurability, and security through the process of community source code revision and supervision.
112Firstly, the initiative asserts the following: ""Reconfigurable Radio Systems (RRS) exploit the capability of radio equipment to change its behavior or be reprogrammed at the upload of new software. This is made possible by the software implementation of electronic components that were typically hardware"", which is not completely true for all types of devices which this regulation would entail. Integrated radio hardware controllers in modern devices cannot, in fact, be used to transmit data outside the intended frequency range. It is true that theoretically, a Wi-Fi-based radio chip can be made to emit arbitrary signal, but only within the intended 2.4 and 5 GHz spectrum.
113Banning the modification of the pre-installed software/firmware of a device purely by the theoretical possibility of it being used outside its intended frequency range cannot in this day and age be used as a mean to restrict the freedom to modify a part of a purchased device. This statement is further indirectly supported by the standing directive 1999/44/CE, which states: ""...that any object meeting certain criteria (incl. telephones, computers, routers etc.) that is sold to a consumer 2 inside the European Union, has to carry a warranty from the seller that the device will meet the quality that you would expect for such a device for a period of 2 years."" (Source:
114 ), no matter if the software has been modified.
115Based on that, I believe that unless proven that a software change could directly endanger the security, privacy or operability of other devices or individuals, it should not be required the device to be unalterable.
116To further support this, one shall use the recital 19 of the mentioned RED directive - ""Verification by radio equipment of the compliance of its combination with software should not be abused in order to prevent its use with software provided by independent parties...""
117Next, the cited aim of ""privacy protection"" that this initiative would yield is near zero. Even if device firmware could not be altered, there are common devices that can already be used to sniff on data, with it being either their intended or unintended use (Examples of the two categories might be: Certain Wi-Fi chips, or SDR radios).
118Out of the presented policy options, I believe that it is in the Union's best interest to only adopt one of the following: Option 1, Option 2.
119Option 3 incorporates the clause that would require device's firmware to be unmodifyable, which in itself presents issues such as one of specifying which part of a device's software is to already be the ""protected Firmware"". This uncertain border could lead to further detachment of the free and open source solutions from the Union's states. Such solutions have, however, become a common way of ensuring uninhibited privacy and security of users and their data, as opposed to the obsolete concept of ""Security through Obscurity"".
120The importance of free and open-source software can be seen worldwide as a tool to fight against oppression and freedom of the population, which I firmly believe should be the first and foremost goal of the European Union, and option 3 and 4 of this proposition directly opposes that.",""
121"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240149_en?p_id=380919","F240149","4 March 2019","Michal Hrusecky","EU citizen","","","","Czechia","Hi,
122in Article 3 you state that devices should
123* radio equipment supports certain features in order to facilitate its use by users with a disability;
124Which might prove difficult when talking about WiFi cards or routers that are not used directly.
125Also
126* radio equipment supports certain features in order to ensure that software can only be loaded into the radio equipment where the compliance of the combination of the radio equipment and software has been demonstrated.
127is hard to achieve technically as the old device has no way to to verify whether compliance has been demonstrated and by enforcing DRM or other lockdown procedures you might actually ensure that device cannot be brought to compliance once the vendor is out of business.",""
128"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240128_en?p_id=380919","F240128","4 March 2019","Felix Siegel","EU citizen","","","","Germany","The wide scope of this initiative covers a variety of devices and as such could negatively a large number of consumers. In my opinion the impact assessment is missing several points:
129Likely economic impacts
130 1. The research into wireless communications would be severely limited or made entirely impossible. This would especially concern university research and could cause a shortage of skilled labor in this field, leading to a disadvantage for European manufacturers of wireless equipment.
131 2. This initiative would essentially limit the development of new radio standards to the manufacturers of radio equipment. 3rd party contributions such as from universities or research societies would be blocked. Presumably future wireless standards would be spearheaded by American or Chinese efforts.
132 3. The implementation could lead to a shortage of wireless equipment in the EU due to delays in conforming with the directive.
133Likely social impacts
134 The security of wireless equipment could actually be lowered since bugs in the manufacturer software could not be fixed independently. These bugs can be used for denial of service attacks (e.g. CVE-2017-9417) or even remotely controlling devices (and compromising the user's data without their knowledge) (e.g. CVE-2017-6956).
135Likely environmental impacts
136 3rd party software can allow to extend the usage of a device beyond the manufacturers support lifetime (e.g. openWRT, postmarketOS). Under this directive development and usage of this kind of software would be made impossible leading to an increased amount of electronic waste.
137Likely impacts on fundamental rights
138 The citizens right to use property would be impacted by the proposed directive.
139I'm convinced this directive would negatively impact law users while at the same time not effectively preventing malicious individuals from tampering with the spectrum.",""
140"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240108_en?p_id=380919","F240108","4 March 2019","Dennis Felix","EU citizen","","","","Belgium","This will prevent people from improving any devices, including phones, wifi routers, etc, with regards to security updates uncared for by the manufacturer. It will decrease device lifetime by disallowing anyone from self-servicing the software and providing future updates that come from a 3rd party, or personal improvements or additions. Adding features or improvements can bring more out of a device compared to the original software.",""
141"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240094_en?p_id=380919","F240094","4 March 2019","Juraj Orsulic","EU citizen","","","","Croatia","I would like to point out that I find incredible value in the ability to install a customizable OS on my routers such as OpenWRT, and this being outlawed would interfere with my ability to configure my networking the way I need.",""
142"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240091_en?p_id=380919","F240091","4 March 2019","Marco Heinemann","EU citizen","","","","Germany","My name is Marco Heinemann and I own a small IT company in Munich, Germany. I've read about this EU initiative on Reddit just today.
143I must say I am really concerned about the proposal. My main concern is that the new law would kill aftermarket firmwares, which makes it possible to use devices longer than say 2 years in a secure way. No vendor is interested in supplying firmware updates for a longer period because capitalism does not support sustainable electronic devices.
144The PDF states:
145 Likely environmental impacts: No specific or major impact on the environment is expected at this stage of the analysis.
146That's plain wrong because I will have to opt for new smartphones, routers, IoT devices after end of product support without aftermarket firmwares. Take into consideration the whole supply chain that creates damages to the environment all over the planet for each electronic product.
147I also endorse free software on all devices that I own. I will take each opportunity to say that it's highly important to support open source initiatives for a multitude of reasons. My main point is security here on hardware and software level. Please refer to the FSFE for further reading:
148Finally I want to say that I understand the challenges that the new law wants to tackle. I however don't agree that blocking of firmware modifications will prevent people from building malicious radio devices. Most people using aftermarket firmwares are not malicious. And the ones who actually have bad intentions will find a new to circumvent restrictions, build devices on their own or just buy from non-EU vendors. Nobody would forbid hammers just because bad-intended people can do harm with them when used in a non-compliant way. Right?
149Thanks for listening
150 Marco Heineman",""
151"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240089_en?p_id=380919","F240089","4 March 2019","Miko??aj Chwalisz","EU citizen","","","","Poland","I am voicing my strong disagreement with the proposed barrier mechanisms in Article 3(3)(i).
152The ability to freely customize the firmware or the operating system on commercial radio equipment is a very important facilitator for systems-related research in a number of domains like wireless networks, cyber-physical systems and internet-of-things. The ability to inspect and customize software artifacts on COTS RF equipment enables rapid and cost-efficient experimentation, leading to better and more secure future solutions. The restrictions proposed with Article 3(3)(i) can have the significant detrimental effects on system and security research and on wider societal goals like innovation, sustainability and fair competition.
153Volunteer initiatives like Freifunk depend on hardware which they can use with their own software for their charity causes. They were able to create innovative solutions with limited resources.
154No updates available any more for your smartphone or router? From a security perspective, there are only two options: Flash another firmware which still recieves updates, or throw the whole device away. From an environmental perspective, the first solution is much better obviously. But will manufacturers still certify alternative firmware for devices they want to get rid of?",""
155"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240087_en?p_id=380919","F240087","4 March 2019","Tim Van den Eynde","EU citizen","","","","Belgium","(Personal context: I am a software developer in the telco industry)
156While it is true that custom software/firmware can be used to make hardware behave in a non-conformant way, there are many other reasons why one would like to use other software than came pre-installed with the device. Passing this regulation would have a lot of collateral damage and limit many legit use cases. Some examples are:
157- Extending the functionality of a device and/or being able to bypass bugs in the firmware
158 - Extending the lifetime of a device by supporting newer standards
159 - Keeping the device safe by being able to apply security patches when the device manufacturer does not support the device anymore
160 - Having the freedom to use FOSS software, from an ideological point of view
161The RED text mentions that it would help manufacturers to keep their products secure. I believe that the opposite is true: it would counteract users that want to keep their devices secure. It is also mentioned that the directive would have a positive impact on the fundamental rights of citizens, while it would take away the freedom of a user to truly own the device they have bought. Passing the text as it is written now, would not help users to better protect their information-related rights. The best way to protect their rights, would be to take control over the device instead of having to trust the manufacturer.
162This regulation would give more power to private companies to force their software on us and deprecate devices early in order to sell more and make more profit. At the same time, users would lose freedom and security, all for very little benefit. People who maliciously want to break radio-related laws, will do so anyway. This regulation would only impact those who do it by accident, which is presumably a low number of people, the actions of which have very little consequences.
163Please pick Option 0 and don't take away our freedom.",""
164"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240086_en?p_id=380919","F240086","4 March 2019","Walter van Holst","Non-governmental organisation (NGO)","Vrijschrift","Micro (1 to 9 employees)","91345912471-63","Netherlands","Options 0 or 1 would be the preferred options. Suppliers cannot envisage all possible combinations of hardware and software. Especially not what combinations of open source firmware and their hardware could do. Option 2 through 4 would contravene recital 19 of the RED and would negatively impact a flourishing ecosystem of inventors, makers and SMEs as well as local wireless networks. If anything, mandatory controls on software defined radios ought to focus on parameters for power output, not on the software per se.",""
165"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240085_en?p_id=380919","F240085","4 March 2019","Le Poisson Libre","EU citizen","","","","France","Beaucoup on du donner des arguments pertinents, pour ma part je dirais simplement en tant qu'??tudiant et citoyen qu'il convient de pas obstruer la possibilit?? de ""bidouiller"" les terminaux.
166C'est la culture hacker et du logiciel libre qui nous fait aller de l'avant permettant ?? tous d'acc??der au savoir et ?? la technologie.
167 D'autant plus dans une optique ??cologique, il est important de pouvoir se r??approprier les appareils afin de leur donner une deuxi??me, troisi??me et Ni??me vie.
168 Sans une garantie de pouvoir continuer ?? bidouiller nos appareils, nous nous retrouverons avec toujours plus de d??chets difficilement recyclables.",""
169"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240084_en?p_id=380919","F240084","4 March 2019","Tom Langwaldt","EU citizen","","","","Germany","I am very much against this proposal. I agree that the electromagnetic spectrum has to be regulated and violations have to be punished. But these violations should be punished on an individual basis which is exactly what is already happening.
170Taking away the option to install open-source software on the mentioned hardware for every EU citizen in order to prevent abuse of the EM spectrum seems absurd to me.
171 It would hardly prevent any non-regulation compliant use of hardware, whilst simultaneously limiting the freedom of every EU citizen.
172The right to install the software of your choice on different hardware has to remain for the following reasons:
173 - Prevent dependancy on hardware manufacturers to provide secure software
174 - Avoid obsolescene of device due to lack of software support
175 - Knowing what the sofware on the device does (open-source)
176 - Keeping data secure and in my own hands as supposed to the hands of hardware manufacturers
177 - No need to trust a third party that software is secure and not spying on anyone's activities
178 - Not hindering innovation and research
179We in Germany have fought for the right of free router choice to help the market, encouraging competition, research and innovation. Being able to use routers which accept custom software is a huge competitive advantage - people value this right greatly.
180So in summary I feel it is very important for privacy, data security, research, environmental impact, competition and open-source initiatives within the EU that this proposal is refused.",""
181"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240083_en?p_id=380919","F240083","4 March 2019","Simon Schmei??er","EU citizen","","","","Germany","Dear all,
182Locking down possibilities for security researchers, software developers from SME (me) and hobbyists (me) to inspect, alter and replace the software running on our everyday devices is a security nightmare in all dimensions. For end users it means having to either buy devices anew every two years or run with unpatched systems that intercept their online banking and send spam in their name. For SME it means not being able to fully trust your own equipment and not being able to modify it without the OEMs consent. This is were we get to global dimension: with few exceptions all electronics (which is nowadays equivalent to what you define as ""radio equipment"") is manufactured in Asian countries. The rest comes from the USA that have been proven to implement mass surveillance in European Countries. Not being able to analyze, modify and harden software from these countries is a severe geopolitical risk and dependency for businesses and individuals in the EU. Necessitating consent from these outside vendors for experimenting with competitive and innovative alternatives from within the EU will prove to prevent any future shift towards a more balanced market.
183Therefore I urge you to choose option zero or mandate the possibility to allow adding custom keys during boot loader stage. This would prevent (to a certain extend) attacks from within a running system (web browser/ app) but still allow knowledgeable people to identify security issues and provide improved or alternate systems.",""
184"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240082_en?p_id=380919","F240082","4 March 2019","David Eriksson","EU citizen","","","","Sweden","There are multiple reasons for allowing unlimited, unrestricted upload of software to hardware units containing radio transmitters.
1851. When a hardware provider goes out of business, it must be possible to keep the equipment alive, regarding both software and hardware. (More sustainable.)
1862. When a hardware provider stops supporting certain equipment, it must be possible for others to keep it going, regarding both software and hardware. (More sustainable.)
1873. If I buy equipment I should be allowed to modify it within the limits of applicable rules for valid radio frequencies and similar.
1884. ""Bad guys"" will still be able to workaround technical limits and disregard legal limitations
1895. Experiments for security research and similar will be hampered by limitations in hardware.
1906. By allowing upload of software built from Open Source it is possible for third parties to run software they can actually verify that there are no ""back doors"" or known security flaws in the software used by the equipment",""
191"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240081_en?p_id=380919","F240081","4 March 2019","Bryan Betts","EU citizen","","","","United Kingdom","I am concerned that a fundamental right has been omitted, specifically the right of EU citizens to enjoy and update their property without being restricted by the vendor - as long, of course, as the user does not cause disturbance or harm to others.
192There are numerous examples from around the world showing how the type of rules projected beyond Option 1 can be misused to ""lock in"", and enforce a monopoly on, the user. There are also many examples of manufacturers deliberately ""obsoleting"" a device by refusing to provide further software updates. If a vulnerability has subsequently been discovered in the device's software, this can leave it in a permanently insecure state at risk of data privacy violation - unless the user is able to install third-party software to fix the problem.
193*Commercial* manufacturers of both devices and software should demonstrate compliance, of course. However, Options 2, 3 and 4 all risk ""throwing the baby out with the bathwater"". At the very least, it must be clear in any regulatory action that none of this - apart from the general duty not to cause nuisance or disturbance - should apply to anyone developing and installing software in a personal capacity.",""
194"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240080_en?p_id=380919","F240080","4 March 2019","zoobab ZOOBAB","EU citizen","","","","Belgium","I would like to contribute to present debate here as having used OpenWRT and other FLOSS firmwares over the years (I have contributed bask in 2000 to OpenAP/LinuxAP, then maintained a uClinux based distribution for ISL3893, and then used heavily OpenWRT for different projects). I also bootstrapped and documented the first uses of the ESP8266 chip, which is now one of the most used WiFi chip for IOT. I have also initiated the yearly Battlemesh event, which initial goal was to test different routing protocols, gathering a lot of researchers in the field, over a week of experimentations. If such legislation is being passed, there is no doubt that such research community will die in Europe. Research in improving WiFi for all of us will be made impossible, or at least limited to a very small list of ""manufacturers"" (preferally large and powerful) which are the only gods.
195The Radio Directive (RED) was discussed at the Battlemesh v9 event ""FCC forced firmware lockdown - what now?"" (see
196). An american radio expert member of IEEE, William Limpkins, explained that the ""FCC radio-lockdown"" was the fruit of EU work.
197The author of the current document could have at least clarified that the country in question was the United States.
198There is a high risk to see this bad quasi-legislation (not approved but delegated to an administrative authority, which at the end, delegates even further to a very limited list of ""experts"") spreading to other countries. During the US consultation, a majority of comments were against the current FCC rule, but the FCC has kept the rule, and it is still ""in force"" today. The author is also making assumptions about the effect on ""market prices"" in the US, without citing any sources or any study.
199Regarding the several options on the table, the only reasonable option is Option 0, the status quo.
200All the others have substantial costs and complexity, will increase bureaucracy, and are not tested nor ***have been formally proven to work***. This will create jobs for ETSI and certifications authorities, but ultimately, all those costs will be transferred to consumers.
201For the source of the ""problem"", which is the weather radar in 5GHz, this is the product of bad spectrum allocation, where multiple usage needs to cohabit on the same frequency band. To solve that ""problem"", we are making a general rule over ""all frequencies that do not share this multiple usage category"" to suffer from that ""problem"". And to even go further, I am citing Erik Schultz slide on ""Think about rarity"" (
202):
203""Think about rarity
204 ??? Routers within a few miles of an airport???
205 ??? And running in the 5Ghz range...
206 ??? And running on a DFS channel???
207 ??? And modified to ignore the DFS signal...
208 ??? And the antenna is outside???
209 ??? And the antenna is high enough to transmit and interfere with
210 the radar beam???
211 ??? But not too high because the beam is actually only 0.3 degrees
212 wide???
213 ??? And the TDWR radar has to be turned on???
214 ??? Which is only turned on when there???s storm of a sufficient size.""
215Better legislation implies the ban of bazookas to kill a fly.",""
216"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240079_en?p_id=380919","F240079","4 March 2019","Hugo Lundberg","EU citizen","","","","Sweden","From a security and sustainability perspective this is a bad proposal. Security is often improved when the user has the freedom to install an alternative, free operating system on their radio device. Hindering such use would furthermore negatively impact the sustainability of devices. My own current router has stopped receiving firmware-updates, which is why I depend on free software. Thanks to free open source software, I can still safely use it.",""
217"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240078_en?p_id=380919","F240078","4 March 2019","Bj??rn Remseth","Non-governmental organisation (NGO)","Elektronic Frontier Norway","Large (250 or more)","","Norway","Electronic Frontier Norway (
218) is a a Norwegian digital rights NGO
219We believe the right to change software in general has been and still is one of the major driving forces behind the value creation in today???s economy. On a daily basis we see this mechanism at work both in commercial telecommunications settings, in amateur radio, in academia and many other fields. The fact that radio communications protocols are now amenable to being treated as software is a good thing, and a thing to be cherished and embraced in all areas. We believe it is wrong and counterproductive to stifle this engine of innovation and unfortunately we see the current proposal as a step in that negative direction.
220Inspired by fsfe.org???s suggestions, we ask the EU parliament to make general exceptions for all Free Software not developed by the manufacturers of the respective radio equipment themselves but from other companies or individuals. We also ask the parliament to not shift the responsibility for the software's regulatory compliance from the users to the manufacturers when making changes to the default configuration. Software and hardware should not be treated differently in that respect.
221We ask EU member states (and implicitly in the EEA area) to interpret the directive's provisions so that Free Software can still be installed on radio devices without discrimination, and users' rights are safeguarded. We ask that third party software providers, such as Free Software projects, shall not be disadvantaged by being forced to assess a very large number of software alternatives. We would also want the parliament to make sure that users are not forced to install non-free software.
222On behalf of EFN
223Bj??rn Remseth
224 Vice President",""
225"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240077_en?p_id=380919","F240077","4 March 2019","Jens Jakob Andersen","EU citizen","","","","Denmark","I think that it is very important, in order to support technological creativity, innovation - and the support of the next generation of great companies, to not place unneeded hinderances in the way of those working to create the next generation innovative communication.
226Many of those initiatives (also from EU itself) benefits of the possibility to use COTS hardware - and upload customized firmware for their projects.
227That could be e.g. to generate next generation SWARM WIFI MESH for enhanced municipal connectivity for citizens - and similar projects.
228In addition to supporting innovation - an initiative like this would hurt EU HITECH companies - and help NON-EU companies - as people would move away from European suppliers, and buy equipment outside of EU.
229And it would also place a financial burden on EU companies, having to develop security mechanisms, that often would force them to scrap existing hardware and develop new and more expensive hardware for supporting the new requirement.",""
230"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240076_en?p_id=380919","F240076","4 March 2019","Jeroen de Neef","EU citizen","","","","Netherlands","This directive worsens consumer rights and hurts the aftermarket of various products. Many cheap consumer products don't have a long support to no support at all, so this will also hurt the security of the products.",""
231"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240075_en?p_id=380919","F240075","4 March 2019","Tom St??veken","EU citizen","","","","Germany","Dear all,
232 The RED is applicable to a very broad range of products. Nearly any modern device has some kind of radio interface. This includes mobiles phones, smart watches, single board computers, laptops and many many more. Thus this article will impact a vast range of products.
233The real gain of this directive is to have less transmissions at non-licensed frequencies and staying within the permissible power levels. It could also be argued that SDR can be used to analyze radio signals.
234What is missing is that the disadvantages outweigh the benefits, it is out of proportion. Which incidents justify such strong impacts?
235Third party software (Open source software like OpenWRT or LineageOS for example) prolongs the life of hardware that otherwise becomes vulnerable to security risks.
236Hardware manufacturers have no commercial motivation to support their hardware for extended periods of time. Due to Open Source projects otherwise obsolete hardware stays usable and safe as long as the hardware works. This reduces electronic waste and mitigates security vulnerabilities - that is a HUGE advantage we are going to loose if this proposal becomes effective.
237And all this, just to prevent a small number of users that ignore settings the correct country code and might transmit with a few dB more than allowed? This is out of perspective and unjustified.
238The likely social impact, if we could not run trustworthy, reviewable and maintainable code like OpenWRT on SOHO devices like wireless routers is NOT an increased security, but being at the mercy of companies that earn more if they sell more hardware. This puts our digital sovereignty at risk.
239Projects like OpenWRT are popular because they enable small businesses and consumers to make most of the hardware. Locking down these devices is the easiest option for manufacturers. This will cut off such open source projects from affordable hardware or at least limit the number of devices it can run on. The same applies to projects like Lineage or other OS that make more out of otherwise obsolete mobile devices like mobile phones or tablet PCs.
240Where is the reasoning that the security of EU citizens is increased? The contrary is true: Fewer ""white hats"" or regular users will make it easier for ""black hats"" taking advantage of vulnerable devices. We would not even notice that a digital device is exploited.
241Also, as controllers are becoming more and more powerful and smaller at the same time, firmware that is loaded into radio devices can impose a security risk on the host operating system. To increase the safety of us, we should LOWER the hurdle to replace such unmaintainable, unfixable and untrustworthy hardware.
242The environmental impact is, that planned obsolesce is easier for manufacturers. If someone publishes a vulnerability and hardware manufacturers do not timely provide a firmware update security conscious users are forced to discard of their now insecure devices.
243An incentive could be to support development of open software replacement firmware for devices that got abandoned by the manufacturers. The EU could fund or financially support such projects and change things, making such projects even more compliant and attractive to a broader audience at the same time.
244Please consider what justifies locking down a vast number of devices. As said, the majority reasons are perfectly legal and most users have good intentions to keep on using perfectly good hardware by running open firmware on them.
245We just want to have more trust in otherwise ""black boxes"".",""
246"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240074_en?p_id=380919","F240074","4 March 2019","Martin Vogl","EU citizen","","","","Germany","My fears at this initiative is destroying custom roms for smartphones and router. Thats a nice way for using your devices like smartphones longer than 2 years or recycle it for other applications (musicbox ...). You have to buy new one if you want to get security uptdates.
247 In my concept of the intiative Raspberry PIs aren't possible anymore. That would be very sad and many young people can't get into coding as I got with the RasPi.",""
248"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240073_en?p_id=380919","F240073","4 March 2019","Tobias Schramm","EU citizen","","","","Germany","Prohibiting use of third party software on radio equipment creates a multitude of Problems. Since WLAN devices are my main field of expertise the following arguments concern mostly WLAN devices but most can be carried over to other radio equipment, too.
2491. Limitation of research
250 2. Security risk for Consumers
251 3. Needless electronic waste
252 4. Dependence on manufacturers
2531. Limitation of research
254 Prohibiting users from uploading custom software to their WLAN devices will severely hamper research and development on the topic of mobile and mesh networks. Currently quite a few projects - one of them is the German citizens' initiative Freifunk - work on developing software for running wireless hotspots. Since Freifunk uses off-the-shelf WLAN routers but requires software features like mesh networking and specialized status reporting not found in the preinstalled software they need to replace it by their own open-source software. This would be impossible if the devices were locked down in a way that prevents them from being used with other software.
2552. Security risk for Consumers
256 If use of custom software on WLAN devices were prevented the security of consumers would be at risk. In the past years a lot of WLAN devices, especially WLAN routers had numerous security flaws (see attached document for reference). While most of them were fixed by the manufacturer some were not addressed since the devices were out of support or the manufacturer simply didn't care. Generally WLAN routers are in use for quite a long time. Thus a lot of old devices remain in service even when they are out of support since they do still work just fine and are still up to their task. This is a big issue especially with WLAN routers since they are connected and directly exposed to the internet at all times. This has previously resulted in massive DDOS attacks driven by infected, internet-connected devices (See last pages of attached document). The risks of outdated software can be mitigated by installing alternative, easy to use open-source software like OpenWrt. This software is developed by thousands of volunteers, a lot of them professional software engineers. Since open source router software like OpenWrt is always in development there is no 'end of support' and security flaws found are fixed for all devices no matter how old they are.
2573. Needless electronic waste
258 As discussed in 2. WLAN devices with out of date software pose a security risk to consumers. If consumers can not replace the software on their devices once it is out of date they can only throw away the hardware-wise completely fine device and buy a new one. This is a wastage of resources and drives environmental pollution.
2594. Dependence on manufacturers
260 If third party software can no longer be used on WLAN devices we have to depend on the security and integrity of the software provided by the manufacturer. Especially in the ongoing political debate around the independence of manufacturers from their government we have to consider that manufacturer provided software might contain backdoors. Since software provided by manufacturers is generally not open source its integrity can not be verified easily. Combined with the fact that WLAN devices are used basically everywhere this can pose a security risk especially in sensitive areas and infrastructure where confidential data is handled. Being able to use alternative open source software with such devices eliminates this risk by ensuring that integrity and security can be easily independently verified.
261The presented arguments show that any attempt at preventing installation of alternative software on radio equipment would have severe negative impact on freedom of research and system security and must thus be dismissed.","https://ec.europa.eu/info/law/better-regulation/feedback/240073/attachment/090166e5c21750b5_en"
262"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240072_en?p_id=380919","F240072","4 March 2019","Nico Thomas","EU citizen","","","","Germany","I'd like to raise strong concerns on this initiative.
263With your proposals except Option 0, manufacturers will likely implement means which prevent to run custom software, even if only a small part of the software covers radio functionality.
264 Think of smartphones or home routers - measures which allow users to customize software while ensuring the radio component's compliance are harder to implement and therefore more expensive than locking down the entire device. Depending on the system design, it might not even be possible to only prevent modifications of the radio part.
265But many devices suffer from short vendor support. The freedom to upload custom and open source software greatly increases security, because patches can be applied even if the vendor doesn't provide them. This also reduces electronic waste, as the device can be used for a much longer time.",""
266"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240071_en?p_id=380919","F240071","4 March 2019","Moritz Schlarb","EU citizen","","","","Germany","I urge you to *not* pass this legislation as proposed. I can only cite the arguments made by the Free Software Foundation Europe (
267) and many others.
268"" Free Software: To control technology, you have to be able to control the software. This only is possible with Free and Open Source Software. So if you want to have a transparent and trustworthy device, you need to make the software running on it Free Software. But any device affected by Article 3(3)(i) will only allow the installation of software authorised by the manufacturer. It is unlikely that a manufacturer will certify all the available software for your device which suits your needs. Having these gatekeepers with their particular interests will make using Free Software on radio devices hard.
269 Security: Radio equipment like smartphones, routers, or smart home devices are highly sensitive parts of our lives. Unfortunately, many manufacturers sacrifice security for lower costs. For many devices there is better software which protects data and still offers equal or even better functionality. If such manufacturers do not even care for security, will they even allow running other (Free and Open Source) software on their products?
270 Fair competition: If you don???t like a certain product, you can use another one from a different manufacturer. If you don???t find any device suiting your requirements, you can (help) establish a new competitor that e.g. enables user freedom. But Article 3(3)(i) favours huge enterprises as it forces companies to install software barriers and do certification of additional software. For example, a small and medium-sized manufacturer of wifi routers cannot certify all available Free Software operating systems. Also, companies bundling their own software with third-party hardware will have a really hard time. On the other hand, large companies which don???t want users to use any other software than their own will profit from this threshold.
271 Community services: Volunteer initiatives like Freifunk depend on hardware which they can use with their own software for their charity causes. They were able to create innovative solutions with limited resources.
272 Sustainability: No updates available any more for your smartphone or router? From a security perspective, there are only two options: Flash another firmware which still recieves updates, or throw the whole device away. From an environmental perspective, the first solution is much better obviously. But will manufacturers still certify alternative firmware for devices they want to get rid of? I doubt so???"" (
273)",""
274"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240070_en?p_id=380919","F240070","4 March 2019","Thilo Keber","EU citizen","","","","Germany","Article 3(3)(i) of the Radio Equipment Directive 2014/53/EU restricts individual freedom of responsible citizens, increases waste of precious resources and puts it safety in danger.
275European citizens should not be restricted in the software they operated of hardware they own, especially when functions are executed that aren't different from those of any manufacturer provided software. Creativity and invention of individuals and small businesses may not be inhibited by making hardware ressources not available for innovation. The article in its current form will favour big businesses and inhibit technological invention.
276Unfortunately many vendors of telecommunications equipment (e.g. mobile phones) chose to not support their devices with up to date software version after an arbitrary periode of time. Not allowing consumers to install other software will increase electronic waste and further exploitation of scarce resources. I personally own electronic devices that have been abandoned by the manufacturer since years, but still server their purpose perfectly thanks to free software such as LineageOS.
277Consumers who cannot afford replacing their communication devices just because manufacturers decide to not publish security updated for these devices any more will probably operate them over extended periods of time without actual software versions, when they don't have the option to install free software. This will lead to an increased amount of unsecure devices in the public and cause risk all kind of hacking attacks that might not only affect these consumers but also wider ranges of networks and economy.
278I kindly ask you to consider the consequences of this article on the citizens of the European Union, their freedom of choice, their economics and their security equally to other interests.",""
279"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240069_en?p_id=380919","F240069","4 March 2019","FRANCESCO FORGES","EU citizen","","","","Italy","""We need to retain our freedom of installing open source software on hardware we own in order to have control of our data and prolong the life of devices no longer supported by their manufacturers. In the digital age this is an essential freedom that must be promoted and encouraged. Open source software can easily be analysed for compliance with standards since the source code is available for anybody.""
280 I agree in toto!",""
281"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240068_en?p_id=380919","F240068","4 March 2019","Frank Kalf","EU citizen","","","","Netherlands","Free Software: To control technology, you have to be able to control the software. This only is possible with Free and Open Source Software. So if you want to have a transparent and trustworthy device, you need to make the software running on it Free Software. But any device affected by Article 3(3)(i) will only allow the installation of software authorised by the manufacturer. It is unlikely that a manufacturer will certify all the available software for your device which suits your needs. Having these gatekeepers with their particular interests will make using Free Software on radio devices hard.
282 Security: Radio equipment like smartphones, routers, or smart home devices are highly sensitive parts of our lives. Unfortunately, many manufacturers sacrifice security for lower costs. For many devices there is better software which protects data and still offers equal or even better functionality. If such manufacturers do not even care for security, will they even allow running other (Free and Open Source) software on their products?
283 Fair competition: If you don???t like a certain product, you can use another one from a different manufacturer. If you don???t find any device suiting your requirements, you can (help) establish a new competitor that e.g. enables user freedom. But Article 3(3)(i) favours huge enterprises as it forces companies to install software barriers and do certification of additional software. For example, a small and medium-sized manufacturer of wifi routers cannot certify all available Free Software operating systems. Also, companies bundling their own software with third-party hardware will have a really hard time. On the other hand, large companies which don???t want users to use any other software than their own will profit from this threshold.
284 Community services: Volunteer initiatives like Freifunk depend on hardware which they can use with their own software for their charity causes. They were able to create innovative solutions with limited resources.
285 Sustainability: No updates available any more for your smartphone or router? From a security perspective, there are only two options: Flash another firmware which still recieves updates, or throw the whole device away. From an environmental perspective, the first solution is much better obviously. But will manufacturers still certify alternative firmware for devices they want to get rid of? I doubt so???",""
286"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240067_en?p_id=380919","F240067","4 March 2019","robin wood","Public authority","Digininja","Micro (1 to 9 employees)","","United Kingdom","As a security researcher and software developer, I often re-purpose existing hardware as part of projects and demonstrations, this legislation would prevent this and so kill research and innovation.
287Some examples:
288Researchers find a vulnerability in a wireless access point which is no longer supported by the manufacturer. Without updates, the AP will forever be vulnerable and so can either remain in use, threatening the security of the user's network, or has to be thrown away and replace. With the right to update the AP, new software can be installed and the device have a much longer lifespan.
289Commercial Software Defined Radios (SDR) used to be expensive (??200+) and so were out of the range of most private researchers. Someone found that a cheap TV dongle (??20) could have new firmware installed which would give most of the functionality of a higher priced unit. This gave home researchers access to areas which they had never had before and spawned loads of new, interesting, security work.
290Many years ago, I worked with the Hak5 Youtube channel to create a new product call the Wifi Pineapple. This started by rewriting the firmware on a certain brand of home AP but is now a bespoke piece of security testing hardware sold to security professionals, including government agencies from many countries. Without the ability to play with the first iteration of devices, the project would have never got started.
291Blocking the right to install new software would do little to deter criminals who, by nature, ignore laws, but would kill off large areas of security research, development and innovation.",""
292"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240065_en?p_id=380919","F240065","4 March 2019","Callum Renwick","EU citizen","","","","United Kingdom","I consider it an important freedom of the user to control what software they wish to use on a home computer system, be that system a desktop or laptop PC, a mobile phone, a router, or a ""smart"" (i.e. Internet of Things) device, and for the user to have no limitations in their choose of software. Being able to change the software installed on a device is necessary to prevent ""vendor lock-in"", whereby a hardware vendor can force customers to use their selected software solution. This prevents, for example, the user installing a preferred software solution, even if the user's chosen software provides functionality, freedom or simply user experience which the user finds preferable to the vendor's choice. And in the event that the user's chosen software is a competitor to the vendor's software - which is extremely likely - the user (under this proposal) would be prevented from installing their chosen software. This gives power beyond what is needful or beneficial to the public to the vendors of hardware.",""
293"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240064_en?p_id=380919","F240064","4 March 2019","Pedro Semeano","EU citizen","","","","Portugal","From what I can understand this initiative will block from having the freedom to choose what software or firmware I can run on my devices. That doesn't make sense to me.",""
294"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240063_en?p_id=380919","F240063","4 March 2019","Daniel WENGELIN","EU citizen","","","","Sweden","I frequently benefit from the efforts of various open source communities to provide improved performance, additional features and well needed innovation in devices including radio transceiver, including Wi-Fi equipment, etc. It is absolutely adamant that this vibrant ecosystem are not hindered or hampered by regulations that force device manufacturers to prevent such device improvements. Modifying my device is also my right and responsibility. Hands off!!",""
295"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240062_en?p_id=380919","F240062","4 March 2019","Christian Kalkhoff","EU citizen","","","","Germany","Die Beschr??nkung des Uploads der Systemsoftware f??r komplette Ger??te zum Schutz vor unsachgem????er Nutzung von Funktechnik, erscheint mir ??berzogen.
296Ich verstehe das Anliegen, dass die sendenden Komponenten nur im gesetzlich vorgegeben Rahmen funken d??rfen sollen.
297Allerdings wird durch die Verhinderung der Nutzung alternativer Software verhindert, dass die Ger??te im Sinne der Nutzenden und damit letztendlich im Sinne der Gemeinschaft verwendet werden kann, z.B. Freie Software, Freifunk, IoT in Forschung und Bildung.
298Es sollte daher besser der Exekutive obliegen, mittels Funkmessungen und Beschwerdewegen unsachgem????e Anwendung von Funktechnik festzustellen und entsprechend zu sanktionieren.
299Zuletzt w??re die Verpflichtung, die Low-Level-Treiber f??r die Steuerung der Komponenten als Freie Software zu ver??ffentlichen und damit die Nutzung ohne ""gef??hrliches"" Reverse-Engineering nutzbar zu machen, aus meiner Sicht ein allgemeiner Gewinn f??r das Anliegen.",""
300"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240061_en?p_id=380919","F240061","4 March 2019","Philippe PORTALIER","Business association","Orgalim, Europe's Technology Industries","Small (10 to 49 employees)","20210641335-88","Belgium","As stressed in the Commission Communication on ???digitising European Industry??? (COM(2016)180), digitalisation has become one of the major drivers of industry???s competitiveness and innovation capacity. This is enabled namely through radio equipment which are increasingly incorporated in technological products such as telecommunication equipment, robotics, automation, laser and sensor technologies, electronics for automotive, security and energy markets.
301In this context, Orgalim is pleased to provide its views on the particular issue of embedded and business software, which may be installed in this equipment and products. Our industry is committed to keeping such products interoperable in the public radio spectrum and safe for all end-users including when further software updates and reconfigurations are applied to the products, under the framework of the Radio Equipment Directive (RED).
302In Orgalim???s view, a one-size-fits-all approach is neither realistic nor feasible. Should a delegated act be considered necessary at all, then it should respect the principles of proportionality and better regulation: Additional administrative burdens need to be carefully examined and should be deemed justified and applicable only to those product categories presenting a risk of non-compliance. The impact of such measures on innovation and competitiveness of new products and applications should be carefully examined.
303Therefore, we deem option ???1??? (industry self-regulation) as the most appropriate policy option under the current RED.
304Orgalim remains at the disposal of the European Commission to provide further details on these initial comments. Furthermore, Orgalim expresses its interest and availability to provide additional explanations and evidence during the next steps of the impact assessment, as well as in the Expert Group on Reconfigurable Radio Systems.
305________________________________________
306 [1] Commission Delegated Regulation on the Application of Article 3 (3) (i) and 4 of Directive 2014/53/EU relating to Reconfigurable Radio Systems ??? Inception impact assessment: ",""
307"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240060_en?p_id=380919","F240060","4 March 2019","Rasmus Thomsen","EU citizen","","","","Germany","Hello there,
308I very much feel like it'd be a bad idea to block the ability to load new, third-party soft-/firmware to one's own device for a multitude of reasons:
309- Opensource software (OSS) is easy to access, free as in freedom and as such reviewable by each individual. This simply isn't possible with proprietary software provided by the hardware vendor and it may very well be possible that this proprietary software does malicious stuff in the background, which can't be inspected by the user due to the software being proprietary.
310- Waste! Opensource firmware tends to receive software updates for _way_ longer, which makes old hardware usable for a _much_ longer period of time. This makes it possible for older hardware to comply with newer standards and have (security related) bugs fixed. Most routers have terribly outdated firmware, which are an inherit security risk not only for the user but for the whole internet. Old, vulnerable routers can be hacked and utilized for massive DDOS attacks, which can take down large parts of the internet.
311- Customization: I can run lots of software on my Opensource OpenWRT router, such as a DNS filtering to automatically block malicious websites in my entire network, which makes my device way more useful. Otherwise I'd have to buy yet another device just for this, which is _completely_ unnecessary. I can also do some rather nice stuff like LED configuration (e.g. blink LEDs on network traffic/change LED color when errors occur), which isn't possible with my hardware vendor's firmware.",""
312"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240059_en?p_id=380919","F240059","4 March 2019","Daniel Moran","EU citizen","","","","United Kingdom","I am sure others will put similar thoughts and opinions in a more eloquent manner.
313 1. I regularly exercise my right to freedom of choice over the software on my devices; opting for open source software. This software respects, and affords me greater control, over my privacy and security.
314 2. Software can have many definitions. Applications are a type of software. The overall operating system. ""Drivers"" which allow the operating system to communicate with the (wireless) hardware. ""Firmware"" which is loaded onto the (wireless) hardware. Drivers and Firmware can both alter settings on the radio chipset. Would you still allow custom Operating systems, without any drivers/firmware, on e.g. WiFi Routers?
315 3. Open source software development is usually much more rapid than commercial development; primarily due to support from end users with technical knowledge. Requirements for certification of software/hardware combinations will necessarily slow this development; and add an unnecessary burden to volunteers (forcing them to abandon the community they support).
316 4. Can you provide evidence that there is a significant threat from widespread malicious, or accidental, modification? In many cases, developers of 3rd party software already self regulate (OPTIONS 0 & 1).
317 5. Support from commercial entities is generally slow, and lack-lustre. Especially in the case of ""obsolete"" hardware. In many cases, such hardware can be given a new lease on life by using 3rd party open source software.
318 6. Taking choice and control away from end users will be detrimental in the long run, as this provides greater incentive for businesses to implement planned obsolescence either for the hardware, software, support, or any combination thereof. (see point 5).
319 7. Strong regulations with no clear benefit will only harm end users who operate within, or close to, the boundaries of intended use. Those who always intended to misuse the equipment will still find a way to do so.
320Without a clear demarcation of what constitutes affected radio devices, or what constitutes the effective measures, option 0 and option 1 are the only sensible choices.
321It may be possible to meet the proposed requirements, in radio chipsets, by requiring the hardware to be designed such that no configuration (e.g. via software registers) produces unintended results. This way, the software and hardware become uncoupled from a certification standpoint, by forcing the software to always operate within known tolerances. HOWEVER, this may be infeasible or costly from the manufacturers standpoint (consult with them on this).
322Ultimately, while regulation is useful; regulation for regulations sake, without considering the unintended consequences (violations of freedoms to privacy, security, and function), will only cause damage (particularly to society).",""
323"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240058_en?p_id=380919","F240058","4 March 2019","Mathieu Audat","EU citizen","","","","France","Regarding the options:
324 Option 0 seems harmless.
325 Option 1 could favours big companies that would regulate in their favours and eliminate smaller actors.
326 Option 2/3/4, if it removes the possibility for people to upload different firmwares (open source for example) with a combination not handled by the manufacturer, should not be chosen.
327Trying to work for more privacy for users is a fantastic job. But we need to balance it with the right of repair, and the possibility for people to apply changes on their devices once the manufacturer don't provide them anymore.
328 These changes could be as simple as security patches and would be more ecologically conscious as less devices would be wasted because their firmwares are obsolete.",""
329"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240057_en?p_id=380919","F240057","4 March 2019","Oscar Asterkrans","EU citizen","","","","Sweden","Please don't! Currently the one that replaces the firmware is responible for conformity. Do not flip this responsibility!",""
330"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240056_en?p_id=380919","F240056","4 March 2019","Stefan Oberd??rfer","EU citizen","","","","Germany","Ein Verbot f??r den Upload von freier Software auf Ger??te w??re ein klarer Schritt in die falsche Richtung und nicht im Sinne der EU. Ein solches Verbot macht es f??r Hersteller betroffener Ger??te einfacher unbemerkt ggf. sch??dliche oder benachteiligende Software auszuliefern.
331In Zeiten, in denen sich per Internet immer mehr interessierte B??rger vernetzen, um quelloffene Software f??r alle zu schaffen, sollte diese Bewegung nicht durch Regulierungen wie diese erschwert werden.
332Au??erdem liefern Hersteller oft nicht lang genug kritische Sicherheitsupdates f??r ihre Ger??te. Wenn diese Regelung Inkrafttreten sollte, k??nnte man die voll funktionsf??higen Ger??te getrost in den M??ll werfen.",""
333"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240055_en?p_id=380919","F240055","4 March 2019","Matthias Fritzsche","EU citizen","","","","Germany","I am part of a Freifunk community and we depend on the possibility to run own software on WiFi devices. We use OpenWrt on the WiFi routers to add more capabilities like running a wireless mesh network.
334As a private person I also use and recommend the free software OpenWrt as most manufacturers support there devices only for a very limited time. I do not want to buy a new devices every two years and with OpenWrt I still can use my 5 years old devices with security support. This is also the case for my smartphone. Thanks to Lineage OS I can still use my smartphone (manufactures in 2012) and have security support. Therefore it is very important to me to be able to run alternative firmware on devices.",""
335"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240054_en?p_id=380919","F240054","4 March 2019","Johannes Truschnigg","EU citizen","","","","Austria","It is absolutely imperative for the possibility of installing Free and Open Source Software Operating Systems developed and maintained by the international community to be retained in the EU.
336Projects like OpenWrt (for many WiFi-enabled routers, access points and other types of network devices) or LineageOS (for mobile phones) are the only viable way for citizens to decouple themselves from those devices' manufacturers' often very short-lived product cycles and artifically induced technical obsolescence.
337Installing the artifacts that these projects create, on devices that consumers have bought and own, also provides an effective defense against critical security flaws that often go unfixed in vendor-supplied firmware images. Given enough market penetration of any particular device, discovering a severe vulnerability in its firmware - which its manufacturer proves unwilling or unable to remedy quickly and effectively - could pose a real risk to the Internet at large. Therefore, preventing device owners from helping themselves by installing third-party software that does not exhibit these fatal flaws - due to having been developed outside of the original manufacturer's monoculture - could realistically prove a very damaging and expensive idea.
338This perspective alone should be enough for the EU to actively seek to foster end user awareness of projects such as OpenWrt and LineageOS, and the important work their communities do as volunteers, for the public good. Great benefits for both IT security and sustainability would follow if more people actively realized and exercised their possiblities in regard to installing custom firmware on those kinds of devices, which is why the freedom to do so must not be compromised.",""
339"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240053_en?p_id=380919","F240053","4 March 2019","Ameya Shenoy","Non-EU citizen","","","","India","- Free Software: To control technology, you have to be able to control the software. This only is possible with Free and Open Source Software. So if you want to have a transparent and trustworthy device, you need to make the software running on it Free Software. But any device affected by Article 3(3)(i) will only allow the installation of software authorised by the manufacturer. It is unlikely that a manufacturer will certify all the available software for your device which suits your needs. Having these gatekeepers with their particular interests will make using Free Software on radio devices hard.
340- Security: Radio equipment like smartphones, routers, or smart home devices are highly sensitive parts of our lives. Unfortunately, many manufacturers sacrifice security for lower costs. For many devices there is better software which protects data and still offers equal or even better functionality. If such manufacturers do not even care for security, will they even allow running other (Free and Open Source) software on their products?
341- Fair competition: If you don???t like a certain product, you can use another one from a different manufacturer. If you don???t find any device suiting your requirements, you can (help) establish a new competitor that e.g. enables user freedom. But Article 3(3)(i) favours huge enterprises as it forces companies to install software barriers and do certification of additional software. For example, a small and medium-sized manufacturer of wifi routers cannot certify all available Free Software operating systems. Also, companies bundling their own software with third-party hardware will have a really hard time. On the other hand, large companies which don???t want users to use any other software than their own will profit from this threshold.
342- Community services: Volunteer initiatives like Freifunk depend on hardware which they can use with their own software for their charity causes. They were able to create innovative solutions with limited resources.
343- Sustainability: No updates available any more for your smartphone or router? From a security perspective, there are only two options: Flash another firmware which still recieves updates, or throw the whole device away. From an environmental perspective, the first solution is much better obviously. But will manufacturers still certify alternative firmware for devices they want to get rid of? I doubt so???",""
344"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240052_en?p_id=380919","F240052","4 March 2019","Ameya Shenoy","Non-EU citizen","","","","India","- Free Software: To control technology, you have to be able to control the software. This only is possible with Free and Open Source Software. So if you want to have a transparent and trustworthy device, you need to make the software running on it Free Software. But any device affected by Article 3(3)(i) will only allow the installation of software authorised by the manufacturer. It is unlikely that a manufacturer will certify all the available software for your device which suits your needs. Having these gatekeepers with their particular interests will make using Free Software on radio devices hard.
345- Security: Radio equipment like smartphones, routers, or smart home devices are highly sensitive parts of our lives. Unfortunately, many manufacturers sacrifice security for lower costs. For many devices there is better software which protects data and still offers equal or even better functionality. If such manufacturers do not even care for security, will they even allow running other (Free and Open Source) software on their products?
346- Fair competition: If you don???t like a certain product, you can use another one from a different manufacturer. If you don???t find any device suiting your requirements, you can (help) establish a new competitor that e.g. enables user freedom. But Article 3(3)(i) favours huge enterprises as it forces companies to install software barriers and do certification of additional software. For example, a small and medium-sized manufacturer of wifi routers cannot certify all available Free Software operating systems. Also, companies bundling their own software with third-party hardware will have a really hard time. On the other hand, large companies which don???t want users to use any other software than their own will profit from this threshold.
347- Community services: Volunteer initiatives like Freifunk depend on hardware which they can use with their own software for their charity causes. They were able to create innovative solutions with limited resources.
348- Sustainability: No updates available any more for your smartphone or router? From a security perspective, there are only two options: Flash another firmware which still recieves updates, or throw the whole device away. From an environmental perspective, the first solution is much better obviously. But will manufacturers still certify alternative firmware for devices they want to get rid of? I doubt so???",""
349"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240051_en?p_id=380919","F240051","4 March 2019","Sebastian Nielsen","EU citizen","","","","Sweden","I think this must be applied in a fair way, and no exception should be made for example PCs and similiar devices.
350Today its possible for a motherboard manufacturer to ""lock"" its ""secure boot"" configuration, only allowing Windows 10 or the signed Ubuntu kernel to be installed. This means that motherboard manufacturers that have a embedded Wireless Capability, should be required to lock its boot configuration to Windows 10 or Signed Ubuntu if the configuration of the wireless transmitter can be changed from software inside the operating system such as so it would violate wireless single market rules.
351This shouldn't be applied to devices where the configuration (transmit Power and frequency) cannot be changed from the firmware or operating system, or systems where the wireless device is supplied as a mPCIe card or other addon capability.
352For wireless devices where the restrictions on the transmit Power and frequency, can be restricted in other ways, for example by having a sub-firmware for the wireless transmitter or where the capabilities of the transmitter is locked in hardware, it should be allowed to reflash custom firmware provided that the sub-firmware is not modified or have a valid compliciance digital signature.
353Many wireless devices, including routers, today don't have a built-in transmitter, but instead uses a pre-certified mPCIe card with the actual wireless transmitter. As long as the mPCIe card firmware is not modified, it should be permitted to flash custom firmware/software in the device (router, PC or whatever).
354Rooting, jailbreaking or flashing custom software inside mobile phones or tablets or other portable media devices should Always be prohibited, as these don't only violate the wireless radio rules, but also allows the end user to bypass copy restrictions (for example FLAG_SECURE in Android that prevents you from screenshotting or recording a rental Movie) why mobile phones should Always be required to run official firmware.",""
355"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240050_en?p_id=380919","F240050","4 March 2019","Sebastiano BERTANI","Company/business organisation","Tanaza S.p.A.","Small (10 to 49 employees)","047303434157-61","Italy","We strongly advise against blocking the possibility to load new and third-party software (including firmware) on hardware devices manufactured by any vendor.
356That would have serious implications from multiple stand-points:
3571) innovation: large companies building hw/sw do not have all incentives that small companies and startups have. Blocking startups would block innovation.
3582) security: many devices installed and operated in the field are not supported anymore by vendors from the SW standpoint. If a new security breach is discovered, only third party software can fix the issue.
3593) environment: third-party software extend the life of hardware, for example fixing security issues (see item 2) and also improving performance. If this is blocked, more hardware would become a waste.
3604) allocative efficiency: third party software can be the key to bring performance, features, and services where not possible according to the pricing of the sw/hw vendor, minimizing capex and opex. If this is blocked, large incumbents would be able to leverage their market power to extract more margins thanks to overpriced sw/hw combinations and no one could fight for a more democratic approach that has the interest of consumers at the hearth.
361Forcing hw/sw certification per each software combination may not be the right answer, as it would also be non-sustainable for hw/sw vendors. For example, established incumbents may find it too expensive to improve the products every month, and would end up having one software upgrade per year instead, dramatically damaging all users.
362In order to ensure that emissions are under control, a good trade-off may be reached with a-posteriori controls, with continuous monitoring of the environment, in a way that only effective breaches would generate a response and enforcement.
363Having all the responsibility on the products only may not be the answer too, but if that's the path to follow, then hw/chipset vendors may be forced to store the max power and radio behavior settings at the hardware level, or anyway where cannot be modified by software.
364We hope that the EC will adopt an approach that can take in considerations all aspects.
365Attached, please find a study about the advantages of open networking and sw/hw disaggregation.
366Best regards
367 Sebastiano Bertani
368 CEO at Tanaza S.p.A.
369Disclosure: Tanaza S.p.A. developed TanazaOS, an Operational System to fully disaggregate Wi-Fi software and hardware, minimizing CAPEX and OPEX in Wi-Fi deployments to make it more affordable, ultimately connecting everyone and fighting the digital divide. Tanaza is a member of the Open Compute Project initiative (
370) and Telecom Infra Project initiative (
371), which leverage sw/hw disaggregation, open networking and open source principles in order to make connectivity and internet more democratic and affordable for everyone.","https://ec.europa.eu/info/law/better-regulation/feedback/240050/attachment/090166e5c21737bf_en"
372"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240049_en?p_id=380919","F240049","4 March 2019","Artur Kink","EU citizen","","","","Estonia","I am advocating you consider Option 0.
373I do not wish my rights to install the software of my choice, on devices owned by me, to be impeded. Both modern cell phones and routers have their support sunset much earlier than the functional lifetime of the device. This leaves these devices open to critical security vulnerabilities. Users are left with the only option to maintain their security: installing open source alternatives.
374I believe any Option that you consider which would impede the user's ability to install software alternatives would lead to security threats.",""
375"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240048_en?p_id=380919","F240048","4 March 2019","Cosmin Drimba","EU citizen","","","","Romania","We need to retain our freedom of installing open source software on hardware we own in order to have control of our data and prolong the life of devices no longer supported by their manufacturers. In the digital age this is an essential freedom that must be promoted and encouraged. Open source software can easily be analysed for compliance with standards since the source code is available for anybody.",""
376"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240047_en?p_id=380919","F240047","4 March 2019","Johannes Hostert","EU citizen","","","","Germany","This initiative sets a dangerous precedent by denying consumers the right to use electronic devices they bought in a way they see fit.
377 Radio devices like WiFi routers or cell phones are a core part of the infrastructure underlying the internet. They transmit sensitive data. By denying users the right to run own software on them, they are forced to use the software the manufacturer originally installed. Said original firmware may contain bugs or backdoors that make it unsafe or dangerous to use. Often times, these bugs or backdoors remain hidden because the source code of the firmware is kept secret. Also, the software often times is not updated or not updated fast enough to mitigate bugs or other security-relevant exploits, leaving their users vulnerable.
378There currently are multiple alternative firmwares for all kinds of devices containing radios. These are often safer than what manufacturers provide and also, crucially allow users and security researchers to verify that they do not contain backdoors or other bugs. This initiative would make it illegal to use these firmwares in certain cases, undermining huge parts of the infrastructure on which the safety and functionality of the internet it based.
379For example, in 2016 a bug in routers mainly used by the Deutsche Telekom ISP caused them to become nonfunctional. The cost of providing customer service and diagnosis alone was 2 Million ??? according to the Deutsche Telekom.
380 When researchers later tried to find out what went wrong (while being hampered by the fact that the firmware currently running on these chips is obfuscated), they discovered multiple other bugs that could have been used to silently infect the routers with malware, allowing attackers to sniff on the private data on users or use the device to conduct other cyber crime.
381This proposed regulation would make it harder to analyze and prevent such attacks by hampering security researchers' and users' ability to defend against them by running alternative software on them, or analyze the software running on such devices.",""
382"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240046_en?p_id=380919","F240046","4 March 2019","Jiri Dluhos","EU citizen","","","","Czechia","Although this proposal is clearly well intentioned, as a relatively experienced software engineer (and, possibly more important, as a quality assurance engineer) I see significant risks that are not apparent on first sight.
383 First: it places extra burden on device vendors who are now forced not only to make their firmware bug-free to ensure proper functionality of the device, but also to protect it from tampering (or facing penalties). This is a complex and difficult task, and one that is not the area of expertise of the vendor. This will lead to purchasing pre-developed solutions from third parties - more reliable in average, but a widespread use will cause any bug in this part have an epidemic impact, bringing a real risk not only for radio safety but to network security in overall.
384 Second: the market with wireless devices is a highly fluid and price-sensitive one, where vendors to produce new devices in fast tempo. Ensuring proper updates for older devices is a challenge not all vendors face well. It became a tradition for experienced users to share fixes to existing problems, which gives the devices better functionality and longer effective life, which is an advantage both for overall safety and for ecology, as less resources are wasted building devices where existing ones still suffice. Blocking this way of keeping old devices in good shape is a security danger, waste of resources, and also - and I'd say the most serious problem - a step towards society where objects of daily use cannot be repaired, a trap well known from USA where citizens now fight a difficult struggle for plain keeping tools they legally bought and paid for operational.
385 Third, possibly the most important one: So far, citizens - often young ones - that have appropriate knowledge are allowed to modify the electronics they legally own, for various innovative and sometimes unique purposes - be it improving the properties of the device, discovering new roles for the device at home or business, or just practically learning how things work. This is an important part of an innovative society we are rightly proud of. This proposal goes against this spirit, sending signal to the people that innovation, learning and tinkering is not welcome and only the major players, safely hid behind corporate walls and NDAs, have the right to steer the technology. This is a direction nobody wants to go, as it is a route to technological obsoletion - and also a diminished freedom, as we are effectively teaching citizens that curiousness and analytic thinking are not allowed.",""
386"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240045_en?p_id=380919","F240045","4 March 2019","Klaus Lichtenwalder","EU citizen","","","","Germany","Please reconsider your possible decision regarding the prohibition of custom (free) software on radio devices:
387 - open source software can be reviewed for functionality, security lapses and backdoors
388 - open source is often of high quality (arguably more than many commercial software), also, in many devices it cannot mess with the radio devices and thus it's impossible to cause interference or disturbances
389 - open source software (see LineageOS, WRT Router Software, pfSense and so on) is longer maintained, often speedier when fixing security bugs and more customer friendly. This also has a direct effect on ecology and sustainability, as I can use hardware (with precious raw material) longer and don't have to replace it every, say, 2 years
390 - organisations can create an eco system with hardware, where specialized open source software is used (""Freifunker"" as an example)
391 - People are free from vendor lock in and can choose the hardware that fits best
392So, please don't effectively prohibit open source, or alternative operating systems, for radio devices, as this would be very detrimental for free usage of hardware.",""
393"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240044_en?p_id=380919","F240044","4 March 2019","Odysseas Samaras","EU citizen","","","","Greece","I'm against this article due to the disadvantages I see listed below:
394Free Software: To control technology, you have to be able to control the software. This only is possible with Free and Open Source Software. So if you want to have a transparent and trustworthy device, you need to make the software running on it Free Software. But any device affected by Article 3(3)(i) will only allow the installation of software authorised by the manufacturer. It is unlikely that a manufacturer will certify all the available software for your device which suits your needs. Having these gatekeepers with their particular interests will make using Free Software on radio devices hard.
395 Security: Radio equipment like smartphones, routers, or smart home devices are highly sensitive parts of our lives. Unfortunately, many manufacturers sacrifice security for lower costs. For many devices there is better software which protects data and still offers equal or even better functionality. If such manufacturers do not even care for security, will they even allow running other (Free and Open Source) software on their products?
396 Fair competition: If you don???t like a certain product, you can use another one from a different manufacturer. If you don???t find any device suiting your requirements, you can (help) establish a new competitor that e.g. enables user freedom. But Article 3(3)(i) favours huge enterprises as it forces companies to install software barriers and do certification of additional software. For example, a small and medium-sized manufacturer of wifi routers cannot certify all available Free Software operating systems. Also, companies bundling their own software with third-party hardware will have a really hard time. On the other hand, large companies which don???t want users to use any other software than their own will profit from this threshold.
397 Community services: Volunteer initiatives like Freifunk depend on hardware which they can use with their own software for their charity causes. They were able to create innovative solutions with limited resources.
398 Sustainability: No updates available any more for your smartphone or router? From a security perspective, there are only two options: Flash another firmware which still recieves updates, or throw the whole device away. From an environmental perspective, the first solution is much better obviously. But will manufacturers still certify alternative firmware for devices they want to get rid of? I doubt so???",""
399"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240043_en?p_id=380919","F240043","4 March 2019","Krzysztof Janeczek","EU citizen","","","","Poland","Urz??dzenia z kt??rych korzystamy codziennie czyli nasze smartfony te?? s?? urz??dzeniami radiowymi. Nie wyobra??am sobie ??ycia w europie kt??ra za mnie wybiera oprogramowanie z kt??rego korzystam oraz uniemo??liwia zmiana tego oprogramowania (systemu operacyjnego). By??o by kontrolowanie ludzi w sferach ??ycia w kt??rych nie powinno si??/nie wolno kontrolowa?? ludzi. Nie wolno sterowa?? ich wyborami poprzez uniemo??liwienie im wyboru innych system??w poprzez ich blokad??. Bo jak inaczej nazwa?? sytuacj?? w kt??rej nie mog?? wybra?? jaki system/jaka odmiana systemu b??dzie dzia??a?? na moim telefonie.
400Je??li kupuj?? komputer to mog?? wybra?? mi??dzy r????nymi systemami operacyjnymi to dlaczego taki wyb??r nie mia?? by istnie?? na platformie urz??dze?? przeno??nych? Dlaczego pr??bujecie mi odebra?? wolno???? wyboru mi??dzy systemem od OEM a czystym systemem Android Open Source Project lub innym systemem zmodyfikowanym dla lepszego dzia??ania. Je??li chc?? mie?? system na telefonie bez dodatk??w Google to mog?? sobie taki zbudowa?? korzysta?? tylko z Open Sourcowych rozwi??za??. Niestety je??li ta regulacja wejdzie w ??ycie ograniczy ona moje prawa. Pytam si?? dlaczego? Dlaczego Parlament Europejski pragnie ograniczy?? mnie tylko do takich system??w kt??re im pasuj??.
401Dlaczego pr??buje ograniczy?? ludzi do sytemu od OEM kt??ry nie zawsze jest otwarto ??r??d??owy co wi????e si?? z faktem ??e mog?? si?? nigdy nie dowiedzie?? co jest w kodzie systemu na kt??rym dzia??am. Nie sprawdz?? co jest wysy??ane do producenta. Ale mog?? sflashowa?? sobie Open sourcowe oprogramowanie i b??d?? wiedzia?? co tam jest. Na routerze mog?? mie?? Open-wrt na telefonie AOSP a Parlament Europejski chce mi to uniemo??liwi??.
402W imi?? czego? Z??udnego wra??enia bezpiecze??stwa? Wi??kszej kontroli nad obywatelem?",""
403"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240042_en?p_id=380919","F240042","4 March 2019","Michael Villeneuve","EU citizen","","","","Netherlands","I am extremely worried about the potential impact of this legislation. From my viewpoint, this legislation may have the following consequences:
4041. Security issues can no longer be fixed by users, making any router or radio device no longer or not well supported by the manufacturer obsolete. This can lead to unnecessary waste or leave many users not willing or wealthy enough to upgrade vulnerable.
405 2. Privacy can no longer be guaranteed by users. Nowadays RRS devices are often users' primary means of communication, either through phone networks or the internet. Restrictions on RRS software would mean users can no longer make sure that a malicious manufacturer is not monitoring their activity and/or messages. Furthermore, users would be unable to disable KNOWN unwanted privacy intrusions on their RRS devices.
406 3. Freedom of all people using these RRS devices would be impacted. Should I want to bring my RRS devices with me to a different legislation, that may not be possible if reconfiguration is restricted. Additionally, a malicious manufacturer could abuse this legislation to reduce interoperability or functionality of their devices intentionally as to require additional purchases of (software) upgrades. Users should have the power to upgrade their own devices if they have the skills to do so, and be protected by the EU from products that are defective or malicious by design.
407All policy options greater than baseline option 0 would greatly shift the balance of power over personal communications equipment, even owned and operated solely by an individual, to the initial manufacturer of the device. This is in addition to the downsides mentioned above. The paragraph under ""Likely impacts on fundamental rights"" is fundamentally false and misguided. If users are able to inspect and determine how their communications devices function, they can protect themselves from malicious actors. How could it be possible, let alone likely, that removing that ability protects users' information-related rights.
408However, worst of all, policy options 2 through 4 also force well-meaning manufacturers of RRS devices to produce inferior products. If a manufacturer wishes to sell a secure RRS product that respects user freedom, they would be prevented from doing so. This is particularly damning for SME manufacturers, who may not have the resources to fix every security issue or software bug in a short time. They now cannot allow a community of owners to assist the manufacturer or each other in adding functionality or fixing (critical security) bugs. Even in the case that the manufacturer goes out of business or is no longer be able to support a specific product, the software would still be locked down.
409The proposed policy options are harmful to users of RRS devices, the open-source community, the sustainability of RRS electronics, and the industry as a whole. The only possible beneficiaries are large RRS manufacturers, which will have legal reason to make users of their products dependant on their (paid) services in perpetuity. Or more likely, prevent owners from upgrading their products themselves to force new purchases.
410My own research shows not a single example of the problem that this regulation aims to tackle. Neither does the ""Problem the initiative aims to tackle"" section in the initiative document. It does not cite any sources or provide credible basis that there is a problem to be solved.",""
411"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240041_en?p_id=380919","F240041","4 March 2019","Mihai Samoila","EU citizen","","","","Romania","We need to retain our freedom of installing open source software on hardware we own in order to have control of our data and prolong the life of devices no longer supported by their manufacturers. In the digital age this is an essential freedom that must be promoted and encouraged. Open source software can easily be analysed for compliance with standards since the source code is available for anybody.
412 Option 0, baseline, must be the selected to retain the right to update, repair and extend the life of consumer grade radio devices.",""
413"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240040_en?p_id=380919","F240040","4 March 2019","Miroslav Svoboda","Company/business organisation","Miroslav Svoboda","Micro (1 to 9 employees)","","Czechia","Article 3(3)(i) is endangering European society, because it is limiting more than necessarily our rights in following areas:
414 1. Right to keep our devices secure
415 The device manufacturers often provide worse than industry available level of security. Overwhelming majority of software for radio equipment devices are based on Linux kernel nowadays. While the kernel is updated regularly and frequently, many vendors fail to provide updates at all or they provide them infrequently, with large delays or for too short period of time, compared to device lifetime. Article 3(3)(i) would limit an ability of end users to install newer, safer versions of Linux kernel. As the Linux kernel is freely available to everyone, backed by some of the biggest software and hardware vendors in the world, limitation imposed by Article 3(3)(i) is not just theoretical, but real issue.
4162. Right to repair our devices
417 While USA recently made good progress in granting right to repair to end users, Article 3(3)(i) would limit the right. Devices are often broken due to a software bug and limitation imposed by Article 3(3)(i) would mean such devices could not be repaired and must be dumped to trash. It has environmental and economical consequences. Firstly, it will further increase pollution of planet Earth. Secondly, almost no devices are manufactured in EU, so EU end users will have to spend additional money to import devices into EU and add on side of a EU trade deficit, while repair could be conducted by a skilled EU personnel and thus keep economical activity within EU.
418I am sure that benefits of the proposed Article 3(3)(i) are significantly smaller than harm it could cause.",""
419"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240039_en?p_id=380919","F240039","4 March 2019","Mandy Schoep","EU citizen","","","","Belgium","Unfortunately I have no confidence in this proposal. Because of many reasons.
420- I can't trust close sourced software because I have no idea what is happening behind the scenes (is it phoning home?)
421- Often software on routers and such is poorly maintained by vendors (source 1 and 2)
422- This will prevent Purism as a company from being active in the EU (they strive to use all open source software and firmware for laptop's and phones for privacy, security and freedom reasons) (source 3)
423- It starts with routers, smartphones etc. But if this act is approved, chances are it will be expanded to laptops and other devices which also have radio chips. Which means Linux, BSD and other open source operating systems are at risk or can only use poorly maintained closed source drivers, if any provided at all by the vendor.
424No, we cannot have this all locked down and controlled by the EU. This could be abused by letting the vendors of routers, smartphones and such to add backdoors to the software, which in turn can be hardly detected because of the closed source nature. (source 4, list of open source wireless drivers)
425I would like to have the freedom to do what I want with the hardware I have, and if that is installing a third party operating system, which is better secured and is updated frequently, on my router, I should be able to do this legally. (source 5)
4261)
427 2)
428 3)
429 4)
430 5) ",""
431"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240038_en?p_id=380919","F240038","4 March 2019","Lo??s Poujade","EU citizen","","","","France","D'autres l'exprime s??rement beaucoup mieux que moi, mais je tenais ?? exprimer mon d??saccord sur le fait d'empecher les acheteurs de poss??der compl??tement leur mat??riel.
432Je donnerais quand m??me un argument : depuis pas si longtemps que je suis dans le monde de l'informatique/??lectronique, j'ai remarqu?? que bien souvent, les solutions communautaires (donc, ?? installer apr??s achat d'un appareil) sont bien plus s??curis??s que les solutions fournis par les vendeurs. Vous allez cr??er un gros trous de s??curit??, oui, dans vos locaux aussi ???",""
433"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240037_en?p_id=380919","F240037","4 March 2019","Emil Karlson","EU citizen","","","","Finland","In my opinion it would be important to not pass regulations that would endanger many community efforts providing software for and related to radio equipment like, but not limited to high profile projects like lineageOS and openwrt.
434These community efforts allow EU citizens to protect their privacy from preinstalled spyware and adware extend lifetime beyond vendor software support end of life. Both goals privacy and right to repair should be considered relevant values for the Union.
435Also based on what I have seen comprehensive study should at least be conducted on the levels that phone and router vendors are willing and capable to protect the privacy and security of EU citizens and provide long term high quality software update support. I personally have been disappointed.
436Please let us protect our privacy
437 Emil Karlson",""
438"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240036_en?p_id=380919","F240036","4 March 2019","Michael Vogel","EU citizen","","","","Germany","To whom it may concern,
439After reading the Inception Impact Assessment and Radio
440 Equipment Directive 2014/53/EU, I too would like to have my voice heard.
441Firstly, the directive is vague and very broad and would regulate laptops, wifi chips, radio, phones, etc.
442Secondly Article 3 (i) will (inadvertently or not) attempt to hinder loading new software onto devices no longer owned by manufacturers. This is an invasion in the freedom of the buyer to modify devices they own. Not only has history shown that it is impossible to completely hinder this, but it will introduce monopolies and most likely even attack vectors.
443 A great example is DRM. The solution is proprietary, has already been broken multiple times, introduces binaries from manufacturers that can contain malicious extras or that even simply introduce bugs that compromise the whole system.
444 Finally, the situation remains unclear on what will happen when the manufacturer goes out of business and the devices stay on the market. Even if the manufacturer doesn't go out of business, there's no guarantee that security holes will be patched in a timely manner or even at all. This would work against the goals of the directive.
445Please, consult security experts and technological experts in the field before writing such directives. You might harm your citizens and your businesses more than you know.
446Best regards",""
447"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240035_en?p_id=380919","F240035","4 March 2019","Harald Welte","Non-governmental organisation (NGO)","Osmocom.org","Small (10 to 49 employees)","","Germany","The Osmocom (Open Source Mobile Communications) project is a non-for-profit project developing a variety of mobile communications systems as open source software.
448In many areas of the IT Industry, Free/Open Source Software has been hugely successful since the 1990ies. At Osmocom, we are trying to bring the widely-acknowledged benefits of Free/Open Source Software (FOSS) into an area that's traditionally very closed: Cellular Communications.
449Before Osmocom and some of its member projects (OpenBSC, OsmoBTS, OsmocomBB, ...) were started around a decade ago, it was close to impossible for anyone to operate a small cellular network for research or development use. Only very few universities were able to obtain the related (very expensive) equipment from the equipment vendors to actually work with cellular communications infrastructure, rather than just teaching theory classes on it.
450The cost, size and complexity of the related minimal equipment to operate a cellular network was so prohibitive that virtually nobody from the IT security community could perform security research on cellular technology.
451After Osmocom released its various implementations, this changed. Academic, commercial, individual and non-commercial research entities could finally perform the kind of security research on cellular technology which so far they could only perform on Internet-type technologies like Ethernet/TCP/IP/WiFi/HTTP. Said research was only possible because FOSS implementations of the related cellular stanards existed - because such implementations allow any type of modification, whcih is essential in order to investigate and show flaws in other implementations and discover security issues.
452Any requirement to mandate manufacturers to lock down reconfigurable radio systems would set us back something like one or two decades in terms of IT security research on radio systems. Related provisions in the RED directive are very dangerous.
453Related manufacturers of reconfigurable radio equipment often have absolutely no interest in anyone performing security research on their devices/systems. So if they were *mandated* to lock down their devices and run only authorized software, they would have no incentive at all of ever permitting any modified software on their devices, and therefore deprive the IT security community from ever performing any related research and development.
454I therefore request you on behalf of the wider Open Source and Telecom Security community to refrain from enacting any delegated acts that would require the lock-down of reconfigurable radio devices. It would create a severe competitive disadvantage for anyone operating in the EU. All related research and development would subsequently have to happen outside of the EU, built by non-EU manufacturers.",""
455"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240034_en?p_id=380919","F240034","4 March 2019","Jeroen Bollen","EU citizen","","","","Belgium","Article 3(3) would completely destroy any free and open software available for radio equipment. This is a breach of people's individual rights. Bad actors will still be able to hack their way around the barriers, yet good-faith actors will be severely penalised.
456This article has to be changed so users can load their own software on radio equipment.",""
457"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240033_en?p_id=380919","F240033","4 March 2019","Paul DOCHERTY","EU citizen","","","","Ireland","The current form of this proposal assumes that device provides both
458 - support the security and functionality of the device for a reasonable expectation of its lifespan.
459 - do not actively diminish functionality so as to drive new device sales.
460Neither is currently true. Expensive mobile devices are launched with fanfare and abandoned support-wise the day afterwards. Thankfully, dedicated communities exist to fill this gap.
461This proposal need much more nuance to all proper community support of devices, whilst preventing abuse of radio frequencies.",""
462"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240032_en?p_id=380919","F240032","4 March 2019","Hans-Peter Lehmann","EU citizen","","","","Germany","The smartphones we all are using are radio devices. This directive therefore forces phone manufacturers to prevent installing custom operating systems on their phones. I see a problem with this effect.
463Manufacturers only support phones for about 1-2 years. After this time, the phones no longer receive updates and more and more apps get incompatible. Additionally, the phones no longer receive security updates. This makes it necessary to buy a new phone every few years. Users notice that their phones get slower over time - in many cases this is a software problem, not a hardware problem. Replacing hardware that is totally fine, just because the software is aged, is not environmentally friendly.
464Today, it is possible to install a custom operating system on Android phones to still receive security updates. Therefore, the phones can be used significantly longer than the manufacturer support period. I believe in using technology for a long time instead of throwing the devices away and buying a new one. A phone from 2012 with a custom operating system from 2019 still works like a charm. It has all features that a new phone has and it is nearly as fast.
465By forcing device manufacturers to prevent installing custom software, using a phone for such a long time is no longer possible. Most custom operating systems are developed by free-time developers from various countries, who can not be certified by the device manufacturer. Because the manufacturer wants to sell new phones, it will likely not certify custom operating systems at all.
466If this directive is applied to phones, users have to buy new phones more often. They get dependent on software updates by the manufacturers located outside the EU.",""
467"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240031_en?p_id=380919","F240031","4 March 2019","Manuel D'Orso","EU citizen","","","","Italy","I am against this initiative. Its passing would mean less or no Free and Open Source Software available for a large series of devices, including routers, access points and smartphones.
468 Manufacturers often sacrifice security for lower costs and proprietary software is often not enough or not indipendently tested or testable against vulnerabilities and undocumented functionalities, posing network security and data privacy issues.
469 Also manufacturers tend to shorten the lifecycle of devices or plan the obsolescence of them in advance.
470 Custom or community supported hardware leads to increased lifespan of a single device with ecological and economical sustainability benefits.",""
471"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240030_en?p_id=380919","F240030","4 March 2019","Max Mehl","Non-governmental organisation (NGO)","Free Software Foundation Europe e.V.","Small (10 to 49 employees)","33882407107-76","Germany","The Free Software Foundation Europe (FSFE) would like to thank the European Commission for asking for public feedback. Since 2011, the FSFE has been working to protect and enhance freedoms of technology users in Europe. Therefore, we are pleased to provide our expertise for the matter of Article 3(3)(i).
472The provided Inception Impact Assessment fails to address some issues that a Delegated Act for Article 3(3)(i) with a broad definition of classes of devices and the proposed regulatory options 2, 3, and 4 would cause:
4731. Free and Open Source Software (FOSS) will be hampered. Free Software is innovative and efficient because communities, start-ups and mature companies can build upon previous work. It naturally breaks monopolies and fosters a climate of collaboration and fair competition. Options 2, 3 and 4 proposed in the Inception Impact Assessment would void these principles because of 2 reasons:
474 a. In a Legal Study on the potential ramifications of the Radio Equipment Directive on Free and Open Source Software, its author Dr. Till Jaeger found that ""widely used Free and Open Source Software programs as GNU/Linux, GNU C Library and Samba will not be able to be used in products which are falling into the scope of Art. 3(3)(i) RED if the delegated acts of the European Commission do not provide for a limitation. Otherwise, the manufacturer would risk a copyright infringement since any violation of the license conditions of the GPL and LGPL results in an automatic termination of the rights granted"". This would affect at least several hundred millions of devices. Please find the full study enclosed in Annex I of the attached document.
475 b. FOSS allows for modifying and distributing software initially created by a third party. This freedom leads to a variety of solutions for a certain problem and enables users and buyers to select the most suitable product or customise an existing one. With the proposed Options 2, 3 and 4, manufacturers would have to prevent the installation of unauthorised software. It is unrealistic that they will be able to assess all available software for a certain product which in turn hampers the innovative approach that FOSS offers.
4762. Fair competition will be harmed. Option 2, 3 and 4 would make manufacturers gatekeepers to accessing software on their devices. This would destroy the foundation of many companies who specialised on creating software for third-party hardware. For example providers of equipment for public WiFi networks or high-security smartphones which offer a more stable, efficient and secure performance than the stock software. With the said options, manufacturers may abuse their new responsibility to fence off their devices against competitors. This would benefit monopolies and harm SMEs who cannot afford costly certifications or building own hardware.
4773. Disadvantages for IT security. Opposed to what the Inception Impact Assessment has foreseen as likely social impacts, we expect large disadvantages for security and safety of users and businesses in the digital society and economy with options 2, 3, and 4. Radio equipment like smartphones, routers, or smart home devices are highly sensitive parts of our society. Still, many manufacturers sacrifice security for lower costs. For a broad range of devices, there is better software which protects data and still offers equal or even better functionality. Limiting the amount of software that can be loaded onto radio equipment will not increase, but decrease IT security. This especially applies when manufacturers stop providing updates for their devices.
478Because of these and other disadvantages, the FSFE firmly recommends to follow ""Option 0, baseline scenario"" or ""Option 1, industry self-regulation"". This will protect Free Software, fair competition and IT security on radio equipment. On the other hand, it will still allow executive bodies to interfere if non-compliant devices are harming applicable radio regulations.","https://ec.europa.eu/info/law/better-regulation/feedback/240030/attachment/090166e5c217132f_en"
479"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240029_en?p_id=380919","F240029","4 March 2019","Harald Welte","Company/business organisation","sysmocom - s.f.m.c. GmbH","Small (10 to 49 employees)","","Germany","sysmocom - s.f.m.c. GmbH is a German SME. Our core business area is the development of protocol stacks and other software implementing network elements of cellular infrastructure. This includes software ran on cellular base stations (BTS) and up into the cellular core network. We implement [parts of] a variety of ETSI and 3GPP systems with a big focus on GSM/GRPS/EGRPS/UMTS, but also e.g. the ETSI TETRA and GMR-1 systems.
480All our software developments are released exclusively under Free/Open Source Software (FOSS) terms. It is a fundamental aspect of our business strategy. The fact that our entire software stack is publicly available has made our products a very interesting option for anyone performing research into cellular networks. Our users and customers include universities and other academic institutions world wide, but also private/commercial research labs, individual researchers, as well as the IT security industry.
481It is extremely important that our users are able to modify the software we have developed, as without said modification they could not perform their respective research.
482Our customers also include commercial cellular operators. As a SME we cannot compete with the large players in the field but we have to target niche markets, such as e.g. maritime GSM. Our products can be fully modified to specifically target the needs of those target markets.
483Any activation of a RED delegated act covering cellular base station or mobile telephone hardware would be immediately constraining the ability of our European users. In fact, it is very likely that we would be forced to discontinue selling our products to the European Market altogether. Our products would the only be available *outside* the EU.
484So Any Option 2, 3 or 4 outlined in the ""Objectives"" would not only endanger a large part of our market and business, but also constrain the access of EU entities to get access to [sysmocom and other] reconfigurable radio systems.
485We foresee negative impact not only on the European market economically, but also in terms of innovation: Without access to freely reconfigurable radio hardware, academic, commercial and individual users are deprived from any option to innovate in this space. We also see negative impact in terms of IT security of [reconfigurable] radio
486 systems.
487The liability for operating non-conformant devices that are modified in any way should remain with the person who performs said modification. The above rule has always applied for physical modifications to radio equipment, and it should continue to apply to software modifications.
488As a European High-Tech SME we therefore strongly urge you to adopt ""Option 0"" and stay without any delegated acts pursuant Article 4 or Article 3(3)(i).
489Harald Welte, founder and CEO of sysmocom GmbH, Berlin, Germany",""
490"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240027_en?p_id=380919","F240027","4 March 2019","Lorenzo Lucchini","EU citizen","","","","Italy","Article 3(3)(i) deeply upsets me. I understand the goal is to only lock software present on the actual radio-related parts of equipment, but the wording, as well as practical implementation concerns, will create unacceptable barriers to user installation of alternative software on devices.
491This, in turn, runs counter to
492 - ""right to repair"" sentiments, by making devices obsolete as soon as producers stop releasing certified updates;
493 - ""free and open source software"" sentiments, by limiting installable software to manufacturer-approved items;
494 - data privacy and security, since by limiting the above, users will face a choice between replacing their equipment overly often, and using obsoleted software that will not guarantee the security and privacy of their networks.
495These sentiments are very important to me, and I understand that the European Union also endorses them. For these reasons, this article should be squarely rejected.",""
496"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240026_en?p_id=380919","F240026","4 March 2019","Carl Schwan","EU citizen","","","","Germany","I think Article 3(3)(i) it's a bad idea, because hardware manufacturer don't update after a few years, so without any security update. This is dangerous because a vulnerable router, expose the entire home network. And not being able to fix it legally, would mean that we need buy new equipment every time your router es being hacked.",""
497"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240025_en?p_id=380919","F240025","4 March 2019","Matthieu De Beule","EU citizen","","","","Belgium","The general aim of this initiative seems good and I applaud the EU bodies for working on a unified regulatory front regarding radio spectra, and protection of health and safety. I am however concerned about some particular aspects of this text, mainly Article 3(3)(i).
498 It is absolutely necessary for me to be able to install software on devices that I own, without the manufacturer limiting my ability to do so. For example on my phone I don't want Google to control every aspect of my life, so I install a custom operating system (LineageOS). On my router at home I want to be able to be sure my privacy is respected and the latest security patches applied, without having to buy a new device and throw away a perfectly good device every other year because the manufacturer doesn't support it anymore. I also don't want to run proprietary software if there are Free and Open Source alternatives, because I believe proprietary software is an injustice and is incompatible with privacy and security by its very nature.
499The EU has taken steps against waste before, and has strict interoperability requirements to limit technological dependence on any one giant (probably American) corporation. To maintain those objectives in mind, I believe Article 3(3)(i) must be severely limited or scrapped so that EU citizens can maintain control over their own devices, and so that e-waste can be limited.",""
500"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240024_en?p_id=380919","F240024","4 March 2019","Th??o Takla","EU citizen","","","","France","I believe Article 3(3)(i) will not have the expected impacts listed in the Inception Impact Assessment, and that it will cause more problems than it will solve. Option 0 or 1will mitigate these problems, whereas strong control over compliance of software will lead to the following problems.
501It will prevent individuals from using alternative Free Software, which leads to:
502 - Shorter device longevity: with alternative software, such as OpenWrt, if the manufacturer's software cannot be updated, the hardware is not lost: this can be used to fight against obsolescence, and can revive a device (if the company that provides the software is bankrupt, or does not exist anymore)
503 - This decrease in longevity will have ecological impacts
504 - It will also prevent any uses of these devices for education or development, which would be a severe obstacle
505 - Decreased security: by blocking completely the upload of custom software, it will indeed fix security issues, however this brute force approach will lead to other security problems, as free software is usually more responsive to security faults, and if the device cannot be updated anymore for the reasons mentioned above the device could become a permanent security hole.
506I therefore believe that in order to mitigate these consequences, it would be wise to adopt option 0 or 1, or even better to create different categories for this type of equipment: critical equipment (such as the example used in the Inception Impact Assessment of emergency equipment) that will follow 3(3)(i), and other equipment where there would be more freedom.",""
507"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240023_en?p_id=380919","F240023","4 March 2019","Richard Friesinger","EU citizen","","","","Austria","I strongly oppose any directive that prevents me from using free-software on hardware that I own,
508 the negative impact of having to place implicit trust only on the vendor provided SW/firmware is huge, given the reluctance of many OEMs to fix security issues etc on their products.",""
509"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240022_en?p_id=380919","F240022","4 March 2019","Vahid Shirvani","EU citizen","","","","Sweden","It is important to me to be able to install updated software on my home router in order to make sure it is secure. Manufacturers tend to abandon their products not long after release these days. Please do not take away this freedom.",""
510"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240021_en?p_id=380919","F240021","4 March 2019","Benedikt Brecht","EU citizen","","","","Germany","I support the general purpose of the Directive. However, I would like to express my sever concerns over the far-reaching consequences of Article 3(3)(i) of the Directive, which requires device manufacturers to check each device software's compliance in order to comply with the Directive.
511 I believe such requirement has negative implications on users' rights and Free Software, fair competition, innovation, environment, and volunteering ??? mostly without comparable benefits for security.
512 Article 3(3)(i) require device manufacturers to assess software for compliance with existing national radio regulations, a requirement which will keep users and companies from upgrading the software on devices they own, unless that software is assessed by the original manufacturer. This not only is a severe burden for device manufacturers themselves but also violating the customers' rights of free choice and customers' right to repair.
513 The requirement enshrined in Article 3(3)(i) will impact the freedom to conduct business of many companies relying on the ability to provide alternative and Free Software firmware on devices. Alternative software is the foundation of many companies' products, and you should prevent economic disadvantages for these businesses.
514 Burdensome requirements to check every possible software's compliance will also have negative implications on innovation and charitable non-profit organizations who rely on software other than the manufacturers'. Efforts of volunteer associations helping people in need to connect to the internet, may be rendered void or severely handicapped.
515 Furthermore, alternative software on radio devices also promotes a sustainable economy. There are many devices still in working order which do not receive updates from the original manufacturers anymore, hence alternative software developed and improved by community efforts (such as Free Software) has a much longer support period which prevent users and customers having to dispose of still working equipment. In return, this also improves the security of users since older hardware still receives security updates after a manufacturer stops supporting those.
516 Last but not least the requirements in Article 3(3)(i) will make the use of software defined radios (SDRs) for the purpose of security research impossible, as the very nature of such devices is to change the software independent of the hardware/device manufacturer.
517 I am in favor of the Directive's aim to improve security of radio devices but not at the unbalanced expense of users' freedom and security in other areas. Firstly, upgrading the software of a device mostly helps increasing the devices' security. Secondly, I am convinced that such strict regulations are not necessary for typical consumer products with limited radio output power. And thirdly, I believe that such technical restrictions will not hinder people willingly violating applicable radio regulations.
518 Therefore, I would like to ask EU institutions and the Member States to take these concerns into consideration and ensure that the Directive does not place blanket, unnecessary and disproportionate restrictions on the rights of consumers and businesses when implementing the Directive into national legislation.",""
519"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240020_en?p_id=380919","F240020","4 March 2019","Andre Merzky","Business association","RADICAL-Consulting UG.","Micro (1 to 9 employees)","","Germany","Forcing (or even encouraging) users to trust one and only one provider of software has not played out well in the past, for many reasons - the EU is aware of this, and I applaud their efforts to shield customers and users from software (and hardware) companies and their never ending demand for user data.
520Another point I would like to raise: once a router is sold to a customer, money has changed hands, and beyond the bare necessary legal requirements, there is not much of an incentive for the seller to keep software usable, up-to-date and secure. This has happened again and again and again in the past (mobile phones being a prominent example). Open source software, or 3rd party software in general, allows customers to use hardware well beyond their expected life time, in a secure way, for purposes often not supported by vendors. This makes economic and ecologic sense - we have quite enough throw-away hardware already, thank you very much...
521I would not mind if warranty is voided on custom software installations - its better than throwing good hardware away, or using buggy and insecure software.",""
522"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240019_en?p_id=380919","F240019","4 March 2019","Jelle De Loecker","EU citizen","","","","Belgium","The EU should do the opposite of what this proposal is implying: Modifying the software of devices (especially older, unsupported devices) should be encouraged. Be it a phone, a laptop, a router or even a microwave. It can breathe new life into old devices, can add new functionality and can improve security.",""
523"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240018_en?p_id=380919","F240018","4 March 2019","Andres Palumbo","EU citizen","","","","Italy","This would delete my freedom to do what I want with things I buy unless I damage someone else, which I think is an important freedom",""
524"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240017_en?p_id=380919","F240017","4 March 2019","Yunxiang Li","Non-EU citizen","","","","Canada","Please reject this proposal. It is harmful for the freedom of any internet user, mobile phone user, and small businesses as it limits consumer choice, incentivize vendors to push malicious update (which some already do, like removing existing functionality, slowing down ""old"" devices, etc.), and stop independent security researchers (and not criminals) to find out and fix vulnerabilities before they are exploited. Instead the legislation should require vendors to provide their users the ability to unlock their own devices (perhaps their devices only, for security reasons, as many are already doing). This will make the devices last longer, give the users more choice, and let devices be vetted by independent researchers, and incentivize companies to provide better services and products.",""
525"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240016_en?p_id=380919","F240016","4 March 2019","Uwe Hermann","EU citizen","","","","Germany","As a firmware/software developer in both, commercial and open-source settings (and also as a regular consumer), I'm very concerned with the proposed legislation.
526The ability to be able to run third-party, open-source software of your own devices is fundamentally important for many reasons, including security and privacy reasons, environmental reasons, innovation, and more.
527Option 0, ""baseline scenario"", seems to be the only reasonable option to me.
528I fully agree with recital (19) that current and future legislation ""should not be abused in order to prevent its use with software provided by independent parties"".
529The ""inception impact assessment"" document claims ""No specific or major impact on the environment is expected at this stage of the analysis"". I'll have to disagree with that assessment.
530If the proposed legislation directly or indirectly prevents the use of third-party firmware on devices such as smartphones, wifi equipment and IoT devices, the large majority of devices will be obsolete even faster than is already the case.
531Lack of vendor security updates is already a huge problem across the whole industry. Third-party software like OpenWRT, DD-WRT, LineageOS and many others are very often the only viable method to keep a user's hardware in a somewhat bug-free, secure, and privacy-respecting state, long after the short-lived window of time where the vendor provides any updates (if there are ever updates at all).
532Without the ability to use third-party software to keep your devices secure and updated, the amount of electronic waste will drastically increase.
533The huge list of critical vendor vulnerabilities we've seen in recent years (in every conceivable type of embedded device) is absolutely no good method to create ""consumer trust in radio equipment and new technological developments"".
534Forcing the same vendors that apparently generally neither care for security and privacy (nor obviously have the required skills to implement sufficiently secure software for their customers) to ""demonstrate"" any level of safety or security is not going to improve the situation in any way.
535On the contrary, as mentioned above, very often the only way to get a reasonably secure device in the first place, is to use open-source, third-party software on the device. And if the legislation would prevent such usage, that would be absolutely counter-productive and completely against the goals of the legislation.",""
536"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240015_en?p_id=380919","F240015","4 March 2019","Christofer Schoerner","EU citizen","","","","Sweden","First of all, people should be allowed to run whatever code they want on their own hardware, secondly, a router is just a computer like any other. A laptop can be used as a router as well and the idea that people wouldn't be allowed to install whatever software they want on their own computers is to be ridiculed.",""
537"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240014_en?p_id=380919","F240014","4 March 2019","Micha?? Kope??","EU citizen","","","","Poland","The restriction of the ability to load Free and Open Source software to wireless networking devices has severe negative consequences that need to be considered.
538The security of computer devices, networks and systems depends entirely on trust. Firmware and software provided by networking equipment providers is, with some small exceptions, closed source. It is a common misconception that closed source software is more secure than its open source counterpart. However, this is almost never the case. Due to the nature of open source development, particularly in larger projects like OpenWRT and Linux, it is impossible to insert malicious code without a reviever noticing. Another important point is the fact that open source projects tend to implement security fixes nearly instantly after their discovery. All this is known thanks to the development process being completely transparent and open, which makes it trustworthy.
539By contrast, in the case of proprietary, closed software, the users depend entirely on the hardware provider to provide CRUCIAL security fixes, especially if the hardware is older (more than around 4 years). Additionaly, companies are unable to use some artificially restricted software features, and users have their ability to innovate severely reduced. In the most extreme cases, it is also possible, and even plausible, that hardware manufacturers insert malicious backdoors and spying code into the firmware, at the request of a foreign government. This possibility, coupled with the lack of transparency, in the age of cyber-espionage, makes closed source completely untrostworthy.
540As you can hopefully undersand now, the proposed regulation negatively impacts companies, individual users, innovators and governments all at once. I urge you NOT to implement this regulation, and instead work with hardware manufacturers to only restrict the radio chipset firmware. This is different from your proposal by only restricting the radio operation of the device and still letting the user control everything else on the router. Please see the 2016 FCC - TP-Link settlement, which came after the FCC implemented similar restrictions.
541I hope my message is received and was not too difficult to understand - please understand that English is not my primary language.",""
542"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240012_en?p_id=380919","F240012","4 March 2019","Pavel Svoboda","EU citizen","","","","Czechia","Dom??c?? wifi router s komunitn??m firmware pou????v??m p??es deset let, neum??m si dom??c?? s???? bez n??j p??edstavit, spot??ebov??v?? kolem 20 W a b?????? 24x7, krom?? z??kladn??ch funkc?? routeru, DHCP serveru a wifi AP (kde si mohu zm??nit frekvenci podle situace, jakou mi nadiktuje m??stn?? nejroz??????en??j???? poskytovatel internetu rozm??st??n??m sv??ch AP po panelov??m dom??) funguje jako trvale dostupn?? NAS sd??len?? rodinn?? z??lohovac?? ??lo??i??t??, medi??ln?? server, cron scheduler automatizovan??ch ??loh apod.
543 Otev??enost a trval?? i zp??tn?? ov????itelnost OpenSource komunitn??ho firmware zaru??uje jeho bezpe??nost; ani?? bych musel s??m zdrojov?? k??d prov????ovat, d??l?? to za mne komunita. U uzav??en??ho propriet??rn??ho firmware jsme v nebezpe???? skryt??ho uplat??ov??n?? politick??ch ??i obchodn??ch z??jm?? t??et??ch stran, kter?? maj?? vliv na v??robce za????zen??.
544 U komunitn??ho SW, zejm??na p??i mo??nosti volby z n??kolika zdroj??, je mnohem pravd??podobn??j???? setrval?? podpora, ne?? u propriet??rn??ch firmware, kdy v??robce po n??kolika m??lo letech od uveden?? modelu na trh jej p??estane podporovat, a nezaji????uje ani bezpe??nostn?? z??platy.
545 Nejd??le??it??j???? ze v??eho je svoboda volby - model routeru jsem vyb??ral s t??m, aby bylo mo??n?? jej pou????vat s alternativn??m FW a p??izp??sobit si jej pln?? sv??m pot??eb??m, vyu????t schopnost?? enthusiast??, kte???? flexibiln??ji reaguj?? na pot??eby komunity, ne?? v??robci (pro kter?? p??edstavuje podpora ji?? prodan??ho produktu jen dal???? n??klady).
546 Ano, se svobodou jde ruku v ruce odpov??dnost; v tuto chv??li za chov??n?? a zabezpe??en?? sv??ho za????zen?? zodpov??d??m j??, a mus??m po????tat s d??sledky v p????pad?? p??ekro??en?? povolen??ch norem nebo nedbalosti. Odpov??dnost z??konod??rc?? je ov??em nepom??rn?? v??t???? s ohledem na mo??n?? d??sledky zneu??it?? exkluzivity v??robc??, a?? u?? jimi samotn??mi, nebo t??mi, kte???? je mohou ovliv??ovat.",""
547"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240011_en?p_id=380919","F240011","4 March 2019","Juha-Matti Huusko","EU citizen","","","","Finland","Article 3(3)(i) of the Radio Equipment Directive 2014/53/EU
548would restrict users' freedom to install a custom OS to the equipment. This is a problem! Users need to be allowed to use Free Software, which will make them able to:
549 * protect their privacy and security. Nobody should be forced to ""trust"" a company.
550 * develop software for their own needs.
551 * repair the device. We are battling with climate change. We don't need any more unnecessarily broken devices.",""
552"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240010_en?p_id=380919","F240010","4 March 2019","Jan-Philipp J??rgens","EU citizen","","","","Germany","Hello and greetings from Germany,
553As I do not fully understand all the bearocratic effects this policy might have, my concerns are that this will affect the citizens right to alter software run on devices that I in legal terms 'own'. I want to keep the right, that allows me to alter and use altered software on devices touched in this policy, as manufacturers are well known for their malicious use of soft- and firmware to guide citizens or cooperations into purchasing new hardware products which otherwise are in well working conditions. This gap is luckily filled by open source initiatives across the globe.
554Please make sure while working on this policy that the open source scene is not damaged by this as it is an unreplaceable gear in the process of repurposing and enhancing hardware in this age.",""
555"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240008_en?p_id=380919","F240008","4 March 2019","Florian Str??ger","EU citizen","","","","Austria","This will take the freedom to run a free (as in speech) operating-system on your router instead of a proprietary one.
556 Which would be bad.",""
557"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240007_en?p_id=380919","F240007","4 March 2019","J??r??me Nicolle","EU citizen","","","","France","I write as a professional involved in the telecommunication market, software development and innovation.
558The preliminary assessment of expected impacts is worrying at best, because it doesn't state any plausible negative consequences that are far more probable than the idealistic scenario it represents.
559If anything else than regulatory option 0 is considered, the more plausible impacts are :
560- Planed obsolescence, that is already a reality when it comes to consumer devices (Wireless access points, smartphones???), will be unavoidable because no alternative source for firmware updates will be possible
561- Corollary, security of said devices, which is already disputable because of the inane update cycle from most vendors, will be lessen, thus putting the EU citizens at greater risks, annihilating the objective of ""creating trust"".
562- Innovation and research cannot compromise safety nor security of any device, on the contrary : the availability of alternative firmwares and upgrade paths are required to patch newly discovered exploitation paths, implement new protocols and features, without wasting otherwise functional equipments.
563- Forbidding Software Define Radios altogether is not feasible as it is mandatory for innovation and education, and already rooted in carrier-grade equipments.
564With that being said, social impacts will actually translate to :
565- Endangering European Citizens by the lack of security patches
566- Decrease protection of personal data for the same reason
567- Decrease the ability for any manufacturer OR user to keep its products secure over their lifespan
568- Decrease consumer trust by imposing a strict bound to the manufacturer's interests, such as embedding non-removable spying software in firmwares (which in itself would be a gift made to the worst players of the Android ecosystem)
569Environmental impact on the other end will be high, because any limitation applied to software updates will reduce devices lifespan, thus enforcing more aggressive planed obsolescence, at the disservice of European consumers.
570When it comes to fundamental rights, the realistic impact is also misinterpreted. There is no way that promoting less security can benefit to either (fair) businesses or consumers. On the contrary, it will promote racketeering from manufacturers and expose users to more data breaches.
571No law can strictly prevent willingly nefarious uses of technology, so the impact on fraud, misuse of the radio spectrum or any other criminal activity will be non-existent. On the contrary, banning amateurs, scholars and researchers from learning these technologies and contributing to their positive development will leave the field open only for benefiting criminals.
572A far more constructive approach would instead consist of :
573- Forcing manufacturers to engage in - and advertise - a minimal free firmware update period matching the physical expected lifetime of their products, at the cost of a full replacement to new of every sold device if not respected
574- Alleviate the previous if the firmware is provided with freedom to modify, rebuild and be loaded on the device, with full documentations of plausible patent-covered binary blobs
575- Even better would be to force the release of (at least partially) open-sourced firmwares with any device that could have its own updated
576The impact would then become :
577- Less reliance on opacity-based (in)security
578 - More freedom and security for EU citizens and businesses
579 - More competition and innovation on the EU market
580 - Less waste of otherwise good hardware for the lack of software updates or flexibility
581 - More opportunity for education and research in those fields
582Yours truly,",""
583"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240006_en?p_id=380919","F240006","4 March 2019","Dorian Wouters","EU citizen","","","","France","Interpretations of Article 3(3)(i) may not limit the ""radio equipment"" scope to the specific RF-emitting hardware component of devices, and as such may result in this article enforcing firmware tamper prevention on devices that may very well benefit positively from aftermarket modifications such as OpenWRT.
584 In addition, some devices like cz.nic's Turris Omnia and other networking devices are sold with the explicit goal and consumer motivation of running Free and Open Source software (for a variety of reasons including trust/verifiability, security updates, transparency, confiigurability), which is community-ran and cannot be realistically demonstrated to be compliant with each update.
585 The same applies for equipment commonly bought with the initial or eventual intent of installing custom firmware, be it routers to mobile phones, navigation systems to game handhelds, .
586It should be noted that instating a software (lockdown) solution to prevent an intrinsically hardware possibility of wrongful RF emission is misguided. As virtually all connected devices on the market have shown in the past, this kind of restriction consistently gets worked around and broken if at least one person with enough motivation works on it.
587The Article should be amended and reworded to specify a strict(er) scope for ""the radio equipment and software"", i.e. the smallest one possible for every piece of radio equipment a device has. If an RF module runs software, then it should be either non-rewritable and/or, as the Article intends, verified prior to execution, and is the one whose compliance shall be demonstrated.
588 Upper layers required to operate this module such as bus transcievers, module-to-device communication protocols/formats, operating system drivers, and additional software required for normal operations such as connectivity managers *shall not* have to be verified as compliant.
589 In other words, if the lowest layers are verified as compliant and sufficiently resilient, whatever operates them should not need to be verified the same.
590 In yet other words, only the smallest possible set of RF-emitting parts should be verified for any device, not what operates them.",""
591"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240005_en?p_id=380919","F240005","4 March 2019","Pierre-Jean VERRANDO","Business association","Eurosmart","Micro (1 to 9 employees)","21856815315-64","Belgium","Eurosmart, the voice of the digital security industry supports the political commitment in strengthening reliability of radio equipment placed on the Market. The growing number of internet-connected radio-equipment and more precisely IoT devices, constitute a challenge to ensure both safety and security of products placed on the market.
592In terms of safety, it comes to the manufacturer, to take care of the conformity for the making available on the market of its radio equipment which may combine hardware and software. In this case, software is part of the final good. However third-party software can be uploaded on the device for the benefit of the final user such as the enabling of new features of its hardware.
593On the one hand, potential misuse or modification of the behaviour of the device cannot be under the responsibility of the manufacturer whose product placed on the market has been modified did not. Indeed, this situation could lead to legal uncertainty for market players who will bear the full liability of a modified combination of software and radio-equipment.
594On the other hand, it would be detrimental for the market to oblige the manufacturer to introduce features that restrict the uploading of third-party software, unless the manufacturer ensures the compliance of the combination of the radio equipment and software. This would shift the responsibility for safety, compliance, usability and maintenance of the software to the radio-equipment manufacturer.
595Moreover, the Inception impact assessment for the Radio Equipment Directive related to Internet-connected radio equipment and wearable radio equipment, foresees a potential delegated act which will include requirements in terms of privacy, data protection, and prevention from fraud. Such requirements will include cybersecurity protection alongside traditional conformity against functional specifications (safety). Eurosmart fears that the radio-equipment manufacturer would carry the whole liability burden in terms of cybersecurity, should the radio-equipment be altered due to the upload of a non-secure software, or a misuse by the user.
596Internet-connected radio equipment is not acting in a static environment, uploaded software may rely on external databases, algorithms, cloud servers, artificial intelligence etc. which are not under the control of the manufacturer. Breach of data, privacy concerns, vulnerabilities could be attributed to one or several actors of the software???s value chain which the manufacturer may not be responsible or aware of.
597 An alternate option could be the upload of party evaluated software on a standardise platform and require a third party evaluation for the product before and after the upload.
598 Eurosmart enjoins the TCAM and the European Commission to rely on the ongoing work of the Product liability expert group (E03592), to define clear liability for both device manufacturers and software developers and to consider a software as a good placed on the market as such. It is essential that prior envisaging a complementary approach through a potential delegated act for software upload for radio equipment, to wait until the upcoming conclusions of the Product Liability Expert Group.","https://ec.europa.eu/info/law/better-regulation/feedback/240005/attachment/090166e5c216a2c4_en"
599"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240004_en?p_id=380919","F240004","4 March 2019","Fabian Beskow","EU citizen","","","","Sweden","Hey!
600 I don't know much about what this law's meant to do, but the fact that it makes it illegal to change the OS on your own router, which you own, is really wierd. There are quite a lot of people who do that because they want to be able to have control over a peice of hardware that they've bougt, and making it illegal isn't helping anyone. Stuff like the OpenWrt project are around for a reason, and this proposal will either make people sad, or angry.",""
601"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240003_en?p_id=380919","F240003","4 March 2019","S??amus MCCAGUE","Other","IARU (international Amateur Radio Union)","Micro (1 to 9 employees)","59342921440-89","Switzerland","This delegated act under Article 3(3) of the RED seeks to require that radio equipment supports certain features in order to ensure that software can only be loaded into the radio equipment where the compliance of the combination of the radio equipment and software has been demonstrated, and this requirement will have to be demonstrated for the purposes of market access.
602If a radio is locked down permanently, it would stop some of the current modifications by radio amateurs for research, self training and emergency communications purposes and could conflict with the exemption in ANNEX 1 of the RED. For example, it could block converting radios, or supporting non-harmonised allocations (or ones not in the ETSI list) such as amateur allocations at 5 MHz, 70 MHz, etc., and the use of DMR/TETRA etc.",""
603"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240001_en?p_id=380919","F240001","4 March 2019","Thomas BARMUELLER","Business association","Mobile & Wireless Forum (MWF)","Micro (1 to 9 employees)","94163271570-54","Belgium","Comments on the Inception Impact Assessment on
604 ???Upload of Software on Radio Equipment???
605The MWF and its members appreciate the opportunity to submit comments on the inception impact assessment regarding ???Reconfigurable Radio Systems / Upload of Software on Radio Equipment???; please find our contribution attached.
606About the Mobile & Wireless Forum
607 The Mobile & Wireless Forum (MWF,
608) is an international association of companies with an interest in mobile and wireless communications including the evolution to 5G and the Internet of Things (IoT). The MWF???s members include Alcatel OneTouch, Apple, Cisco, Ericsson, Huawei, Intel, LG, Motorola Mobility, Motorola Solutions, Qualcomm, Samsung and Sony Mobile.","https://ec.europa.eu/info/law/better-regulation/feedback/240001/attachment/090166e5c21665da_en"
609"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F240000_en?p_id=380919","F240000","4 March 2019","Carl Caswell","EU citizen","","","","Sweden","I see this piece of legislation as potentially impeding the end user's capacity to own their own hardware in the very real sense of the word. While the essential components of personal liberty in the age of the internet might be an endlessly-debatable topic, there's also a far less abstract issue at hand; that of security.
610It's not in a manufacturer's best interest to maintain updates for a router indefinitely, for example. Capitalism as we know it today defines success by one's ability to maintain infinite growth. This means new products must be introduced to maintain said growth. Resources devoted to old hardware are eventually stamped out. While we may just point to buying new hardware that is actively supported by it's manufacturer as the solution to the problem, it really isn't for many of us. The rapid pace of new product releases and the average household lifespan of routers are not in sync. This means that there is a high potential for many households to be vulnerable to new exploits and vulnerabilities by depending on hardware that is not up to date for lack of resources devoted to security updates.
611This is where the open-source community comes in and fills the gap. New innovative ways of managing and utilizing old hardware are developed by passionate developers. This also applies to security.
612This was only one example and in my own words. There are many analogues of this particular argument that are just as valid; laptops, smartphones, etc. Under these new regulations, this kind of needed innovation would not be legal. This cannot be the way forward.
613I have been a member of the EU for under a decade. I am originally from America. I feel strongly that the interests of big business have eclipsed the needs of the people, legislatively in my home country. I don't want to see the EU follow the same path.
614Thank you so much for reading.",""
615"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F239997_en?p_id=380919","F239997","4 March 2019","Nils Erik Flick","EU citizen","","","","Germany","Article 3(3)(i) is unnecessary, counterproductive and unacceptable as it stands, as I will argue below. I propose to remove it from the directive, because it will curtail many legitimate uses of radio devices while obviously not stopping any harmful uses.
616Noncommercial software provided and continually improved by the community has often led to better compliance in the past, especially regarding provisions such as Article 3(3)(b) (interoperability), 3(3)(e) (data protection and privacy). Free software such as DD-WRT far outstrips any commercial software in these respects and, if used correctly, is second to no commercial software in the other respects. Also, it does not suffer from end-of-life and continues to receive updates. When compliance was in doubt, the community has reacted in the past and, for instance, implemented country specific profiles to limit transmission power.
617Also, there is no convincing indication how the compliance of the combination of radio equipment and software should be ""demonstrated"". A mere description of a software, to be included in the documents, constitutes no proof of compliance. Sample testing does not mean anything when it comes to complex logic. On the contrary, the combination of these facts will provide manufacturers with an incentive to block free software on ""their"" devices, because they could otherwise become liable for something that is outside of their control. This is harmful for the citizens, who will lose control over their devices and gain nothing in return (certainly not safety, as the bugs in manufacturer-provided software are not fixed after end-of-life) and thus also for the market.
618It is thus a fallacy to believe that the industry is more capable or willing to produce compliant software than the far larger and often more motivated community of technologically knowledgeable citizens.
619To put it bluntly, anyone with a soldering iron can make a drastically non-compliant radio circuit, with no software involved. So the only value of the article in question is to curtail the freedom of users.
620To sum up, please remove Article 3(3)(i), which suffers from a severe lack of imagination and trust in our citizens and appears to seems to presuppose that the community of citizen users of radio equipment is not ready or not capable to act responsibly while in reality, it has been demonstrated by the developers and users of free and open-source projects that these can outperform the commercial ones while remaining scrupulously compliant.
621Also, it is somewhat unclear to me what is meant by Article 3(3)(f), but it should not be the responsibility of a radio device to protect anyone from fraud. Such features should be left to higher protocol levels, not to the radio per se, for a variety of reasons. Fraud prevention measures implemented at such a low level tend to contradict 3(3)(e), for example when some kind of unique identifier is used. Therefore the value of Article 3(3)(f) is doubtful and it should best be removed.",""
622"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F239801_en?p_id=380919","F239801","4 March 2019","Peter Nauta","EU citizen","","","","Netherlands","As manufacturers and providers have no economic initiative or business model to certify custom roms, this will in effect force me to buy a new device after 2 years. My Samsung Note 3 is still fine since 2014, but support was dropped leaving me with Android 5. I have installed Android 7 by means of a custom ROM. I prefer option 0, leave it as is. There is no reason for me to try to tweak transmission power or frequencies on my phone, as neither will help me: frequencies not used here are worthless as transmitter and receiver have to be on the same frequency, and larger transmission power output will drain my battery.
623 There is no problem to solve, why this initiative?",""
624"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F239698_en?p_id=380919","F239698","4 March 2019","Georg Lukas","EU citizen","","","","Germany","Hello,
625I'm a software developer working on Amateur Radio software for smartphones (
626 ), holder of an amateur radio license and developer of radio protocols (
627 ). In the past, I have also contributed to projects that provide alternative firmware to wireless routers, like OpenWrt.
628Amateur Radio is a very important part of society that is not covered at all with the proposed changes. The formal licensing process ensures that radio amateurs are capable of understanding the implications of changing the software in embedded radio devices, and of applying due care. On the other hand, they provide an invaluable way of experimenting with radio systems, including modern digital micro-wave communications, not driven by commercial interests but rather aiming at methods to improve the use of the wireless spectrum, and providing fallback emergency communications channels.
629For radio amateurs, any regulatory option other than 0 will mean that it is not practically possible to create alternative firmware and to load it into devices, even when complying with all regulations. Manufacturers do not have an incentive to perform software verification for third-party software packages, not to create technical exceptions for radio amateur use, where a radio amateur will be allowed to replace a device firmware with less checks than a normal user.
630Wireless routers are a special type of software-driven radio equipment, where the WiFi radio is just a small portion of the overall router system. In the past, router manufacturer have shown once and again, that they are not able to fix security vulnerabilities in their router software in a timely manner, and often not at all for devices that are not marketed any more (even if they were sold to a customer merely some months ago).
631Alternative firmware projects like OpenWrt are a good way for customers to make more sustainable use of their hardware, usually for many years instead of just the default warranty period of the manufacturer. Such alternative firmware projects provide security support for a much longer period, whereas the manufacturer is incentivized to stop supporting a device as soon as possible to push users into buying the next generation of devices. While technically, an alternative software package may also replace the built-in radio software, and to do harm, users of alternative router software are more interested in a stable operation of their wireless network and in a router software free of vulnerabilities. However, manufacturers are using the planned EU regulation to make it harder for users to install alternative firmware like OpenWrt (
632 ).
633Again, any regulatory option other than 0 will lead to equipment manufacturers locking out legitimate and environmentally better usages of devices because of market incentives.
634Therefore, please consider choosing option 0 until the above mentioned problems have been adressed in a useful way that does not require voluntary cooperation from equipment manufacturers despite their own financial interests.
635Thank you very much,
636Georg Lukas",""
637"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F239669_en?p_id=380919","F239669","4 March 2019","Simon Wunderlich","EU citizen","","","","Germany","Open Source has driven many innovations on radio devices - Think of Freifunk, mesh networks, hotspots in cities, or Internet of Things in general. Research in universities or in private space in these technologies is typically conducted using these open radio devices, and innovations as well as businesses emerge of that. If those the proposed regulations are in effect, hardware vendors will lock down their devices and forbid open source/3rd party firmwares. It's only natural, it's the most economic (i.e. cheapest) way to be compliant. We see this behavior already in the US for 5GHz WiFi routers.
638This will effectively wipe those devices needed for learning, developing, testing and commercializing new technologies from the European market. As an effect, the EU will fall even further behind in communication technology innovation.
639On the other hand, the safety of private persons is not increased - even now, uploading custom software in radios is done by a few individuals and can (and should) be persecuted by the respective agencies. If those lock downs are in place, individuals who want will still find ways to technical ways to circumvent the lockdowns, but all the other disadvantages will apply.
640There are many other aspects like data security. Vendors typically do not update their routers, and the regulation will prevent private persons to take care of the software on their own, e.g. by using community managed firmwares. I believe those aspects are already covered by other comments, also have a look at the FSFE page which I fully support:",""
641"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F239614_en?p_id=380919","F239614","4 March 2019","Herman ??unapuu","EU citizen","","","","Estonia","This proposal is very damaging in many regards. Freedom to install your own firmware on your device should be allowed and even encouraged as it not only makes the devices more secure, but also increases the usable lifetime of the device, resulting in less e-waste produced. With the proposed system the user is entirely dependent on the manufacturer to release timely updates. Should the manufacturer decide to no longer support the device or if the manufacturer goes out of business, the user has two options: keep using the insecure device and risk getting hacked or throw the device away and buy a new one, contributing to the e-waste problem. These benefits are not theoretical as there already exist many projects run by volunteers with the aim of supporting devices that the manufacturers have long abandoned. I have personally used such projects and have managed to save a dozen smartphones from being thrown in the trash by simply replacing the manufacturer provided software with a volunteer-supported operating system called LineageOS.
642Equipment manufacturers have already shown that they are not interested in supporting a device even after a year or two after release so why should they be given complete control of the device?",""
643"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F239571_en?p_id=380919","F239571","4 March 2019","Michael BINHACK","Company/business organisation","senTec Elektronik GmbH","Small (10 to 49 employees)","","Germany","Hello Expert Group,
644thank you for giving the possibility to give feedback.
645 Article 3.3(i) will kill the development progress of wireless technologies like IoT in Europe espcially for SME.
646 Therefore the Option 0 will be the best to keep Europe alive in the development progress against the rest of the world and the leading position will be given to America and Asia.
647 Please do not slow down innovation by over-regulated certification processes. We want to develop legal, stable and innovative radio products with excellent quality. We need a good directive to keep all the technologies and standards powerful and working in parallel. But we don't need regulations which prevent innovation.
648 Option 1 could be the compromise between necessary regulations and freedom of development.",""
649"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F239457_en?p_id=380919","F239457","4 March 2019","Sven Slootweg","EU citizen","","","","Netherlands","Article 3(3)(i) states the following: ""to ensure that software can only be loaded into the radio equipment where the compliance of the combination of the radio equipment and software has been demonstrated"".
650However, in the vague manner in which this article is currently stated, this could be interpreted to mean that each software + hardware combination needs to be explicitly certified for compliance separately.
651This would introduce an unreasonable limitation on what individuals can do with their own devices; it would no longer realistically be possible to install alternative (eg. open-source) firmware onto devices, even if that firmware otherwise complies with the regulations, simply because an expensive certification process would be required.
652I would recommend modifying this article to explicitly state that allowing arbitrary software uploads is acceptable, so long as the device itself keeps the software from operating the device outside of its compliant parameters (eg. by restricting on a technical level the strength of the signal that the software can produce).",""
653"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F239456_en?p_id=380919","F239456","4 March 2019","Dennis van Diepen","EU citizen","","","","Netherlands","This initiative seems to focus on shifting liability for compliance with EU or national requirements from the operator/owner of said hardware/software to the manufacturer.
654 This would create unnecessary burden on those manufacturers to be compliant with the stated requirements. Not to mention the legal risks you would be opening them up to for action(s) taken by 3rd parties, where they have no control over.
655The above would result in severely limiting operators/owners ability to repair and maintain their equipment beyond what the manufacturers supports by limiting what can be altered on the equipment. To either cut costs or avoid legal risks.
656In turn this would hamper operators/owners ability to repair hardware or fix software issues that could result in security or privacy issues. Not to mention their ability to expand the functionality of the equipment while staying compliant with stated requirements on EU or national level.
657Another side effect would be the increased barrier for entering the market with a competing product reducing competition due to increased cost of compliance.
658Being a user of open-source software, i prefer the right to modify my equipment to fix software/hardware flaws or expand or improve user experience with the equipment. Or simply being in control of the hardware and data it generates and/or controls. For either experimentation or simple day-to-day usage while remaining compliant with the requirements. Which would be the operators/owners responsibility, not that of a manufacturer.
659My recommendation would there for go to option 0 or simple removal of Article 3(3)(i).
660Thank you for your time.",""
661"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F239352_en?p_id=380919","F239352","4 March 2019","Felix Niklas","EU citizen","","","","Germany","I think its crucial to keep it legal to run your own software on any hardware. Manufacturers regularly stop supporting old hardware forcing customers to update with them. This further increases our waste of resources.",""
662"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F239239_en?p_id=380919","F239239","4 March 2019","Alexander List","Company/business organisation","foobar consulting e.U.","Micro (1 to 9 employees)","","Austria","Dear Sirs,
663this initiative is very problematic, and I am surprised that this discussion comes up again.
664I strongly recommend that the zero-option be adopted:
665Option 0, baseline scenario: a situation in which manufacturers are not obliged to implement any specific measures as it is currently the case.
666Reasons:
6671.) This initiative is dangerous for network security and may lead to planned obsolescence
668Manufacturers of embedded wireless systems (like WiFi routers) often fail to provide software updates for their devices, for a number of reasons: The devices may have a life time beyond the manufacturer's expectation, the manufacturer goes out of business, or they simply don't want to bear the cost of providing such updates for longer than the warranty period.
669When there are no more software updates for a device, known security vulnerabilities cannot be fixed. The user of the device, if he is even aware of the vulnerability, can either accept being exposed to a known security vulnerability, or has to dispose the device. Both scenarios are inacceptable. The first one will negatively affect security, the second one adds to hardware obsolescence.
670By using third party firmware, users can mitigate the risk of the vendor defaulting on software updates and extend the service life of devices.
6712.) The measures described in Options 2 and 3 are ineffective
672Manufacturers don't produce equipment only for one market, but usually for a global market. By deliberately changing configuration parameters (e.g. country code), users can manipulate the radio settings already without loading new software onto a device.
673Users who deliberately want to violate radio regulations can do so in many ways, e.g. by using external amplifiers, different antennas with high gain, or by modifying the electronic circuits of the device.
674Preventing the upload of third party software to devices would only address the software aspect of the device, with unintended side effects limiting the choice of end users.
6753.) The proposed regulation is overreaching
676The responsibility for complying with local radio regulations has to remain with the user who owns and operates the equipment.
677An analogy: This is like forcing all car manufacturers to technically limit the speed of their cars to 130 km/h because that's the highest speed limit in continental Europe. Germany allows higher speeds on most parts of their motorways, so this would be an unfair disadvantage for German business and customers. Speed limits have to be observed by drivers who have the final responsibility, not by car manufacturers. Please apply the same logic to wireless devices, everything else is paternalism that we don't need.
6784.) The proposed regulation is anticompetitive
679There are companies and non-profit initiatives that provide third party software for devices.
680These entities would have to reach an agreement with the hardware manufacturer to demonstrate compliance of a particular combination of hardware and software. The hardware manufacturer may not have an economic incentive to do so, to the contrary. This proposed regulation is opening the door to such anticompetitive behaviour.
681I take the liberty to remind the Commission of the situation with a particular operating system vendor preloading their OS with their own Internet browser, directing users to their own search engine, etc.
682There are many more arguments why the proposed regulation is a really bad idea. Kindly consult with the community at large before even considering such overreaching, ineffective and anticompetitive regulation.
683Further reading:
684Yours, sincerely
685Alexander List
686 foobar consulting e.U.
687 (sole proprietorship business in Austria)",""
688"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F239150_en?p_id=380919","F239150","4 March 2019","Toomas Pruuden","EU citizen","","","","Estonia","Implementation of mandatory firmware lock (typically implemented as signed and encrypted firmware) would create serious problems with device security - vulnerabilities in locked down firmware would allow malware, botnets etc to spread without way to patch outside of the manufacturers will and abilities to react to the specific vulnerability, thus creating artificially obsolete devices and significant attack vector, that can not be taken down. It can be argued, that RF specific firmware can be separated from logic and control firmware, unfortunately it is not clear, if real implementations can be separated at all, especially considering popularity of tightly integrated system on the chip devices.
689 There are numerous examples of vulnerabilities, that affect the products of worlds largest enterprises (Intel processor ""core"" and ""meltdown"" vulnerabilities as examples), take literally years to patch and are creating significant economic burden. Discovery and use of this kind of vulnerabilities by third party may drive medium size manufacturer of affected devices out of business and possibly leave millions and billions of distributed physical devices, that are actively running botnets and other malware without any means to analyse or mitigate.
690 There are already existing examples - MIRAI botnet and others, that affect devices by multiple manufacturers and multiple processors: ARM, MIPS, x86, PowerPC, ARC etc. Just ARC processors are the second-most-popular embedded 32 bit processor, shipped in more than 1.5 billion products per year, including desktop computers, radio, cameras, mobile, utility meters, televisions, automotive, networking devices (smart hubs, TV modems, routers, wifi) and Internet of Things. That magnitude of device numbers with locked down firmware and no way to mitigate vulnerabilities is creating terrible cyberweapon platform if any third party chooses to exploit the situation.
691 Example of vulnerabilities on WiFi chipset SoC:
692 To take it together shortly - mandatory firmware lock-down at any complexity level (generally forced falling back to security by obscurity) has diametrically opposite effect from hoped result, creating high security and privacy risks and additional economical and environmental burdens for EU.","https://ec.europa.eu/info/law/better-regulation/feedback/239150/attachment/090166e5c215833d_en"
693"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F239118_en?p_id=380919","F239118","4 March 2019","Stijn Tintel","EU citizen","","","","Belgium","Many manufacturers of Android devices stop producing updates for devices after an unreasonably short time. And even if they do still produce updates, they are often very slow in rolling these out. With the amount of security issues found in this day and age, it is important to have an alternative that allows you to patch security holes within a reasonable time. For Android devices, LineageOS is such an alternative. By locking down such devices, so that alternative solutions can no longer be used, you are forcing people to either run outdated and insecure software, or to buy newer devices after an unreasonably short time.
694The same problem exists for wireless routers and access points. Many devices barely receive updates, if any at all. Aside from security concerns, many of these devices are running unstable software, showing issues like spontaneous reboots, WiFi network disappearing, etc. Being able to run an alternative firmware can in many cases solve those annoying issues, while the manufacturers themselves often do not seem to care about this at all.
695And then there is the flexibility of alternative firmwares. OpenWrt for example is very customizable. This allows users to run extra services on devices they already own. This is not only very convenient, it also helps in reducing the amount of devices a user has to buy and use, which in turn reduces power usage, which is better for the environment.",""
696"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F239102_en?p_id=380919","F239102","4 March 2019","Pablo Gonz??lez","EU citizen","","","","Spain","disadvantages for user freedom I see (there is a more detailed list by the FSFE):
697 Free Software: To control technology, you have to be able to control the software. This only is possible with Free and Open Source Software. So if you want to have a transparent and trustworthy device, you need to make the software running on it Free Software. But any device affected by Article 3(3)(i) will only allow the installation of software authorised by the manufacturer. It is unlikely that a manufacturer will certify all the available software for your device which suits your needs. Having these gatekeepers with their particular interests will make using Free Software on radio devices hard.
698 Security: Radio equipment like smartphones, routers, or smart home devices are highly sensitive parts of our lives. Unfortunately, many manufacturers sacrifice security for lower costs. For many devices there is better software which protects data and still offers equal or even better functionality. If such manufacturers do not even care for security, will they even allow running other (Free and Open Source) software on their products?
699 Fair competition: If you don???t like a certain product, you can use another one from a different manufacturer. If you don???t find any device suiting your requirements, you can (help) establish a new competitor that e.g. enables user freedom. But Article 3(3)(i) favours huge enterprises as it forces companies to install software barriers and do certification of additional software. For example, a small and medium-sized manufacturer of wifi routers cannot certify all available Free Software operating systems. Also, companies bundling their own software with third-party hardware will have a really hard time. On the other hand, large companies which don???t want users to use any other software than their own will profit from this threshold.
700 Community services: Volunteer initiatives like Freifunk depend on hardware which they can use with their own software for their charity causes. They were able to create innovative solutions with limited resources.
701 Sustainability: No updates available any more for your smartphone or router? From a security perspective, there are only two options: Flash another firmware which still recieves updates, or throw the whole device away. From an environmental perspective, the first solution is much better obviously. But will manufacturers still certify alternative firmware for devices they want to get rid of? I doubt so???",""
702"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F239101_en?p_id=380919","F239101","4 March 2019","carlos tur","EU citizen","","","","Spain","La limitacion de el firmware en equipos de enrutamiento inalambrico es un mal camino que seguir y solo llevara a peor seguridad, ya que los ensambladores tienen una historia de no soportar estandares mas seguros y modernos para cortar esquinas y hacer un mayor provecho, tambien llevara a la muerte lenta de soporte de aplicaciones de codigo abierto, la muerte de la competecion justa por culpa de la venta de software integrado con el equipo que tendria que ser gratuito, en vez de usar un enrutador perfectamente capaz de lo mismo a un precio mas bajo, la muerte de iniciativas gratuitas y no comerciales como Freifun, una gran bajada en la sustentabilidad de los productos si el ensamblador decide no soportar el producto y en vez vender uno nuevo con prestaciones practicamente iguales pero con el soporte de software que tendria que existir en toda la linea de productos, pero solo es soportado en la gama alta por un precio mucho mas alto.",""
703"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F239014_en?p_id=380919","F239014","4 March 2019","Frans Matsson","EU citizen","","","","Sweden","Solving a hardware problem by software will never work.
704 Its allready illegal to use the prohibited frequencies so this is useless",""
705"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F238858_en?p_id=380919","F238858","4 March 2019","Micha?? ZAKRZEWSKI","Business association","APPLiA - Home Applaince Europe ","Small (10 to 49 employees)","04201463642-88","Belgium","Full details in the attached paper:
706 ??? RRS are a specific class of equipment based on SDR (Software Defined Radio) and CR (Cognitive Radio) technologies that are able to change the radio parameters of a device via firmware/software update. The SW installed in the consumer devices under the RED (from connected household appliances to smart cameras, TVs etc..) may affect differently the essential requirements of the RED.,
707The functional SW of an IOT product can be upgraded or fixed in the way in which the manufacturer who is the final responsible for the product placed in the market, will plan to manage this activity. The serviced products such as those updated or upgraded to better versions with respect to the original status will normally be tracked by the manufacturer upon dedicated practices via specific codes that allow the manufacturer to reach every product in the field. When a product will run through a Software upgrade the manufacturer will upfront verify through dedicated analysis that the product is capable to accept and run the over the air updates. Therefore, we believe it is the manufacturer that will have the full responsibility to cover the compliance to the essential requirements via a clear assessment to each of the conditions covered by these essential requirements. This assessment should be part of the technical file of every product and be maintained by the manufacturer for market surveillance purposes.","https://ec.europa.eu/info/law/better-regulation/feedback/238858/attachment/090166e5c2154ad4_en"
708"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F238851_en?p_id=380919","F238851","4 March 2019","Ond??ej Pokorn??","EU citizen","","","","Czechia","Prevent altering software of any IT equipment goes directly against all what all professional and electronic rights groups are fighting for over last decades. Article 3(3)(i) proposes to legally force any company to prevent everything of the following and more:
709 ??? The whole Right to repair movement. For example:
710 ??? I have the ability to run custom firmware at my home router which provides additional functionality not provided by the vendor.
711 ??? Community can provide updates for devices long after the vendor support stops, preventing planned obsolescence, e-waste.
712 ??? Vendors can vendor-lock their devices to prevent them being used with competing services, harming market choice, leading to higher prices and monopolies.
713 ??? Community can study and verify security of the device???s open software. The only way to be sure you???re running the verified version is to obtain and install it yourself. Encrypted and signed blob provided by the vendor can either purposely or by omission compromise my security and privacy.
714 ??? Care about what e.g. Huawei devices do with your data? The only solution is open firmware (on open hardware).",""
715"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F238660_en?p_id=380919","F238660","4 March 2019","S??ren Howe Gersager","EU citizen","","","","Denmark","I think it is an important individual right to be able to install different software on computers or devices in your own possession, the reasons for doing can be many:
716- software superiority, for example due to the software having new or improved features.
717 - installing new software on older devices the manufacturer is not supporting anymore.
718 - due to ideology, for example that the software must be open source and transparent to the user whose device is running the software.
719 - environmental issues, installing new software can often be a solution instead of throwing the hardware away and buying new if the software running on it is inadequate.
720It can be likened to the right to repair hardware, which i also feel is an important right as you own it and should be able to tinker with it freely without fear of repercussion.",""
721"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F238652_en?p_id=380919","F238652","4 March 2019","","Non-EU citizen","","","","Netherlands","Article 3(3)(i) will greatly diminish the rights of consumers to repair and maintain their devices. Device manufacturers will be able to bypass consumer protection law by only allowing their own software to be run on routers, phones, etc. Manufacturers already attempt to force obsolescence of their devices by ceasing updates of existing software, and with article 3(3)(i), they will be able to permanently force consumers to purchase the latest devices, wasting consumer money and producing more e-waste.
722As it stands currently, users can flash custom firmware to routers and phones to extend their lifetime and prevent the creation of e-waste. Some device manufacturers ship broken features that can be fixed by flashing custom firmware. When small pieces of a device break, the software can be modified to keep the device running safely and within regulations. Users accept the responsibility of following the rules for spectrum use. This critical component of device lifetime extension, repairability, support, and e-waste management would be forbidden under article 3(3)(i).
723Article 3(3)(i) also hurts anyone who wants to run open-source software on devices with wireless radios. These individuals and organizations will be unable to audit the code running on their devices, allowing backdoors and security holes to silently put the device, and all devices connected to it, at risk. Some organizations simply cannot accept this risk.
724Many users and organizations use routers to the 2,4 GHz and 5 GHz spectra in legal ways that require modifications to the manufacturer's original hardware. The German project Freifunk is a free community-operated WLAN service that relies on custom firmware. Ronja is a radio amateur optical link project that relies on custom firmware. Innovative projects like these would be forbidden under article 3(3)(i).
725Many devices are shipped without manufacturer firmware. The ESP-8266 and ESP-32 are popular hardware platforms used among hobby electronics enthusiasts to create devices that can connect to the internet. Much of the firmware on these devices is written by the users themselves. Many of these hobbyists bring the ideas they learn to work, using their experience to create the newest radio electronics. All of this development would be forbidden under article 3(3)(i).
726In summary:
727* Device manufacturers can withdraw support for a device at any moment. Under article 3(3)(i), this would be the moment that the device is irreversibly turned to e-waste.
728* Device manufacturers make mistakes. Under article 3(3)(i), consumers would have to live with those mistakes.
729* Device manufacturers use anti-competitive tactics to hurt consumer choice. Under article 3(3)(i), those tactics are encouraged and made more effective.
730* The hobbyist community uses radio-enabled devices to create incredible new things. Under article 3(3)(i), the radio spectrum will effectively no longer be available for legal development and experimentation using computers and microcontrollers.
731 \end{itemize}
732Article 3(3)(i) does not belong in the Radio Equipment Directive.","https://ec.europa.eu/info/law/better-regulation/feedback/238652/attachment/090166e5c2151790_en"
733"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F238625_en?p_id=380919","F238625","4 March 2019","Otheus Shelling","Non-EU citizen","","","","Austria","The EU feels the need to regulate radio devices for reasons of ""health and safety"". Its current proposal, however, overlooks the absolute need for consumers to maintain their own devices with software that is suitable to their needs, purposes, and moral obligations. These devices surely include personal items such as personal home WLAN routers, smartphones, bluetooth devices, PCs, and home stereo equipment. Many if not all manufacturers of such devices are more interested in forcing consumers to replace such devices after 1 or 2 years. This ""built in obsolescence"" is facilitated -- and mediated -- mainly through software. The life-cycle of such devices is such that most manufacturers are unwilling to update the software of their own devices after a few years, software updates which close security holes, provide compatibility to newer devices, newer standards. What makes the EU think that such manufacturers would then go out of their way to ""certify"" 3rd party software products? And who would make such 3rd party software products other than open-source enthusiasts who cannot afford to pay excessive licensing fees?
734Thus, such devices would be flushed down the toilet. Who pays for the excessive consumption and wasted materials? We all do. Who pays for this short-sighted regulation? We all do.
735While I can think of better alternatives to this legislation, I do not see any *real* harm from the laissez-faire approach currently taken. Radio transmitters and receivers are already available without barriers as hardware kits. Thus, there are no real safety benefits to this rule. Given that conclusion, one can only conclude that the *real purpose* of this rule is to legislate barriers that protect manufacturers at the expense of not only consumers, but also of the environment, the tax-payers, and future generations.
736Note: Current non-EU Citizen with Austrian Citizenship pending.",""
737"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F238500_en?p_id=380919","F238500","4 March 2019","Sam Windels","EU citizen","","","","Belgium","As a European citizen and Academic, I am appalled that this idea is even on the table. To me this proposal just reeks of lobbyism. I honestly can not see how making it illegal to run your software of choice on hardware you own would provide any benefit to the consumer.",""
738"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F238497_en?p_id=380919","F238497","4 March 2019","Jakub Lucky","EU citizen","","","","Czechia","Article 3(3)(i) of the Radio Equipment Directive 2014/53/EU of the directive is potentially very damaging to consumers it seeks to protect. If interpreted in a specific way, this directive can lead to ban of other operation systems and firmwares, such as Linux for laptops or linux based firmwares for routers (such as OpenWrt) or smartphones (CyanogenMod, LineageOS). In fact, those systems will not pose any more risk to radio security than they are currently are and those systems are a great way to enable customers. They allow them to use hardware that has unusable or defective OS, OS that is spying on users or hardware that was abandonded by the companies producing it or its operating system. Baning those OSes and firmwares will losen the stance of consumers and heavily boosts the hardware/software companies, who are already in good position in blackmailing users to give them their data and privacy.",""
739"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F238482_en?p_id=380919","F238482","4 March 2019","Rene Weselowski","EU citizen","","","","Austria","Dear Ladies and gentlemen,
740 I fear for this legislation to endanger my freedom to maintain my old phone with recent android.
741 Research of hardware will be restricted.
742 It will hamper development and can lead to insecure devices which aren't actively maintained by their producer
743Please refrain from putting this into place.
744Thank you!
745Ren?? Weselowski",""
746"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F238439_en?p_id=380919","F238439","4 March 2019","Florian Beier","EU citizen","","","","Germany","I'm strongly in favor of option 0. This option ensures that I can use my hardware with Open Source Software like OpenWrt which is a big advantage and better for the overall security of the devices. Many manufacturers support their devices poorly, meaning firmware updates are rare. This makes the device a security hazard because I can't patch vulnerabilities when I rely on the manufacturer and there is no firmware update. EU citizens need to be able to use their own software on their devices!",""
747"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F238366_en?p_id=380919","F238366","4 March 2019","Jordan Maris","EU citizen","","","","France","As somebody who works in the digital economy, I urge you reconsider the scope of this legislation to exclude wireless routers. When operating wifi networks, IT experts frequently use custom firmware on routers not to bypass wireless regulation restrictions, but to provide additional functionality not provided by the original firmware. I agree that legislation may be needed to prevent people bypassing wireless regulations, however I do not believe a ban on custom firmware is the way forwards.",""
748"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F238283_en?p_id=380919","F238283","4 March 2019","Gilles Mioni","EU citizen","","","","France","Logiciel libre :
749 Pour contr??ler la technologie, vous devez ??tre capable de contr??ler le logiciel. Ceci est uniquement possible avec les logiciels libres et Open Source. Donc, si vous voulez avoir un appareil transparent et digne de confiance, vous devez faire fonctionner le logiciel sur celui-ci Logiciel Libre.
750 Toutefois, tout dispositif concern?? par l???article 3, paragraphe 3, point i), ne permettra que l???installation de logiciels autoris??s par le fabricant. Il est peu probable qu'un fabricant certifie tous les logiciels disponibles pour votre appareil qui r??pondent ?? vos besoins. Avec ces fabricants ayant des int??r??ts particuliers cela rendra l'utilisation du logiciel libre sur des p??riph??riques radio tr??s fabriquantsdifficile.
751S??curit?? :
752 les ??quipfabriquantsements radio tels que les smartphones, les routeurs ou les appareils intelligents pour la maison sont des ??l??ments extr??mement sensibles de notre vie. Malheureusement, de nombreux fabricants sacrifient la s??curit?? pour r??duire les co??ts. Pour de nombreux appareils, il existe un meilleur logiciel qui prot??ge les donn??es tout en offrant des fonctionnalit??s ??gales, voire meilleures. Si de tels fabricants ne se soucient m??me pas de la s??curit??, vont-ils m??me autoriser l'ex??cution d'autres logiciels (Free et Open Source) sur leurs produits?
753Concurrence loyale :
754 Si vous n???aimez pas un produit en particulier, vous pouvez en utiliser un autre provenant d???un autre fabricant. Si vous ne trouvez pas d???appareil qui r??pond ?? vos besoins, vous pouvez (aider) ??tablir un nouveau concurrent qui permet par exemple la libert?? d???utilisation. Toutefois, l???article 3 (3) (i) favorise les grandes entreprises car il les contraint ?? installer des barri??res logicielles et ?? certifier des logiciels suppl??mentaires.
755 Par exemple, un fabricant de routeurs wifi de petite et moyenne taille ne peut pas certifier tous les syst??mes d'exploitation disponibles du logiciel libre.
756 En outre, les entreprises qui regroupent leurs propres logiciels avec du mat??riel tiers auront beaucoup de difficult??s. Par ailleurs, les grandes entreprises qui ne souhaitent pas que les utilisateurs utilisent un logiciel autre que le leur profitent de ce seuil.
757Services communautaires :
758 Les initiatives b??n??voles telles que Freifunk d??pendent d???un mat??riel qu???elles peuvent utiliser avec leur propre logiciel pour leurs ??uvres caritatives. Ils ont pu cr??er des solutions innovantes avec des ressources limit??es. Cela risquerait de ne plus ??tre possibles de cr??er ce genre de service.
759Durabilit?? :
760 Plus de mises ?? jour disponibles pour votre smartphone ou votre routeur ? Du point de vue de la s??curit??, il n???y a que deux options : Flash, un autre micrologiciel qui re??oit toujours les mises ?? jour ou jetez tout le p??riph??rique.
761 D'un point de vue environnemental, la premi??re solution est ??videmment bien meilleure. Mais les fabricants continueront-ils ?? certifier d'autres micrologiciels pour les appareils dont ils veulent se d??barrasser ? J'en doute???",""
762"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F238250_en?p_id=380919","F238250","4 March 2019","S??bas van der Voort","EU citizen","","","","Netherlands","This would be a bad practice. Like the computers, mobiles that I own would render unusable with the first party operating the software. These mobiles are around 5 - 6 years old. But are perfect little devices to use as timers, counters. Without even enabling radio networks like Wi-Fi and Bluetooth. As many other feedback givers, this would go against the open source community and we would lose a lot of opportunities to make improvements to technologies and communications between humans. If the manufacturers want to secure the quality of there product, then that is their responsibility. If we want to protect our laws but still being able to use custom rom. We need to unify and standardize radio channels so everyone is using the same and we can enforce the law on a global scale.",""
763"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F238246_en?p_id=380919","F238246","4 March 2019","George Kamenov","EU citizen","","","","Bulgaria","?? ?????????? ?????? ?????????????? ???????????? ?????????? ???????????????? ???????????????? ?????????????? ? ???? ?????????? ???????????????? ?? ???????????????????????? ?????????????????????????? ???? ?????????????? ???? ""????????????????????"" ?????????????????? ?????????? ???? ?????????????",""
764"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F238245_en?p_id=380919","F238245","4 March 2019","Vlado HANDZISKI","Academic/research institution","Technische Universit??t Berlin","Large (250 or more)","364661229537-64","Germany","I am voicing my strong disagreement with the proposed barrier mechanisms in Article 3(3)(i).
765The ability to freely customize the firmware or the operating system on commercial radio equipment is a very important facilitator for systems-related research in a number of domains like wireless networks, cyber-physical systems and internet-of-things. The ability to inspect and customize software artifacts on COTS RF equipment enables rapid and cost-efficient experimentation, leading to better and more secure future solutions.
766The expected benefits of simplified compliance and conformity verification, as per the restrictions proposed with Article 3(3)(i), should be carefully weighed against the significant detrimental effects that these barriers will have on system and security research and on wider societal goals like innovation, sustainability and fair competition.",""
767"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F238237_en?p_id=380919","F238237","4 March 2019","Adam Christie","EU citizen","","","","United Kingdom","This is an extremely concerning piece of proposed legislation and I urge you to read my words here and hopefully understand why this is such a bad idea.
768By limiting the type of software that can be loaded onto these devices it will unequivocally lower the overall level of security in the ecosystem. There are countless examples of insecure software which has been left for _years_ on devices that are actively in use, with manufacturers who are unwilling to devote resources to fixing security holes. Open Source has traditionally stepped up to fix these kinds of problems, led by people who want to avoid waste, to be more secure, and to have individual choice.
769If users cannot load e.g. open source software onto a device, then this blows up the whole idea of sustainability, up-cycling and re-use. It would be a shameful thing to do as it would render many devices that could be re-used as completely useless and just ending up in landfill. That may as well be an environmental crime that this article would enable.
770For example, many SSL attacks have been discovered in the past 5 years, and if the security in some software on a device was found to be vulnerable but no remedy was forthcoming from the manufacturer (as they had gone out of business or they were focusing on latest released devices), then that renders the device an active security risk, potentially compromised, and could cost an enterprise millions in staff time, losses from being attacked, etc. The same kind of situation can exist on phones, on other networked, radio devices such as WiFi routers, etc. Preventing a user to update them in this way is dangerous and actively helps/supports attackers who could otherwise be thwarted.
771Allowing open source software on devices (e.g. phones, routers) means that the life, security and performance of them can be hugely extended, in a way that the user is in control of. For routers, it means that a device can be protected from new and active threats / vulnerabilities - these are literally being discovered each week. How quickly are approved updates from a manufacturer likely to arrive? Nowhere near that, obviously.
772This article must be removed. This tendency toward centralised control of software on devices owned by individuals, charities, and companies both small and large must be examined carefully. There is simply no way that this can work in a beneficial way to users, because trust has so frequently been broken, and this is essentially guaranteed regardless of legislation.",""
773"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F238236_en?p_id=380919","F238236","4 March 2019","Robin Thomas","EU citizen","","","","Germany","As someone that regularly installs Open-Source firmware / software on my devices I am worried that Article 3 (3)(i) may prevent me from (legally) doing so in the future.
774Being able to install custom firmware / software has a lot of advantages. For me the most important ones are:
775- Extending the lifetime of devices beyond the support period of the manufacturer -
776 Many devices have a relatively short period of time where they are supported by the manufacturer. Without firmware / software updates from the manufacturer network and mobile devices can become vulnerable to exploits relatively quickly. The ability to install custom firmware / software allows us to safely continue using these devices.
777- Extending functionality -
778 The firmware / software of the manufacturer might be limited in functionality. Custom firmware / software allows us to add functionality without requiring the purchase of new (and sometimes much more expensive) devices.
779- Reducing waste -
780 With the ability to extend lifetime / functionality of the device we reduce waste, as devices can be used for much longer or be repurposed to perform a different task.",""
781"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F238220_en?p_id=380919","F238220","4 March 2019","Alex Schroeder","Non-EU citizen","","","","Switzerland","I'd like to give some feedback on Article 3(3)(i) of the Radio Equipment Directive 2014/53/EU. The passage ""to ensure that software can only be loaded into the radio equipment where the compliance of the combination of the radio equipment and software has been demonstrated"" is going too far.
782 Use cases I am interested in: installing an update on my wifi router, phone, and smart home wireless product. There are many reasons why this is desireable:
783 1. official security updates from the original vendor are no longer available
784 2. I no longer trust the original vendor
785 3. I want to develop alternatives (adding compatibility with other devices, for example)
786 Regards
787 Alex Schroeder",""
788"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F238197_en?p_id=380919","F238197","4 March 2019","Jon Koops","EU citizen","","","","Netherlands","As a software engineer and citizen of the European Union I would like to formally oppose this legislation to be made in regards to regulating after-market software and or firmware not provided by the manufacturer itself.
789I believe that hardware should always be in control by the end-user, including the ability to modify the software controlling the hardware itself. As the proprietor of such hardware one should be free to modify it without intervention.
790I would also like to state my concern in regards to attempt to regulate such modifications as such regulations will inevitably restrict the user's ability to modify their privately owned property.
791Kind regards,
792 Jonathan W. Koops",""
793"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F238186_en?p_id=380919","F238186","4 March 2019","Josh Johnson","EU citizen","","","","United Kingdom","I'm concerned that the EU wants to prevent consumers from installing custom software on the hardware that they own. Aside from the security implications (once a manufacturer decides a device is no longer worth supporting, all using that are vulnerable to any exploits which have not been patched), it reduces the recyclability of old hardware leading to more electronic devices being dumped in landfills and creates an environment where consumers can no longer be confident that the software they're using respects their privacy.",""
794"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F238185_en?p_id=380919","F238185","4 March 2019","Florian Jurgeit","EU citizen","","","","Austria","This initiative is against free software and freedom of using OpenSource Software on my devices. Using OpenSource Software can optimize the use of devices and make the lifetime of usage longer (ecological aspect). It also provides companies and privates to adapt firmware for specific customers and use-cases (--> companies will loose their business case). It loook like this regulation wants to protectet some big players and so it is against the growth of smaller companies in the EU (the very important ""hidden champions"").
795 It's also against Security and fair competition (explaination below) ! As an european citizen this regulation does not match my values !!!
796Security: Radio equipment like smartphones, routers, or smart home devices are highly sensitive parts of our lives. Unfortunately, many manufacturers sacrifice security for lower costs. For many devices there is better software which protects data and still offers equal or even better functionality. If such manufacturers do not even care for security, will they even allow running other (Free and Open Source) software on their products?
797Fair competition: If you don???t like a certain product, you can use another one from a different manufacturer. If you don???t find any device suiting your requirements, you can (help) establish a new competitor that e.g. enables user freedom. But Article 3(3)(i) favours huge enterprises as it forces companies to install software barriers and do certification of additional software. For example, a small and medium-sized manufacturer of wifi routers cannot certify all available Free Software operating systems. Also, companies bundling their own software with third-party hardware will have a really hard time. On the other hand, large companies which don???t want users to use any other software than their own will profit from this threshold.",""
798"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F238180_en?p_id=380919","F238180","4 March 2019","Cornelis Postma","EU citizen","","","","Netherlands","I am a Licensed amateur radio operator, and I am worried the changes don't respect the traditional rights of ham radio operators to change and modify existing equipment and possibly also to them being allowed to build their own equipment and manufactured equipment having to have too much limitations. Most probably this depends on individual implementation in the different countries, but I would like the directive to respect these rights ham radio operators have had world-wide since the 1920's on a European basis, so that these rights will be guaranteed in all EU countries. I am in the Netherlands, which is among the countries where radio amateurs probably have the most liberal rights to do so. I have been a ham radio operator myself since 1977 (call sign PA5COR), and I have designed and made many transmitters and transceivers, in addition to modifying and/or reprogramming professional equipment, such as for FM, Tetra and DMR for use in amateur bands.
799 Modifying existing equipment being ham radio related or professional for other use bringing it to our Ham bands should not be hindered in any way or form.
800 Any restriction, limit or hindrance to our radio amateur rights should be rooted out.",""
801"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F238171_en?p_id=380919","F238171","4 March 2019","Miguel Lopes Gouveia","EU citizen","","","","Portugal","Article 3(3)(i) drives to more software obsolescence. Perfectly functional equipment will have to be thrown away because the manufacturers want you to buy the next model, by not updating or by voluntarily putting a bad update.
802 And this will lead to more security problems and reduce the freedom for the user to use their equipment by forcing them to use the software of the manufacturer and his decisions(a feature removed, a change of design, etc.)",""
803"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F238157_en?p_id=380919","F238157","4 March 2019","Stefan Sperling","Company/business organisation","independent open source sofware developer and consulant","Micro (1 to 9 employees)","","Germany","I am a self-employed software developer who writes wifi device drivers
804 for open source and free software operating systems for a living.
805The result of my work is published by the OpenBSD project, based in Canada,
806 and is made available worldwide under permissive licensing terms:
807 My drivers end up being packaged into IT security products by various
808 companies around the world. In one example, my drivers end up in
809 high-security laptops which are used within the German government:
810
811My work depends on the ability to understand interfaces between wireless
812 hardware and operating system software. I lack access to any vendor-internal
813 specifications of such interfaces. The EU should refrain from introducing
814 more barriers to such access! All vendors on the market currently regard
815 such information as a trade secret, so my work is already quite difficult
816 under current legislation and business practices.
817A requirement to prevent modification of software on radio devices would
818 encourage vendors to lock up such information even more, increasing vendor
819 lock-in across the wireless device market. Independent software projects
820 interoperating with wireless devices are already struggling today, and they
821 might eventually become unsustainable if legislation further discourages
822 wireless vendors from supporting and interacting with such independent projects.
823Instead, EU legislation should encourage vendors to provide information
824 about hardware/software interfaces to the general public, and to encourage
825 the development of independent open source software solutions that are
826 compatible with off-the-shelf hardware. I will point out again that parts
827 of the German government already depend on such software for their IT
828 security needs. And it is certainly not the only such entity in the EU.",""
829"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F238136_en?p_id=380919","F238136","4 March 2019","Alex Kambas","EU citizen","","","","Greece","I am concerned about the fact that I will not be able to modify the software of my Wifi router since this will stop me from a series of freedoms I currently enjoy:
8301. Extend the life and expand the ability of my product with software I can modify and control, software that adds value to my purchase, increases its life and makes me more knowledgeable and aware of the involved technology and issues (see below). An extended life also means a longer cycle of obsolescence, that minimizes waste, preserves natural resources and is overall better for the planet.
831 2. Open source alternative software is being checked by the community and as such is constantly subject to scrutiny in terms of security. Security is and always be driven by academia and open source software contributors. The ability to upload software to my device allows me to patch security holes even when manufactures of (older/cheaper) devices cannot allocate the resources to do so.
832 3. Devices that can be uploaded with the same software allow me to chose freely the hardware manufacturer, opening up the competition on level terms. If a manufacturer offers a software feature I find interesting, I can buy their product and always have the option to change to what I really need. So the competitive advantage of manufacturer is intact, while I am able to chose among a number of products I can compare as equals. This also puts smaller manufacturers on plain field with the large ones. Otherwise the few large ones will dominate with locked down software.
833 4. The ability to modify and re purpose hardware opens up a wealth of opportunities in communities with limited funds that can employ talent, imagination, creativity and hard work to meet their needs. Preventing uploading software to routers (which are effectively small sized computers) or phones (same, small sized computers), will destroy so many projects, ideas, initiatives and opportunity for innovation.
834 5. Finally, free open source software (FOSS) is currently driving technology because of the ability to be used with hardware. The loss of talent in the FOSS field, is alone a huge loss for progress and innovation. Most of the software used in radio equipment (Wifi routers, phones) is based on FOSS. It is ironic to stop what at first created a whole industry.
835 And to conclude, it is about freedom of choice, ability to select what is best for ones needs, scrutiny of security implementation and sustainability of the planet. Thank you.",""
836"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F238117_en?p_id=380919","F238117","4 March 2019","Freek Dijkstra","EU citizen","","","","Netherlands","I'm concerned that requiring formal certification for firmware will have a negative impact on open source communities. Thriving communities for e.g. wireless basestations, Arduino and open hardware telephony would be impacted.
837In my view any solution must not limited the freedom of hardware owners to implement custom firmware.",""
838"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F238108_en?p_id=380919","F238108","4 March 2019","Wolfgang BILZ","Company/business organisation","Shure Europe GmbH","Medium (50 to 249 employees)","","Germany","Feedback to Inception Impact Assessments ??? Ares(2019) 476957 03/04/2019
839Shure is a well-known professional audio manufacturer producing, for example, high quality wireless microphones and In Ear Monitoring equipment (
840). Shure???s products are well received in Europe and widely used by many professional users in a variety of industries requiring high-quality audio production.
8411) General Scope of Responsibility of the Manufacturer and the PMSE User
842For professional audio-PMSE applications in Europe, equipment is certified to operate according to ETSI standards and architected to be in compliance with national frequency range allocations. Users must tune to the authorized band for local operation and select specific frequencies, commonly in the interleaved spectrum of the primary user (e.g. DVBT). It is thus the responsibility of each user to follow the regional or national rules and to comply with them.
843 This process can be seen as ???self-limiting??? as failure to comply with local regulation will result in harmful interference to potentially a multimillion production with an audience in excess of 80,000 people.
844The PMSE industry has a successful track record of enabling PMSE devices to operate without creating interference to other devices. The PMSE manufacturer provides the user with clear and detailed regulatory information and warnings on the packaging and in the user guidelines and instructions for compliant operation of the equipment. The same process applies to firmware/software updates, which are securely provided by manufacturers and commonly installed by the user via an Internet connection. It is in the manufacturers??? interest to provide timely software updates that can facilitate performance improvements to the device and accommodate changes to local regulations while remaining compliant with the original certification standards.
8452) Option 1???Industry Self-Regulation - is the Right Way to Go
846The Commission suggests under Option 1 that the ???the industry self-regulates to ensure that software uploaded into radio equipment does not compromise the initial compliance.??? Shure wholeheartedly supports this approach, as the other Options will impose an undue burden on Shure and other PMSE manufacturers.
847The Commission suggests that in the EU, PMSE manufacturers should be subject to requirements that apply in ???some non-EU countries [???] take steps to ensure that only software that has been approved with a software defined radio can be loaded into the radio and that any radio in which the software is designed or expected to be modified by a party other than the manufacturer [???] must be certified as a software defined radio.??? However, there is no citation to the referenced countries or rules given that would allow commenters to evaluate this statement, the context in which such requirements apply, the ???steps taken,???, and to assess whether this approach has been successful in the countries referenced or circumstances applied.
848Even if this statement were correct, it does not apply to the RED and delegated acts for a number of reasons: ......
849Please see attached pdf-file - the full response","https://ec.europa.eu/info/law/better-regulation/feedback/238108/attachment/090166e5c2143021_en"
850"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F238103_en?p_id=380919","F238103","4 March 2019","Jesper Rex R??rk??r","EU citizen","","","","Denmark","As a consumer, i do hope this won't pass. Being able to install custom software or open source software on your devices, is something many (including myself), value a lot.
851 Here are some of the reasons why i'm against this initiative.
852Less waste:
853 Passing this initiative will only increase electronic waste. For which we already have too much of. Which seems counterproductive to our fight of climate change.
854Security:
855 For devices which official support ended. Being able to install community driven software is vital. As security patches often ends after 1-2 years for many devices. Many hard working communities have longstanding projects which improves security for devices without official support.
856Freedom to choose:
857 In the west we value our freedom a lot. So why wouldn't that include the right to choose which software we want installed on our devices? Which we also own and paid for...
858Kind regards from a worried EU citizen.",""
859"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F238101_en?p_id=380919","F238101","4 March 2019","Leon Schmidt","EU citizen","","","","Germany","As a Network-Administrator I want to voice my concern as diversity through customized Systems prevents large scale attacks.",""
860"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F238092_en?p_id=380919","F238092","4 March 2019","Vladislav Zalesak","EU citizen","","","","Slovakia","This proposal is highly problematic, especially Article 3, point 3, letter (i).
861 This shifts responsibility for maintanance and usability of a device from user to manufacturer. This leads to several issues:
862 in case of illegaly modifed software, manufacturer would be in theory legally responsible for criminal activity of others.
863 In addition this would prrohibit owners of legally purchased property to modified it using third party software to better suit their needs.
864 This would then lead in supressing the security of hardware (often open source third party software is superior to baseline propretiary one) as its most likely to protect themselves, manufactures would provide no way to LEGALLY modified software of given devices.",""
865"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F238090_en?p_id=380919","F238090","4 March 2019","Anton Puppe","EU citizen","","","","Germany","It is very important for people to be able to modify the software on their devices, this includes radio equipment. If this were not possible, schools and universities would be unable to provide courses about radio equipment, as the testing and demonstration of such equipment almost always involves uploading custom software.
866 For example, the popular ESP8266, while usable with the official software, often requires the use of custom software to unlock its full potential. There are many other products like the ESP8266.
867 Additionally, it could be argued that the operating system of a smartphone or computer is also under the scope of this law. This would effectively halt all efforts of the Open-Source Community in improving the lives of all people and boosting the economy of the EU.
868 In conclusion, it is very important to be able to customize software without requiring approval by the manufacturer, which would probably not care about their customers.",""
869"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F238084_en?p_id=380919","F238084","4 March 2019","Ville Ilvonen","EU citizen","","","","Finland","As a software professional and hobbyist, I'm regularly testing or using different software on radio equipment I own. Capability to use open, free, and audit supporting SW on radio equipment is a key right and should also be supported in the future by EU legislation.
870In fact, capability to not audit some manufacturer supported radio FW has led to concerns on safety, security and privacy by non-EU equipment manufacturers.
871The proposed legislation aims to turn the responsibility from an EU citizen uploading/changing software and following radio equipment regulation to manufacturers (often outside EU). It also limits EU citizens and software professionals from using open source software radio implementations, thus hindering the global software competitiveness in the long run. It is already in the foreseeable future where much of the radio capabilities come from software defined radio, rather than hardware.
872I suggest upload of software on radio equipment legislation would be reviewed to ensure the rights and clarify responsibilities of the EU citizens.",""
873"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F238046_en?p_id=380919","F238046","4 March 2019","Cathal Garvey","EU citizen","","","","Ireland","Hardware of any kind that is purchasable by a citizen, must belong to that citizen and be maintainable by that citizen.
874This is for various reasons, including rights to ownership and self-determination, as well as to prevent e-waste by keeping older hardware functional and useful as standards progress and usage-patterns evolve.
875In particular with radio equipment, where the equipment is generally used to facilitate communications or operations of a privacy-sensitive nature, it is even more important that citizens be able to inspect, understand, and replace the software on the devices. The reason is that, simply put, hardware with unauditable software is untrustworthy. Speculation already abounds that certain large hardware vendors from the USA and China might participate in state-backed mass-surveillance of EU citizens, and the only recourse right now for citizens is to wipe the onboard firmware (where possible) and install Free/Libre alternative firmwares.
876If the EU is to make changes to how firmware may be modified by owners, it should go far in the opposite direction, and mandate instead that _all hardware must have open-source (at least) firmware, and all hardware must have a known and supported mechanism to install newer or customised firmware_. Doing so would enable citizens to trust the software that mediates our modern culture of intermediated communication.",""
877"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F238034_en?p_id=380919","F238034","4 March 2019","Karl-Oskar Johannesson","EU citizen","","","","Sweden","Article Article 3(3)(i) goes against free open software and provides security against the user not for the user. Please stop this part!",""
878"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F238030_en?p_id=380919","F238030","4 March 2019","Jonas Wedin","EU citizen","","","","Sweden","I'm a computer science student in the last year of my masters, and recent directives comming out of EU are downright scary and/or wrong.
879I see the point you're trying to make, but if this is your way of implementing it, it becomes clear that you are fumbling in the dark.
880In today's market the only real choice I have is installing open source firmware on my devices. The only way of ensuring my own digital freedom is that I can flash my devices.
881If you want to stop people from using unwanted frequencies, those need to be limited by hardware. This is only going to affect lawful users who simply wants to have control over their devices. Any malicious use is still very possible.
882From a manufacturers perspective, this is great! No need to implement planned obscene in hardware anymore, just stop giving updates! What is the user gonna do? Or even better, just give an breaking update! If I can't edit the software I'm screwed.
883EU does a lot of good things, computer science is not one of them. Get your act together. This is embarrassing.",""
884"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F238029_en?p_id=380919","F238029","4 March 2019","Simon Tas","EU citizen","","","","Belgium","While I understand the problem you're trying to solve, I don't think the currently proposed solution is going to do anything good.
885 The main problem in my opinion is that this will seriously damage the Open Source enthusiasts that care about their privacy. There are currently not a lot of companies that offer devices loaded with Open Source software and therefore most of these people (myself including) buy devices with proprietary software and change the software afterwards. This will be impossible under the current proposal. You could argue that companies could approve Open Source software but this is very unlikely since this would cost them a lot of time and money without being beneficial to them.
886 This proposal would also be devastating for programmable radio equipped devices. Arduino is a good example. While the base version doesn't have a radio module some more advanced units do and it's also possible to buy a ""shield"" to add this functionality. Since the point of these devices is that you can program them yourself they'd be illegal under the current proposal. These devices are very popular in educational studies and are also great for making a prototype.
887 Lastly I'd like to add that it is never a good idea to rely on what they call in the programming world call ""client side security"". This is because while this will hold of the average malicious user, there will be users that try to reverse engineer the system and bypass your restrictions. This means that when you make a radio application you should expect people to try and exploit your program in every single way and protect yourself from it instead of thinking everyone will just stick to using your client software. Radio connections should and often do have some sort of authentication to make sure the connection is secure. The only problem that still remains then is DOS (Deny Of Service) attack by for instance sending a strong radio signal so that the other signals are unreadable. Making a device that does this is very simple so even if you boot lock all radio devices there still will be people able to do this kind of attack. It's also not a huge issue since the attacker doesn't get to know any information. He just blocks the communication and it requires exponentially more power when you try to increase the range making it very unpractical.
888 I'd like to conclude with saying that I believe option 0 as described in the article is the best option. It is not perfect but it is better as a solution that doesn't completely fixes the problem and also does a lot of harm in the process.",""
889"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F238021_en?p_id=380919","F238021","4 March 2019","Philipp Angerer","EU citizen","","","","Germany","The leading company for routers, Cisco, has a horrible security track record. Open source initiatives like OpenWrt are currently the best hope to secure routers like theirs. The right to repair is vital, and software is no exception.
890This initiative would therefore be counter-productive and actively go against its own stated goals.
891I propose that instead of closing equipment like this down further, its source code should be required to be open for public scrutiny and companies should be punishable by law if they don???t comply with common security practices.",""
892"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F238018_en?p_id=380919","F238018","4 March 2019","Samuel Kleiner","EU citizen","","","","Sweden","Hi, Regulators.
893I don't believe that this should be done. Overregulation like this imposes invisible costs, that are borne by all citizens, when it comes to potential innovations that might be made using technology that this regulation would put beyond the control of ordinary citizens.",""
894"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F238015_en?p_id=380919","F238015","4 March 2019","Marcin Raczkowski","EU citizen","","","","Poland","Locking down software radios and mobiles can only have negative consequences to the security of the infrastructure. Instead of fixing problems at it's core, it's only masquarading them. Real ""bad guys"" will obtain hardware that's cracked open, while customers will suffer.",""
895"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F238006_en?p_id=380919","F238006","4 March 2019","Axel Duerkop","EU citizen","","","","Germany","Being able to change a device's software is an expression of freedom, especially when you bought the hardware and own it. Free software implements values that have often been wisely negotiated by a community and can fit the purpose and demands of a representative group of society. But most important, this freedom is the freedom of all those who are running businesses and want a free market and competition with transparent rules.",""
896"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F237994_en?p_id=380919","F237994","4 March 2019","Colin Caine","EU citizen","","","","United Kingdom","Restricting what software can be uploaded to radio equipment removes an important consumer freedom. I think it is unlikely that consumer radio abuse is high enough to warrant this initiative, given this cost.
897I upload my own software to consumer radio hardware in order to make it more secure and more useful to me. For example, by allowing me to use better VPN software, using better traffic-shaping algorithms to get a better quality of connection, etc.
898This freedom is especially important to people and organisations with less money: it allows you to buy cheaper hardware and get the features you might otherwise have to pay 10 times more for.
899This freedom is good for the environment by extending the useful lifespan of commodity hardware (e.g. routers once distributed by BT in the UK now have a recycling aftermarket as open source routers).
900For more information, please see the good write-up by Free Software Foundation Europe:",""
901"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F237966_en?p_id=380919","F237966","4 March 2019","Klaus-Dieter AXT","Business association","DIGITALEUROPE","Small (10 to 49 employees)","64270747023-20","Belgium","DIGITALEUROPE believes that this initiative should only be limited to classes of radio equipment for which there is a clear evidence showing that the upload of software on radio equipment could lead to a serious risk of non compliance in the EU market. So far, problems causing a risk of non-compliance with the RED due to software uploads have not been clearly identified. Unless there are well founded reasons, DIGITALEUROPE recommends letting the free market play its role, benefiting the competitive advantage for manufacturers that already apply such mechanisms to ensure only compliant software can be loaded on the radio equipment.
902In case of any clearly identified problems in the market due to software updates, DIGITALEUROPE requests that the proposed measures under Article 3.3i of the RED respect the principles of proportionality and smart regulation. Any new legislative measure shall be proportionate to the clearly identified risks, without leading to unjustified new requirements affecting radio equipment for which no compliance problems have been identified. In addition, any potential new measures should be practical for manufacturers, minimise additional administrative burden and provide legal certainty.
903Due to the additional administrative burden brought by Article 4 of the RED, which offers no added value to the authorities and end users, DIGITALEUROPE is not in favour of any additional statement of compliance. We consider that current requirements of RED are sufficient to inform authorities and end users about compliant software versions. Any additional administrative burden that is disproportionate compared to the potential risk shall be avoided.
904DIGITALEUROPE remains at the disposal of the EU Commission to provide further details on these initial comments.
905Furthermore, DIGITALEUROPE expresses its interest and availability to provide additional explanations and evidence during the next steps of the impact assessment, as well as in the Expert Group on Reconfigurable Radio Systems.","https://ec.europa.eu/info/law/better-regulation/feedback/237966/attachment/090166e5c213e205_en"
906"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F237952_en?p_id=380919","F237952","4 March 2019","Manuel Molina Cuberos","EU citizen","","","","Spain","Creo que esta iniciativa es totalmente err??nea porque la responsabilidad de las modificaciones en un dispositivo ha de ser del usuario, y por tanto, tener permitida su realizaci??n.
907 As?? ha sido y as?? ha de ser.
908 La modificaci??n en el software del dispositivo ha de ser posible por parte del usuario.
909 Es una libertad inherente a la propiedad del dispositivo, y es su responsabilidad mantener el uso legal del espacio radioel??ctrico.
910 Negar ese derecho es quitar la libertad de controlar nuestra tecnolog??a, ya que se requerir??a el permiso expl??cito del fabricante para realizar modificaciones legales en el mismo, y se estar??a sometido a su voluntad.
911 Muy mala idea.",""
912"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F237943_en?p_id=380919","F237943","4 March 2019","Yohann Meyer","Non-EU citizen","","","","Switzerland","This is (and I'm especially talking about article 3(3)(i) ) an attack on security, liberty, reusability and free competition. To only permit manufacturer-reviewed software to be installed will be exploited (as recent history of multinationals has proven) to create a hard lock on the possibilty for consumers to choose software that better serve their needs and is utterly useless for the protection of the radio band, as it will only create a (dark) submarket for hardware without thoses limitations.
913 I don't want my children to live in 1985. Please stop.",""
914"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F237912_en?p_id=380919","F237912","4 March 2019","Jonathan S??lea","EU citizen","","","","Sweden","Enforcing something like this would not only reduce the freedom for users to install and use custom firmware, but it would also be a significant security risk by not giving the power to update their devices - instead people are encouraged into buy-consume-throwaway lifestyle instead of making full use of the devices they posses.",""
915"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F237908_en?p_id=380919","F237908","4 March 2019","Morgan Christiansson","EU citizen","","","","Sweden","THIS IS UNACCEPTABLE.
916TO BLOCK ME FROM INSTALLING SOFTWARE ON MY PHONE OR ROUTER THAT I'VE BEEN DOING FOR 20+ YEARS NOW.
917OUTRAGEOUS.",""
918"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F237907_en?p_id=380919","F237907","4 March 2019","Lilian Gimenez","EU citizen","","","","France","Article 3(3)i restricts user's freedom of using their IT like they want. Putting technical restrictions on what software can be loaded will make users unable to modify or extend their device's behaviour to fit their needs. A broad range of consumers devices have radio capabilities, such as mobile phones and laptops. Those devices have a great impact on a lot of people's lives. Removing their freedom to use their devices like they want and giving the control of their digital lives in the hands of a few IT companies is not worth some technical measures to enforce a good use of radio spectrum.
919In addition to being restrictive to the general crowd, it will not affect expert users from maliciously their device's radio capabilities by circumventing those measures.
920I would suggest to replace this article by a requirement that software shipped by default satisfies the requirements, but does not forbid the possibility to let users freely replace it's software.",""
921"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F237873_en?p_id=380919","F237873","4 March 2019","Thomas Cox","EU citizen","","","","Belgium","While I can understand the reason for this law, the execution is lacking. This law would make it nigh impossible for Linux-distro's to be installed on routers, which is a huge disadvantage.",""
922"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F237857_en?p_id=380919","F237857","4 March 2019","B??rge A. Roum","Non-EU citizen","","","","Norway","Making it impossible to install your own operating system on radio devices is a terrible idea! Will this also affect laptops with wifi? Are you aware of the huge market for Linux and Linux developers in the EU that will be decimated by this law?
923To control technology, you have to be able to control the software. This only is possible with Free and Open Source Software. So if you want to have a transparent and trustworthy device, you need to make the software running on it Free Software. But any device affected by Article 3(3)(i) will only allow the installation of software authorised by the manufacturer. It is unlikely that a manufacturer will certify all the available software for your device which suits your needs. Having these gatekeepers with their particular interests will make using Free Software on radio devices hard.",""
924"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F237848_en?p_id=380919","F237848","4 March 2019","Jasper v. Blanckenburg","EU citizen","","","","Germany","There are three very big problems with Article 3(3)(i) that the Inception impact assessment neglects to mention.
925A: Security Patches
926Unfortunately, it is impossible to write bug-free software of any meaningful complexity. This means that every firmware out there will have security exploits in it. As long as these are patched by the manufacturer in a timely fashion, they will likely not have a big impact. However, once devices reach end-of-life and no more patches are released by their manufacturer, the unpatched firmware quickly becomes a big security risk.
927Currently, custom firmwares for e.g. smartphones (such as LineageOS) or routers (such as OpenWRT) often provide support and security patches after end-of-life, securing many devices. If Article 3(3)(i) is applied to these devices, custom firmware will become effectively impossible, since no manufacturer will be able and/or willing to assess the multitude of firmwares, especially since many firmwares update weekly or even daily.
928B: Privacy
929Proprietary firmwares effectively do not afford the consumer any control over what software is running on their devices. Only when it is possible to build and upload open-source firmware can one be sure of what their device is doing.
930C: Impact on aspiring engineers
931Tinkering with microcontrollers and development boards is, as I am sure many embedded software engineers will agree, very important for aspiring engineers and students to form a passion and deepen their knowledge. Since wireless communication is only increasing in importance, it should also be possible for students to tinker with devices with wireless capabilities. Currently, this is possible with e.g. the ESP family of microcontrollers or one of the many wireless accessories to the Arduino family of development boards.
932However, tinkering with these boards obviously requires uploading custom firmwares at least most of the time, which means it would become impossible if Article 3(3)(i) applied to these microcontrollers.
933Having a smaller or less experienced engineering force in such an important area would obviously also have implications in the mid- to long-term for the economic competitivity of the European Union.
934I thus urge the commission to remove or at least amend Article 3(3)(i) to narrow its scope.",""
935"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F237786_en?p_id=380919","F237786","4 March 2019","","EU citizen","","","","France","(Formatted feedback and additional documents attached)
936Abstract:
937 I am concerned that putting broad restrictions on software running on radio system will limit research and innovation, as well as security, privacy, instead of the opposite. I also offer as possible alternatives stringent restrictions on part of the software, as well as the improvement of existing legacy radio protocols.
938Full text :
939 Dear European commission members,
940Thank you for taking the time to read this. I am writing this as an engineer, and a microelectronics PhD student. I am most concerned about the potential impact this initiative could have on innovation, and freedom for the customers of radio-enabled products to experiment, and alter functionality of their devices.
941As software-defined radio becomes the new norm and algorithms improve, it will become impractical to monitor every use of the radio spectrum. It would seem to me that developing more resistant protocols and transmission schemes is unavoidable, and should be a priority for mission-critical uses, as I would like to stress that this initiative would not prevent intentional jamming of critical radio frequencies.
942However, that does not preclude controlling the software that runs on devices. It seems to me that Option 4 is perfectly reasonable as long as it only concerns a very minimal set of parameters, instead of the full device firmware (please see the attached document for more details). This would in essence be a similar approach to what can be seen in the industry [1,2], by limiting capabilities of third-party software.
943I also disagree with some assessments made in the proposal:
944 ??? I don???t see the main stakeholders affected by this initiative as being some manufacturers of radio equipment. The main stakeholders are software providers, be it the aforementioned manufacturers, third-party software providers, or the general public loading alternate software to alter the functionality of a radio device.
945 ??? In my experience with first-party software, it tends to be less secure in some respects compared to third-party software, thus the societal impacts of increased protection of personal data and security are likely the opposite.
946Finally, I would like to add a word as a member of the postmarketOS project. We aim to provide third-party software to ageing smartphones that no longer receive manufacturer updates, in order to secure them against more recent threats, and improve their usability to avoid relegating perfectly functional devices to a garbage dump. We thus try to provide a way to run up-to-date software on old devices, which also fits nicely into Europe???s environmentally-friendly mindset.
947 Passing such a regulation would directly harm us and similar projects.
948I am available for further comments if needs be.
949Sincerely yours,
950[1]
951 [2] ","https://ec.europa.eu/info/law/better-regulation/feedback/237786/attachment/090166e5c2132e81_en"
952"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F237782_en?p_id=380919","F237782","4 March 2019","Charles Gueunet","EU citizen","","","","France","As a defender of the free software, I would hate not to be able to change the software of a device I have bought. Can it be for ethical reasons, to extend / repair the device, to add new functionalities, to control what happens on the device, just for development of for any other reasons, changing the software can be beneficial for plenty of users. As there will be more and more people familiar with computer science in the future, we may even think this is a right more and more people will use, hence improving diversity and robustness of the software as well as the lifetime of devices.
953 I would hate to think this law is meant for corporation to force users to use their software, so they can make more money. I think this is not the role of Europe to enforce this mentality.",""
954"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F237764_en?p_id=380919","F237764","4 March 2019","Frieder Schrempf","EU citizen","","","","Germany","By restricting the upload of custom software to radio devices this initiative will cause serious harm in many areas, including private, public, non-profit and commercial research, development and manufacturing.
955The effort needed to lock down devices will probably cause manufacturers to invest less time and money in protecting devices against actual security threats and prevents third parties from providing fixes and patches in cases when the manufacturer fails to provide patches himself. As these are common cases in the area of mobile and IoT devices, the initiative would affect the security of many devices.
956The initiative will also slow down and obstruct the work of open-source software communities and companies that provide such software for radio devices.
957 As an example I would like to mention the ""Freifunk"" community, that established a network of currently around 45000 privately operated WiFi access points to provide free internet access for thousands of users in Germany. There is even official cooperation between Freifunk e.V. and local city administrations (e.g. Esslingen am Neckar) to provide free internet access in public areas.
958I would like to ask the European Commission to respect the expertise and work of thousands of researchers and developers who come to the conclusion, that the possibility to upload custom software is the only way to provide security and ensure long lifetimes of many devices.
959It is a mystery to me how the EC experts could come to a conclusion that, once put into action, will cause such a big negative impact compared to the very little, if at all, regulative power it will develop.",""
960"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F237750_en?p_id=380919","F237750","4 March 2019","Joonatan Saarhelo","EU citizen","","","","Finland","Many hardware manufacturers ship faulty software with their hardware. See
961 for example. If using custom software is prohibited, many otherwise good devices turn into junk.
962Prohibiting the use of custom software on mobile phones would further strengthen Google's Android monopoly.
963Android is open source software, but most people run the version that comes with Google's apps. By prohibiting upload of custom software onto radio devices, you force people to be spied upon by Google and make the Android Open Source project open in name only.
964The freedom that users have when using desktop computers has enabled the very diverse Linux ecosystem to flourish alongside Windows and Mac OS. Today, over half of the worlds servers run Linux. I wouldn't be surprised if many of the innovations in operating systems and user interfaces were first seen in Linux and later copied into Windows.
965Finally, Article 3 would be bad for the environment. The improvement in mobile computing performance is slowing down and the only part of a mobile phone that ages is the battery. I could use my current phone for ten years if the software wouldn't get slower.
966This has been solved with custom software that has all the important safety features but none of the things that require more processing power. Manufacturers will not want to approve such software because it hurts their profits from selling hardware.",""
967"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F237705_en?p_id=380919","F237705","4 March 2019","Stefan Midjich","EU citizen","","","","Sweden","1) The regulation that prevents owners of radio devices to replace their device software will not solve any problems. It will merely create criminals out of some of the most innovative and technically competent citizens. By disallowing experimentation and discovery, traits that are the basis for innovation in our society.
9682) It promotes a wasteful society by disallowing the re-use of old radio devices with new software. An old device can find new life with new software, often free and open source software maintained by hobbyists.
969Old wifi routers are useful in the many community projects like Freifunk and its familiars.
970I myself use an old cellphone that would not longer receive updates, with the LineageOS software that is still receiving updates. This cellphone would end up on a landfill otherwise.
9713) The regulation would also further centralize power of our lives in the hands of a few major corporations who decide what software we use.
9724) At least take into consideration that a free market should itself have the power to decide on this type of device protection. Leaving the way open for competitors to provide alternative devices. If the EU regulates such minute details then it closes the way for future competition.
973Honored MP, please ask yourself; why is someone in the EU trying to regulate this? To protect us from frequency abuse? Or to regulate what software is running on your devices?
974It's nearly impossible to practically enforce such a regulation for the purposes of preventing frequency abuse. Anyone capable of abusing frequencies is also capable of doing so without any of the listed categories of radio devices.
975Yet the rest of us who do not possess such capabilities and are merely able to reinstall our old devices to breathe new life into them would be crippled.
976Please do not make me or my friends criminals for doing what we love. Simply reinstalling a device with your own software should never be criminalized.",""
977"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F237704_en?p_id=380919","F237704","4 March 2019","Marco Hladik","EU citizen","","","","Germany","Not allowing us citizens to update and improve the software on devices we rightfully own will not just take away our rights, but is also dangerous when manufacturers abandon products when they are no longer profitable or their obligations have expired.
978 This proposal will only give corporations more power over people.",""
979"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F237659_en?p_id=380919","F237659","4 March 2019","Andrea Borgia","EU citizen","","","","Italy","I'm sure the proponents have the best intentions but it is quite an understatement to write
980 ""Risks of lockdown of radio equipment and applicability of open source software and open source hardware"" when it is all but certain that manufacturers will lock down their products even tighter than today.
981 What incentives would they have to go through the certification process with all possible present and future firmwares? None, so they'd simply prevent any changes, period.
982 This is bad policy, obviously.",""
983"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F237650_en?p_id=380919","F237650","4 March 2019","Manuel Kock","EU citizen","","","","Germany","I'm working for a Freifunk Community in Hannover and we are building open Wireless Networks with Routers that we need to customize with a modified Firmware.
984 We use them to bring Wireless access to all kind of Places, where People need a free and wireless Internet access.
985 If we can't change the Firmware on new Routers anymore, this Project will most likely End in the near future.",""
986"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F237639_en?p_id=380919","F237639","4 March 2019","Nils Koch","EU citizen","","","","Germany","In my opinion, being able to control the software which runs on my devices is crucial, for both security as well as sustainability. In the past years there have been numerous examples of security flaws in routers and other devices, which usually don't get fixed by the manufacturer if the device isn't brand new and a top of the line product. This lead to the spread of malware and botnets.
987 But thanks to the Open Source community, for many of those devices there are alternative firmwares available, in which these flaws are quickly fixed. That helps in extending the lifetime of the devices and increases their sustainability. Using Open Source firmwares is also the only way to be sure there are no backdoors or other unwanted or poorly implemented features in your device, and is thusly the only way to truly own your device.
988 There are also many groups, like Freifunk in Germany, which rely on running their own firmware on devices to provide their services that are highly beneficial to the community.
989 Being able to experiment with your devices also fosters innovation, as it makes it much more accessible to try new things, for industry as well as educational purposes.
990As I read this proposal, it would even apply to mobile phones, which suffer from the same problems of not receiving security updates, and often times containing unwanted software from the manufacturer. Seeing how much sensitive data is on our phones and can be extracted if flaws or data collections are exploited, it is extremely important for the user to be able to use a firmware of their choosing, and this way keep getting security patches and more features, even after the support from the manufacturer has ended.
991So, to conclude, custom, open source firmware is needed to increase the security, safety and sustainability of any device, and gives the user much more freedom of choice. Due to that, I would strongly advise against restricting the users ability to control their own devices.",""
992"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F237614_en?p_id=380919","F237614","4 March 2019","David Bauer","EU citizen","","","","Germany","Introducing restrictions on what software to use on commodity radio devices such as wireless routers would greatly increase the issue of manufactures not supporting devices with security patches, leading to avoidable electric waste.
993Also, many small companies and startups use this commodity hardware for their own products ans services by replacing the software. Thru this, they can build innovative devices and services without having to dedicate a lot of development time to hardware engineering and manufacturing.
994Free community networks such as Freifunk or guifi.net also depend on the reprogrammability of this hardware to build such networks. Restrictions on uploading such firmware would effectively kill such large projects.",""
995"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F237506_en?p_id=380919","F237506","4 March 2019","Juan Jos?? Gil S??nchez","EU citizen","","","","Spain","Free Software: To control technology, you have to be able to control the software. This only is possible with Free and Open Source Software. So if you want to have a transparent and trustworthy device, you need to make the software running on it Free Software. But any device affected by Article 3(3)(i) will only allow the installation of software authorised by the manufacturer. It is unlikely that a manufacturer will certify all the available software for your device which suits your needs. Having these gatekeepers with their particular interests will make using Free Software on radio devices hard.
996 Security: Radio equipment like smartphones, routers, or smart home devices are highly sensitive parts of our lives. Unfortunately, many manufacturers sacrifice security for lower costs. For many devices there is better software which protects data and still offers equal or even better functionality. If such manufacturers do not even care for security, will they even allow running other (Free and Open Source) software on their products?
997 Fair competition: If you don???t like a certain product, you can use another one from a different manufacturer. If you don???t find any device suiting your requirements, you can (help) establish a new competitor that e.g. enables user freedom. But Article 3(3)(i) favours huge enterprises as it forces companies to install software barriers and do certification of additional software. For example, a small and medium-sized manufacturer of wifi routers cannot certify all available Free Software operating systems. Also, companies bundling their own software with third-party hardware will have a really hard time. On the other hand, large companies which don???t want users to use any other software than their own will profit from this threshold.
998 Community services: Volunteer initiatives like guifi.net qmp, NYMESH and Freifunk depend on hardware which they can use with their own software for their charity causes. They were able to create innovative solutions with limited resources.
999 Sustainability: No updates available any more for your smartphone or router? From a security perspective, there are only two options: Flash another firmware which still recieves updates, or throw the whole device away. From an environmental perspective, the first solution is much better obviously. But will manufacturers still certify alternative firmware for devices they want to get rid of? I doubt so???",""
1000"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F237496_en?p_id=380919","F237496","4 March 2019","Jan Horvath","EU citizen","","","","Czechia","I believe this initiative stops the natural improvement of products. It will slow down the research and development and in long term decreases the technological advances of EU.",""
1001"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F237461_en?p_id=380919","F237461","4 March 2019","Tim Clarke","EU citizen","","","","United Kingdom","In my opinion the the intended restrictions on private software installation on radio devices is unnecessary. It limits the hobby market and there are adequate provisions in place to catch those that abuse the freedom. This move will increase device complexity and therefore increase prices.",""
1002"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F237460_en?p_id=380919","F237460","4 March 2019","Mark O'Donovan","EU citizen","","","","Ireland","Locking down radio equipment it a terrible idea.
1003 It will promote a culture of throwaway devices, which is wasteful and unnecessary.
1004 Using Open Source software on network equipment is the only way to use a device securely in the long run.
1005 As it stands most manufacturers provide little or no software updates. These devices arrive with security vulnerabilities and often need to be disposed of with only a fraction of their useful life done.
1006 We are promoting open source software everywhere else for security reasons, why should we do the opposite here?",""
1007"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F237421_en?p_id=380919","F237421","4 March 2019","Raffael Bucher","EU citizen","","","","Germany","It???s a mandatory right to upload software on devices I own.",""
1008"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F237416_en?p_id=380919","F237416","4 March 2019","Jakob Meyer","EU citizen","","","","Germany","Please dont force us to use inferior stock software, when there are much better, faster, saver and more customizeable solutions available. This serves noone but companies who will be able to further dictate their users what software they have to and can use!",""
1009"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F237413_en?p_id=380919","F237413","4 March 2019","Johan De Meersman","EU citizen","","","","Belgium","Software is a critical part of any radio device. Putting the onus of conformity on OEMs and requiring them to implement measures to prevent unauthorised software to be installed on the device is not only putting extra burdens on the manufacturer, but is also a breach of the right to repair (can, for example, no longer upload a non-OEM operating system on an old phone that is no longer being supported but further still completely functional) but also problematic when it comes to ownership and free use of the hardware we buy; it additionally plays into the planned obsolecense issue that has been plagueing consumer hardware for years.",""
1010"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F237410_en?p_id=380919","F237410","4 March 2019","Benedikt Franke","EU citizen","","","","Germany","Dieser Gesetzesvorschlag ist ein massiver Einschnitt in die pers??nliche Freiheit. Als Nutzer muss ich selbst entscheiden k??nnen, welche Firmware auf meinen Ger??ten l??uft.",""
1011"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F237377_en?p_id=380919","F237377","4 March 2019","Marian Citizen","EU citizen","","","","Romania","I will not support this. I must be in fully control of the device i paied for. This will not be in the consumer interest but in the corporation interest. I hope EU will not pas this.",""
1012"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F237367_en?p_id=380919","F237367","4 March 2019","John O'Sullivan","EU citizen","","","","Ireland","Hello,
1013Article 3(3)(i) makes radio equipment manufacturers responsible for side software loaded on the equipment. This enforces manufacturers to lock down their devices. It is very bad for free software (I won't be able to install what I want on my device for personal use), competition (as above, but for business use) and also for various not-for-profit activities, which vitally depend on installing certain software as they see fit.
1014This is the example of unacceptable paternalism and should not be signed into law!
1015John.",""
1016"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F237358_en?p_id=380919","F237358","4 March 2019","Stefan Schridde","Consumer organisation","MURKS= NEIN DANKE! e.V.","Large (250 or more)","039530134146-77","Germany","Die in der Direktive erwogenen Wege, den Upload von Software einzuschr??nken, gef??hrden den Erfolg der von der EU Kommission bereits geforderten notwendigen Strategien zur Nutzungsdauerverl??ngerung und Repararierbarkeit von Konsumg??tern. H??here Sicherheitsanforderungen im Internet der Dinge d??rfen die h??herwertigen Anforderungen von Umwelt- und Ressourcenschutz nicht gef??hrden. Daher sind andere Wege zur Verbesserung von softwareseitiger Sicherheit vorzuziehen. Hersteller k??nnten eine Einschr??nkung von Softwareuploads sonst nutzen, um die Reparierbarkeit ihrer Produkte deutlich einzuschr??nken oder unm??glich zu machen. Stattdessen m??ssen Softwarekomponenten auch extern pr??fbar werden (z.B. durch Anforderungen an Offenlegung des Codes), um herstellerseitigen Mi??brauch durch externen Kontrollen aufdecken zu k??nnen.",""
1017"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F237357_en?p_id=380919","F237357","4 March 2019","Tim Schl??ppi","Non-EU citizen","","","","Switzerland","Ich habe das Gesetz nur ??berflogen, da es recht kompliziert geschrieben ist und auch nur auf Englisch. Deshalb gebe ich meine Meinung nur zu den f??nf Optionen zur??ck. Ich hoffe trotzdem, dass meine R??ckmeldung aufgenommen wird.
1018Option 0 ist die einzig Richtige. Zwar k??nnten sendef??hige Ger??te mit eigener Software ein Problem darstellen, jedoch wird das nur marginal stattfinden. Diejenigen, die das bewerkstelligen k??nnen, werden das auch weiterhin k??nnen, wie zahlreiche Pr??zedenzf??lle der IT zeigen (siehe Jailbreak iPhone oder auch Umgehen des Kopierschutzes von Videospielen). Der Schaden, der durch Limitierung der Software angerichtet wird, ist weitaus gr??sser als der Nutzen:
1019* Jede Software auf Routern ist von einem Hersteller und warscheinlich auch propriet??r --> Weniger Open Source Software, daf??r mehr undurchsichtige Firmensoftware.
1020 * Viele Funktionalit??ten werden eingeschr??nkt, da das Ger??t dies machen k??nnte, aber der Aufwand zu hoch ist, das zu implementieren. Man k??nnte damit auch nicht selbst etwas schreiben.
1021 * Die Software k??nnte Hintert??ren oder ??hnliches enthalten. Bei nicht von Herstellern gepr??fter Software (die dann auch meist Open Source ist) kann man sich sicher sein.
1022 * Schlussendlich ist der Aufwand zu gross, um eine so niedrige Zahl von Vorf??llen verhindern zu versuchen.",""
1023"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F237323_en?p_id=380919","F237323","4 March 2019","Adrian Hett","EU citizen","","","","Germany","Das ausschlie??en von Drittsoftware wird die Sicherheit der Ger??te verringern, da Hersteller heutzutage nach einer relativ kurzen Zeit aufh??ren ihre Software zu aktualisieren.
1024 Durch Drittsoftware k??nnen weiterhin Updates zur Verf??gung gestellt werden die das Ger??t sicher halten.",""
1025"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F237297_en?p_id=380919","F237297","4 March 2019","Lluis BOADA","Company/business organisation","Notified Body - 0370 - LGAI Technological Center S.A.","Large (250 or more)","","Spain","Dear all,
1026In response to the European Commission Initiative titled ???Commission delegated regulation on Reconfigurable Radio Systems (RRS)'.
1027As a Notified Body, we always in favor of regulations, however we also understand that we cannot block the evolution already mentioned in the majority of the feedbacks.
1028We encourage to have at least a minimum regulated situation within the requirements of RSS, so basic parameters like operation frequency and TX Power to the spectrum must be clear do not compromise the compliance of the certified equipment.
1029 On this way we support the following regulatory options:
1030 ??? Option 0, baseline scenario: a situation in which manufacturers are not obliged to implement any specific measures as it is currently the case.
1031 ??? Option 1, a situation whereby the industry self-regulates to ensure that software uploaded into radio equipment does not compromise the initial compliance.
1032At the end, Notified Bodies, manufacturers and regulators need a minimum level of certainty.",""
1033"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F237256_en?p_id=380919","F237256","4 March 2019","Mehmet Ahsen OEZBEY","Non-EU citizen","","","","Turkey","As a hobbyist and an engineer by profession, such move would greatly hamper freedom of citizens and residents. Basis of such move can't be 3 vague bullet points. Our freedom to tinker, hack, repair and innovate is fuel of our technological advancement. As well as, to increase lifetime of a product, counter planned obsolescence, up-cycle. One can give life a router that's abounded by its manufacturer, that's left insecure.[1] One can devise new uses, provided internet to whole neighborhoods.[2]
1034 In many cases, flashing a new firmware is already not made easy, requires certain knowledge. This directive would make it quite impossible for all. If there to be a directive, it should make all commercial radio devices adhere standards for allowing custom firmware. Consumer shall not be denied of their rights on what they own.
1035 [1]
1036 [2] ",""
1037"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F237221_en?p_id=380919","F237221","4 March 2019","Sebastian Brocks","EU citizen","","","","Germany","Eine Annahme dieser Initiative w??rde es f??r mich unm??glich machen, Mobilftelefone nach Ende des offiziellen Supports durch den Hersteller sicher weiterzuverwenden, da alternative Betriebssystemdistributionen, die aktuelle Sicherheitsupdates beinahlten, nicht mehr auf die durch den Hersteller nicht mehr unterst??tzten Ger??te aufgespielt werden k??nnten. Das m??chte ich verhindern.",""
1038"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F237207_en?p_id=380919","F237207","4 March 2019","Frank Vanbever","EU citizen","","","","Belgium","Ik werk in een Europese start-up die niet zou kunnen bestaan indien het niet toegestaan is om alternatieve firmware te installeren op toestellen met een radio. Indien het niet langer meer mogelijk zou zijn om alternatieve firmware te installeren zou dit volgens mij een zware negatieve impact hebben op de mogelijkheid voor Europese ondernemingen om snel innovatieve technologie op de markt te brengen.
1039 Als burger heb ik thuis ook toestellen met een radio waar ik alternatieve firmware op gebruik. Dit laat mij toe om d.m.v. Free en Open Source software functionaliteit toe te voegen aan deze toestellen die niet voorzien was door de fabrikant en die vaak niet beschikbaar is in producten vandaag op de markt. Verder laat dit mij ook toe om een audit te doen van de software die al mijn internetverkeer behandelt wat naar privacy en veiligheid toe een belangrijke eigenschap is.
1040Volgens mij is Optie 0 zoals omschreven in Ares(2019)476957 de enige optie die de rechten van burgers vrijwaart en de mogelijkheid voor Europese ondernemingen om te innoveren beschermt.
1041Het is mijn hoop dat Optie 0 zal voorgesteld worden voor de implementatie van deze wetgeving.",""
1042"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F237146_en?p_id=380919","F237146","4 March 2019","Zbigniew ??o??nierowicz","EU citizen","","","","Poland","I am worried that this, along with numerous other articles that the EU has passed, will greatly infringe on the freedom of software propagated by organizations such as the GNU foundation, EFF or, more specifically for this article, the OpenWRT foundation. If you own something, you should be able to modify it, according to the terms of use of a manufacturer. This kind of blocking of akin to the ""warranty void if removed"" stickers debacle that's been going on for years.",""
1043"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F237022_en?p_id=380919","F237022","4 March 2019","John Piek","EU citizen","","","","Netherlands","I am a ham radio operator, and I am worried the changes don't respect the traditional rights of ham radio operators to change and modify existing equipment and possibly also to them being allowed to build their own equipment and manufactured equipment having to have too much limitations. Most probably this depends on individual implementation in the different countries, but I would like the directive to respect these rights ham radio operators have had world-wide since the 1920's on a European basis, so that these rights will be guaranteed in all EU countries. I am in the Netherlands, which is among the countries where radio amateurs probably have the most liberal rights to do so. I have been a ham radio operator myself since 1975 (call sign PA0ETE), and I have designed and made many transmitters and transceivers, in addition to modifying and/or reprogramming professional equipment, such as for FM, Tetra and DMR for use in amateur bands.",""
1044"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F237021_en?p_id=380919","F237021","4 March 2019","Carsten Wiemann","EU citizen","","","","Germany","Option 0 is the only working one.
1045 Open Software is better than closed software by security and lifetime.",""
1046"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F237020_en?p_id=380919","F237020","4 March 2019","Alain PANNETRAT","EU citizen","","","","France","The impact assessment suggests different policy options to deal with potential risks related to modification to software that can be uploaded in wireless equipment.
1047Unfortunately, the theoretical risks identified in the impact assessment are vague, and apply differently from one type of device to another. No concrete examples or stories are provided to support the case for stronger restrictions.
1048On the other hand, a restrictive regulatory environment limiting the ability for users to modify the firmware of wireless systems (reconfigurable radio system) could have a very detrimental impact to innovation, security and usability for 3 main reasons.
10491 - Today, there is an innovation boom in the field of IoT, mainly driven by wireless technology. SMEs are creating exciting new wireless products and platforms mainly based on open-source solutions and a community of researchers and end-users. Placing restrictions on the ability of the community to create, modify and experiment with firmware for wireless devices would simply kill innovation in the E.U., leaving innovation to ???big??? players only, destroying our competitiveness.
10502 - As demonstrated many time over the past decade, wifi router manufacturers have had a poor track record in the security of mass market devices. In many cases, these manufacturers have not provided adequate means (software updates) to address these issues. End-users have had to rely on open-source solution to address these shortcomings, which have often provided a much better level of security and quality than the original product. Placing restriction on the end-users ability to update the firmware of their device would thereby increase cybersecurity risks in this context.
10513 - The industry is undergoing rapid changes. Many startups grow and sometimes fail, sometimes leaving their users with ???bricked??? wireless devices. The only hope of the users of these devices is through alternative ???open-source??? solutions. Forcing users to resort to ???approved??? firmware would simply condemn these devices to the wasteland, since the manufacturer would not even exist anymore.
1052In conclusion, I believe it???s in the best interest of the EU to have a very soft touch (option 0 and 1). If absolutely necessary, I would suggest to limit any restrictive policy (options 2 and above) to devices that have demonstratively the potential to cause disturbance to access to emergency services (e.g. by interference). In general I would suggest to tie restriction to clearly identified risks rather than creating blanket restrictions that would apply to a broad range of devices and stifle innovation.",""
1053"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F237019_en?p_id=380919","F237019","4 March 2019","Srdjan Rosic","EU citizen","","","","Ireland","Article 3, if implemented, would create a technological barrier to creation of competition. It would make practically impossible (cost and effort prohibitive) for individuals to legally and independently grow skills necessary to work on startup projects prototypes, and it would make it much harder for smaller companies to participate in the market. Creation of such skills and expertise is dependent on the ability to experiment with software on existing hardware.
1054 Skilled workers are already hard to find in this sector.
1055Also, it would prevent legal installation of customizable software like OpenWRT, that provides an escape hatch for many consumers using products whose software is usually insecure from the start, and then not regularly updated. OpenWRT provides the option of safety and security for them, and article 3 would deny it.
1056I would also ask that you consult with small European manufacturers and suppliers of such equipment such as turris.cz , if they believe their work would have been possible without the ability to hire skilled local labor.",""
1057"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F236909_en?p_id=380919","F236909","4 March 2019","Carsten Schumann","EU citizen","","","","Germany","Option 0 is the only option that makes sense. All other options are neither transparent nor senseful from the view of an engineer. Everyone should have the right to run whatever one wants to run on a computing device he owns. And yes, he has to comply with to comply with the regulatory stuff, i.e. RED, when running custom firmware. Malicious behaviour cannot be ruled out by legislation and firmwares like OpenWRT are the best example that you can get high quality firmware that enriches old devices (which get no longer firmware updates from their manufacturers).",""
1058"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F223236_en?p_id=380919","F223236","4 March 2019","David Mallows","EU citizen","","","","United Kingdom","Only option 0 (baseline scenario, where ) is compatible with European values of freedom and .
1059The likely economic impacts are materially underestimated, specifically relating to those who choose to run open source software ??? who are not even identified as likely stakeholders, and yet are most likely to be severely affected by any of the options other than zero.
1060I have personally been a user of OpenWRT ??? an open source firmware for many brands of wireless router ??? for many years. Whilst I do not use the radio in these routers, I do benefit from the increased processing power that is required for more modern, high-speed wireless networks. Wired routers do not have sufficient power and are not as widely available as wireless routers.
1061Using OpenWRT I am able to deliver a more reliable, better-managed network for those in the SME environment in which I operate. OpenWRT has one of the easiest-to-deploy implementations of Smart Queue Management, one of the leading techniques to reduce buffer-bloat. It has also been one of the first to integrate new open-source security technologies, such as WireGuard. These are technologies which increase security.
1062If any option other than zero is chosen, running OpenWRT on low-power, commodity hardware will be vastly more difficult. This is the same equipment that many of tomorrow's best network engineers can and will learn their craft on. If manufacturers are forced into even a self-regulatory approach (option 1), this will no longer be possible. The other options are far more severe.
1063The social impacts include no negatives, and the positives are not at all connected to the proposal ??? there will be no increased security from these proposals, only decreased security. When equipment manufacturers choose to no longer support the software for older hardware, that hardware will become obsolete ??? there will be no security fixes any longer. This will have an environmental impact, as there will be no secondary market for second-hand wireless routers.
1064The document lacks balance and has failed to take into account the negatives. There is nothing in this proposal that will make things more secure, only less secure. Wireless vendors have shown time and time again that they are more interested in adding features than delivering security. They have also shown, collectively, incompetence in developing linux-based firmwares ??? with a handful of exceptions geared towards the enterprise market. OpenWRT has fixed that.
1065In summary, there are only security losses from any proposals other than option 0. There are immense impacts on fundamental rights, and citizens will be the ones to lose out. Many will not know what they have lost, but those that have will.
1066I have supported a lot of what the commission has done. However, I find myself reconsidering that position. If proposals like this pass, then public faith in EU institutions will be irreversibly eroded.
1067The current regulatory regime is sufficient for the limited number of bad actors, and this proposal will do nothing to stop other forms of radio interference.",""
1068"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F222436_en?p_id=380919","F222436","4 March 2019","Philip Aakast","EU citizen","","","","Denmark","I believe article 3(i) to be a horrible implementation.
1069 All of EU is built on the idea of the free movement of goods in the internal market. I believe software and hardware to be 2 distinct goods, however not necessarily independent of each other. Which is why software should be free to move between devices.
1070 To limit the free movement for the hindering of illegal activities is an idea that would be abhorrent in any other context than this. Crime should be sought lowered, although I would venture the statement that it will always exist. However I do not believe this to be in the lawful citizens best interest, on the contrary I would say on their expense. Neither manufacturer nor customer is left better of by this directive, as manufacturers will have a greater expense, which in turn will raise the price of the product. Furthermore you will be locked to the choices of the manufacturer, as such you can't easily change provider of the devices.
1071 A customer should have complete access and right to modification on a legally obtained device. As long as that modification isn't harmful or the use of it in direct violation of the law.
1072 I hope this article will be revoked or else I'm horrified by the path our union has taken.",""
1073"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F221828_en?p_id=380919","F221828","3 March 2019","R??diger Biernat","Non-governmental organisation (NGO)","Freifunk Uelzen e.V.","Small (10 to 49 employees)","","Germany","Sehr geehrte Damen und Herren,
1074ich bin der 1. Vorsitzende des gemeinn??tzigen Vereins ""Freifunk Uelzen e.V."".
1075Unser Verein hat mehrere Ziele:
10761. Information der Mitglieder, der ??ffentlichkeit und interessierter Kreise ??ber freie Netzwerke, insbesondere durch das Internet und durch Vortr??ge, Veranstaltungen, Vorf??hrungen und Publikationen;
1077 2. Bereitstellung von Know-How ??ber Technik und Anwendung freier Netzwerke;
1078 Information ??ber gesellschaftliche, kulturelle, gesundheitliche, rechtliche und weitere Auswirkungen freier Netzwerke;
1079 3. F??rderung der Kontakte und des Austauschs mit weiteren Personen und Organisationen im In- und Ausland, die im Bereich der freien Netzwerke t??tig sind oder denen die Interessen des Vereins nahe gelegt werden sollten.
1080 4. F??rderung und Unterst??tzung von Projekten und Initiativen, die in ??hnlichen Bereichen t??tig sind oder denen die Idee freier Netzwerke n??her gebracht werden soll.
1081Wir haben ca. 1000 WLAN Ger??te im Einsatz. Hier sieht man, wo wir t??tig sind:
1082Unsere WLAN-Router laufen mit einer selbst programmierten Software (Firmware). Die originale Software (Firmware) des Herstellers wird bis auf wenige Code-Schnipsel ausgetauscht.
1083Wir nutzen diese Router f??r mehrere Aufgaben:
10841. Verf??gbarmachung von ??ffentlichem und kostenlosem WLAN in wenig erschlossenen Gegenden.
1085 2. Erforschung von moderner Soft- und Hardware
1086 3. Verbreitung von Technologie, die mit der Herstellersoftware (Firmware) nicht m??glich ist.
1087 4. Unterst??tzung von finanziell schwachen Personen mit WLAN, die sich einen Internetanschluss nicht leisten k??nnen oder keinen Vertrag mit einem kommerziellen Anbieter abschlie??en d??rfen.
1088Sollte die Initiative die Optionen 1,2,3 und 4 in Betracht ziehen, dann wird folgendes geschehen:
1089--
1090 Bezogen auf unseren Freifunk Verein:
1091 1. Unsere Freifunk Initiative kann keine neuen Ger??te mehr erwerben, da die Software (Firmware) des Ger??ts nicht ausgetauscht werden kann. Mit der originalen Software (Firmware) des Herstellers ist die ben??tigte Funktionalit??t des Ger??ts nicht gegeben.
1092 2. Ohne diese Ger??te kann der Vereinszweck nicht ausge??bt werden. Unsere Freifunk Initiative muss sich daher aufl??sen.
1093 3. Ca. 1000 WLAN-Ger??te m??ssen fachgerecht entsorgt werden.
1094--
1095 Bezogen auf alle Freifunk Initiativen in Deutschland:
1096 1. Ca. 50.000(!) Ger??te werden momentan mit einer ausgetauschten Software (Firmware) betrieben. Mit Option 1,2,3 und 4 kann die Software (Firmware) bei neuen Ger??ten nicht mehr ersetzt werden. Mehr als 400 Ortsgruppierungen, Vereine, Interessengemeinschaften, etc. m??ssen sich daher aufl??sen.
1097--
1098 Generell:
1099 Standardm????ig unterst??tzen WLAN-Hersteller ihre Produkte maximal 1-3 Jahre. Danach kann man diese Ger??te entsorgen, da sie durch fehlende Eingriffsm??glichkeiten (Austausch der Software [Firmware]) ein Sicherheits-Alptraum werden.
1100 Mit ""After-Market"" Software kann die Lebensdauer der Ger??te um viele Jahre verl??ngert werden. Mit ""After-Market"" werden Sicherheitsl??cken behoben. Eine After-Market Software (Firmware) ist zum Beispiel (
1101) - Diese Organisation bietet Software (Firmware) f??r viele hunderte Modelle an. Mit Option 1,2,3 und 4 ist das nicht mehr m??glich.
1102-----------------------
1103 Nur mit OPTION ""0"" ist ein Weiterbestand unseres Vereins m??glich!
1104 Nur mit OPTION ""0"" wird der Elektro-M??llberg weniger schnell wachsen!
1105 Nur mit OPTION ""0"" wird es wirkliche technische Innovationen geben!
1106 Nur mit OPTION ""0"" werden Sicherheitsl??cken gefunden und behoben! Das Sicherheitsmodell ""Security by obscurity"" ist falsch.
1107Mit freundlichem Gru??,
1108 R??diger Biernat
1109 1. Vorsitzender Freifunk Uelzen e.V.",""
1110"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F221827_en?p_id=380919","F221827","3 March 2019","Daniel Ehlers","EU citizen","","","","Germany","As a computer scientist and practice network engineer,engaged in research of distributed technologies, I am directly affected by the firmware restrictions on wifi devices.
1111Let's consider a firmware/device pair which is initially compliant. The device manufacturer has somehow to prevent the installation of non-compliant firmware (furthermore software) on the device. There are some options to realize this:
1112 (A) Some checking mechanism, verifying compliance during installation.
1113 (B) Prevent installation of third party software.
1114 (C) Prevent installation of new software at all.
1115Up to now and of course to my knowledge, there is no checking mechanism that is fault prove and able to verify a whole operation system to be compliant for a complex standard for all possibilities, that is actively researched, but ain't there, yet. If such a mechanism exists, I doubt it is possible to integrate it into an embedded device, and our problems in securing TLS implementations like openssl would already be solved. So this rules option (A) out.
1116Every software has bugs. Some raise a security vulnerability and even though we might be able to prevent the bug classes we know about, which we are not completely able to, there might always be a bug class we are not aware of. Lets consider there is a network security vulnerability in the software of the compliant device, that would give some unauthorized third party the ability to enter the device from the network connection and run arbitrary code, like manipulating the radio signals the device generates to be none compliant. Worse, if the party is able to alter the functionality of the device to become part of a bot network, or report harmful sensor values (IoT devices). Let us review the options under those circumstances again.
1117If option (C) is implemented, then the device is basically unusable and there is no way to fix the security vulnerability and thus the harmful behavior. One could argue, that the firmware stored in the device may not be changed, so the third party code is gone after a reboot, but we have already seen such devices (IP cameras) been reinfected in a matter of minutes. In the current situation some of those devices may be fixed by third party after market software.
1118For the remaining option (B). We assume the manufacturer is motivated to provide firmware updates for his device, otherwise we are stuck in a option (C) like situation. It is assumable that every device is eventually going to end in that situation.
1119In Section B you consider several options of regulation. Option 1 is either Option 0 with smiling and waving (imagine penguins) or like option 2 to 4, an increase in complexity, pressure, and effort, and thus a factor to delay the release of fixed software versions.
1120 Since manufactures main objective is selling devices and gain profit, hence the likely hood of an update decreases with rising effort. This could lead us to a situation, like in the medical sector, near to zero bugfixes, but with devices connected to the internet.
1121 Which is in clear contrast to the expected social impacts (Section C). Being realistic, every device which is not misbehaving in a non endurable degree, is not going to see any updates. So regardless of the choice here you can not prevent non compliant devices, in doubt it is an device not primarily intended to send radio signals in the first place, e.g. broken neon tube starters, power converters, serial adapters...
1122So in final consequence we are in need for a regulation unit, which locates malfunctioning devices on request and take care, like the german BNetzA does already in case of radio interference's.
1123My recommendation in this matter is ,dropping all firmware restrictions, establish a self regulation, so that at least the vendor ships compliant firmware, obligate vendors to serve firmware updates for some period, and establish a regulation unit to keep the situation in check.",""
1124"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F221822_en?p_id=380919","F221822","3 March 2019","Simon Dunkley","Company/business organisation","Itron Metering (UK) Ltd","Large (250 or more)","","United Kingdom","Itron, although cognizant of the risks associated with the ability for radios to be upgraded over the air, believes that caution should be taken in restricting such activities, and that additional administrative burdens and delays should be very carefully considered.
1125 The Inception Impact Assessment (IIA) describes a scenario where radios constructed from discrete components have been replaced by Software Defined Radios (SDR). The reality is ??? although pure SDR may pose a threat if poorly managed ??? the vast majority of radios on the market are controlled by some form of firmware (FW) ??? which can be updated over the air. The need to update protocols above the PHY layer and quickly patch bugs can be a regular occurrence. FW also allows the operating parameters ??? such as transmit power - of radios to be adjusted, but self-declaration of adherence of radios??? parameters to appropriate standards and regulations is an existing requirement, and management of FW uploads can (and does) involve obligations on manufacturers and operators to ensure that radios remain legal. Well-designed systems should ensure that sufficient safeguards are in place to stop radios from being adjusted by malicious third parties.
1126 Itron believes, therefore, that Option 1 of the IIA is the most appropriate to achieve the requirements of the RED whilst not imposing undue burden on the industry.",""
1127"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F221821_en?p_id=380919","F221821","3 March 2019","Adrian Krohn","EU citizen","","","","Germany","Dear Commission,
1128as a researcher in the field of communication technology I have to point out that the possibility to use open-source software on radio communication devices is extremely helpful for doing research in this field.
1129Without, the development of new devices, evaluating new concepts and creating testbeds would be unnecessarily more difficult. I fear that with locked firmwares - resulting from article 3(3)(i) - the European science and research communities and universities will suffer from locational disadvantage.
1130Without open firmware there is also a greater risk to security breaches, especially in critical installations and networks (due to hidden bugs, backdoors etc.).
1131So any option which will prevent the use of open firmware and/or software should be dismissed.",""
1132"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F221820_en?p_id=380919","F221820","3 March 2019","Tobias Huttner","EU citizen","","","","Germany","Hallo zusammen,
1133 ich finde es sehr gut, dass Sie sich Feedback von der ??ffentlichkeit einholen. Vielen Dank daf??r. Ich verstehe die Problematik der Thematik und finde es gut, dass man versucht das Problem zu l??sen.Jedoch denken Sie mit Ihrem L??sungsansatz meiner Meinung nach nicht weit genug.
1134 Die Manipulation von Ger??ten zu 100% zu verhindern ist nicht m??glich.
1135 Es sind in heutigen IT-Systemen immer wieder Sicherheitsl??cken vorhanden und diese k??nnten weiterhin genutzt werden, um manpulierte Software einzuschleu??en.
1136 Auch ein Verbot dessen, w??rde an dieser Situation nichts ver??ndern.
1137 W??re der Upload von Software verboten, w??rden jedoch viele Nutzer davon abgehalten werden folgendes zu tun:
1138 * ein ??lteres Ger??t weiter zu nutzen, weil der Hersteller keine Updates mehr bereit stellt
1139 * ein Ger??t ihren Anspr??chen anzupassen, z.B Sicherheitsstandards erh??hen
1140 * anderen zu helfen (bsp. Freifunk)
1141Au??erdem w??rde dadurch die Macht der Hersteller auf den Konsumenten wachsen. Denn der Hersteller kann bestimmen ab wann es keine Updates mehr gibt. Somit bleibt dem Nutzer nur Eines ??brig, sich ein neues Ger??t zu kaufen oder das Risiko von Sicherheitsl??cken einzugehen. Weiterhin w??rde es die Stellung der gro??en Player auf dem jeweiligen Markt verst??rken. Denn nur Sie k??nnten den Implementierungsaufwand leisten, welcher n??tig ist, um den Upload von anderer Software zu verhindern.
1142 Auch die vielen Unternehmen, die auf einer bestehende Hardwareplatform aufbauen und nur Software entwickeln und vertreiben, w??ren in ihrer Existenz bedroht.
1143 Meiner Meinung nach rechtfertig der m??gliche Schaden nicht die Einschr??nkung aller. Es sollte der Fokus auf das Finden und Bestrafen der Personen liegen die geltendes Recht brechen. Dies sollte jedoch nicht durch die Einschr??nkung der Freiheit aller B??rger geschehen.",""
1144"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F221818_en?p_id=380919","F221818","3 March 2019","Guido K??rber","Company/business organisation","Code Mercenaries GmbH","Micro (1 to 9 employees)","","Germany","I am writing on behalf of my company Code Mercenaries GmbH, which produces some wireless products.
1145 Article 3.3i should not be activated at all. The option 0, no regulation, or option 1, self regulation, should be used.
1146 Article 3.3i would eliminate the larger part of the SMEs from the wireless market. Programmable radio modules are an important factor for that market. With these modules uploading custom software is the default mode. Many of them run the application software and the radio software on the same processor.
1147 Requiring the device to check if the software is going to conform with the regulations is impossible (Goedels incompleteness theorem. The behaviour of an algorithm can not be determined by just looking at it). So an external mechanism would be needed to determine if the software is compliant. This would prevent any software development as the device could upload software only after its compliance has been demonstrated, which can not be done since it can not be uploaded.
1148Also it has not been shown that there is an actual problem to be solved with this regulation. There have been only isolated incidences with specific devices.
1149I would like to be included in further stakeholder consultations.",""
1150"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F221817_en?p_id=380919","F221817","3 March 2019","Diebrecht de Bakker","EU citizen","","","","Belgium","Regarding the Article 3(3)(i) of the Radio Equipment Directive 2014/53/EU. This would limit my rights to to with equipment I have bought. It is clear that radio equipment must comply with certain rules, it is however overkill to declare all custom build software illegal on those radio devices. Building and installing custom firmware on those devices make them more usefull and mostly they have a longer lifetime (eg installing a custom rom on a mobile device that would become to slow because of all the bloatware on it).
1151 Besides that, if a person want to alter with the radio signals, he will build his own radio signal emmitting device to send noise around, because of that this directive will only be a limitation for a lot of people who care about electronics, who want to play and learn with it and get te most out of it, while people with bad intentions won't be stopped with this rule.
1152If you need more arguments about why and how this directive must be changed, take a look at ",""
1153"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F221816_en?p_id=380919","F221816","3 March 2019","Valerio Paolini","EU citizen","","","","Italy","I strongly support technology that can be audited, especially if it has a fundamental role in my ability to connect to the Internet; therefore it must be mandatory the possibility to install open source software on my devices / routers / modems.
1154 The implications of using open source software are important as well: peer review of solutions, personalization otherwise impossible, longer life time of hardware not depending vendors (lack of) plans.",""
1155"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F221815_en?p_id=380919","F221815","3 March 2019","Christoph H??ger","EU citizen","","","","Germany","There are many obvious reasons why this is a bad idea, among them security, freedom, and sustainability. For all these reasons the EU should not prevent its citizens from taking control of their own devices and tools.
1156But what if it tried to? What if it actually passes legislation that effectively enforces a lockdown on the software that I can install on my phone, my TV, or my watch? I and many others are going to circumvent this, of course.
1157Will this law then silently die or will there be some kind of enforcement? Do EU citizens in the future need to demonstrate that they did not modify the software running on their devices? Will there be checkpoints searching for rooted phones? I do not know about you but I do not want to live in a society that tries to control such a central piece of individual freedom.",""
1158"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F221814_en?p_id=380919","F221814","3 March 2019","Krisztian Tabori","EU citizen","","","","Hungary","""The European Union is founded on the values of respect for human dignity, freedom, democracy, equality, the rule of law and respect for human rights and fundamental freedoms."" (quote from: REGULATION (EU) No 1381/2013 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 17 December 2013 establishing a Rights, Equality and Citizenship Programme for the period 2014 to 2020)
1159I just want to point out that limiting the software that we (the EU citizen customers) can install on any radio capable device is against the following principles: freedom, democracy, equality... This law defines also the perfect environment for companies for planned obsolescence and makes it easier for them to create products that get outdated faster. This is bad for the environment because we can't repurpose these devices. Also significantly cuts the value of the devices right after the purchase date. The mentioned requirements (health and safety, electromagnetic compatibility, efficient use of the radio spectrum) should be limited in the hardware if it's harmful to the health and the environment.
1160Software limitations prevent continuous development, innovation and give foreign manufactures the control over millions of EU citizens choice of software. Same time this law will criminalize people that want to unlock the full capabilities of the device, but then the Copyright Directive (2001/29/EC) includes exceptions to allow breaking those measures for non-copyright-infringing purposes, such as jailbreaking to run alternative software.
1161Thank you for considering my feedback",""
1162"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F221813_en?p_id=380919","F221813","3 March 2019","Daniel Landau","EU citizen","","","","Finland","As an individual that is quite particular about my freedom I install free and open source software on my mobile phones, WiFi routers and other devices too. I have no intention to cause havoc with my signals, but having a device for which I wasn't in control is not an option for me.",""
1163"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F221812_en?p_id=380919","F221812","3 March 2019","Pawe?? Pi??tkowski","EU citizen","","","","Poland","As a citizen of the European Union, I'd like to voice my opposition to the proposed directive. European Commission lists ""health and safety"" and ""electromagnetic compatibility"" as the premise behind the regulation, but some of its articles - Art. 3(3)(i) being a key example - seem like an unproportional countermeasure to an ill-defined problem.
1164 First and foremost, some of the devices affected by the regulation have limited ability to transmit radio signals (either disabled by default, or greatly limited in range). Even if these devices are misused to transmit signals that can pose a health/safety threat and/or interfere with other devices, so can be ham radio equipment, which can be legally owned and doesn't need any software or hardware modifications to produce harmful interference on a wide spectrum of frequencies - and such actions are already prosectued by law in all EU countries.
1165 Moreover, introducing this regulation will stand against EU's policy to minimise the production of electronic waste; a user of an old device, produced by a no longer operating manufacturer, will not be able to update its software (e.g., to fix a bug), and as such, the device will be discarded.",""
1166"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F221811_en?p_id=380919","F221811","3 March 2019","Cristian Stoica","EU citizen","","","","Romania","The premise of this proposal seems to be that protecting the radio spectrum is now a necessity more than it was in the past where WiFi devices and radio networking was not as widespread.
1167The proposal tries to enforce radio device manufacturers to limit the capabilities of their products even more then they already do. For example, WiFi device drivers writers for the GNU/Linux operating systems put in place a lot of hoops that a user needs to pass in order to circumvent the radio spectrum protections. Of course, it is possible to circumvent these protections by a competent Computer Science engineer.
1168 Software that control these radio devices are human productions and are subjects to errors and defects. Fixing these problems is not on the realm of science fiction and can often be resolved without involving the original manufacturer. Indeed, the manufacturer might have gave up on the product and would no longer provide security, defect fixes or feature updates for their software.
1169 It is often the case that end-users fix their devices when manufacturers are unable to or simply will not. Free software contributors today do that effectively every day. They are end-users who also have necessary skills to fix broken devices.
1170It is problematic that this proposal while having good intentions wants to force manufacturers to limit the end-user's possibilities to fix their devices themselves. All this while there are movements in the opposite direction in countries like United States of America where ""the right to repair"" is gaining public awareness and approval against manufacturers that use software obfuscation to guarantee their monopoly.
1171Legitimating manufacturers into preventing end-users intervention into their devices is effectively legitimating them to market unfix-able devices with all the implications that go with electronic waste.
1172 Limiting end-user intervention is synonym to taking out of the equation the last defence, the only force that could effectively stop defective devices from malfunctioning, a direct contradiction on what the proposal is trying to obtain.
1173Bad actors will not be affected by this bill; they do not bend to law anyway. General population who doesn't have the necessary skills may have better things to do with their time and will throw a broken device to the garbage can. Especially when no-one will be able to fix it. What will probably happen is a decrease in general quality of the products since the manufacturers will need to include into their products the hoops described above at a cost that will have to be offset from somewhere else.",""
1174"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F221810_en?p_id=380919","F221810","3 March 2019","Johannes Krampf","EU citizen","","","","Germany","IoT (Internet of Things) results in a large number of internet connected devices, many of which use radio technology. If the software on these devices contains vulnerabilities, they may for instance be misused in botnets (e.g. Mirai) to perform DDoS attacks, be used to spy on users or act as an entry-point to attack other devices in the same network.
1175Removing flaws in software and updating the software on devices is essential to avoid these issues. The problematic software is often unrelated to radio-functionality. Unfortunately, updated software is frequently not provided by manufacturers, particularly for low-cost devices. They have little motivation to do so: They earn money with the sale of new devices and there are no penalties for ignoring security issues.
1176The ""INCEPTION IMPACT ASSESSMENT"" correctly notes that ""software can be found online, possibly from third parties"". Open-Source projects like OpenWRT provide third-party software for internet connected devices. Using this software allows security updates when they are not provided by the manufacturer. In addition, third-party software may also provide additional functionality and benefits which are unrelated to a device's radio functionality. One such benefit is to replace undesired behaviour in the manufacturer's software. An IoT webcam, for instance, may upload picture and video material to servers under the manufacturer's control to make it accessible over the internet. This is a convenient feature, but users may not be comfortable sending such material to servers under a third party's control. These users would prefer to install software which allows to upload to a server under their control.
1177Any implementation of article 3(3)(i) should ensure that software changes by first or third parties to non-radio-related functionality are not impacted by measures to ensure compliance.
1178This is difficult in practice, as many devices, for instance those based on WiFi-supporting ESP8266 microcontrollers, do not separate software for radio functionality from non-radio-related software. Any measure to restrict radio software would also restrict e.g. the ability to update a vulnerable web server running on the device.
1179It should be considered to exempt devices where the hardware is only capable of low transmit power from the requirement to demonstrate the compliance of the combination of the radio equipment and software for software changes.",""
1180"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F221809_en?p_id=380919","F221809","3 March 2019","Jan-Stefan Janetzky","EU citizen","","","","Germany","article 3(3)(i) will prevent security researchers from submitting cve's to vendors.
1181 why? because how can you tamper with something you cannot control due to unavailable open radios?
1182 as proven by several CCC talks about gsm, wifi, bluetooth, zigbee and other radio protocols, it is a necessity for security related research to keep this as accessible as possible.
1183what will happen if a vendor does not update their radio and leaves devices vulnerable? especially in android you can see how big custom rom development and even radio firmware fixes are spread.
1184 this is primarily required after the product leaves the lifecycle of that vendor or the vendor goes bankrupt.
1185there is no perfect security in firmware. thus communities have to fix products that vendors abandon.
1186additionally.. this will increase cost for radio hardware.
1187 nobody want to pay even more for already quite expensive IoT light bulbs etc.
1188i bought hardware, thus it's mine and i'm free to do what ever i want with it.
1189 be it taking it apart, reprogramming it or switching the radio to a radio from a different vendor that used the same controller on their hardware to fix a flaw or add features to a device in front of me.
1190android vendors have to provide a way for rom developers to unlock the bootloader.
1191 this was aquired through a regulation.
1192the regulation in article 3(3)(i) will negate this in several cases.",""
1193"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F221808_en?p_id=380919","F221808","3 March 2019","Johannes Weiss","EU citizen","","","","United Kingdom","This directive in my opinion is a very bad idea, please find some points on why below.
1194Free Software: To control technology, you have to be able to control the software. This only is possible with Free and Open Source Software. So if you want to have a transparent and trustworthy device, you need to make the software running on it Free Software. But any device affected by Article 3(3)(i) will only allow the installation of software authorised by the manufacturer. It is unlikely that a manufacturer will certify all the available software for your device which suits your needs. Having these gatekeepers with their particular interests will make using Free Software on radio devices hard.
1195Security: Radio equipment like smartphones, routers, or smart home devices are highly sensitive parts of our lives. Unfortunately, many manufacturers sacrifice security for lower costs. For many devices there is better software which protects data and still offers equal or even better functionality. If such manufacturers do not even care for security, will they even allow running other (Free and Open Source) software on their products?
1196Fair competition: If you don???t like a certain product, you can use another one from a different manufacturer. If you don???t find any device suiting your requirements, you can (help) establish a new competitor that e.g. enables user freedom. But Article 3(3)(i) favours huge enterprises as it forces companies to install software barriers and do certification of additional software. For example, a small and medium-sized manufacturer of wifi routers cannot certify all available Free Software operating systems. Also, companies bundling their own software with third-party hardware will have a really hard time. On the other hand, large companies which don???t want users to use any other software than their own will profit from this threshold.
1197Community services: Volunteer initiatives like Freifunk depend on hardware which they can use with their own software for their charity causes. They were able to create innovative solutions with limited resources.
1198 Sustainability: No updates available any more for your smartphone or router? From a security perspective, there are only two options: Flash another firmware which still recieves updates, or throw the whole device away. From an environmental perspective, the first solution is much better obviously. But will manufacturers still certify alternative firmware for devices they want to get rid of? I doubt so???",""
1199"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F221807_en?p_id=380919","F221807","3 March 2019","??ukasz Stelmach","EU citizen","","","","Poland","In my opinion owners and users of electronic equipment must not be prohibited, neither by law nor by technical measures introduced by vendors, from replacing software controling their devices. Citizens must not be denied any of the following four freedoms regarding software.
1200The freedom to run the program as they wish, for any purpose.
1201The freedom to study how the program works, and change it so it does their computing as they wish. Access to the source code is a precondition for this.
1202The freedom to redistribute copies so they can help others.
1203The freedom to distribute copies of their modified versions to others. By doing this they can give the whole community a chance to benefit from your changes. Access to the source code is a precondition for this.
1204Most vendors fail to provide proper software updates which, in case of unpatched security flaws, may render their devices unusable. Owners or independent software providers (especially free software projects) must be able to fix such problems on their own, instead of replacing the device, which is unacceptable waste of resources.
1205Moreover, I suggest, that vendors providing network-connected devices, including but not limited to radio-enabled, must be obliged to provide software updates for a product for at least ten years after they stop selling the product. They also must be obliged to publish the method owners can use to replace software.",""
1206"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F221806_en?p_id=380919","F221806","3 March 2019","Jeroen Hoek","EU citizen","","","","Netherlands","I am worried that Article 3(3)(i) of the RED as it is written now will prohibit end users from deploying software of their own choosing on any devices featuring radio functionality they might own. Can end users still install custom operating systems and software on internet routers and smartphones with this legislation in place?
1207Please look for ways to amend this proposed legislation to allow users the right to tinker with, repair, or simply customize their devices. There is already legislation in place that mandates that users comply with the relevant laws for broadcasting radio signals; I fear that outsourcing this responsibility to the manufacturers will unduly limit the user's software freedoms.
1208An alternative to article 3(3)(i) as it stands, may be to mandate that manufacturers only sell the device with software in place that complies with all relevant radio transmission guidelines, leaving the end user free to install any software of their own choosing afterwards if they wish. Perhaps a flyer summarizing the relevant radio transmission guidelines can be included with each device sold to inform users of their responsibility of not violating the radio transmission guidelines?",""
1209"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F221805_en?p_id=380919","F221805","3 March 2019","Stephan Scholz","EU citizen","","","","Germany","I am against article 3(3)(i) and for staying with the baseline scenario. Article 3(3)(i) will not stop most willfully bad actors from acquiring a non-comformant device, but as an avid user of free hardware and software, I will be negatively affected. For me, hardware and software with free and open sources have the following advantages:
1210 * it brings me independence from the manufacturers support cycle
1211 * it lets me know what the device is doing
1212 * it fosters learning and cooperation in engineering
1213 Because of these advantages, we need more open source engineering, not less.
1214 Article 3(3)(i) will make certain radio related open hardware projects impossible and increase the barrier of entry into radio engineering. In addition I see that manufacturers will lock not only the radio module, but their whole devices from using custom open source software, as it is the easiest to do.
1215 Article 3(3)(i) is unnecessary and stifles open technology and learning and thus innovation.",""
1216"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F221804_en?p_id=380919","F221804","3 March 2019","Petko Bordjukov","EU citizen","","","","Bulgaria","* Free Software: To control technology, you have to be able to control the software. This only is possible with Free and Open Source Software. So if you want to have a transparent and trustworthy device, you need to make the software running on it Free Software. But any device affected by Article 3(3)(i) will only allow the installation of software authorised by the manufacturer. It is unlikely that a manufacturer will certify all the available software for your device which suits your needs. Having these gatekeepers with their particular interests will make using Free Software on radio devices hard.
1217* Security: Radio equipment like smartphones, routers, or smart home devices are highly sensitive parts of our lives. Unfortunately, many manufacturers sacrifice security for lower costs. For many devices there is better software which protects data and still offers equal or even better functionality. If such manufacturers do not even care for security, will they even allow running other (Free and Open Source) software on their products?
1218* Fair competition: If you don???t like a certain product, you can use another one from a different manufacturer. If you don???t find any device suiting your requirements, you can (help) establish a new competitor that e.g. enables user freedom. But Article 3(3)(i) favours huge enterprises as it forces companies to install software barriers and do certification of additional software. For example, a small and medium-sized manufacturer of wifi routers cannot certify all available Free Software operating systems. Also, companies bundling their own software with third-party hardware will have a really hard time. On the other hand, large companies which don???t want users to use any other software than their own will profit from this threshold.
1219* Community services: Volunteer initiatives like Freifunk depend on hardware which they can use with their own software for their charity causes. They were able to create innovative solutions with limited resources.
1220* Sustainability: No updates available any more for your smartphone or router? From a security perspective, there are only two options: Flash another firmware which still recieves updates, or throw the whole device away. From an environmental perspective, the first solution is much better obviously. But will manufacturers still certify alternative firmware for devices they want to get rid of? I doubt so???",""
1221"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F221803_en?p_id=380919","F221803","3 March 2019","Alexander Lowey-Weber","EU citizen","","","","Germany","Free Software: To control technology, you have to be able to control the software. This only is possible with Free and Open Source Software. So if you want to have a transparent and trustworthy device, you need to make the software running on it Free Software. But any device affected by Article 3(3)(i) will only allow the installation of software authorised by the manufacturer. It is unlikely that a manufacturer will certify all the available software for your device which suits your needs. Having these gatekeepers with their particular interests will make using Free Software on radio devices hard.
1222Security: Radio equipment like smartphones, routers, or smart home devices are highly sensitive parts of our lives. Unfortunately, many manufacturers sacrifice security for lower costs. For many devices there is better software which protects data and still offers equal or even better functionality. If such manufacturers do not even care for security, will they even allow running other (Free and Open Source) software on their products?",""
1223"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F221801_en?p_id=380919","F221801","3 March 2019","Benedict Simlinger","EU citizen","","","","Austria","""Article 3(3)(i) of the Radio Equipment Directive 2014/53/EU"" introduces a limitation on the software (called firmware) which may be used to operate the radio equipment. While this limitation may be introduced with good intentions, it also entails a lot of disadvantages, as listed below. In my opinion, the disadvantages are reason enough to have ""Article 3(3)(i) of RED 2014/53/EU"" removed or at least alterated.
12241) Users need to rely on the manufacturers to always provide (or at least certify) secure and up to date software. Observing the short or barely existent software support of manufacturers in related fields (e.g. mobile phones, routers) indicates, that manufacturers are not up to this task. Users and other third parties must be able to change the firmware independently.
12252) Scientists and security researchers need a legal way to experiment with custom software.
12263) It hinders development as the cost of development are driven up by additional requirements which need to be fulfilled by manufacturers.
12274) It favours big companies over small companies due to the increased development and certification costs.
12285) Is this article really necessary given the already existing regulations?
12296) ""Article 3(3)(i) of RED 2014/53/EU"" shifts the responsibility from the user to the manufacturer. This is a bad approach. The user must be held responsible for the way he uses the device and he should be able to use and modify it freely as long as he is not interfering with other devices in a harmful way.
1230For more detailed, and better worded arguments, please refer to",""
1231"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F221800_en?p_id=380919","F221800","3 March 2019","Christian Nygaard","EU citizen","","","","Sweden","This is bad for many reasons
1232* Security, device manufacturers stop supporting updates after a certain while, there will be more non updated devices with security vulnerabilities.
1233 * The environment, lots of devices will become obsolete with no software updates. Free software provides such updates. This regulation will contribute badly towards global warming.
1234 * Being able to experiment with hardware you own and run open source.
1235 * European innovation since Europeans will be prohibited from using software defined radios with opens source other nations outside EU will be able to use software on radio equipment.
1236 * Surveillance, with closed source EU citizens cannot look at the source code and determine if the data are collected and sent third parties. This may contribute towards companies violating EU GDPR General Data Protection Regulation.",""
1237"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F221799_en?p_id=380919","F221799","3 March 2019","David Mankin","Non-EU citizen","","","","United States","Please remove Article 3(3)(i).
1238It is important for those with the know-how to be able to run their own software on devices; keeping the status quo where responsibility for safe transmission lies in the hands of those operating radio equipment.
1239By requiring manufacturer approval the section limits competition and innovation, unfairly supporting entrenched players: only manufacturers and corporations who can afford to invent and certify their own hardware will be able to innovate novel uses or radio equipment. Free software, long a mainstay good practice of open government, will not be allowed. Further anti-competitively, one will not have the freedom to operate a device one owns running a competitor???s software, providing mandated lock-in to services purchases on hardware already purchased.
1240It limits security: no user can fix a security problem with their own devices and instead must wait for a manufacturer to provide their own fix. It hurts longevity of devices after manufacturers stop supporting them. It severely limits freedoms: the ???freedom to tinker???, the freedom to control ones own property as long as it doesn???t interfere with another person.
1241Finally, if such a provision is included it will serve as a model for other nations, spreading these problems globally.
1242Please reconsider and remove Article 3(3)(i).",""
1243"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F221798_en?p_id=380919","F221798","3 March 2019","Ingo Blechschmidt","EU citizen","","","","Germany","Dear regulation team,
1244I'm deeply troubled about the proposed new regulation. Max Mehl is explaining my worries much more cogently than I could:
1245
1246I wholeheartedly agree to all of his statements and kindly ask you to regard what he has written also as my own personal feedback.
1247EU citizens and EU institutions already depend far too much on intransparent global businesses. To cite just one example, recently I was shocked to learn that German's Bundespolizei stores sensitive video material on Amazon's infrastructure. On the long, this dependence strongly threatens our society and our democratic values. Continuing to allow custom software on routers, cell phones and other radio equipment, keeping the responsibility for meeting radio regulations at the users like before, is a simple and tiny step we can do counter this trend.
1248Best regards,
1249 Ingo Blechschmidt",""
1250"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F221797_en?p_id=380919","F221797","3 March 2019","Dorota Czaplejewicz","EU citizen","","","","Germany","Dear Commission,
1251as a professional working on secure and interoperable software systems, I appreciate your effort to define the future direction of software-controlled radio usage. However, I do worry that your stated goal of ""ensuring compliance of the equipment also at the upload of new software."" may conflict with the other goals, especially ""Creating consumer trust in radio equipment and new technological developments,"" and ""Stimulating the development of the Digital Single Market and improving the functioning of the internal market in the field of new technological developments."".
1252In practical terms, mandating technological measures to disallow non-compliant software in the radio devices in the United States resulted not only in that, but in fact in the inability of the customer to use any other software in the whole system of which radio was only a small part, see
1253 . While this is not the only way of compliance, in practice this is by far the easiest one. There are two important consequences of that.
1254The first one is relegating all sold devices to a lifetime of insecurity, even from the moment they leave the store shelves. As an example, the Netgear AC1450 router, released on 2016-11, had received its last update on 2017-04, less than six months later:
1255 . Most consumers keep their devices for longer, and most manufacturers' device lifespan does not exceed 2 years. Blocking the option of replacing stock software would ensure that the goal of ""Ensuring that Innovation and research does not compromise the demonstrated level of safety at the moment of placing on the market."" is irrelevant, as more devices' security will be forever compromised without recourse. As a consumer, my trust mentioned in ""Creating consumer trust in radio equipment and new technological developments,"" would disappear altogether.
1256The second consequence is the stifling of innovation in the IT sector. Cheap radio-enabled devices with replaceable software are both a gateway for curious youth (like yours truly) to become proficient engineers, and make it easier for researchers to innovate without resorting to expensive, bespoke or industrial solutions. Disallowing that would undermine the goal of ""Stimulating the development of the Digital Single Market and improving the functioning of the internal market in the field of new technological developments."".
1257Last, but not least, the proposed Options 2-4 shift the burden of complying to a public law from the citizen to the manufacturer, while taking rights away from the former. Forcing only specific software to work with specific radios would be akin to forbidding electricity sockets from allowing devices which are not whitelisted - the harmfulness of such a solution is clear. While enforcement might in a perfect world be successful at regulating the public utility that is radio space, the current strategy of enforcing compliance on individuals doesn't seem to cause excessive burden on society.
1258Those reasons altogether prompt me to recommend either option 0 or 1.",""
1259"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F221796_en?p_id=380919","F221796","3 March 2019","Marcel Wei??enbach","EU citizen","","","","Germany","I highly disagree with this for two reasons.
1260First of all, it would make developing Android impossible! I am not developing Android Apps, i am developing on the Android Operating System itself (called AOSP). That means i have to do the following things:
1261 - Download the Sourcecode of AOSP
1262 - Change the Sourcecode
1263 - Build the Sourcecode
1264 - Apply it to my phone
1265 - Check if everything works (especially the code that was changed)
1266 - Upload my changes so they are available for everyone else
1267Further Informations about AOSP here
1268This, of course, only works if i am able to flash AOSP on my phone. I use Sony Smartphones and Sony allows and encourages its users to use AOSP, Develop with it and contribute back to the Free Software Ecosystem
1269Also AOSP is the only way to get a clean Android in the first place, it is the only way to get updates for a long times (i have a phone from 2014 (Xperia Z4) with Android 7.1.2 which the security patch level of 5. February 2019 and a second phone, from 2016 (Xperia XZ), with the most current Android 9.0 with the same patch level of course).
1270Limiting me by blocking me from flashing AOSP on my phone prevents me from
1271 * Developing on the Operating System itself
1272 * Getting updates on my Phone at all (Sony only provides Updates to my Phones in form of AOSP due to their age)
1273 * * Which means replacing the phones
1274 * * * Which means wasting important and limited resources of our planet
1275 * Getting a Clean Operating System
1276 * * Without Google Services
1277 * * Without Facebook/Twitter & Co.
1278 * * * Which _you_ think are bad companies who steal my data
1279Also it prevents pupil and students (our future(!)) and all IT Experts who want to contribute to an free world from learning how things work. Without AOSP you have no chance to learn how Android works, how to improve it, how to make alternative systems. You can still read the sourcecode, sure, but you have no chance to ever apply it to an device (how useless is that?)
1280And last but not least, due to all the reasons mentioned above, this will prevent the EU to compete in this crucial market. When citizens of the EU will no longer be able to flash AOSP to their smartphones, they will no longer be able to learn/contribute how those mobile operating systems work.
1281Dont limit your citizens from doing great and awesome thing, from improving the EU, from improving the mankind.
1282Actually you should do the opposite, force companies that are not willing to make it possible to run AOSP on their phones to do so! When people bought a Samsung phone, and they are interested in developing on Android, its already to late, they have to buy a new phone because Samsung does not allow that.
1283Instead of helping greedy companies from non-EU countries, help the EU, the EU citizens, to be able to compete.",""
1284"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F221795_en?p_id=380919","F221795","3 March 2019","Remco Bloemen","EU citizen","","","","Netherlands","We have existing regulations stating what is allowed on which frequencies.
1285Is there evidence that the devices prohibited by this proposal lead to widescale breaking of these regulations? And if so, is there evidence that this causes harm?
1286It's harsh to assume that people can not be trusted with SDRs and therefore we should ban them outright. I'd like these sorts of blanket bans to come with a strong evidence backed reason.
1287I am currently in the process of a obtaining a ham radio license specifically so I can experiment and innovate with SDRs and IOTs and be confident that I do so in compliance with the regulations. This proposal will make it much harder for ham radio enthusiasts and innovators to experiment and learn in a compliant way.",""
1288"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F221794_en?p_id=380919","F221794","3 March 2019","Sebastian Lauwers","EU citizen","","","","Belgium","I strongly object to the notion that manufacturers should be mandated with limiting what kind of software I can run on my devices.
1289For decades, people have been able to transmit megawatts of electromagnetic pollution at the touch of a button, yet the numbers of incidents have (by and large) been low. There is a strong community of law-abiding citizens who enjoy their freedoms, and enjoy tinkering with the hardware they purchase. I am one of them, one of many.
1290This is a classic case of throwing the baby out with the bathwater. Are there sometimes issues? Probably. Should the use of the electromagnetic spectrum be regulated? Absolutely. But that is already the case in every country member of the EEA/EU. And most hardware and software, by and large, complies with those regulations.
1291If I wanted to abuse the electromagnetic spectrum, I could hop on any factory-default Wi-Fi access point, and claim to be in Japan, and the device will happily operate on a part of the eletromagnetic spectrum that should not be used in Denmark, where I currently reside. I wouldn't need to modify the software, I wouldn't to desolder anything. It would just work. However, I would be limited to do only what the vendor's software allows me to do. If I were to be more nefarious, I could just buy a random device from eBay in China, that would allow me to jam the 3G/4G frequencies for less than 20???. If I wanted, I could probably build a Wi-Fi jammer in a matter of minutes with less than 5??? worth of hardware and 10 minutes of soldering. None of these issues would be solved by the regulations proposed here.
1292However, what these regulations would succeed in doing would be:
1293- prevent me from creating new and interesting projects from hardware that I lawfully own. For example, I've created interactive lights that help the staff at my company to be more efficient and productive. These inventions are usually created by modifying things, and often include radio components. I know that thousands of others do the same.
1294 - to highlight the point above, these regulations would effectively stifle innovation
1295 - most of the Wi-Fi access points that I've purchased over the past decade have been abandoned by their manufacturers, because it is not economically sustainable for them to keep supporting the software on these devices. If I did not have the option to load free software projects on these devices, they would have been security risks for all involved. I have professionally deployed Wi-Fi networks for dozens of companies in Europe.
1296 - a lot of the older hardware is regularly donated to NGOs, schools, fablabs, retirement homes, etc. By not allowing software updates beyond the useful life of the hardware, these regulations effectively enshrine planned obsolescence into regulation.
1297 - it is cheaper to buy consumer-grade routers, and then modify the software on them to operate as standalone access points. This is because the hardware differs very rarely. The proposed regulation would allow foreign companies to silo the market even further than it currently is.
1298I thank you for taking the time to read my feedback. I'm happy to be consulted further on this matter.",""
1299"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F221793_en?p_id=380919","F221793","3 March 2019","Marvin G??lzow","EU citizen","","","","Germany","Dear Sir or Madam,
1300for my research and teaching in Computer Science the ability to use RF devices and to customize them is very important. Research routinely involves using devices in ways not forseen by manufactuers. For teaching open devices are much more useful than proprietary ones, as student exploration is encouraged and cost of education is reduced. Article 3(3)(i) of the EU Radio Equipment Directive would directly disallow this use. As such, the directive will damage both research and education, which are both critical aspects to the future prosperity and safety of the European Union.
1301Thank you for considering this feedback.
1302Best Regards,
1303 Marvin G??lzow
1304 PhD Candidate (Computer Science) at the University of Konstanz, Germany",""
1305"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F221792_en?p_id=380919","F221792","3 March 2019","Cathal McKenna","EU citizen","","","","Ireland","As a software developer, I develop software for mobile phones and other devices containing radio hardware. I have spent much time installing custom software on many such devices. I do not believe that the manufacturer should be made to prevent me or others from doing this as we should have a right to modify the devices that we have purchased or similar. I believe the current regulations where it is the responsibility of the individual to ensure they adhere to any regulations placed on frequency / wavelength are more consumer and developer friendly.",""
1306"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F221790_en?p_id=380919","F221790","3 March 2019","Haimo HUHLE","Business association","ZVEI - Zentralverband Elektrotechnik- und Elektronikindustrie e.V.","Medium (50 to 249 employees)","94770746469-09","Germany","ZVEI is pleased to provide its views on the particular issue of embedded and business software which may be installed in this equipment and products. Our industry is committed to keeping such products interoperable in the public radio spectrum and safe for all end-users including when further software updates and reconfigurations are applied to the products, under the framework of the Radio Equipment Directive (RED).
1307It is key to acknowledge that a one-size-fits-all approach as well as a simple and undifferentiated classification of products will endanger the objectives of the roadmap in the Inception Impact Assessment, namely: innovation and competitiveness, functioning of the Internal Market and the risks of lockdown of (a majority of) radio equipment. A very careful selection of the categories and classes of radio equipment has to be made.
1308More specific explanation is given in the attached statement.","https://ec.europa.eu/info/law/better-regulation/feedback/221790/attachment/090166e5c20d246e_en"
1309"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F221789_en?p_id=380919","F221789","3 March 2019","J??rg POHLE","Academic/research institution","Alexander von Humboldt Institute for Internet and Society","Small (10 to 49 employees)","591788027670-62","Germany","To whom it may concern,
1310I am a member of the Commission's Expert Group on Reconfigurable Radio Systems as the representative of the Alexander von Humboldt Institute for Internet and Society (HIIG,
1311) in Berlin, Germany (member type C - Organisation: Academia, Research Institute and Think Tanks).
1312First, I want to thank all individuals, groups, organisations and businesses who submitted feedback on a possible activation of Art. 3(3)(i) of the RED through a delegated act.
1313Against the backdrop of seven expert group (EG) meetings, a considerable amount of input from different EG members and other stakeholders, and long, encompassing and deep discussions on a large number of issues regarding the activation of Art. 3(3)(i) and its foreseeable consequences, I am more than astonished that the Inception Impact Assessment fails to mention most of the many problems we have identified in the discussions at the EG meetings. Instead, the Inception Impact Assessment (IIA) looks like a whitewashing exercise. Many of the problems we have discussed in the EG have also been brought up by other commenters.
1314* The expert group has acknowledged that even if the RED does not explicitly mandate lock-downs, economic forces, including the risk of being fined, will drive manufacturers to locking down their devices.
1315* The discussion has shown that Art. 3(3)(i) (see Options 3 and 4 in the IIA) creates market barriers favouring dominant market players, may pose insurmountable obstacles for smallest, small and medium enterprises, and may harm both competition and innovation.
1316Besides the market as well as market players, there are foreseeable negative impacts on:
1317* Free and Open Source Software (FOSS) and hardware projects and communities.
1318 * Individual and institutional users of FOSS software and hardware, e.g. consumers (loss of choices in the market, loss of control), companies, and public institutions.
1319 * All software manufacturers providing software for devices produced by other manufacturers.
1320 * Community network projects, e.g. Freifunk.
1321 * Scientific research, whether academic or not, education and teaching, but also commercial R&D.
1322 * All aspects of security, especially for consumer-grade devices with their considerable shorter product shelf life, discontinued or otherwise unsupported (""orphaned"") products, with possibly severe network effects.
1323 * The provision of updates, new and improved functionality to products already placed on the market.
1324 * Fundamental rights and freedoms, especially Art. 7 and 8 of the Charter of Fundamental Rights of the European Union (privacy and data protection), but also other information-related rights, due to the increased dependence on large manufacturers, less secure products, and less user control over the use of devices.
1325At the next meeting on Friday, the 15th of March, the expert group will not only discuss the input received from all commenters, but also address the issue of how to ensure that the impact assessment on the proposed delegated act will be both encompassing and thorough and take into account all adverse impacts on all stakeholders and societal values.",""
1326"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F221788_en?p_id=380919","F221788","3 March 2019","Mike Eichler","EU citizen","","","","Ireland","Dear Sir/Madam
1327 The ability to modify, replace and update software is a crucial element in research, education and it's very important for consumers and communities.
1328Just a few examples:
1329 - millions of students use community provided software for single board computers like the Raspberry Pi to learn programming and electronics.
1330 - security professionals need the ability to modify software to test the security of devices.
1331 - consumers use different images for mobile phones, routers etc to keep them secure after manufacturers stopped issuing updates
1332 - whole communities, clubs and other organizations need the right the modify software to be able to continue existing
1333 - many manufacturers (the Raspberry Pi Foundation, Pine64, HardKernel...) cater specifically for customers who want to modify the software on their products.
1334 - independent repair shops rely on the ability to modify a device to fix it.
1335Taking away the freedom of Europeans to modify their devices would stifle our education, research, security, manufacturing and consumer and hobbyist sectors. In order to ensure that Europe continues being on the forefront of technological progress, its people need to be able to learn, study and experiment. In order to preserve the rights and safety of European consumers, we need to be able to modify our devices.
1336Best regards,
1337 Mike Eichler",""
1338"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F221785_en?p_id=380919","F221785","2 March 2019","Ward Van den Broeck","EU citizen","","","","Belgium","Dear
1339I would like to make a remark, most importantly one regarding ""Article 3(3)(i) of the Radio Equipment Directive 2014/53/EU""
1340I seems to me that it is not a good idea to put a restriction on installing software on radio equipment other than provider by the manufacturer.
1341Much of the innovation within radio technology and software development happens through tinkering with radio equipment in different contexts than a ""regular"" user would usually do.
1342I also don't think it is practically feasible, since every device with a wireless chip is practically a radio device, and until this day every radio device can be modified outside the original scope.
1343The whole idea of radio communications is to have global standards that everyone can use, so that communication is possible in almost any circumstance.
1344Think this seriously through.
1345Many thanks.",""
1346"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F221784_en?p_id=380919","F221784","2 March 2019","Joris De Keersmaecker","EU citizen","","","","Belgium","Hi,
1347For years I've been trying to steer away from Google and other big US data collectors. A most important part of this independence is running only free/libre software on my devices, software that is developed with only the user's well-being in mind, not some corporate data-mongers. For example my wireless access points run hostapd on Debian Linux, and my mobile devices run LineageOS. These programs respect my privacy as a user by being most transparent in what they do, and are open to the scrutiny of fellow users and developers.
1348This new regulation in the making is most worrisome in that it will revert all efforts of the free/libre software community in this aspect and force everyone back in the hands of big corporations. I thought we were making great progress in Europe with recent GDPR, monitoring of such big corporations and other initiatives.
1349So please, instead of forbidding us to run independent, free/libre software on our devices, Europe should support the use of this software. This will be an important step towards setting ourselves free from big corporations of Silicon Valley or China, who steal our citizens' data for profits on which they pay almost no tax.
1350Approval of this regulation in its current form would take away my and in general all our citizens' freedom to use software that does not serve big corporations, but us, common people of Europe.
1351I sincerely hope you reconsider the current proposal,
1352 Joris.",""
1353"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F221783_en?p_id=380919","F221783","2 March 2019","Carl Thonmas Simmons","Business association","AMA Association for Sensors and Measurement (AMA Verband f??r Sensorik und Messtechnik e.V.)","Micro (1 to 9 employees)","","Germany","Dear Ladies and Gentlemen,
1354I am writing on behalf of AMA Association for Sensors and Measurement, a network of 460 companies and institutes concerned with sensors. Most of our members are SMEs. Our main office is located in Berlin, Germany.
1355Of the Objectives and Policy options presented in the ""Inception Impact Assesment"" paper [Ref. Ares(2019)476957 - 28/01/2019] We very strongly recommend either regulatory ""Option 0"", baseline scenario, or regulatory ""Option 1"", industry self-regulation.
1356We remark that Article 3(3)(i) when drafted, neglected the case of wireless sensors. The provisions of this Article endanger the use of wireless sensors in Europe as well as endangering the industry that produces this technology. Furthermore, it increases the risk for cyberattacks on industry in general and creates insurmountable practical hurdles for the development and deployment of modern wireless sensor applications. It disproportionately disadvantages the EU states in the global competition for the digital economy which fundamentally depends on sensor data.
1357We kindly ask you to consider the reasoning behind our conclusions, which is summarized in the attached document ???Wireless Sensing at Risk in Europe????, an opinion paper by AMA Association for Sensors and Measurement concerning EU Directive 2014/53/EU ??? ???Radio Equipment Directive???.
1358Thank you very much!","https://ec.europa.eu/info/law/better-regulation/feedback/221783/attachment/090166e5c20b269b_en"
1359"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F221780_en?p_id=380919","F221780","2 March 2019","Ond??ej Halama","EU citizen","","","","Czechia","Dear Madam or Sir,
1360while I welcome EC's work towards ensuring a single market for radio equipment by setting essential requirements for health and safety, electromagnetic compatibility and efficient use of the radio spectrum I would like to raise several points, most importantly one regarding ""Article 3(3)(i) of the Radio Equipment Directive 2014/53/EU"": I strongly prefer to be in control of the devices I've purchased. And current wording of that article seems to contradict that (giving ""power/control/responsibility"" to the manufacturer instead.)
1361Given current let's say ""market situation"" when lots of commerce and ""other stuff"" is happening ""in the cloud"" and ""via platforms"" one can already see lots of problems attributable to ""user not being in control"". I'm sure EC is aware of many such problems given for example recent issues with for example Facebook in relation to GDPR, fake-news, etc.
1362One way for users to avoid many such problems is to use their own devices, thus avoiding cloud. *But* current wording of Article 3(3)(i) may prevent them from doing so. For example me: I'm using free (as in speech) solutions for my PC (Fedora Linux OS) and phones (LineageOS Android clone). To stay in control, to protect my privacy, to make my business more secure and more resilient, etc.
1363If I loose ability to install software of my choosing on devices I've paid for, I'll be loosing significant freedoms I enjoy currently (while it is my strong belief that such freedoms are not at the expense or detriment to others). And I'll most probably ""fall prey"" to ""services"" and ""platform"" which the EC is ""battling"" on some other fronts.
1364Some further references and points:
13651) To avoid repeating what others already wrote, you may refer to following page:
1366...
13672) ""Right to Repair"" is very closely related to this and in my opinion will also be negatively affected. See
1368Please, while ensuring single market, take into account also rights and freedoms of users. And also balance ""powers"" given to suppliers.
1369Thank you in advance.
1370Sincerely
1371Ond??ej Halama",""
1372"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F221777_en?p_id=380919","F221777","1 March 2019","Tomas H??rdin","EU citizen","","","","Sweden","The ability to install custom, free software on radio devices is crucial to both the free software movement and to amateur radio operators. This legislation will worsen vendor lock-in and further cement spectrum enclosure. There is already legislation in all member states punishing spectrum misuse, which means that this proposal does nothing but punish experimenters, high-speed multimedia radio (HSMM), emergency communication (EMCOMM) projects, AMPRnet users and on. These uses and many others rely on there existing ubiquitous, cheap radio hardware manufactured at commercial scale. Project like OpenWRT might become entirely unworkable should article 3(3)(i) pass.
1373Specifically in regard to the impact assessment:
1374Increased security and safety for EU citizens in the digital society and economy.
1375The inability of the user to inspect and patch radio software will *worsen* their security, not improve it. The same applies to protecting personal data. If the software in my radio can't be inspected or fixed, then it cannot be trusted.
1376It should be noted that currently a user may choose to alter a device's *hardware*, making the device non-compliant. Since a user is free to do so, so long as they don't cause harmful interference, then they must also be free to alter the software as they see fit, provided they again do not cause interference. As more hardware moves into software, this need in fact becomes essential. Or put in other words: if I can take a soldering iron to a device, I should also be able to take a compiler to it.
1377Personally I'd like to see the Commission take the opposite stance: require all radio software to be 100% free and modifiable, to ensure user freedom and to encourage innovation in the electromagnetic field (pun intended).
1378Tomas H??rdin, callsign SA2TMS, research engineer at Ume?? University",""
1379"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F221776_en?p_id=380919","F221776","1 March 2019","Peter Hane????k","EU citizen","","","","Slovakia","Dear Madam or Sir,
1380while I welcome EC's work towards ensuring a single market for radio equipment by setting essential requirements for health and safety, electromagnetic compatibility and efficient use of the radio spectrum I would like to raise several points, most importantly one regarding ""Article 3(3)(i) of the Radio Equipment Directive 2014/53/EU"": I strongly prefer to be in control of the devices I've purchased. And current wording of that article seems to contradict that (giving ""power/control/responsibility"" to the manufacturer instead.)
1381Given current let's say ""market situation"" when lots of commerce and ""other stuff"" is happening ""in the cloud"" and ""via platforms"" one can already see lots of problems attributable to ""user not being in control"". I'm sure EC is aware of many such problems given for example recent issues with for example Facebook in relation to GDPR, fake-news, etc.
1382One way for users to avoid many such problems is to use their own devices, thus avoiding cloud. *But* current wording of Article 3(3)(i) may prevent them from doing so. For example me: I'm using free (as in speech) solutions for my PC (Fedora Linux OS) and phones (LineageOS Android clone). To stay in control, to protect my privacy, to make my business more secure and more resilient, etc.
1383If I loose ability to install software of my choosing on devices I've paid for, I'll be loosing significant freedoms I enjoy currently (while it is my strong belief that such freedoms are not at the expense or detriment to others). And I'll most probably ""fall prey"" to ""services"" and ""platform"" which the EC is ""battling"" on some other fronts.
1384Some further references and points:
13851) To avoid repeating what others already wrote, you may refer to following page:
13862) ""Right to Repair"" is very closely related to this and in my opinion will also be negatively affected. See
1387Please, while ensuring single market, take into account also rights and freedoms of users. And also balance ""powers"" given to suppliers.
1388Thank you in advance.
1389Sincerely
1390Peter Hanecak",""
1391"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F221611_en?p_id=380919","F221611","1 March 2019","Sebastian Tobie","EU citizen","","","","Germany","Diese Regelung ist eine Gefahr f??r die IT-Sicherheit und Freiheit.
1392 Sie gibt Herstellern das Recht und die Pflicht Netzwerkf??hige Ger??te f??r alternative Firmware abzusichern. Schon jetzt sind viele Hersteller daf??r bekannt, das sie Patches erst nach Protesten oder garnicht freizugeben, die Kritische L??cken fixen.
1393 Vor der Deutschen Routerfreiheit gab es Netzbetreiber die Wucherpreise verlangten nur damit das WIFI auf den Ger??ten freigeschaltet wird. AVM hat jahrelang einen veralteten SMB-Server auf seinen Ger??ten, die angeschlossene Windows-Computer Gefahren von diversen Computerviren aussetzt. Andere Hersteller bieten kaum/keine M??glichkeit diese abzusichern. Wenn jemand Ger??te absichtlich modifiziert hat um zu st??ren oder abzuh??ren, WER wird bestraft?
1394 Der Hersteller?
1395 NEIN!
1396 Die Manipulierende Person?
1397 JA.
1398 Ihre Regelung w??rde Projekten wie Openwrt illegal machen und die Informationssicherheit komplett abh??ngig von Herstellern machen, die hier Ger??te verkaufen, aber sich nur einen Schei??dreck um Kunden k??mmern.",""
1399"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F221576_en?p_id=380919","F221576","1 March 2019","ippokratis pyrgiotis","EU citizen","","","","Greece","free software is the field of experimentation and development .
1400 it is the pre-phase of every official software.
1401 this will eventually slow down technological growth on the effected devices .",""
1402"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F219455_en?p_id=380919","F219455","1 March 2019","Philippe MAGNERON","Company/business organisation","Hager group","Large (250 or more)","","France","En tant que fabricant de mat??riel radio professionnels nous devons nous conformer au r??glement de protection des donn??es personnelles ainsi qu'au diff??rentes directives applicables. Dans notre domaine des solutions et produits pour les immeubles/maisons connect??s l'utilisation du sch??ma de certification du Cybersecurity Act for ICT products qui est en cours de mise en place va devenir une obligation pouss??e par la demande des clients et du march??. Nous ne voyons donc pas d'int??r??t ?? d'ajouter des contraintes l??gislatives suppl??mentaires qui ne vont conduire qu'?? l'augmentation surr??aliste du co??t de conception des produits et de fait sera r??percut??e sur le consommateur. La seule option viable est l'option 1. Sachant qu'un acte d??l??gu?? s'appliquerait sur l'ensemble des produits radio utilisant une multitude de technologies tr??s diff??rentes, nous ne voyons pas comment un seul standard harmonis?? pourrait tout adresser. Il existe de nombreux produits dont le logiciel peut ??tre mis ?? jour, mais qui ne sont pas connect??s ?? Internet. Ils n???encourent pas le m??me niveau de risque. Un fabricant se doit de mettre en place des mesures appropri??es ?? ce niveau de risque. La l??gislation se doit ??galement d?????tre proportionn??e. Nous sommes donc totalement oppos??s aux options 2, 3 et 4 qui sont des r??ponses disproportionn??es. Sous couvert d'une meilleure protection des consommateurs ces options ne vont conduire qu'?? leur faire subir des augmentations dramatiques de prix. Cela ne fera que handicaper encore plus les industries Europ??ennes face ?? la concurrence et n???emp??chera en rien la mise sur le march?? de produits non conformes.",""
1403"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F219437_en?p_id=380919","F219437","1 March 2019","William Mitchell","Company/business organisation","Starkey Hearing Technologies","Large (250 or more)","","United States","As a global manufacturer of assisted listening devices for the hearing impaired with a number of offices and many customers within the European Union, Starkey Hearing Technologies respectfully submits the following comments on this proposal:
1404We believe that regulatory options 0 or 1 are appropriate for assisted listening devices and their associated accessories:
1405The following regulatory options will be considered:
1406 ??? Option 0, baseline scenario: a situation in which manufacturers are not obliged to implement any specific measures as it is currently the case.
1407 ??? Option 1, a situation whereby the industry self-regulates to ensure that software uploaded into radio equipment does not compromise the initial compliance.
1408These are low power short range devices that typically operate in licence-exempt frequency bands per CEPT ERC Recommendation 70-03. Due to their low power (on the order of 0 dBm or less), which is due to the limited energy available from small internal batteries since these devices are often worn on the user's ear, they are not going to cause interference to other radio services.
1409Wireless ALDs have a long history of use, which has shown that regulatory control mechanisms based on Essential Requirements 3(1) and 3(2) of the Radio Equipment Directive are sufficient and adequate to provide ongoing compliance of these products.
1410In addition, since these devices are medical devices regulated by the Medical Device Directive and Medical Device Regulation, the software and software update procedures are required to meet the Essential Requirements of this Directive and Regulation. These procedures insure the integrity and security of this process throughout the life of the product and therefore additional regulation based on Essential Requirement 3(3) of the Radio Equipment Directive is not required.",""
1411"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F219415_en?p_id=380919","F219415","1 March 2019","Jan WIESNER","Other","ARD (German Public Service Media)","Large (250 or more)","6774178922-55","Germany","ARD-Liaision Office Brussels Transparency Register No.: 6774178922-55
1412ARD views on the Inception Impact Assessment on the Commission delegated regulation on Reconfigurable Radio Systems
1413We would like to thank the European Commission for the opportunity to comment on the Inception Impact Assessment on the planned Commission delegated regulation on Reconfigurable Radio Systems.
1414ARD, as many other (Public Service) Broadcasters, is obviously affected by any regulation dealing with equipment emanating or receiving radio waves. Not at least the distribution of our content via radio waves is an important means to fulfill our public service remit. In the broadcast sector as well as in the mobile sector new services, platforms, distribution systems and devices will be introduced in the near future. One of the most challenging transformations will be caused by 5G. In this context questions of the use of spectrum, security, electromagnetic interference and electromagnetic compatibility will play an increasing role.
1415At the time of the last revision of the Radio Equipment Directive (RED), however, we criticized the extension of the scope of the directive to pure radio receivers. We did not and still do not share the rationale behind subjecting equipment which only receives but does not emit electromagnetic waves to the rules of this directive.
1416We understand, however, that the present consultation focuses on the question of possible future rules on Reconfigurable Radio Systems (RRS) and not on the question whether or not certain equipment should fall under the rules of the RED. We would, nevertheless, like to share our concern regarding possible additional rules on pure receivers via such a delegated act. We therefore suggest to consider to limit any delegated regulation on RSS to equipment that intentionally emits radio waves for the purpose of radio communication and/or radio determination. In case this would not be possible / feasible we would suggest to confine any future action to Option 0 (baseline scenario) (page 3) in order to avoid additional rules for pure receivers.
1417On a principal note we would like to underline that if there were a delegated regulation on RSS, the rules should be proportionate and should not place unreasonable technical, administrative of financial burden on the user / operator of the respective equipment.
1418For any possible future revision of the Radio Equipment Directive RED we would like to reiterate our demand to exclude equipment that only receives radio waves form the scope of this directive.
14191. March 2019
1420Contact:
1421 ARD-Liaision Office
1422 Rue Jacques de Lalaing 28
1423 1040 Bruxelles
1424 +32-2-2359666","https://ec.europa.eu/info/law/better-regulation/feedback/219415/attachment/090166e5c2059836_en"
1425"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F219414_en?p_id=380919","F219414","1 March 2019","Maret OTS","Public authority","Consumer protection and technical regulatory authority","Medium (50 to 249 employees)","","Estonia","We prefer the option 4. Adoption of a delegated act pusuant both Articles 3(3)(i) and 4. In this case, both requirements in Option 2 and 3 will have to be demonstrated for the purposes of market access.",""
1426"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F219412_en?p_id=380919","F219412","1 March 2019","Hans-Karl von Arnim","Public authority","Federal Maritime and Hydrographic Agency","Large (250 or more)","","Germany","Dear Sirs,
1427Equipment for the maritime mobile service under the Radio Equipment Directive is falling under the scope of Article 3(3)(g).
1428 The potential of radios the parameters of which are determined by internal software, i. e. reconfigurable and also software defined radios (SDR), is recognized. Due to the nature of services the mobile maritime service is providing, including distress and safety calls to ensure the reliable access to emergency services, it has to be ensured that any implementation plan for such radios will not adversely affect the interests of the maritime services.
1429The responsibilities of the economic operators as clearly defined by the Maritime Equipment directive and the Radio Equipment Directive are to be kept in place.
1430Given the safety nature of maritime services, Maritime Administrations should be involved in any decision to implement reconfigurable and SDR systems which could have the potential to impact the functionality of and the frequency bands used by the maritime services.",""
1431"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F219046_en?p_id=380919","F219046","28 February 2019","Brian COPSEY","EU citizen","","","","United Kingdom","Option 1 is the only practical option if users are to continue enjoying the revolution and evolution that software has enabled in a wide range of equipment. The only know problem has been with the 5.6GHz R-LAN devices this has now been solved and lessons learnt. Imposing options 2-4 would be disproportionate to the risk involved especially as Government, Banks and other ""secure"" institutions appear unable to keep out hackers therefore any system identified in 2-4 would be compromised by a determined hacker.
1432 On the other side users would be disadvantages in a number of ways:
14331) using PMSE as one example , a show which may have in excess of 100 units on a European tour often works on a three day cycle, set up day 1, show day 2 breakdown and travel day 3, as PMSE spectrum is on a tuning range basis and geographically allocated each unit will require retuning at each venue this may include frequency, power and in some cases bandwidth. If the user cannot do this in a simple and timely manner the probably outcome will be that the original setting will be used resulting in potential interference and not conforming to the objectives of the RED
14342) The use enjoys updates and bug fixes in a timely manner but if this process becomes time consuming and expensive for the manufacture and user fewer updates will be provided thus the optimal use and flexibility of the equipment will be compromised
14353) the time effort and cost of developing systems under options 2-4 will be extensive as one size will not fit all and again disproportionate to the risk involved",""
1436"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F163018_en?p_id=380919","F163018","24 February 2019","Stijn Segers","EU citizen","","","","Belgium","It feels like this initiative was designed to combat infractions that are few and far in between, while there's already existing regulation in place concerning radio usage by end users (which should be enforced). I run OpenWrt on my hardware for the very simple reason it gives me more control over the actual software running on it, and so I can make sure it's more up to date than whatever the manufacturer deems fit for release to consumers - which more often than not ends up to be outdated firmware with lazily written code and glaring security holes most don't bother to fix. The latter is the main reason most people want third party firmware on their device: because they don't depend on lax security policies (and lack of updates) most manufacturers turn out to have once the device has been purchased.
1437As such, it feels very heavy-handed. Hope this gets amended.",""
1438"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F89345_en?p_id=380919","F89345","22 February 2019","Uwe Wegemann","Company/business organisation","Multi-Company-Response","Large (250 or more)","","Germany","Source:
1439ROHDE & SCHWARZ
1440 VEGA Grieshaber KG
1441 2pi-LABS GmbH
1442 European GPR Association
1443 Continental Automotive GmbH
1444 DecaWave Ltd
1445 Honeywell Enraf BV
1446 Marquardt GmbH
1447 KROHNE Messtechnik GmbH
1448 EMERSON Process Mgt Limited
1449 Novelda AS
1450 3d-Radar AS
1451 Geoscanners AB
1452 Geophysical Survey Systems Inc
1453 HILTI AG
1454 IDS Georadar srl
1455 Impulse Radar
1456 International Groundradar Consulting Inc
1457 Mala Geoscience
1458 PipeHawk plc
1459 Proceq SA
1460 Roadscanners Oy
1461 Sensors & Software Inc
1462 Utsi Electronics
1463 T & A Survey BV
1464Multi-Company Response to EC Online-Questionnaire on Article 3(3)(i) and Article 4.
1465The industry-group members listed above hereby present comments and answers to the EC Online-Questionnaire on Article 3(3)(i) and Article 4.
1466The industry-group suggests to remove UWB equipment from the scope of Article 3(3)(i) and further the industry group requests that UWB devices should not fall within the scope of Article 4 for the reasons listed below.
1467These reasons reflect:
1468 ??? the professionalism of software development, of software change management and the professionalism of the distribution channels of any new type of software.
1469 ??? the software - and hardware architectures of this kind of devices.
1470A detailed list of these reasons is given in the attached file.","https://ec.europa.eu/info/law/better-regulation/feedback/89345/attachment/090166e5c1c765a9_en"
1471"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F65325_en?p_id=380919","F65325","19 February 2019","John Morris","EU citizen","","","","United Kingdom","Attempts to secure commercial equipment are always laudible. However, I have several concerns about the underlying reasoning:
1472* Despite the very strong financial and regulatory incentives to make modems/routers secure, bugs, backdoors, outdated code and mistakes are common. As things currently stand, I usually replace the firmware with OpenWrt and fix them myself: I know how to test a network until it is secure. Without that capability there would be several _fewer_ secure networks out there.
1473* Preventing modification of software to address problems almost entirely stemming from poor OEM software is daft: the problem is in what is shipped, *not* what replaces it. The Commission has supplied no evidence (unless I've missed it) that a sizeable portion of problems stem from 3rd-party/consumer installed software. Most problems I see stem from compromised/corrupt OEM software.
1474* Regulating software/firmware directly benefits manufacturers economically, removing competition and thus _discouraging_ excellence in coding. so this looks, once again, like simple business dressed up as regulation.
1475* The line between consumers/creators is thinnest in the digital world. There are a lot of network engineers out there, building better systems (of which the Internet Engineering Tasforce is a sterling example). The ability to trial their ideas on COTS equipment has directly driven the development of technologies we all take for granted.
1476* Securing e.g. routers against tampering is _already_ possible, and some, e.g. Virgin Media, who judge it necessary, do it. Demanding it will simply result in a host of easily-crackable to moderately-difficult-to-crack systems (since opening the case and flashing the nvram is always possible). But, since manufacturer errors will still lead to the backdoors exploited today, this will _not_ appreciably help clear up the spectrum. People brave enough to tinker with firmware tend to know what they are doing.
1477* Re. 'output power' (and channel width, unmentioned but much more important: all alternative firmware/software systems I've used require one to enter the country code and look up the regulation. Sure, you can bypass it (though that's often just as easy with OEM firmware). But anyone willing knowingly so to do is already willing to bypass any security placed in the way.
1478* By mixing emergency radio with consumer electronics an unduly broad problem is posed. Securing software updates on emergency radio makes sense: and there aren't many people trying to roll their own. But securing software on consumer routers doesn't make sense: the potential for harm is much lower, and very good people are rolling their own---which the industry then uses.
1479* An awful number of COTS routers now run openwrt or an openwrt derivative. That software only exists because user-installed software on COTS hardware is legal.
1480And lastly: even if this legislation tries to allow *some* legitimate experimentation, it will in practice fail, as EU legislation is felt to be so complicated and difficult to approach most will simply lock down the hardware rather than face the lawsuits (as another laudable project, GDPR, has done with many small websites).
1481Thus:
14821. the problem isn't with user software, but with OEM software
1483 2. this regulation makes that worse
1484 3. it obfuscates by confusing consumer networked electronics with emergency radio and everything in between
1485 4. innovation depends on the ability to install user software/firmware
1486 5. we all depend on protocols developed with 4. and
1487 6. this regulation would give direct economic advantage to manufacturers whilst *forcing* consumers merely to 'consume'. Sociologically, it thus re-inforces 'class slavery' although we should properly say 'goods slavery'.
1488My thanks for your time in reading a very long submission: I thought this was important.
1489Sincerely,
1490John Morris.",""
1491"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F26031_en?p_id=380919","F26031","10 February 2019","","EU citizen","","","","Italy","Dear Sir/Madam,
1492I would like to kindly comment on the planned restrictions on radio equipment and find this somehow worrisome and really worry some.
1493 As a ham radio operator I find those restrictions somehow worrisome, because they put a legal restriction on tinkering with our own devices that is in my humble opinion neither justified or understandable. We are operating different kind of hardware and like to tinker with it without having to worry about it. This has always been a very good fuel for new ideas like Batman (a mesh network), the cross-country ham radio network called ""HAMNET"" or local radio operator offering ""Freifunk"" and other free radio based Wifi solutions. Lots of the mesh network technology has found it's way into mainstream nowadays. This would never have been possible without the freedom to tinker around with your own hardware. Other people, especially those involved in the Freifunk project, are heavily relying on being able to flash their own hardware with a custom rom, most of the times OpenWRT. If this becomes a law, those project would become very difficult in the best case and more realistic impossible, as most vendors do not offer the required features in a maturity level that allows them to operate in a reliable way.
1494 Second I find those restrictions very worrisome from the perspective of consumer protection and safety of the home network. If the past years have shown us something then it is, that most vendors do not have an interest to keep their hardware safe or at least up-to-date. Most people (probably including you) have a own Wifi router at home. When was the last time you have been applying an update? Are you sure there are no security holes in your device, that allow an attacker to take over your network as it has been the case in lots of cases in the past years? The interest for attackers is there, they can install botnet software on your routers and computers or install proxies that allows them to spread undesired advertisements in their favour. One recent attack even re-routed the whole traffic of certain routers of a certain brand.
1495 Sometimes when the distributor is not capable or not willing to take the security of their customers serious, flashing your own software is the only way to keep your home network safe. This can be seen as basic self-protection or right to repair and should not be forbidden by law. Apart from the very basic rule, that I should be allowed to do with my hardware what I want - In the end it belongs to me.
1496 Forbidding to install your own software puts our full trust in the hand of those vendors, who have continuously shown that they don't care enough about their customers safety.
1497I find this efforts against civil laws (""right to repair"") and they are very negative for lots of people who are heavily relying on the right to modify their radio equipment (e.g. Freifunk). I don't find any benefits for such a restrictions at all but some very serious disadvantages for non-profit organisations, education and home safety.
1498I hope this feedback is useful and such restrictions do not find a place in our beautiful European Union.
1499With best regards,
1500 Felix Niederwanger",""
1501"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F26019_en?p_id=380919","F26019","10 February 2019","","EU citizen","","","","Germany","Dear EC,
1502I am employed by a small company that builds Open Source software for GSM and UMTS radio solutions, a market that is traditionally controlled by large multi-national companies. My concern is that the initiaitve ""Upload of software on radio equipment"" will ultimately create a burden to officially approve each software release, which only the already dominant market players will be able to implement in a cost effective way. Let us not further tip the market towards large companies in a way that small companies like my employer will be made impossible to exist. Small and medium companies are the main providers of employment and the core drivers of the German economy and tax budget, and concentration of market monopoly is not in the interest of the general public.
1503Most importantly, I believe it must be ensured that the initiative ""Upload of software on radio equipment"" does not affect informal research and development. If it is not limited to specifically official ""stable"" software upgrades for single-purpose products sold on the market, but also at software versions labeled ""experimental"" or at all existing radio equipment otherwise assembled, it would prohibitively stifle security research and invention by the general public.
1504An example for above points: a device sold by my employer was successfully used to uncover security flaws in remote services in a major German based brand car model [1] (a GSM base station with custom software was able to unlock a commonly sold automobile by a replay-attack). The publication lead to fixing the security flaw and a safer product. This research which would not have been possible if the equipment's software would have required approval by an official entity for all of these reasons: a) proving general safety of the software is in this case not the point of interest; b) countless subsequent software versions were developed to lead to the result, and approving each software version would have extended the development cycle ad infinitum; c) if my employer were unable to develop and ultimately sell the device used, this kind of research would have been impossible.
1505Consider also that building radio equipment, even if software defined radio is used, largely depends on hardware to adequately filter and amplify the input and output of the software defined radio unit.
1506Finally, consider paper as a product, as a stark illustration of my fear of inadequacy for this initiative: paper poses immense danger to society, as human history has shown countless times. We have implemented accountability like the German V.i.s.d.P., but we have not implemented a requirement that every text anywhere must be approved before being printed on paper.
1507[1] ",""
1508"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F26018_en?p_id=380919","F26018","10 February 2019","","EU citizen","","","","Austria","Dear Sir or Madam,
1509I would like to point out that many of the most trusted and secure operating systems or firmwares for radio equipment are provided by open source projects, which often are created and maintained by users. In fact, many companies use them as a baseline for their own device's firmware (e.g. Linux or BSD operating systems). While measures to increase the responsibility of companies to provide the necessary software security updates for their devices are necessary, they can not be the only solution. After the support timespan ends, or the company goes out of business, there will be outdated and vulnerable devices online. The proposal in question will potentially make it harder for users to modify hardware and software of radio equipment like wireless routers or mobile phones, preventing them of securing their systems.",""
1510"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F26009_en?p_id=380919","F26009","10 February 2019","","EU citizen","","","","Poland","Proposed regulation is like Red Flag Act (Locomotive Acts).
1511It will block development of European innovation in areas like IoT and AI.
1512 Huge number of IoT solutions are built by amateurs on open source hardware and open source software. Popular platforms are Raspberry Pi, Arduino, ESP 8266. These cheap platforms and open software are fundamental to popularization IoT and AI skills among students and young people in Europe. That competences are critical to keep innovations on track.
1513 Right to write and modify software on radio devices in ISM and HAM bands will be critical for European economy.",""
1514"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F26005_en?p_id=380919","F26005","10 February 2019","","EU citizen","","","","United Kingdom","Locking down hardware, while it might solve rare issues with interference, will have significant negative effects for security, privacy and reliability of ""radio equipment"". Why? Because the preinstalled firmware on, for example, most consumer WiFi routers is universally quite awful. The manufacturers have no real incentive to actually add features beyond the bare minimum, keep devices updated to support new standards and patch security holes, or address any issues which may occur. End users also have very little control of their devices. To fix this, the opensource community has developed custom firmware for these products, which allow them to be used securely and which makes the devices more trustworthy, as what they run is under the user's control.
1515If this happens, some manufacturers might separate the code for the radio from the rest of the product, but inevitably most will take the easier step of just blocking any 3rd-party firmware, negating all the benefits of open-source firmware listed above.",""
1516"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F25966_en?p_id=380919","F25966","9 February 2019","Pawel KRAWCZYK","EU citizen","","","","Poland","Dear Sir/Madam,
1517 I'm an information security professional with 20 years of experience in the industry, also a software developer and network architect. I remember very well the beginning of community initiated projects for development of open-source firmware for routers, wireless access points and smartphones. These projects have arisen from widespread frustration of customers who were faced with poor quality software, delayed security updates, vendor lockdown or excessive pricing of software features, which were derived by commercial vendors based on open-source software. This negligence and harmful practices of equipment vendors are anything but gone and regulation had been ineffective here - only last year hundreds of thousands of broadband routers from vendors such as Asus, Netgear, D-Link, Ubiquiti and others were compromised as result of a vulnerability. In 2017 US FTC accused D-LInk of negligence in protecting their routers from well-known and widely documented vulnerabilities. In 2018 undocumented, hard-coded accounts (backdoors) have been discovered in Cisco routers. Many of the devices are no longer receiving any security updates as they are out of vendor support even if they are still operational.
1518In all these cases open-source firmware has significant positive impact on security and robustness of the whole Internet ecosystem. Projects such as OpenWRT are written to much higher quality and security standards as compared to their original vendor-provided firmware, which is written with focus on nice user interface and very little resources on security proofing. With the latter having little competitive advantage from the point of view of for-profit enterprises but having critical impact on the Internet security, OpenWRT and similar initiatives are actually contributing to the main objective of the Regulation - ensuring safety of the Internet infrastructure.
1519While I understand the concerns about radio equipment controlling software being modified in a way that can cause harmful interferences - for example unauthorised increase of transmitting power - the authors of community-developed firmware do take precautions to prevent this. For example, in OpenWRT WiFi power levels are configured precisely in the same way as in commercial firmware, in a way ensuring that the power does not exceed levels allowed for given country.
1520As it comes to smartphones, initiatives to create open-source firmware (such as LineageOS or Ubuntu Touch) were driven by the same reasons as described above. Vendor lockdown, artificial device performance throttling, preinstalled intrusive applications and lack of firmware updates for older devices, including security upgrades.
1521Since EU regulation had so far very little or no impact on these harmful commercial practices - for example GDPR had in no way resolved Android or iPhone privacy intrusion issues - I strongly believe that the open-source firmware is significantly contributing to the security, safety, privacy and consumer confidence objectives that are at the base of the proposed regulation. Therefore I urge the Commission to ensure that the legislative measures undertaken do not harm the ability of open-source community to develop and use custom firmware on their devices.",""
1522"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F25962_en?p_id=380919","F25962","9 February 2019","","EU citizen","","","","Poland","First you should enforce producers to provide long updates period. Today we are left without updates on our network equipment after 2-3years. Most of people I know not changing hardware until it will fail, or its very old. Same things in companies. Today we are more exposed on attacks by unsupported devices than by open software.
1523Second thing is environment impact, we are trying to make our earth cleaner but with this idea you are pushing working equipment to trash. We will produce higher plastic toxic mountains than today.",""
1524"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F25957_en?p_id=380919","F25957","9 February 2019","","EU citizen","","","","Germany","I work as a volunteer for Freifunk. Our goal is to provide open and free networks and internet access to the public, in particular over WiFi. Everyone is able to contribute to the Freifunk network by installing a special software on off-the-shelf customer WiFi routers.
1525When a Freifunk router can receive the WiFi signal of other Freifunk routers, they will transport data between them, therefore extending coverage of the Freifunk network. This technology is called meshing. It allows everyone to easily participate in the Freifunk network by buying one of the many supported WiFi routers and installing a custom software on them.
1526Because Freifunk is run by citizens it is able to provide free and open networks and internet access where it does not generate profit, for example in refugee camps, youth center or other social institutions. Everyone shall be allowed to take part in digitalization, no matter of their income, age or country of origin.
1527Meshing is only possible because these routers run a common software that allows them to communicate with a common mesh protocol. It is therefore very important for Freifunk to be able to install custom software on off-the-shelf WiFi routers.
1528In my opinion, the directive shall not prevent router manufacturers from allowing customers to install custom software on their routers to allow Freifunk to continue to exist.",""
1529"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F25938_en?p_id=380919","F25938","8 February 2019","","EU citizen","","","","Germany","Hi I'm just a simple user. I personally benefit from free software, for example on my smartphone. Unfortunately, the manufacturer no longer supplies updates for the operating system.
1530But lineageos mostly releases daily improvements and monthly security updates. My router also runs on an openWrt, which protects me from external attacks. Also here no more security updates are delivered by the manufacturer.
1531I beg you to let us citizens have the freedom to use free software on our devices, free operating systems give us all security.
1532The herd imitation comes to my mind. Unpatched devices can get infected but the secure devices in between prevent all ""falling down"".
1533Apart from that, we reduce the amount of smart devices that end up in the garbage early, how unsafe they are.
1534Thank you for your attention.",""
1535"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F25898_en?p_id=380919","F25898","8 February 2019","","EU citizen","","","","Luxembourg","I am using custom software on nearly all my devices (router, smartphone, settopbox, etc.) Besides having the freedom as a customer to expand the capacities for a device that the original company does not offer (in a given legal framework), I can use my devices for a longer timespan and have security updates than what the official sources have to offer. And new ideas, creative addons etc. are provided first by those alternative firmwares (and they are much more reactive when it comes to security updates.",""
1536"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F25894_en?p_id=380919","F25894","8 February 2019","","EU citizen","","","","Germany","Projects like Openwrt and others allow for a longer use (after the end of the official support by manufacturers) of WiFi routers.
1537 This is better from a security viewpoint, as well in saving resources through not having to bin an otherwise good device.",""
1538"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F25320_en?p_id=380919","F25320","8 February 2019","","EU citizen","","","","Portugal","For the last decade or so that I use custom firmwares on my domestic routers. I choose my routers based on that fact, if a custom firmware exists for them.
1539 And just like me, so do my friends that are a bit more IT knowledgeable.
1540 Most factory firmwares do not provide half as many options to properly manage and optimize both performance and security of the private local networks (wired and wireless) and the Internet connection.
1541 I am all in favor of the evolution of standards for the radio spectrum usage inside the EU or even worldwide.
1542 However please have in mind not to do so in detriment to the end user freedom to upload and use custom / open source software to their devices. Examples: OpenWRT, DD-WRT, LuCI, Tomato, etc...
1543 As an IT Network Engineer, I truly am of the opinion that your intentions regarding making radio more secure and with standard EU rules can be achieved without sacrificing the usage of custom firmwares. Radio frequency / power options can also be limited from within such custom firmware projects or even by the hardware itself (despite of any firmware on it).",""
1544"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F25269_en?p_id=380919","F25269","8 February 2019","","EU citizen","","","","Austria","With an ever increasing number of devices with radios it becomes ever more important to give the consumer back control over them. The vendors already have the necessary tools in hand to make their radios compliant with the given spectrum they are allowed to use.
1545The bigger problem is that vendors will seek the easy route to the detriment of the customer. The customer needs to have the option to modify the software running on the device to keep it operational when the vendor is not willing to do so. In the past the vast majority of vendors seems to ignore basic security principles in their design either way. These are very often fixed by volunteers who don't want to create even more e-Waste, just because the vendor gives zero support.
1546If devices would be locked down even further, the vendor would have no incentive anymore to update their devices, because it would cost less. This creates an enormous security risk, as all those devices will be impossible to fix by the customer and when security vulnerabilities surface, the customer can't even take things into their own hands anymore to protect themselves.
1547Another aspect are also amateur radio operators. Some popular wireless devices can nowadays be repurposed by experts to serve the amateur radio bands, which in turn leads to more innovation with those products. Regulations for those also already exist and locking down the devices would hinder further innovation and experimentation. Because especially licensed amateurs can test out new technologies without interfering with the unlicensed (ISM) spectrums. Taking away this opportunity will again limit the possible innovation with consumer devices which are already plentiful and readily available.",""
1548"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F25209_en?p_id=380919","F25209","8 February 2019","","EU citizen","","","","Germany","I am, myself a user of free open source router software and also a member of a community that depends on this kind of software.
1549 The right not only allows for quite more use cases of the devices, but also extended use time, far beyond the support target of the manufacturer.
1550 Devices like the TP-Link WDR-3600 which has seen its end of support in 2015, but is still a great devices with features (when used with OpenWRT) that go far beyond the original product and anything current devices can offer.
1551Modifying it, so that it looses conformity with EU standards is as hard with OpenWRT as it was with the original firmware and any user following common sense and ""the manual"" will not offend any laws.",""
1552"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F25206_en?p_id=380919","F25206","8 February 2019","","EU citizen","","","","Germany","As an avid user of free and open source software on wireless routers, I urge you to allow the usage of this software on wireless equipment.
1553 Oftentimes the software shipped by the manufacturer is faulty or does not provide an upgrade path if software vulnerabilities are found. Even if the software is regularly updated, support stops when the manufacturer releases a new hardware version. The routers often work just fine without the updates, but since no more updates are provided they are susceptible to security vulnerabilities. Open Source software like OpenWRT provides updates for old routers and allows the user to use his hardware safely for a longer period of time.",""
1554"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F25198_en?p_id=380919","F25198","8 February 2019","","EU citizen","","","","Germany","Please allow the use of open source software ( example openwrt/lede) on radio equipment in future. I bought hardware and only I should decide what software runs on my hardware. Same vendors do not regularly update the software on their hardware. Leaving it???s users unprotected.
1555With open source software I can decide and update. I do not need to buy the newest model of the manufacturer to receive updates.
1556This is very important. Manufacturers do not give long support periods because selling new hardware makes money and patching (providing software updates) for old hardware costs money",""
1557"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F24807_en?p_id=380919","F24807","7 February 2019","Steve HAYES","Company/business organisation","Element Materials Technology","Medium (50 to 249 employees)","","United Kingdom","Response to the European Commission Initiative titled ???Commission delegated regulation on Reconfigurable Radio Systems (RRS).
1558We appreciate the early circulation of this initiative to all stakeholders and respectfully makes the following comments:-
1559 1. We understand that the issue of RRS will increase as more radio systems embed and modify their function through software and that the current radio equipment directive provides a high administrative burden to these systems.
1560 2. We envisage that many manufacturers do/will provide stringent controls in place to ensure that only the combination of hardware and software that has been demonstrated to be in compliance to the essential requirements of the directive however this has the potential to be ???hacked??? and therefore clear guidance should be provided to ensure that these factors cannot be overridden by end-users. A possible solution is indicated below
1561 3. The RED requires that a manufacturer provides details in the instruction manual regarding the frequency and power levels of the radio equipment. Since the same hardware may be used and the only software modified to gain market access in a given Member State, this labelling requirement becomes very burdensome. Due consideration should be given to this such that a dedicated product model/part numbers or user manual isn???t required for every product variant.
1562 4. RRS should be designed in such that when placed on the market, a licence key is required. This key is issued by the manufacturer (or an economic operator who takes responsibility for the conformity of the product) and is used to configure the RRS. The key shall ensure that the geolocation and individual licence conditions, if applicable, are met. This will ensure that only the combination of hardware, software or any other factor (such as frequency, power level, duty cycle etc) are unique to the location and local limitations of use.
1563 5. End-users may move the equipment between one geographic area and another. The conditions associated with the use in one location may therefore be compromised when it is moved. Where this is the case, some form of database or geolocation data should (such as GNSS/GPS) be required to ensure that when the radio equipment is switched on, it can only operate when the location information is checked. A licence key issued by the manufacturer would be a way of ensuring this obligation. The licence key should be specific for the device (by linking it to the MAC or serial number of the hardware) and cannot be used with another device.
1564 6. Product labelling ??? the RED (Article 10(10)) requires that country specific information is included on the packaging. Since the RRS???s ultimate location will not be known at that the time it is placed on the market, this requirement is very difficult to achieve. Equally if the end user requires a licence key to operate the product, the point of having this labelling requirement disappears, since the geographic location information will disable the radio if it is being used somewhere that compromises the conformity of the product.
1565 7. We do support options 0 or 1 since manufacturers, Notified Bodies and regulators need certainty. Having a situation that is unregulated or left to individual manufacturers will lead to ambiguity in the requirements for RRS.",""
1566"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F22792_en?p_id=380919","F22792","7 February 2019","","EU citizen","","","","Germany","Dear experts,
1567 Did you ever used a consumer grade router? They are basically shipped with none up to date software and well known security risks plus the most of them never gets an update. Since you don't want to buy every year a new router there is most of the time no other way then flash a new os like openwrt, who people put a lot of work in to not only keep the user safe but also helps the envoirement cos there is no need to buy new hardware just to get the new cool software feature.",""
1568"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F19326_en?p_id=380919","F19326","6 February 2019","","EU citizen","","","","Germany","Ich bin entsetzt, dass die EU hiermit allen Opensource-Entwicklern offen den Krieg erkl??rt!
1569Opensource arbeitet ehrenamtlich ohne finanzielles Interesse. Opensource sind tausende von Programmieren, die jeder f??r sich ein kleines St??ck beitragen. IT-Infrastruktur ist ohne Opensource ??berhaupt nicht denkbar.
1570 Opensource erkennt und analysiert Schachstellen. Opensource ist der Motor f??r viele Innovation und offene Standards. Selbst die Funkanlagen-Hersteller erfinden das Rad nicht neu und greifen bei ihrer Firmwareentwicklung auf bew??hrte Opensource-Entwicklungen zur??ck. Jede EU-Regelung, die Opensource benachteiligt oder durch b??rokratische Regularien faktisch ausgrenzt, kann im Kern nicht verbraucherfreundlich sein noch kann sie den EU-Standort st??rken.
1571Die Produktion von Funkanlagen verschlingt Energie und wertvolle/seltene Materialien. Ohne einen freien Zugang zu der Hardware, bestimmt allein der Hersteller durch das Support-Ende wann der Konsument dieses Produkt letzlich verschrotten muss, weil es keine Updates und Bugfixes mehr gibt. Dabei hat der Hersteller aus vielen Gr??nden kein Interesse an langen Support-Zyklen.
1572 Offene Firmware/Opensource erm??glicht mit aktuellen Firmware-Images den sicheren Betrieb ??lterer Hardware auf sehr lange Zeit zu gew??hrleisten.
1573 Aus ??kologischer Sicht w??re also der faktische Ausschluss von Opensource durch falsche EU-Regularien ein Desaster.
1574Aus der Opensourceentwickler-Erfahrung der letzten Jahre sind viele hardwarenahe Softwarebestandteile der Hersteller (Treiber) leider immer wieder fehlerhaft und/oder undvollst??ndig programmiert. Daraus resultiert ein gro??es Risiko, dass die Funkanlage nicht wirklich normgerecht funktioniert, fehleranf??llig oder gar unsicher ist. Wenn die EU den Hardware-Produzenten Ma??nahmen an die Hand gibt, die verhindert, dass alternative Firmware hergestellt und auf den Funkanlagen implementiert werden kann, so werden diese eklatanten Softwarefehler der Hersteller u.U. nicht mehr analysiert und beseitigt. Da auch der Hersteller keinen Zwang erf??hrt, sein Produkt zu verbessern um Angriffe und Probleme im Betrieb zu verhindern, bleiben diese Produkte ??ber Jahrzehnte als tickende Zeitbomben Teil unserer IT-Infrastrukltur.
1575Jede Funkanlage kann vom Verbraucher auch durch Hardwarever??nderungen manupuliert werden. Der Hersteller kann nicht sicherstellen, dass sein Produkt dadurch nicht so ver??ndert wird, dass es nicht mehr den geforderten Normen entspricht (z.B. mit einem Sendebooster). Es liegt somit wesentlich auch in der Verantwortung des K??ufers und Betreibers der Funkanlagen, keine Ver??nderungen vorzunehmen, die zu Normverletzungen f??hren.
1576 Insofern ist dem Hersteller nicht zuzumuten ein Produkt zu entwickeln, welches den Verbraucher sicher daran hindert, Manipulationen technischer Art vorzunehmen. Dazu m??sste das Geh??use und die Hardware z.B. fest vergossen werden.
1577 Daher ist es ??u??erst fraglich ob die Forderung einer Ladesperre/Zertifizierung/Signatur f??r alternative Firmware ??berhaupt sinnvoll, angemessen und zielf??hrend zur Vermeidung von Normverletzungen ist.
1578Opensource-Projekte m??ssen offenen Marktzugang zu normgerechter und zugelassener Hardware haben. Sollte die EU mit Regelungen zu Funkanlagen den Opensource-Projekten faktisch die Existenzgrundlagen entziehen, so wird sich aus der Not heraus dennoch ein grauer Markt f??r Funkanlagen etablieren, bei dem Ger??te in gro??en Mengen in den EU-Markt gelangen k??nnten, deren Hardware u.U. zwar nicht den EU-Normen entspricht, die sich aber als einzige noch f??r die g??ngigen Opensource-Projekte benutzen lassen.
1579Fazit:
1580 Die in dem Papier genannten Optionen/Vorschl??ge zur Regulierung von Funkanlagen sind leider vollkommen ungeeignet und zerst??ren Opensource-Entwicklungen.",""
1581"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F18780_en?p_id=380919","F18780","6 February 2019","","EU citizen","","","","Germany","Dear expert group,
1582in the world of Smart Home / Internet of Things, more and more devices are connected to the internet. This enhances the life of citizen, but also brings risks: Security issues, unpatched vulnerabilities have proven to be a root cause for numerous disasters in the past.
1583 While the governments should enforce security updates by vendors, the second part of a security strategy needs to be keeping citizen enabled to defend themselves. This can be achieved by installing alternative software to those devices. Installing alternative software can help mitigate security issues in two aspects: 1 - devices that won't receive any more security updates (see above) can continue to be used; 2 - in a global perspective the homogeneity of devices is a catalyst for disaster scenarios in IT security. Enabling citizen to modify their devices will decrease the overall abusability of the system landscape in Europe.
1584Thus, I advocate the openness of hardware and software for Europe.
1585 Thanks!",""
1586"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F18774_en?p_id=380919","F18774","6 February 2019","Marvin Gaube","EU citizen","","","","Germany","As an open software enthusiast, and an active ""Freifunker"" building open and nonprofit networks, it is essential that hardware stays open. Open doesn't mean that we wan't to exceed legal limits, but we have to run our own, open source software on it. A good example is the project ""OpenWRT""/""Lede"" for wifi-routers. This, open, community-maintained ecosystem does not only give more options and flexibility, it also has security advantages - open source software is often maintained longer, and is easyer to check for vulnerabilities to be fixed.
1587 My suggestions are: Try to solve the regulations in Hardware. This means that the Country Code which sets the limits is written one time and can't be overwritten/changed, but the application software should be always exchangeable. This does not only keep the ecosystem intact, it also simplifies security updates. If that's not possible, at least implement an easy way and the right for Open Source, 3rd party software, to be installed. If a certification/audit is necessary, the certification should be independent from the hardware manufacturer and at no cost for open source, community-founded projects. This not only keeps the ecosystem intact, it also improves hardware and IoT-security.",""
1588"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F18218_en?p_id=380919","F18218","3 February 2019","Fr??d??ric Lochon","EU citizen","","","","France","Cette directive veut, par exemple, garantir qu'aucun ??quipement ??lectronique ne pourra entraver une communication mobile ?? destination d'un service d'urgence.
1589 Dans le principe ??a peut sembler louable.
1590Mais l'approche est malheureusement trop extr??me.
1591 En effet, cette directive aurait pour effet d???emp??cher tout ""commun des mortels"" d'effectuer une quelconque modification sur un ??quipement ??lectronique au seul pr??texte qu'une telle modification pourrait perturber une communication mobile.
1592Finalement, ce serait comme interdire l'utilisation d'un couteau ?? steak ?? toute autre fin que couper de la viande au pr??texte qu'un couteau peut servir ?? agresser et/ou tuer quelqu'un.
1593Pourtant des couteaux sont utilis??s quotidiennement pour agresser des personnes, on en restreint pas moins leur usage.
1594Par contre:
1595 - agresser quelqu'un au couteau est r??pr??hensible,
1596 - et inciter quelqu'un ?? utiliser un couteau ?? des fins criminelles est r??pr??hensible.
1597Ne pourrait-on pas se limiter ?? interdire toute modification entrainant le viol d'une r??glementation ?
1598 Voire, pourquoi pas, d'interdire la publicit?? d'une modification entrainant le viol d'une r??glementation ?
1599Car si on interdit toute modification ou si on rend la modification hors de port??e de tout individu, on l'accuse a priori d'??tre de mauvaise intention.
1600En bref: ne pas faire de proc??s d'intention, les gens sont habituellement de bonne volont??.",""
1601"https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038/feedback/F18206_en?p_id=380919","F18206","3 February 2019","","EU citizen","","","","France","Bonjour,
1602 cette loi semble utile sur le principe, mais son application souffre de manques importants dans l'??quilibre entre contraintes sur les usagers et gains apport??s :
1603- des exceptions doivent ??tre int??gr??s pour les logiciels libres qui sont d??velopp??s non par les fabricants d'??quipements radio mais par d'autres entreprises ou des individus ;
1604- il ne faut pas d??placer du fabricant vers l'utilisateur la responsabilit?? de la v??rification de respect de la conformit?? du logiciel quand des changements de configuration sont effectu??s. Le mat??riel et le logiciel ne devraient pas ??tre consid??r??s diff??rement de ce point de vue.
1605La r??flexion de la FSFE est int??ressante sur ce point :
1606Cordialement,",""
1607
1608_______________________________________________
1609RadioDirective mailing list
1610RadioDirective@lists.fsfe.org
1611https://lists.fsfe.org/mailman/listinfo/radiodirective
1612
1613This mailing list is covered by the FSFE's Code of Conduct. All participants are kindly asked to be excellent to each other: https://fsfe.org/about/codeofconduct
1614
1615
1616--
1617My email server only sends and accepts starttls encrypted mail in transit.
1618One benefit - it stops all spams thus far, cold. If you are not encrypting
1619 by default you are not going to get my mail or I, yours.
1620_______________________________________________
1621RadioDirective mailing list
1622RadioDirective@lists.fsfe.org
1623https://lists.fsfe.org/mailman/listinfo/radiodirective
1624
1625This mailing list is covered by the FSFE's Code of Conduct. All participants are kindly asked to be excellent to each other: https://fsfe.org/about/codeofconduct