2.1 FCC SDR Rules
On March 11, 2005, the FCC released a set of rules outlining an alternative method for certification of devices whose radio frequency and power characteristics can be modified by software (such devices are designated Software Defined Radio devices).1 The rules allow manufacturers who have certified under the new process to update the software on the devices without re-certifying the devices with the FCC.

The rules require any manufacturer certifying a device under the new process to take steps to prevent “unauthorized” changes to the software on the device that might alter its radio frequency and power parameters in a way that takes it out of compliance with the regulations known as FCC Part 15 regulations.2 The specific technology implemented to accomplish this task is left to the manufacturers seeking certification, although the FCC suggests several possible mechanisms that can serve as such “security measures.”3

In response to a petition from Cisco Systems, Inc., the FCC issued a Memorandum Opinion and Order on April 25, 2007, making two clarifications to the rules.4 First, the FCC clarified the scope of the rules to require certification under the new process of any device that uses software to comply with the Part 15 regulations if such software is “designed or expected to be modified by a party other than the manufacturer.”5 Second, the FCC stated a position regarding the use of Free and Open Source Software (FOSS) on SDR devices. The FCC acknowledged the use of FOSS by device manufacturers and noted some of the advantages of FOSS for the industry. However, citing concerns regarding publishing information relating to security measures, the FCC stated that a SDR device which uses FOSS to build the “security measures” protecting the software against modification would face a “high burden” during the certification process “to demonstrate that it is sufficiently secure