Monday, 4 March 2019

Feedback on Article 3(3)

The following is my feedback regarding the proposed legislation around uploading of software to radio devices.

See this link for more details:

“Upload of software on radio equipment” initiative direct link:

Feedback direct link:

This is an extremely concerning piece of proposed legislation and I urge you to read my words here and hopefully understand why this is such a bad idea.

By limiting the type of software that can be loaded onto these devices it will unequivocally lower the overall level of security in the ecosystem. There are countless examples of insecure software which has been left for years on devices that are actively in use, with manufacturers who are unwilling to devote resources to fixing security holes. Open Source has traditionally stepped up to fix these kinds of problems, led by people who want to avoid waste, to be more secure, and to have individual choice.

If users cannot load e.g. open source software onto a device, then this blows up the whole idea of sustainability, up-cycling and re-use. It would be a shameful thing to do as it would render many devices that could be re-used as completely useless and just ending up in landfill. That may as well be an environmental crime that this article would enable.

For example, many SSL attacks have been discovered in the past 5 years, and if the security in some software on a device was found to be vulnerable but no remedy was forthcoming from the manufacturer (as they had gone out of business or they were focusing on latest released devices), then that renders the device an active security risk, potentially compromised, and could cost an enterprise millions in staff time, losses from being attacked, etc. The same kind of situation can exist on phones, on other networked, radio devices such as WiFi routers, etc. Preventing a user to update them in this way is dangerous and actively helps/supports attackers who could otherwise be thwarted.

Allowing open source software on devices (e.g. phones, routers) means that the life, security and performance of them can be hugely extended, in a way that the user is in control of. For routers, it means that a device can be protected from new and active threats / vulnerabilities - these are literally being discovered each week. How quickly are approved updates from a manufacturer likely to arrive? Nowhere near that, obviously.

This article must be removed. This tendency toward centralised control of software on devices owned by individuals, charities, and companies both small and large must be examined carefully. There is simply no way that this can work in a beneficial way to users, because trust has so frequently been broken, and this is essentially guaranteed regardless of legislation.

No comments:

Post a Comment