I would not buy a FIDO2 token if it allowed anybody to reprogram it, including me. If you managed to make selling me such a device illegal, then may a pox descend on your house.
If I want to reprogram my own FIDO2 token, I should be allowed to.
If I get your FIDO2 token and reprogram it without somehow also wiping the data on it, your problem is that I got your FIDO2 token, not that I could reprogram it without erasing it (which theoretically could perhaps be true right now)
I'm guessing you don't understand the reason I don't want it to be reprogrammable. Yes, there are some advantages to me being able to reprogram it. But it comes with two big downsides.
The first is if I can reprogram it, then so can anyone else. I don't know what the situation is where you live, but government has passed laws allowing them to compel all manufacturers of reprogrammable devices to all them to reprogram is with their spyware.
The second is places I interact with, like banks, insist on having guarantees on the devices I use to authenticate myself. Devices like a credit card. "I promise to never reprogram this card so it debits someone else's account" simply won't fly with them.
The easy way out of that is to ensure the entity who can reprogram it has a lot of skin in the game and deep pockets. This is why they trust a locked pixel running Google signed android to store your cards. But take the same phone running a near identical OS, but on unlocked hardware so you reprogram it, and they won't let you store cards.
But that's the easy way out. It still let's a government force Google to install spyware, so it's not the most secure way. One way to make it secure is to insist no one can reprogram it. That's what a credit card does.
In any case, if someone successfully got the law changed in the way the OP suggested, so people could not use their devices as a digital passport, it won't only be me wishing a pox on their house.
> The second is places I interact with, like banks, insist on having guarantees on the devices I use to authenticate myself. Devices like a credit card. "I promise to never reprogram this card so it debits someone else's account" simply won't fly with them.
If that's the only option they have, it will fly. Just like you used to be able to use banking apps with any Android before they had the option to restrict that to only Google-controlled ones.
1. if your government decides google has to put spyware on your phone, you wont be able to remove it, unless your device is reprogramnable.
It's actually the other way around, the only way to garantue that your device is free of spyware is you reprogramming it. You shouldn't have to trust the potentially compromised manufacturer.
True, but it's turtles all the way down. There is lots of non-reprogramable firmware in what you call "hardware". The recent article here pointed out the 8087 (an old floating point co-processor) had so much firmware (for the time) Intel had to use a special type of transistor to make it fit. Modern CPU's have many such tiny CPU's doing little jobs here and there. I'm being you didn't even know they exist. They not only exist, they also have a firmware programmed into ROM's you can never change. The bottom line is you have to trust the manufacturer of the silicon, and that isn't much different to trusting someone else who loaded firmware into the device.
The fact that there is always something you must trust in a device, as opposed to being able to prove it's trustworthy to yourself by just looking at it is so well known it has a name: is called the root of trust.
The interesting thing is it can ensure the root of trust the only thing you need to trust. The ability to do that makes your statement factually wrong. In fact it's drop dead simple. The root of trust only need let you read all firmware you loaded back, so you can verify it is what you would have loaded yourself. TPM's and secure boot are built around doing just that. Secure boot is how the banks and whoever else know you are running a copy of Android produced by Google.
Hey pabs, think about it. You know this doesn't work.
It doesn't work for the same reason the electricity company doesn't let you reprogram your electricity meter. Unlike the raucous response here as far as I far as I can tell, no one complains about that arrangement, despite the fact the meter is on your property, on land you own, and you effectively pay for it. They put up with it because of want the electricity, they know the electricity can't trust all their customers with metering it, and when it's all said and done putting a small box on their property the electricity has absolute control over is hardly a big deal.
It's exactly the same deal with your computer, or should be. There is a little area on a device you own that you have no control over. Ideally visible and running open source software with reproducible builds, so you can verify it does what it says on the box, and yes neither you nor anyone else can change it, so it meets your condition.
But it's purpose doesn't. It's purpose is to load the equivalent of electricity meters, which are software other people can change and you can't. Thus this area on the your device carves out others areas it can give ironclad guarantees to a third party they solely control, you can not reprogram, and you can't even see the secrets they store there (like encryption keys). These areas don't meet your definition. The third party can reprogram them, but you can't, you can't even see into them.
These areas can do things like behave like a credit cards, be a phones eSim, house a FIDO2 key that some their party attests is only ever stored securely.
Currently we depend on the likes of Google and Apple to provide us with this. I'm not sure Apple can be said to provide it, as they insist on vetting everything you can run that doesn't live in a browser. Google does better because you can side load, if you are willing to jump through hoops must people can't. Wouldn't it be great if debian could do it too? But to pull that off, debian developers would have to be believe allowing users to hand over control of a space on their computer they can't see or alter, to a third party debian didn't trust somehow works open source. It's not a big jump from the current firmware policy.
> but government has passed laws allowing them to compel all manufacturers of reprogrammable devices to all them to reprogram is with their spyware.
In this case the government may mandate to have spyware pre-installed in the factory - which is already the case for phones and laptops in some countries.
> I promise to never reprogram this card so it debits someone else's account
When reprogramming, the card should wipe private keys so it becomes just a "blank" without any useful information.
That doesn't work for two reasons. Firstly the law in my country specifically forbids introducing what they call a "systemic weakness". Among other things, that bans them from demanding every device is bugged. Instead they must get an judge to authorise targeting an individual, then get the manufacturers to replace the firmware in that device.
Secondly, they have no control over companies not based where I live. So I could just import it myself, provided you are successful get ever country to pass a law the denies me the right to do this the way I want to do it.
Fair enough. Sort of. You can get the same assurances OTP gives you using secure boot + open source + reproducible builds.
Regardless the rest us who don't want to go through the extra work OTP creates still of use want to put our credit cards, fido2 keys, government licences, concert tickets and whatever else in one general purpose computing device so we don't have to carry lots of little auth devices. To do pull that off securely this device must have firmware I can not change.
The OP wants to make it illegal to sell a device with firmware I can not change.
In asking for that, they've demonstrated they don't have a clue how secure and opening computing works. If they somehow got it implemented it would be a security disaster for them and everybody else.
I agree, with maybe minor exceptions. It's probably reasonable that radio hardware can't trivially be reprogrammed to exceed regulated power limits. Or for stuff that is extremely safety critical like pacemakers (though I think for those things it should be mandatory to share source code).
I don't think this should be a matter of regulation, as you can create a device that broadcasts powerful signals at almost any frequency, with high school physics and garage engineering.
It should very much be enforced though, similar to speed limits on the road. It's much easier to zero in on weird electromagnetic waves than it is to catch people speeding on roads.
By requiring high-school garage engineering to DOS your local RF services you prevent essentially everyone from doing it.
I'm all in to allow free access to reading waves, but broadcasting is regulated for good reason. Today I was in the subway when my Bluetooth headset started lagging, it's happened once before on a highway close to a specific car, this is DOS.
The radio spectrum is limited and it must be regulated and follow regulations, enforcement is really hard, it's a lot easier and reasonable to dump it on the manufacturers by locking the juice behind closed firmware.
2.1033 Application for grant of certification. Paragraph 4(i) which reads:
For devices including modular transmitters which are software defined radios and use software to control the radio or other parameters subject to the Commission’s rules, the description must include details of the equipment’s capabilities for software modification and upgradeability, including all frequency bands, power levels, modulation types, or other modes of operation for which the device is designed to operate, whether or not the device will be initially marketed with all modes enabled. The description must state which parties will be authorized to make software changes (e.g., the grantee, wireless service providers, other authorized parties) and the software controls that are provided to prevent unauthorized parties from enabling different modes of operation. Manufacturers must describe the methods used in the device to secure the software in their application for equipment authorization and must include a high level operational description or flow diagram of the software that controls the radio frequency operating parameters. The applicant must provide an attestation that only permissible modes of operation may be selected by a user.
2.1042 Certified modular transmitters. Paragraph (8)(e) which reads:
Manufacturers of any radio including certified modular transmitters which includes a software defined radio must take steps to ensure that only software that has been approved with a particular radio can be loaded into that radio. The software must not allow the installers or end-user to operate the transmitter with operating frequencies, output power, modulation types or other radio frequency parameters outside those that were approved. Manufacturers may use means including, but not limited to the use of a private network that allows only authenticated users to download software, electronic signatures in software or coding in hardware that is decoded by software to verify that new software can be legally loaded into a device to meet these requirements.
That appears to be a post arguing against adopting a rule that was proposed a decade ago. Was it ever actually enacted? I don't see the text of the proposed rule present in the relevant section here:
I wonder if Aliexpress SDR sellers follow this regulations. And as for transmission power, you can simply connect regulation-complying SDR to regulation-complying amplifier and work around it.
> By requiring high-school garage engineering to DOS your local RF services you prevent essentially everyone from doing it.
Likewise for requiring someone to change out drivers or firmware.
> The radio spectrum is limited and it must be regulated and follow regulations, enforcement is really hard, it's a lot easier and reasonable to dump it on the manufacturers by locking the juice behind closed firmware.
By far the largest problem in this space is users importing devices purchased via travel abroad or drop shipping and then those devices don't follow the rules.
Getting domestic users to follow the rules is not a significant problem because a) most people don't know how to modify firmware anyway, b) the people who do know how to do it are sophisticated users who are more likely to understand that there are significant penalties for violating regulatory limits and know they actually live in the relevant jurisdiction, c) if those users really wanted to do it they're the sort who could figure out how to do it regardless, and d) there is negligible benefit in doing it anyway (increasing power increases interference, including for you, and it works much better to just get a second access point).
I think an 80mph limit would be reasonable (10 over the limit in the UK).
I wouldn't be in favour of a hard 75mph because current speed limits are set by social consensus on the basis that they aren't strictly enforced. The police are extremely unlikely to stop you for doing 76mph in a 70, so I don't think your car should.
We should require that any devices that our lives depends on, especially devices that go inside our bodies, to be open source: not just reprogrammable, but with source code available for inspection and modification.
I've been working in this industry for too long in order to trust a closed source pacemaker to be bug-free.
We can have both freedom and safety by requiring re-certification after modification. Like when you heavily physically modify a car then you can still drive it after the authorities decide it is safe.
Technical point here but opinions are not illegal to have.
Besides that your point is missing the fact that you are dealing with outside services that provide a contract for their usage (GPS, GSM). You should be free to program your own devices but if you use an external service, then yes they can specify how you use their service. Those are contractual obligations. Cars on the road have clear safety risks and those are legal obligations. None of those obligations should govern what you do with your device until your device interacts with other people and/or services.
GPS doesn't come with a contract. It's a purely receive only system.
It wouldn't be fit for purpose (letting soldiers know precisely where they are on the globe) if it required transmission of any type from the user. That would turn it into a beacon an adversary could leverage.
The difference is apple doesn’t let you modify your device to use other services. Their contractual obligation goes beyond the service itself. That’s why EPIC won this case.
I don't really understand your point in restating this. Someone who says "X should be true" isn't going to be convinced that X should be false by reminding them that X is in fact false.
>GPS et al would be non-functional if everybody could make a jammer.
Then it should be illegal to make a GPS jammer. Making it illegal to reprogram a GPS receiver in any way is unnecessarily broad.
GPS is a bad example, but there are things that pose a physical threat to others that we maybe shouldn't tinker with. Like I think some modern cars are fly-by-wire, so you could stick the accelerator open and disable the breaks and steering. If it's also push-to-start, that's probably not physically connected to the ignition either.
It would be difficult to catch in an inspection if you could reprogram the OEM parts.
I don't care about closed-course cars, though. Do whatever you want to your track/drag car, but cars on the highway should probably have stock software for functional parts.
> Like I think some modern cars are fly-by-wire, so you could stick the accelerator open and disable the breaks and steering.
Essentially all passenger cars use physical/hydraulic connections for the steering and brakes. The computer can activate the brakes, not disable the pedal from working.
But also, this argument is absurd. What if someone could reprogram your computer to make the brakes not work? They could also cut the brake lines or run you off the road. Which is why attempted murder is illegal and you don't need "programming a computer" to be illegal.
> It would be difficult to catch in an inspection if you could reprogram the OEM parts.
People already do this. There are also schmucks who make things like straight-through "catalytic converters" that internally bypass the catalyst for the main exhaust flow to improve performance while putting a mini-catalyst right in front of the oxygen sensor to fool the computer. You'd basically have to remove the catalytic converter and inspect the inside of it to catch them, or test the car on a dyno using an external exhaust probe, which are the same things that would catch someone reprogramming the computer.
In practice those people often don't get caught and the better solution is to go after the people selling those things rather than the people buying them anyway.
> GPS is a bad example, but there are things that pose a physical threat to others that we maybe shouldn't tinker with. Like I think some modern cars are fly-by-wire, so you could stick the accelerator open and disable the breaks and steering. If it's also push-to-start, that's probably not physically connected to the ignition either.
I'm not seeing an argument here.
Cars have posed a physical threat to humans ever since they were invented, and yet the owners could do whatever the hell they wanted as long as the car still behaved legally when tested[1].
Aftermarket brakes (note spelling!), aftermarket steering wheels, aftermarket accelerator pedals (which can stick!), aftermarket suspensions - all legal. Aftermarket air filters, fuel injectors and pumps, exhausts - all legal. Hell, even additions, like forced induction (super/turbo chargers), cold air intake systems, lights, transmission coolers, etc are perfectly fine.
You just have to pass the tests, that's all.
I want to know why it is suddenly so important to remove the owners right to repair.
After all, it's only been quite recent that replacement aftermarket ECUs for engine control were made illegal under certain circumstances[2], and that's only a a few special jurisdictions.
What you are proposing is the automakers wet dream come true - they can effectively disable the car by bricking it after X years, and will legally prevent you from getting it running again even if you had the technical knowhow to do so!
---------------------------
[1] Like with emissions. Or brakes (note spelling!)
[2] Reprogramming the existing one is still legal, though, you just have to ensure you pass the emissions test.
>you could stick the accelerator open and disable the breaks and steering
This is silly. Prohibiting modifying car firmware because it would enable some methods of sabotage is like prohibiting making sledgehammers because someone might use one to bludgeon someone, when murder is already a crime to begin with.
How does being able to reprogram a GPS device make it into a jammer any more efficiently than grabbing three pieces of coal and running a few amps thru it? Or hell just buying an SDR on aliexpress!
The only reason it's "illegal" is because they were thinking people would use it to make missiles easily - but that's already the case even with non-reprogrammable gps. And in big 2025 you can also just use drones with bombs attached to it.
To be fair, millions people walking with guns around are much scarier than a guy which can jam GPS with a receiver. We have GPS jammed on a regular basis (including around airports when planes land/take off) and nothing bad happens.
IANAL but I don’t think OP is breaking any laws by having an opinion on this subject. [At least in the US] pretty much all opinions are completely legal.
• > "If you want to get along, go along." — Sam Rayburn
• > "Reform? Reform! Aren't things bad enough already?" — Lord Eldon
• > "We've always done it this way." — Grace Hopper (referred to it as a dangerous phrase)
• > "Well, when you put it that way..." — [List of millions redacted to protect the compliant]
Rebuttal:
• > "“The reasonable man adapts himself to the world: the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man.” ― George Bernard Shaw
• > "Yeah, well, ya know, that's just like, uh, your opinion man." — The Dude (In someone's pharmaceutically elevated dream, addressing the Supreme Court.)
No, I think we'll start with Apple and work our way down. Scale is everything when you're concerned about remediating market damages.
John Deere is already subject to extra regulation in Europe; it's only in America that they're allowed to molest consumers in the aftermarket. And Xbox has had sideloading for decades now, in case you were unaware: https://learn.microsoft.com/en-us/previous-versions/windows/...
