The FCC’s router crackdown clouds the future of home Wi-Fi

The government has ruled that you won’t be able to buy new consumer routers made outside the United States. Well, unless you’re the government. The Federal Communications Commission said Monday that it is effectively banning new consumer routers from being imported into the U.S. based on concerns that they pose “unacceptable risks to the national security of the United States and to the safety and security of U.S. persons.” New devices that emit RF radiation of any type are governed by the FCC, which must issue a license for the device before it can be manufactured and sold in the U.S. The FCC now says that “routers produced in any foreign country” are being placed on the FCC’s “Covered List,” a list of companies whose products will not be approved for sale. It’s effectively a ban on new product sales and development, even if it isn’t explicitly written as such. The FCC didn’t explicitly prohibit any brands by name. However, virtually all consumer router brands would be covered by the FCC’s language. “The National Security Determination states that “[p]roduction generally includes any major stage of the process through which the device is made including manufacturing, assembly, design, and development,” the FCC stated in a FAQ posted to the government’s site . The FAQ includes several important clarifications, including both if a router is designed abroad, and manufactured in the United States, or vice versa. Both definitions fall under the “Covered” definition, the FAQ says. It also does not matter in which country that the router was developed or manufactured, including traditional U.S. allies like the United Kingdom (where Linksys is headquartered) or Taiwan, where much of the world’s contract manufacturing resides. But the restrictions that the FCC is placing on consumers do not apply to the government itself. “The Covered List does not restrict the import or sale of routers for the exclusive use by the federal government,” the FAQ adds. What consumers need to know about the router restrictions Consumers don’t have to worry, for now. Technically, virtually every router used by a consumer falls under the Covered List, but that list “does not restrict the continued use by consumers of previously-purchased devices,” the FAQ says. “Consumers will continue to be able to purchase previously authorized routers,” the FCC says, and those consumers who already own such routers “do not need to do anything.” Somewhat ironically, the FCC cited attacks like the Volt, Flax, and Salt Typhoon efforts as justification for its actions, stating that the United States must have “trusted supply chains” as a preventative measure against future cyberattacks. But one of the first things we recommend is to change the router’s default security settings and to make sure the router is patched and up to date. The FCC put a provisional stop sign of sorts on such updates, filing a waiver of prohibitions that would allow home consumer routers to “continue to receive software and firmware updates that mitigate harm to U.S. consumers at least until March 1, 2027.” Moving the router industry to the United States The FCC seems to be pursuing a similar strategy that the Trump Administration has taken with the chip industry, trying to use whatever powers are at its disposal to bring chipmaking inside the United States. Here, the government is not using tariffs or trade deals, but simply the power of the FCC to simply refuse to license new products. The problem, of course, is if all routers involve some sort of manufacturing and development, will any future routers actually be manufactured or developed? PCWorld reached out to a number of router makers without response. One exception was TP-Link, a router maker originally founded in China which moved its international headquarters to the United States before being sued by the state of Texas for allegedly not disclosing its ties to China. The case remains unresolved. “Virtually all routers are made outside the United States, including those produced by U.S.-based companies like TP-Link, which manufactures its products in Vietnam,” a spokesperson for TP-Link said in a statement Monday. “It appears that the entire router industry will be impacted by the FCC’s announcement concerning new devices not previously authorized by the FCC. TP-Link is confident in the security of our supply chain and we welcome this evaluation of the entire industry.” Netgear, which claims that its routers are manufactured by Foxconn and other contract manufacturers based in Taiwan, dodged the question of whether it would be affected or not by the FCC’s new order. “We commend the Administration and the FCC for their action toward a safer digital future for Americans,” the company said via a representatives. “Home routers and mesh systems are critical to national security and consumer protection, and today’s decision is a step forward. As a U.S.-founded and headquartered company with a legacy of American innovation, Netgear has long invested in security‑first design, transparent practices, and adherence to government regulations, and we will continue to do so.” On one hand, the FCC’s decision is governed by supply-chain concerns, where the government is apparently worried that a router passing through a foreign country might be compromised. “Routers in the United States must have trusted supply chains so we are not providing foreign actors with a built-in backdoor to American homes, businesses, critical infrastructure, and emergency services,” the government says. However, actually using foreign-made components is just fine, unless the routers uses a transmitter specified by the FCC’s rules. “A router produced in the United States is not considered ‘covered’ equipment solely because it contains one or more foreign-made components,” the FCC’s FAQ says. But there are loopholes The FCC does provide a way for new routers to earn an exception to the new rules. For now, the FCC listed certain “ Conditional Approvals ”. However, none of them are consumer routers by any stretch, however: They include control mechanisms for drones, including those made by SiFly, Mobilicom, the ScoutDI Scout 137 drone system, and the Verge Aero X1 drone system. Future “conditional approvals” will be governed by the Department of Defense and Department of Homeland Security, and router makers will be asked to email a specific email address asking to be added to the list. But perhaps the weirdest restriction is the lack of restriction. All manufacturers can simply self-certify their products as a domestic router, rather than being forced to go through a more formal approval process. “Applicants will need to be able to have sufficient evidence that the routers were not produced in a foreign country to make this certification, but there is no specific documentation or evidence required,” the FCC says. This story was updated at 11:19 AM PT with comment from Netgear.

Go to News Site