*Pages 1--42 from Microsoft Word - 46931.doc* Federal Communications Commission FCC 05- 57 1 Before the Federal Communications Commission Washington, D. C. 20554 In the Matter of Facilitating Opportunities for Flexible, Efficient, and Reliable Spectrum Use Employing Cognitive Radio Technologies ) ) ) ) ) ) ET Docket No. 03- 108 REPORT AND ORDER Adopted: March 10, 2005 Released: March 11, 2005 By the Commission: Commissioner Adelstein issuing a statement. Paragraph I. INTRODUCTION .............................................................................................................................................. 1 II. BACKGROUND............................................................................................................................................. 5 III. DISCUSSION ............................................................................................................................................... 18 A. COGNITIVE RADIO TECHNOLOGY DEVELOPMENTS ......................................................................................... 24 B. ENABLING COGNITIVE AND SOFTWARE DEFINED RADIO................................................................................... 36 1. Cognitive and software defined radio security .......................................................................................... 39 2. Submission of radio software..................................................................................................................... 63 3. Automatic frequency selection by unlicensed devices................................................................................ 72 C. INTERRUPTIBLE SPECTRUM LEASING .............................................................................................................. 80 IV. PROCEDURAL MATTERS....................................................................................................................... 94 V. ORDERING CLAUSES................................................................................................................................... 98 APPENDIX A: FINAL RULE CHANGES APPENDIX B: LIST OF COMMENTING PARTIES APPENDIX C: FINAL REGULATORY FLEXIBILITY ANALYSIS I. INTRODUCTION 1. Advances in technology are creating the potential for radio systems to use radio spectrum more intensively and more efficiently than in the past. Perhaps none of these advances holds greater potential for literally transforming the use of spectrum in the years to come than the development of 1 Federal Communications Commission FCC 05- 57 2 software- defined and cognitive, or “smart,” radios. Regardless of the regulatory model – licensed, unlicensed, or other new models – these technologies are allowing and will increasingly allow more intensive access to, and use of, spectrum than possible with traditional, hardware- based radio systems. 2. Software defined and relatively simple cognitive radio systems are already in use today. They include current cellular radio systems with capabilities such as transmit power control, handoff reconfiguration, and real time network control such as registration and control channel signaling. In addition, wireless local area networks are currently using adaptive techniques for channel identification, dynamic frequency selection, and adaptive modulation schemes for varying data throughput. The Commission has recognized cognitive capabilities in the rules as a means of allowing more efficient spectrum use. 1 Multiple organizations such as the Software Defined Radio Forum and the European Union are dealing with specific technical issues of importance to the deployment of software defined and cognitive radios. Numerous companies, often working with governmental agencies, are actively developing new products to take advantage of these capabilities. For example, one manufacturer has developed and obtained approval for a cellular base station that is designed to be remotely modified by software to enable operation with different modulation formats, thereby allowing a single base station to communicate with handsets employing different transmission formats. 2 We expect to see additional software- based products with new capabilities over the next few years. 3. Some parties envision that the full development of cognitive radio capabilities will, or should, lead to a vastly different model for spectrum use. These “futurists” see “smart radios” operating on an opportunistic basis, finding idle spectrum, using it as they need, then vacating the band for others to use, all without human intervention. This model presumes no need for spectrum policy, allocation tables, or regulatory bodies to manage spectrum resources. While we recognize that this model exists, we also believe that many technical, cost, and business issues will need to be addressed in the marketplace before widespread deployment of such radios may take place. Therefore, we need not, and do not, address today the potential implications of such a radical paradigm shift. We do need to consider, however, whether the advent of these ongoing developments in software- defined and cognitive or smart radios require changes or clarifications in our current rules and procedures. We neither wish to have our processes inadvertently be a barrier to the development and deployment of these technologies nor wish to permit the widespread deployment of radios easily susceptible of being misused to cause harmful interference to others. 4. In this Report and Order, we thus continue the process of modifying our rules to reflect these ongoing technical developments in radio technologies. When the Commission first adopted rules for software defined radios, it recognized that manufacturers were beginning to use software to help determine the RF characteristics of radios, and that our equipment rules, which assumed hardware changes were needed to modify a radio’s behavior, held the potential of discouraging development of software defined radios by requiring repeated approvals for repeated software changes. 3 In light of the Commission’s experience with these rules, and the record in this proceeding, we are here modifying and clarifying our equipment rules to further facilitate the development and deployment of software defined and cognitive radios. Specifically, we are eliminating the rule that a manufacturer supply radio software (source code) to the Commission upon request because such software is generally not useful for 1 See 47 C. F. R. §§ 15.323 and 15.407( h). 2 See FCC Approves First Software Defined Radio, News Release dated November 19, 2004. 3 See First Report and Order in ET Docket No. 00- 47, 16 FCC Rcd 17373,17377 (2001). 2 Federal Communications Commission FCC 05- 57 3 certification review and may have become an unnecessary barrier to entry. 4 We are requiring that a manufacturer supply a high level operational description of the radio software that controls its RF characteristics for certification of a software defined radio. We are also clarifying our rules to permit manufacturers to market radios that have the hardware- based capability to transmit outside authorized United States frequency bands, but have software controls to limit operation to authorized frequency bands when used in the United States. In addition, we are modifying the rules to ensure that radios with software that is designed or expected to be modified by a party other than the manufacturer have reasonable security measures to prevent unauthorized modifications that would affect the RF operating parameters or the circumstances under which the transmitter operates in accordance with Commission rules. Further, we describe the technical measures that cognitive radios could employ to allow secondary use of spectrum by lessees while maintaining the availability of the spectrum for a higher priority use by the licensee when needed. We conclude that such measures are, or will be, technically feasible, but see no need to adopt any particular technical model for interruptible spectrum use. These actions are taken to facilitate opportunities for flexible, efficient, and reliable spectrum use by radio equipment employing cognitive radio technologies and enable a full realization of their potential benefits. II. BACKGROUND 5. An accelerating trend in radio technologies has been the use of software in radios to define their transmission characteristics. The incorporation of cognitive radio technologies to allow the more efficient use of spectrum is also becoming increasingly common. As demonstrated in this and earlier proceedings, this Commission has a continuing commitment to recognize these important new technologies and make any necessary changes to its rules and processes to facilitate their development in the public interest. 6. Development of Cognitive Radio Technologies. Over the past several years, manufacturers have increased the computer processing capabilities of radio system technologies. As a result, radio systems are increasingly incorporating software into their operating design. Incorporating software programming capabilities into radios can make basic functions easier to implement and more flexible. As the capabilities have advanced, radio systems have been gaining increased abilities to be “cognitive”— to adapt their behavior based on external factors. This “ability to adapt” is opening up a vast potential for more flexible and intensive use of spectrum. 7. Radios traditionally were built with unalterable hardware devices that performed specific functions or operations, such as filters, mixers, amplifiers, and detectors. In certifying these radios, the Commission required circuit diagrams and performance specifications to test and verify compliance. With the development of digital logic and computing devices, software programmable processors could accomplish many of these same radio functions. Radios originally built strictly with hardware became transmitting/ receiving devices whose functionality was defined not by the hardware but instead by the software that ran on microprocessors and programmable electronic devices. The software in such a software radio was reconfigurable and could be easily modified or changed so that entirely different functionality could be attained by simply changing the software on a common hardware platform. 8. Modern radios incorporate software to provide new features and functions for consumers, but not all software has an effect on the radio frequency operating parameters of the device. For instance, games, web browsers and ring tones that are used in portable wireless devices normally have no impact 4 We always retain the right to request and examine any component (whether software or hardware) of a specific radio system when needed for certification under Commission rules. 3 Federal Communications Commission FCC 05- 57 4 on the RF characteristics of the host device. The Commission has never had regulations concerning the use of such software and this proceeding does not address the use of such software. Many modern radios do, however, contain software that affects the radio frequency operating parameters. For quite some time, the transmission characteristics of commercial radios have been controlled by software contained in the firmware embedded in the electronics of the radio. But, by virtue of this design, software changes that might alter a radio’s RF characteristics can not be easily made after the device is manufactured. 9. More recently, many radios have begun to incorporate microprocessors and digital electronics that produce radio signals whose operating parameters such as frequency and modulation type are determined by the software that runs on the microprocessor. Under our rules, such “software defined radios” include any “radio that includes a transmitter in which the operating parameters of frequency range, modulation type or maximum output power can be altered by making a change in software without making any changes to hardware components that affect the radio frequency emissions.” 5 In such software defined radios, the radio can be programmed to transmit and receive on any of a variety of frequencies and/ or to use one or more different transmission formats supportable by its hardware design. Until recently, the software installed at the factory that controls the radio frequency operating parameters in most software defined radios is not readily changeable after manufacture. The major advantage of software defined radios with non- modifiable software is to provide for economies in manufacture: the manufacturer can configure the same hardware product into any of a number of radios through software changes alone. Now, manufacturers are producing software defined radios in which the control software is designed or expected to be modified by a party other than the manufacturer. This ability to change software after manufacture potentially affords the user direct control over the radio’s capability to operate in a variety of frequency bands and/ or to use differing transmission characteristics to access available radio services consistent with the Commission’s technical and service rules. 10. A cognitive radio goes one step further, and empowers the radio to alter its transmitter parameters based on interaction with the environment in which it operates. Most commonly implemented through software in a software defined radio, 6 this interaction may involve active negotiation or communications with other spectrum users and/ or passive sensing and decision making within the radio. For instance, using a hardware- based design, a CMRS carrier wanting to install a cellular base station designed to serve multiple modulation formats would have to predetermine a fixed allocation of capacity among each of the supported formats. By contrast, a base station with cognitive radio capabilities could adopt a dynamic allocation of capacity among the different modulation formats on a real- time basis. With software defined radios as an implementation methodology, cognitive radios are now being built that can recognize factors in their environment and modify their performance characteristics by changes made via software defined radio techniques. 11. As radios become more intelligent, they gain greater flexibility and are able to adapt their RF behavior to identify and use spectrum that otherwise would not be available for fear of causing interference. Features that cognitive radios can incorporate to allow for more efficient, flexible spectrum use include. 5 See 47 C. F. R. § 2.1. 6 Radios with cognitive capabilities do not have to rely on software implementations, however. Cordless telephones, for instance, have long had the capability to select the best channel among a number of authorized channels based on relative channel availability. See also para 12, infra. 4 Federal Communications Commission FCC 05- 57 7 parameter changes, and supports upgrades to new standards through a software- only download. 18 The ability to operate with different modulation formats means that a single base station could communicate with handsets using different transmission formats, potentially allowing communication with a greater number of “roaming” users and potentially resulting in lower costs for wireless carriers and users than if multiple hardware- based transmitters had to be employed. 16. The Commission currently has several pending proceedings that address the use of cognitive radio technologies to improve the efficiency of spectrum use. For example, in two separate proceedings, the Commission proposed to require unlicensed devices to incorporate cognitive features to enable operation in the TV broadcast bands and in the 3650- 3700 MHz band without causing interference to licensed users in those bands. 19 In addition, we have recently opened additional opportunities that could tap the potential of cognitive radio technologies in our Secondary Markets proceeding. 20 17. On December 17, 2003, we adopted a Notice of Proposed Rule Making and Order (“ Notice”) in this proceeding to explore the uses of cognitive radio technology to facilitate improved spectrum access. 21 The Notice addressed: 1) the capabilities of cognitive radios, 2) permitting higher power by unlicensed devices in rural or other areas of limited spectrum use, 3) enabling the development of secondary markets in spectrum use, including interruptible spectrum leasing, 4) applications of cognitive radio technology to dynamically coordinated spectrum sharing, and 5) software defined radio and cognitive radio equipment authorization rule changes. A total of 56 parties filed comments and 14 parties filed reply comments in response to the Notice. 22 III. DISCUSSION 18. The growth of wireless services over the past several years demonstrates the vast and growing demand of American businesses, consumers, and government for spectrum- based communications. Spectrum access, efficiency, and reliability have become critical public policy issues. 18 See http:// www. vanu. com/ news/ prs/ fcc111504. pdf. 19 See Notice of Proposed Rule Making in ET Docket No. 04- 186, 19 FCC Rcd 10018 (2004) and Notice of Proposed Rule Making in ET Docket No. 04- 151, 19 FCC Rcd 7545 (2004). In a Report & Order also adopted today, we are opening the 3650- 3700 MHz band to terrestrial devices that incorporate contention- based technologies, FCC 05-___, ET Docket No. 04- 151 (adopted March 10, 2005). 20 See Report and Order and Further Notice of Proposed Rule Making in WT Docket No. 00- 230, 18 FCC Rcd 20604 (2003) and Second Report And Order, Order On Reconsideration, And Second Further Notice Of Proposed Rulemaking in WT Docket No. 00- 230, 19 FCC Rcd 17503 (2004). 21 See Notice of Proposed Rule Making and Order in ET Docket No. 03- 108, 18 FCC Rcd 26859 (2003). 22 A list of the parties that filed comments is included in Appendix B. Cornell University filed its reply comments on June 3, 2004, two days after the reply comment deadline of June 1, 2004. Cornell subsequently filed a motion for leave to accept the late- filed reply comments on June 4, 2004, stating that no parties will be prejudiced by the late filing of its reply comments and that they contain substantial and significant arguments that will contribute to reasoned decision making in this proceeding. We are accepting Cornell’s late- filed reply comments in the interest of obtaining as complete a record as possible in this proceeding. In addition, we note that several other parties filed ex- parte presentations after the close of the reply comment deadline. While the Commission is not obligated to consider the merits of such presentations, we will do so in the interest of obtaining as complete a record as possible in this proceeding. 7 Federal Communications Commission FCC 05- 57 8 We recognize the importance of new cognitive radio technologies, which are increasingly being used in spectrum- based communication systems and are likely to become more and more prevalent over the next few years. These technologies hold tremendous promise in helping to facilitate more effective and efficient access to spectrum by opening opportunities for spectrum use in space, time, and frequency dimensions that until now have been unavailable. The ability of cognitive radio technologies to adapt a radio’s use of spectrum to the real- time conditions of its operating environment offers regulators, licensees, and the public the potential for more flexible, efficient, and comprehensive use of available spectrum while reducing the risk of harmful interference. We are seeking in this proceeding to facilitate opportunities for flexible, efficient, and reliable spectrum use by radio equipment employing cognitive radio technologies. Our goal is to ensure that our rules and policies do not inadvertently hinder development and deployment of such technologies, but instead enable a full market- based realization of their potential benefits. 19. The development of cognitive radio technology has been and will continue to be evolutionary in nature. As the technology evolves, our intent is to delete, change, or adopt rules in phases so as to ensure that our rules facilitate the market- based development and deployment of these technologies. In this Report and Order, we first cover in some detail various wide- ranging efforts being undertaken today by both government and industry to further in the near term the development of cognitive capabilities in software- based radio systems and in the longer term the evolution into fully capable cognitive radio systems. 20. To facilitate the market- based development and introduction of new technologies into the market, we are addressing certain issues in this Report and Order that have arisen with respect to the certification of software- based radio equipment. 23 Based on our experience and the comments in the record, we modify and clarify certain of our rules that address software defined radios to facilitate the market based development of this technology. Specifically, we require radios in which the software that controls the RF operating parameters is designed or expected to be modified by a party other than the manufacturer to comply with the rules for software defined radios, including the requirement to incorporate security features to prevent unauthorized modifications to the software. We also modify the definition of software defined radio to include devices where a software change could make the device non- compliant with the Commission’s radio frequency emission rules. We are eliminating the rule that the manufacturer supply radio software (source code) to the Commission upon request for certification because such software is generally not useful for certification review and may have become an unnecessary barrier to entry. We always retain the right to request and examine any component (whether software or hardware) of a specific radio system when needed for certification under Commission rules. We are requiring that the manufacturer supply a functional description of the radio software that controls its RF characteristics and a description of the means that will be used to protect that software from unauthorized tampering. Furthermore, since these descriptions are apt to involve proprietary intellectual property, we will make provisions to keep these specific items confidential, for Commission use only. 21. This Report and Order also considers the technical measures that a cognitive radio could incorporate to enable secondary use of spectrum, yet allow the use of such spectrum to quickly and reliably revert back to the licensee when necessary. We conclude that such measures are, or will be, technically feasible, but see no need to adopt any particular technical model for interruptible spectrum leasing. 23 See FCC Approves First Software Defined Radio, News Release dated November 19, 2004. 8 Federal Communications Commission FCC 05- 57 9 22. In the Notice we proposed to allow unlicensed devices that employ cognitive radio technologies to operate at higher power in rural and other areas with limited spectrum use. 24 While we are not adopting any changes to allow higher power operation by unlicensed devices in this Report and Order, we continue to believe that cognitive radio technologies hold great promise to allow such higher power operation without interference to other spectrum users. We expect to further consider the issue of higher power unlicensed operation at a later date. 23. We also sought comment in the Notice on what tests might be needed to assure the compliance of licensed and unlicensed devices with any new rules for cognitive radio devices. 25 We listed a number of tests that we believed may be necessary for various types of cognitive radio devices. Upon further consideration, we do not believe that it is practical to develop generalized test procedures for cognitive radio devices because the functions that would need to be tested will vary depending on the specific application. Rather, we expect to develop test procedures on a case- by- case basis when new cognitive radio rules are developed, as is being done in the U- NII proceeding. 24. We received a number of comments from parties in response to the Notice, principally from commercial mobile radio service (CMRS) interests, that expressed concern that the Commission intended to adopt rules permitting involuntary sharing of licensed CMRS spectrum with unlicensed devices. 26 We did not propose to allow such sharing in the Notice in this proceeding and we are not adopting any changes herein that would allow such sharing. A. Cognitive Radio Technology Developments 25. The efforts being undertaken by industry, often working with governmental agencies, standards bodies, and others to research, develop, and implement various software- defined radio and cognitive radio capabilities have been striking. These accomplishments were made possible through various advanced radio technologies such as those of the Department of Defense Joint Tactical Radio System (JTRS) in development of a common software architecture and the first actual software defined radios. Industry, working in conjunction with the military, is also taking a lead in developing and implementing new technologies and is serving as the impetus for further technical developments that should spur the commercial deployment of SDRs and cognitive radios. In addition, efforts are underway within industry forums and standards organizations to adopt internationally accepted standards for software defined radios and cognitive radios. These efforts and the resultant technical developments undoubtedly will lead to even greater flexibility in the future, with some touting the ultimate adoption of radios incorporating a cognition cycle as the foundation for a fully flexible cognitive radio. 26. A key player in the early development software defined radio was the US Department of Defense with its Joint Tactical Radio System (JTRS) Program. This program was intended to develop a software architecture that could be used by all radio developers. Using a common architecture, modular hardware devices and software programs could be built that could be flexibly and interchangeably used in a common architectural framework, yielding reduced radio development and integration costs. The 24 See Notice at 26871. 25 See Notice at 26896. 26 See V- Comm L. L. C. reply comments at 3- 4, Verizon Wireless comments at 2, AT& T Wireless reply comments at 3- 4, Cingular/ Bellsouth comments at 5, CTIA comments at 5- 7, Nokia comments at 2, Nextel Partners comments at 3, and Wireless Communication Association comments at 6. 9 Federal Communications Commission FCC 05- 57 10 architecture became known as the Software Communications Architecture (SCA) and is currently in release as version 3.0. 27 This software architecture provides a common framework for operational flexibility, interoperability, reduced acquisition costs and enhancement via technology insertion. The SCA is defined as “the architectural concept that defines the essential core set of open software interfaces and profiles that provide for the deployment, management, interconnection, and intercommunication of software application components in embedded and distributed communications systems.” 28 Software defined radios considered to be SCA compliant are being built now under the auspices of the JTRS Program. 27. Commercial industry adopted the SCA through an industry association called the Software Defined Radio Forum. 29 The SDR Forum is an international, nonprofit organization dedicated to promoting the development, deployment, and use of SDR technologies for advanced wireless services and currently has over 100 member organizations. With the SDR Forum, the SCA became an industry-endorsed framework for the evolution and development of software- based radio. 28. The activities of the SDR Forum have increased substantially since its inception. Through international conferences, meetings, participation in standards bodies, and other activities, the Forum has expanded to include a multitude of activities contributing to the development of SDR technologies. They now include such things as technical developments in software portability and security issues, system interfaces, smart antenna technology, waveform developments, network architectures, and references for various software radio implementations. Forum members and participants have also been very active in development of tools for software defined radio design and development such as reference models and automated design tools. The SDR Forum has also established a Special Interest Group for Public Safety to ensure the continued development of SDR within the public safety sector. 29. Recognizing its global implications, the SDR Forum has teamed with and established liaison with other international organizations such as the End- to- End Reconfigurable Radio (E2R) Project Consortium that was established in 2004 by the European Commission. With a membership of over 28 organizations from 10 countries, the E2R Project now includes manufacturers, operators, academia, and research centers throughout Europe. The charter for this project is to “devise, develop and trial the architectural design of reconfigurable devices and supporting system functions to offer an expanded set of operational choices to the users, applications and service providers, operators, and regulators in the context of heterogeneous mobile radio systems.” 30 The efforts of the E2R consortium are complementing those of the SDR Forum by considering the implementation, reconfiguration, and conformity requirements for modular software- based radio systems. 30. The International Telecommunications Union (ITU) is also beginning consideration of the application of software defined radio concepts in IMT 2000 systems and systems beyond IMT 2000 (systems beyond 3G (B3G)) via Working Party ITUR- 8F and is broadening the scope of its software 27 See the DoD JTRS Program web site: http:// jtrs. army. mil/ index. htm. 28 Software Communications Architecture Specification, JTRS- 5000, SCA V3.0, August 27, 2004, Prepared by the Joint Tactical Radio System Joint Program Office. Available at: http:// jtrs. army. mil/ sections/ technicalinformation/ fset_ technical_ sca. html. 29 See the SDR Forum web site: http:// www. sdrforum. org/. 30 See the E2R web site at: http:// e2r. motlabs. com/ project_ overview. 10 Federal Communications Commission FCC 05- 57 11 defined radio regulatory policies in Working Party ITUR- 8A. 31 This effort is in the preliminary stages but suggests a worldwide acceptance of software defined radio techniques, policies, and procedures. At present, recommendations are being formulated for submission to the working parties to initiate ITU activity regarding SDRs. 31. An alternative but parallel effort is underway, sponsored by other groups who wish to develop SDRs with an open architecture approach to reconfigurable radio. These include the amateur radio community, kit manufacturers, and the GNU radio project. 32 These groups do not use the SCA, but instead favor an architecture open to anyone who may wish to contribute to its evolution via common software development. For example, the GNU radio project is now providing a development circuit board that can be used with a number of openly available software download packages or users can design their own software implementations. 32. Research activities on cognitive radio are ongoing within academia as well, and include universities and research centers around the world. For example, the SDR Forum Technical Conference in November of 2004 included more than 75 organizational participants. 33 Other examples include Virginia Tech’s Center for Wireless Telecommunications 34 and the University of California Berkeley Wireless Research Center. 35 These Centers have initiated active research programs for the development of cognitive radio technologies. One such project is exploring the use of cognitive technology to build public safety radios that are frequency and waveform agile and can adapt to alternative networking requirements and dynamic spectrum requirements. 33. The development of cognitive radio capabilities such as those already mentioned are the result of the rapid advance of various radio technologies – many providing benefits outside of the cognitive radio arena. Digital signal processors, analog- to- digital converters and field programmable gate arrays have provided the basic building blocks as processing platforms for software defined radios. At the same time, new design tools are allowing rapid prototyping and reconfiguration of these basic processors. Other new technologies, such as smart antennas, parallel processing, ad hoc and mesh networking, and multiple- input– multiple- output signal processing techniques are providing new opportunities for alternative and more advanced communications capabilities than simple software radio allows. In addition, new nanoscale technologies, such as the application of 65 nanometer (nm) scale integrated circuits, are fostering potentially revolutionary reductions in scale of devices and increased processing speeds that could permit multiple configurations within SDRs and CRs. Reducing the scale of processors and other microelectronic mechanical systems is continuing and the promise of even further 31 See ITU web site at www. itu. int/ ITU- R/ study- groups/ rsg8/ rwp8f/ index. asp, Document 8A/ 121- E, 15 SEP, 2004, Annex 9 to WP 8A Chairman's Report; "Working Document Towards a Preliminary Draft New Report: Software Defined Radio in Land Mobile Services". 32 See the GNU Radio web site at: http:// www. gnu. org/ software/ gnuradio/. 33 See http:// wwwsdrforum. org/ sdr04/ papers. html for a list of presenters at the SDR ’04 Technical Conference in November 2004. 34 See the Virginia Tech CWT web site at www. cst. vt. edu. 35 See the UCB web site at http:// bwrc. eecs. berkeley. edu/. 11 Federal Communications Commission FCC 05- 57 12 reductions is still ahead. 36 Nanoscale technologies also provide the promise for miniaturization of SDR processors and CR systems. Nanotubes for enhanced conductivity, nanoscale electronics for increasingly smaller scale and faster devices and circuits, and nanoscale electro- optics for enhanced computation and interconnection are the future of radio design. Coincident with hardware developments that aid SDR and CR design, new software developments such as application interfaces, conformance testing procedures, security measures, and reconfiguration management are continuing to provide avenues for more sophisticated, efficient, and reliable software routines that may greatly facilitate the development of increasingly sophisticated cognitive radios. 34. Cognitive radio technologies are the path of evolution of software defined radios from strictly radios whose operating characteristics can be modified via software changes to a fully flexible reasoning-based radios, that is, sophisticated radios that are able to recognize their environment and adopt new operational characteristics based on a reasoned assessment of the environmental and operational etiquette opportunities available to the devices. The flexibility of a fully realized cognitive radio model is based on the model of a six phase cognition cycle where radios apply the “Observe, Orient, Plan, Learn, Decide, Act” phases. 37 The process begins with the observation, or awareness, phase during which the radio autonomously acquires information about and recognizes its environment. For example, the radio acquires information regarding its physical environment including time (temporal context), space (geographical context), and frequency (physical interface context). Using this information, a fully flexible cognitive radio is able to process its sensory perceptions, orient itself, and establish a radio presence based on this existing knowledge. This knowledge base provides a foundation for the development of alternative options to planning phase of the cognition cycle. In a fully flexible cognitive radio, the radio will learn based on its past actions and experience, and incorporate that into its deliberations during the next two steps in the cognition cycle - the decide and act phases of the process. These phases are enabled by the software- reconfigurability nature of the radio implementations and allow the radios to use the strategy that the radio reasons 38 and arrive at a common operating state with other radios via a managed rendezvous strategy. 39 In this context, the devices may even be able to morph to various waveform implementations and thus employ heteromorphic waveform 40 solutions. After acting in a particular instance, a new generation of intelligence- based radio will then consider the results of its action, and will take into account its learning in future actions. This may lead to flexible implementations as well as new flexible spectrum management opportunities. 36 For a preview of the potential reduction in size of microprocessors, see examples at the Mentor Graphics web site (http:// www. mentor. com/ products/ ic_ nanometer_ design/ techpubs/ index. cfm? dt= Simulation) or the Intel web site (http:// www. intel. com/ research/ silicon/ nanotechnology. htm ). 37 Mitola, Joseph, III, “Cognitive Radio for Flexible Mobile Multimedia Communications.” IEEE International Workshop on Mobile Multimedia Communications, 1999, 15- 17 Nov. 1999, Pg 3 – 10. 38 Instantiation is the actual implementation in hardware and software of a particular set of operating parameters. See the definition at http:// searchsmallbizit. techtarget. com/ sDefinition/ 0, sid44_ gci212355,00. html. 39 A rendezvous strategy is the reasoning process and protocols or procedures for two transceivers to arrive at common operating parameters such as frequency and synchronization timing. 40 A heteromorphic waveform is a signal that can adapt its parameters and characteristics to the electromagnetic spectrum environment or in a purest sense can deviate from a normal, perfect, or mature form; having different forms at different stages of existence. 12 Federal Communications Commission FCC 05- 57 13 35. The development of fully cognitive radio technologies is being actively pursued now through programs such as the US Department of Defense Advanced Research Projects Agency (DARPA) Next Generation (XG) Radio Program. 41 For example, Raytheon Corporation, among others, has developed and is testing a prototype XG radio system 42 that is able to recognize spectrum use opportunities and reconfigure its software radio implementations to take advantage of those opportunities. We believe that the XG Program will be a catalyst for many further developments in cognitive radio technology. 36. The advent of cognitive radios and associated technologies has the potential to initiate a new era in radio frequency spectrum utilization. With radios that are able to recognize spectrum availability and able to negotiate protocols for rapid reconfiguration, these radios will employ software defined radio technologies to change their operational characteristics and open new opportunities for spectrum use. As highlighted in our Notice, applications such as dynamic spectrum sharing, interruptible spectrum sharing, and rapidly reconfigurable secondary markets in spectrum use will be attainable with cognitive radios. B. Enabling cognitive and software defined radio 37. Cognitive and software defined radio technologies have continued to evolve since we adopted rules for software defined radios in 2001. We also have gained greater experience with these technologies, authorizing the first radio under our software defined radio in November 2004. 43 Based on these continuing technical developments, our experience, and the comments in the record, we find that certain changes to the rules are appropriate at this time to facilitate the market- based development and deployment of these technologies. 38. In this section, we thus are making certain changes to our current rules and clarifying them in other respects. First we are modifying the definition of software defined radio to include radios that employ software that determines not just the operating parameters, but also the circumstances under which the radio transmits pursuant to those parameters. We clarify that equipment that is designed or expected to be modified by a party other than the manufacturer must be certified as software defined radios and comply with security requirements to prevent unauthorized modifications to the radio frequency operating parameters. We also clarify the security requirements that such equipment must meet. 39. In addition to these changes, we make several other changes to the authorization requirements for software defined radios. We find that the specific rule that requires manufacturers to supply a copy of their radio software (source code) to the Commission upon request is unnecessary because such software is generally not useful for certification review and may have become an unnecessary barrier to entry. In addition, the Commission already has authority to request to request and examine any component (whether software or hardware) of a radio system when needed for certification under Commission rules. 44 We therefore delete this requirement as discussed below. Further, we clearly define the 41 See the XG Program web site at http:// www. darpa. mil/ ato/ programs/ xg/ index. htm. 42 See the contract announcement at http:// www. prnewswire. com/ cgi-bin/ micro_ stories. pl? ACCT= 683194& TICK= RTN4& STORY=/ www/ story/ 08- 15- 2002/ 0001784186& EDATE= Aug+ 15,+ 2002. 43 See FCC Approves First Software Defined Radio, News Release dated November 19, 2004. 44 See 47 C. F. R. §§ 2.936, 2.943 and 2.946. 13 Federal Communications Commission FCC 05- 57 14 information about the radio software that must be submitted with applications for software defined radios. Additionally, we allow certification of certain Part 15 unlicensed transmitters that have the technical capability of operating outside Part 15 frequency bands, provided the equipment incorporates features to limit operation to authorized frequencies when used in the United States. 1. Cognitive and software defined radio security a. Software defined radio definition and applicability of rules 40. To reflect new kinds of conditions sometimes being included in our certification rules, we are broadening the definition of software defined radio to include devices where a software change could change not only the operating parameters of frequency range, modulation type or maximum output power, but also the circumstances under which a transmitter operates in accordance with Commission rules. For example, to make available otherwise unusable spectrum, we have required that certain radio transmitters include a DFS algorithm that further conditions use of spectrum beyond frequency range, modulation type, and maximum output. 45 We are also changing the rules to require certain equipment to comply with the rules for software defined radios, including the requirement to incorporate security features to prevent unauthorized modifications to the software that controls the RF operating parameters. Specifically, we are requiring equipment in which the software that controls the radio frequency operating parameters is designed or expected to be modified by a party other than the manufacturer to comply with the rules for software defined radios. Because this change is limited to radios that contain RF affecting software that is third party modifiable, we believe that this change will affect only a small subset of equipment available in the marketplace today. We are making no change to the authorization requirements for the vast majority of devices such as cellular/ PCS telephones, Wi- Fi equipment and two-way radios where the software that controls the RF operating parameters is not designed or expected to be modified by a party other than the manufacturer. 46 41. Background. The Commission first adopted rules for software defined radios in 2001. 47 In that proceeding, the Commission defined a software defined radio as “a radio that includes a transmitter in which the operating parameters of frequency range, modulation type or maximum output power (either radiated or conducted) can be altered by making a change in software without making any changes to hardware components that affect the radio frequency emissions.” 48 This definition was not intended to cover devices such as cellular telephones that use software simply to control functions such as power or frequency within a range approved by the Commission, unless the maximum power or frequency range 45 In 2003 the Commission added 255 MHz of spectrum at 5.470- 5.725 GHz where U- NII equipment could operate. See Report and Order in ET Docket No. 03- 122, 18 FCC Rcd 24484 (2003). The rules require U-NII equipment operating in this band to incorporate DFS to protect Federal Government Radar systems that also operate in this band. 46 Many transmitters such as cellular and cordless telephones, Wi- Fi devices and two- way radios operate on multiple channels within a predetermined frequency band or bands. The fact that channels can be changed within predetermined bands automatically by software or manually by a user would not necessitate that a device be certified as a software defined radio. However, if the frequency range of a device could be changed by software then that device would have to be certified as a software defined radio if the software was designed or expected to be modified by a party other than the manufacturer. 47 See First Report and Order in ET Docket No. 00- 47, 16 FCC Rcd 17373 (2001). 48 See 47 C. F. R. § 2.1. 14 Federal Communications Commission FCC 05- 57 15 could also be modified by making a change in software. 49 At the time this definition was adopted, the equipment authorization rules primarily addressed the frequency ranges, modulation types and maximum power or field strength levels of equipment. More recently, certain equipment rules now require features that limit when a radio can transmit even within authorized ranges, such as DFS for U- NII devices. 50 42. The rules for software defined radios were modeled after the rules for hardware- based equipment, in that a software defined radio will be approved only if the applicant for certification demonstrates that the equipment complies with the technical requirements in one or more specific service( s) or rule part( s) as is required for hardware- based devices. Hardware- based devices are generally not designed to be modified by a party other than the manufacturer. However, the Commission has held that a hardware- based device that can easily be altered to activate a capability of operating in additional frequency bands is subject to equipment certification under the rules that apply in those bands prior to marketing or importation. 51 In the SDR Proceeding, the Commission recognized that a software- defined radio might be easier to modify than hardware- based devices. As a matter of policy, the Commission wanted additional assurances that manufacturers of software- based equipment would take steps to prevent abuses, so it adopted a requirement that a device that is certified as a software defined radio must incorporate a means to ensure that only software that is part of an approved hardware/ software combination can be loaded into a radio, and the software must not allow the radio to operate with parameters outside of those that were approved. 52 To eliminate the need for manufacturers to file a complete new application and re- label equipment when software changes that affect the RF operating parameters are made after the initial equipment approval, the Commission established a streamlined authorization procedure for changes to the software that controls these parameters. 53 The rules require an applicant for equipment authorization, or the grantee or other party responsible for the compliance of the equipment, to supply a copy of the software that controls the RF operating parameters to the Commission upon request. 54 The rules for software defined radios are permissive; meaning that a manufacturer does not have to declare that a device is a software defined radio in the application for certification, even if the device meets the definition. 49 See Notice of Proposed Rule Making in ET Docket No. 00- 47, 15 FCC Rcd 24442, 24450 (2000). 50 See 47 C. F. R. § 15.407( h). 51 See In the Matter of Pilot Travel Centers, L. L. C., Knoxville, Tennessee, Notice of Apparent Liability for Forfeiture, 19 FCC Rcd 23113, 23114 (2004). In this forfeiture proceeding, the Commission issued a Notice of Apparent Liability for violations of Section 302( b) of the Communications Act of 1934, as amended, and Section 2.803( a)( 1) of the Commission’s rules for marketing unapproved radio transmitters. The transmitters in question were marketed as amateur equipment, which is normally exempt from a certification requirement. However, the transmitters had the capability of being easily altered to operate on frequency bands in the Citizen’s Band (CB) Radio Service, so the Commission held that they met the definition of a CB transmitter under Section 95.603( c) of the rules, which requires such transmitters to be certified before they can be imported into or marketed within the United States. The equipment being marketed, which complied with all requirements for amateur equipment, was capable at transmitting at power levels well above those permitted for CB transmitters. 52 See 47 C. F. R. § 2.932( e). 53 See 47 C. F. R. § 2.1043( b)( 3). 54 See 47 C. F. R. § 2.944. 15 Federal Communications Commission FCC 05- 57 16 43. Of course, many radios that meet the definition of a software defined radio are not designed or expected to be modified by a party other than the manufacturer. For instance, many radios incorporate software on chips that can not be easily reprogrammed or replaced by a user. However, some newer radios are being designed so that the software that controls the radio frequency operating parameters can be modified or replaced after manufacture by a party other than the manufacturer. Common techniques employed include a keypad, over- the- air, or through an interface that connects to a computer or other programming device. In the Notice, we sought comment on the need to require equipment in which the RF affecting software is user modifiable to comply with the requirements for software defined radios, including the requirement to incorporate security features. 55 Additionally, we sought comment on the types of devices to which this requirement should apply, including how the rules should distinguish between transmitters that must be certified as software defined radios and those that need not be. 56 44. Comments. A number of parties support a requirement for devices to comply with the rules for software defined radios if the software and operating parameters can be easily changed post-manufacture and/ or that pose a high risk of causing interference to licensed services such as public safety. 57 Intel states that those devices that use software defined radio as a manufacturing technique and are not intended to be modified in the field should not be required to be declared as software defined radios, and that the Commission should impose requirements on only those devices where the manufacturer intends to allow modifications in the field. 58 Vanu, Inc., a manufacturer of software defined radios, believes that mandatory certification as software defined radios may be desirable when harmful interference may result from a foreseeable modification to the device’s software by a third party. It states that the Commission could adopt security requirements that are not limited to radios that meet the definition of software defined radios. 59 The National Public Safety Telecommunications Council and the SDR Forum believe that the Commission’s concern should not be that a radio could be reprogrammed on an individual basis because the number of radios potentially affected that way would not be significant. 60 They state that the Commission’s concern should be that large numbers of radios could be remotely modified simultaneously (e. g., through a cellular network or over the Internet), and support a requirement to incorporate security features in all software defined remotely programmable radios that are capable of transmitting in public safety or restricted bands, regardless of whether they are declared as software defined radios. 61 Cingular/ Bellsouth believe that the Commission should apply security requirements to all software defined remotely programmable transmitting devices whether they are declared as software defined radios or not. 62 Cisco states that devices that can be reprogrammed in the field by the end user 55 See Notice at 26892. 56 Id. 57 See Intel comments at 5, Vanu comments at 4, the NPSTC comments at 19, Cingular/ Bellsouth comments at 28, Cisco comments at 12 and SDR Forum comments at 6- 7. 58 See Intel comments at 5. 59 See Vanu comments at 4. 60 See NPSTC comments at 19 and SDR Forum comments at 6. 61 See NPSTC comments at 19 and SDR Forum comments at 7. 62 See Cingular/ Bellsouth comments at 28. 16 Federal Communications Commission FCC 05- 57 17 should be treated as software defined radios for equipment authorization purposes, while those devices that cannot be reprogrammed by the end user need not be authorized as software defined radios. 63 45. Sirius/ XM and Nextel Partners also support mandatory certification as software defined radios. Sirius/ XM state that mandatory software defined radio registration is a rational approach to protecting licensed services and places the burden to avoid interference on the unlicensed and not the licensed user. 64 Nextel Partners state that software defined radio manufacturers should be required to identify their technologies as such and should not be permitted to avoid Commission- imposed requirements by mischaracterizing or failing to fully declare the capabilities of their devices. 65 46. Several parties oppose a requirement to certify certain equipment as software defined radios. 66 The Wi- Fi Alliance expresses concern about the added burden on manufacturers and Commission staff if mandatory software defined radio categorization is imposed on hundreds of WiFi device applications. 67 Motorola opposes any rule requiring it to declare whether a device constitutes a software defined radio, stating that the definition of software defined radio is too broad to ensure that certain devices are not improperly included. Motorola further argues that such a requirement could improperly restrain the development of certain technologies. 68 Ericsson and TIA also oppose any requirement that manufacturers or importers declare certain equipment as software defined radios, stating that the current rules provide adequate safeguards against unauthorized modifications to software defined radios. 69 They further state that a mandatory software defined radio declaration in the filing for some devices could be a disincentive to the deployment of software defined radios and burden industry by inhibiting robust development of an efficient manufacturing technique. 70 47. Discussion. We conclude that it is necessary to modify our rules to help ensure that certain radios incorporating software cannot be easily modified on an unauthorized basis and cause harmful interference or otherwise violate our rules. Specifically, to conform the definition of software defined radio to the evolving nature of our certification requirements, we are first modifying that definition to include radios that employ software that determines not just the operating parameters, but also the circumstances under which the radio transmits pursuant to those parameters. Second, we are requiring software defined radios whose relevant RF affecting software is designed or expected to be modified by a party other than the manufacturer to comply with the rules for software defined radios, including the requirement to incorporate security features (further discussed below) to prevent unauthorized modifications to the software. 63 See Cisco comments at 12. 64 See Sirius/ XM reply comments at 5. 65 See Nextel Partners comments at 8. 66 See Wi- Fi Alliance comments at 5, Motorola comments at 19, Ericsson comments at 20 and TIA comments at 8. 67 See Wi- Fi Alliance comments at 5. 68 See Motorola comments at 19. 69 See Ericsson comments at 20 and TIA comments at 8. 70 See Ericsson comments at 20 and TIA comments at 8. 17 Federal Communications Commission FCC 05- 57 18 48. We modify our definition of software defined radio because, under recent rules, certain software changes that do not directly affect the technical operating parameters affect whether the device can be certified under our rules. The direct effects are addressed in the current definition of a software defined radio: frequency range, modulation type or maximum output power (either radiated or conducted). 71 Our rules, however, now sometimes require additional radio functions such as DFS to prevent interference to other users. Even though these functions are being implemented and controlled by software in a radio, they do not currently fall within the definition of a software defined radio. In its comments, Vanu suggested that the Commission could consider security requirements that are not limited to radios that meet the definition of software defined radios. We agree with Vanu that we should not limit our consideration of radio security issues only to those radios within the current software defined radio definition. 49. Consistent with the above, we are changing the definition of software defined radio to address software changes that directly or indirectly affect the compliance of a device with the Commission’s rules. The modified definition will read as follows. Software defined radio. A radio that includes a transmitter in which the operating parameters of frequency range, modulation type or maximum output power (either radiated or conducted), or the circumstances under which the transmitter operates in accordance with Commission rules, can be altered by making a change in software without making any changes to hardware components that affect the radio frequency emissions. 50. We are also changing the applicability of our rules to address software defined radios with relevant software that is designed or expected to be modified by a party other than the manufacturer. If a radio is not certified as a software defined radio, a manufacturer is not required to demonstrate in the equipment certification process that it incorporates features designed to prevent unauthorized changes to the software that would permit violation of Commission rules the equipment’s certification, thus increasing the risk of interference to authorized radio services. We find that such a showing is in the public interest when a radio’s RF- affecting software is designed or expected to be modified by a third party other than the manufacturer. In addition to minimizing the potential for unauthorized modifications to software defined radios, these changes will benefit manufacturers by allowing them to take advantage of the streamlined Class III permissive change procedure when they develop revised software that affects the RF operating parameters of the radio. 72 51. We find that the rules we are adopting that require the certification of certain radios as software defined radios will not be unduly burdensome on manufacturers or restrain the development of technology. Only a relatively small number of radios will be affected by this requirement because most RF affecting radio software is not designed or expected to be modified by a party other than the manufacturer, and we are not changing the rules for radios that are not designed or expected to be modified by a party other than the manufacturer. Thus, there will be no change to the authorization requirement for the vast majority of devices including cellular/ PCS telephones, land mobile transceivers 71 See 47 C. F. R. § 2.1. 72 The Class III permissive change allows a manufacturer to obtain approval for changes in the software that control the operating parameters in a software defined radio without the need to file a complete certification application or change the FCC identification number on the device. The Class III change is permitted only for radios that were declared as a software defined radio at the time of the initial certification. See 47 C. F. R. § 2.1043( b)( 3). 18 Federal Communications Commission FCC 05- 57 19 and Wi- Fi equipment, provided the software that directly or indirectly controls the RF emissions of these devices is not designed or expected to be modified by a party other than the manufacturer. Also, manufacturers of radios that are software modifiable typically already take steps to prevent unauthorized modifications to the software in a radio, so we expect that only rarely will manufacturers have to make significant design changes to comply with the security requirements. In addition, as discussed below, we are adopting changes to simplify the information that must be submitted with an application for a software defined radio. Finally, we find that the requirements we are adopting are consistent with the Commission’s authority under Section 302 of the Communications Act to make reasonable regulations, consistent with the public interest, which govern the interference potential of radio frequency devices. 73 52. We find that the standard we are adopting adequately protects against interference to other users. We disagree with the commenters who argue that only radios that can be remotely modified in large numbers should be required to be certified as software defined radios. We first find that this definitional standard to be too difficult to apply. We also note that a radio that lacks security features to prevent unauthorized changes to the RF operating parameters could be easily modifiable to operate in unauthorized bands, and therefore has a high potential to interfere with authorized users in many different bands, including public safety bands. We therefore find that the requirement to certify certain radios as software defined radios should apply to all radios which are software modifiable by the user, not just those which could be remotely modified in large numbers. 53. Permissive changes to software defined radios. We are modifying the Class III permissive change rule, Section 2.1043( b)( 3), to make the wording consistent with the modified definition of software defined radio adopted above. Additionally, we are setting forth a policy for permissive changes to radios that were approved before the effective date of the rules adopted herein. Specifically, when a grantee wishes to make a permissive change to a previously approved device, the device will be continue to be classified in the same manner that it was at the time it was originally certified, i. e., software defined or non- software defined radio. Thus, a device that was approved as a non- software defined radio before the rules adopted herein become effective will not have to be re- certified as a software defined radio even if it meets the new standard for mandatory certification as a software defined radio. A device that was certified as a software defined radio will continue to be treated as such when a request for a permissive change is filed. Parties should note that we are not changing the requirement that Class III changes are permitted only for software defined radios in which no Class II changes have been made from the originally approved device. b. Security requirements for software defined radios 54. We are clarifying the requirements in the rules that are intended to prevent unauthorized changes to the operating parameters of software defined radios. The Commission’s equipment approval rules currently require that manufacturers take steps to ensure that only software that has been approved with a software defined radio can be loaded into such a radio. 74 The current rule states that the software must not allow the user to operate the transmitter with frequencies, output power, modulation types or other parameters outside of those that were approved. 75 Manufacturers may use authentication codes or 73 See 47 U. S. C. § 302. 74 See 47 C. F. R. § 2.932( e). 75 Id. 19 Federal Communications Commission FCC 05- 57 20 any other means to meet these requirements, and must describe the methods in their application for equipment authorization. 76 55. In the Notice, we sought comment on whether the rules provide adequate safeguards against unauthorized modifications to software defined radios or whether more explicit security requirements are necessary, such as requiring electronic signatures in software to verify the software’s authenticity .77 We also sought comment on whether there should be limits to a manufacturer’s liability in the event that reasonable security methods ultimately are broken, specifically, whether a manufacturer would be deemed compliant with the rule requiring security measures to prevent unauthorized software modifications, if it has taken measures that are “commercially reasonable” in light of standards employed in the software defined radio industry at the time, provided it has not marketed a device containing a known software vulnerability. 78 56. Commenters are generally supportive of the Commission’s current requirements that allow the security of software defined and cognitive radios to be addressed by industry and state that this approach allows industry to incorporate new and more advanced security measures into equipment without the need for Commission action. 79 Dell believes that, in addition, there should be limitations on the liability of a manufacturer that meets or exceeds an industry standard for security methods in the event that equipment is found to be modifiable by end users. By contrast, Intel believes this approach would be counterproductive because such a rule could encourage manufacturers to design equipment to meet a standard that may not address the actual threat of modifications to a specific device. 80 57. We find that the current approach that manufacturers take steps to prevent unauthorized changes to the software in a radio, but does not require the use of specific security measures, is the most appropriate method to ensure the security of software defined radios. This approach allows manufacturers to respond to improvements in security technology more quickly and with the best solutions for a particular product because no Commission action is necessary to permit manufacturers to use new security technologies. Therefore, we are maintaining the current security requirement. The record shows that manufacturers are aware of the need to incorporate security measures in software defined radios and are in fact doing so. 81 We note that NTIA has recommended that, as a long term goal, we consider requiring “Protection Profiles” – an approach currently under consideration in the SDR Forum -- as part of the equipment certification process for software defined radios. 82 After industry progresses further in its deliberations, we may consider the possible applicability of Protection Profiles, or 76 Id. 77 See Notice at 26894. 78 Id. 79 See AT& T Wireless comments at 16- 18, Wi- Fi Alliance comments at 6, ITI comments at 8- 9, Motorola comments at 20, Cisco comments at 12, Dell comments at 4, Intel comments at 7 and SDR Forum comments at 7. 80 See Dell comments at 4 and Intel comments at 7. 81 See Cingular/ BellSouth comments at 28, Dell comments at 4, Intel comments at 5 and ITI comments at 7. 82 See NTIA comments at 33- 36. 20 Federal Communications Commission FCC 05- 57 21 certain concepts of Protection Profiles, to equipment certification in a future proceeding that addresses the security of software defined and cognitive radios. 58. Our security requirements for software defined radios give manufacturers flexibility to determine the appropriate security measures for a device. However, manufacturers also have the responsibility to choose security measures that can not be easily defeated by unintended parties. In the event that a software defined radio is found to be easily modifiable by end users, we would expect the responsible party as defined by our rules to immediately cease marketing the equipment and to take steps to ensure that future production of the equipment complies with the rules. Any potential forfeiture for non- compliance with the software defined radio security requirements would be considered on a case- by-case basis, taking into account all relevant factors, in the same manner as forfeitures are considered for non- compliant hardware- based equipment. In determining whether to issue any forfeiture penalties for a non- compliant device, the Commission takes into account the nature, circumstances, extent and gravity of the violations and, with respect to the violator, the degree of culpability, any history of prior offenses, ability to pay, and such other matters as may be relevant and appropriate. 83 The Commission has specific guidelines for assessing forfeitures, but may issue higher or lower forfeitures than provided in the guidelines, issue no forfeiture at all, or apply alternative or additional sanctions as permitted by statute. 84 59. We decline to establish specific limitations on the responsible party’s liability for a device that incorporates specific type( s) of security measures in the event that it is later determined that unauthorized modifications can be easily made to the radio frequency operating parameters of the device. As discussed above, the responsible party’s liability for a non- compliant device is most appropriately determined on a case- by- case basis. Further, we agree with Intel that such an approach could be counterproductive because manufacturers would tend to design equipment to incorporate specific security features and may have little incentive to design equipment with robust security features, especially where more secure features add cost to a device. However, the Commission may consider compliance with industry security standards as a factor in determining the responsible party’s liability. 60. We are simplifying the structure of the rules for software defined radios by moving the security requirements for software defined radios from Section 2.932( e) into Section 2.944. Section 2.944 currently contains a requirement for parties to submit a copy of radio software to the Commission upon request. As discussed below, we are changing that requirement as well as the applicability of the security requirements for software defined radios. We are placing the requirements for software defined radios into a single rule section, Section 2.944, for easier reference. We are also modifying Section 2.1033, which lists the information to be included in an application for certification, to make clear that an application for certification of a software defined radio must include the information specified in the revised Section 2.944. 61. As part of the revisions to Section 2.944, we are providing specific examples of the types of security measures that the Commission may consider to be acceptable for preventing unauthorized modifications to equipment. 85 These examples are intended only to provide guidance to industry, and the 83 See 47 C. F. R. § 1.80( b)( 4). 84 Id. 85 See 47 C. F. R. § 2.944. This section previously addressed only the requirement to submit a copy of radio software upon request. The issue of the submission of radio software is also addressed in this Report and Order. 21 Federal Communications Commission FCC 05- 57 23 certification review and may have become an unnecessary barrier to entry. 91 We are also requiring applicants for certification of software defined radios to supply a high level operational description of the software that controls the RF operating parameters. 64. In the Notice, we proposed to make these changes because of the expected complexity and variations in the programming languages of the software used to control radio operating parameters, stating that examining radio software is unlikely to be an effective way to determine whether unauthorized changes have been made to a device. 92 We stated that a high level description of the radio software and flow diagram of how the software works would be more useful in understanding the operation of a device and its security measures than a copy of the software. 65. Parties generally support requiring the submission of a software description and flow diagram with a certification application rather than actual radio software. 93 Motorola agrees that receiving actual software would not prevent unauthorized changes because source code is compiled before loading and additional changes are made after the loading process, and that the requirement is superfluous because the rules require the equipment to comply with technical requirements and require manufacturers to provide sample devices and records upon request. 94 It requests that the Commission grant the material full confidential treatment because it would be highly proprietary software information and real competitive harm could be caused to a manufacturer if competitors were to access it. 95 TIA believes that the Commission should institute appropriate safeguards to ensure that flow diagrams are not made available to the general public. 96 The SDR Forum, Cingular/ Bellsouth and the National Public Safety Telecommunications Council recommend that the Commission permit Telecommunication Certification Bodies (TCBs) to certify software defined radios because applicants have confidence that a TCB will keep information about devices confidential. 97 The Wi- Fi Alliance supports removing the requirement to supply source code upon request, but does not believe there is a need to supply a software description and flow diagram because such a description will not realistically assist the Commission or TCBs in judging if a device meets the applicable authorization requirements. 98 It states that if a requirement for a flow diagram is created then it should be limited to explaining the protection measures implemented to prevent 91 See 47 C. F. R. § 2.944. Failure to comply within 14 days may be grounds for denial of equipment authorization or monetary forfeitures. See also 47 C. F. R. § 2.1043( b)( 3). 92 See Notice at 26891. 93 See TIA comments at 8, Motorola comments at 19- 20, Vanu comments at 3, Technology Companies reply comments at 11, Wi- Fi Alliance comments at 8 and Intel comments at 3. 94 See Motorola comments at 19. 95 See Motorola comments at 20. 96 See TIA comments at 8. 97 See SDR Forum comments at 8, Cingular/ Bellsouth comments at 29 and National Public Safety Telecommunications Council comments at 12. TCBs are private sector bodies that have been designated to approve radio frequency equipment in the same fashion as the Commission. 98 See Wi- Fi Alliance comments at 8. 23 Federal Communications Commission FCC 05- 57 24 unauthorized modifications to a device’s software rather than an open- ended, comprehensive explanation of the device’s software architecture. 99 66. Cingular/ Bellsouth believe that the Commission should require applicants to submit source code for devices to ensure that certain operational characteristics are maintained within the scope of the authorization and that the transmitting device can not be misappropriated for improper operation. 100 They state that if the Commission deletes the current requirement, it must ensure that software changes affecting RF emission characteristics of devices do not cause interference to licensed operators. 101 67. We are removing the requirement that an applicant for authorization of a software defined radio or the grantee or other party responsible for the compliance of a software defined radio submit a copy of the software that controls the radio frequency operating parameters upon request. We find that a copy of software source code is generally not be a useful aid in determining whether unauthorized changes have been made to the operating parameters of a device because software changes that have no effect on these parameters are frequently made by manufacturers. We also are concerned that this specific rule may be overly burdensome because we have observed that some equipment that could be authorized under the rules for software defined radios is not being authorized under these rules. 102 The fact that the software in a device being marketed may differ somewhat from software previously supplied to the Commission would not necessarily indicate that any unauthorized changes have been made to a device’s RF affecting operating parameters. In the event that questions arise about the compliance of a particular device, the Commission has the authority to request and examine any component (whether software or hardware) of a radio system when needed for certification under Commission rules without the need for a specific requirement to submit radio software. Grantees of equipment certification are required to maintain records of equipment specifications and any changes that may affect compliance and must make these records available for inspection by the Commission. 103 Further, the party responsible for the compliance of the device or any party who markets the device must supply a sample of the device to the Commission upon request. 104 99 Id. 100 See Cingular/ Bellsouth comments at 26. 101 Id. 102 For example, some manufacturers have indicated to Commission staff that they have obtained approval for U- NII transmitters in which additional frequency bands can be added by replacing software drivers, but these transmitters were not certified as software defined radios. The Commission made an additional 255 MHz of spectrum available at 5.470- 5.725 GHz where U- NII equipment could operate in the Report and Order in ET Docket No. 03- 122, 18 FCC Rcd 24484 (2003). The rules require U- NII equipment operating in this band to incorporate DFS to protect Federal Government Radar systems that also operate in this band. The Commission, the National Telecommunications & Information Administration (NTIA), the Department of Defense (DOD) and the industry are continuing to develop the testing methodologies for ensuring that DFS adequately protects Federal Government radar systems, so measurement procedures for certifying U- NII devices containing DFS capabilities have not yet been finalized. Thus, U- NII devices can not yet be certified to operate in the new frequency band. 103 See 47 C. F. R. §§ 2.936( a) and 2.938( a). We note that Sections 303( e) and Section 4( i) of the Communications Act continue to give the Commission authority to request data that will assist us in carrying out our responsibilities under the Act. See 47 U. S. C. §§ 154( i) and 303( e). 104 See 47 C. F. R. §§ 2.931, 2.936( b), 2.943, 2.945 and 2.946. 24 Federal Communications Commission FCC 05- 57 25 68. We are adopting a requirement to submit a high level software operational description or flow diagram. The requirement we are adopting is analogous to the requirements in the rules that were developed for hardware based equipment that require applicants for equipment certification to supply a block diagram, schematic diagram and a brief description of the circuit functions of a device, along with a statement describing how the device operates. 105 In this regard, the software operational description or flow diagram must describe or show how the RF functions in the radio, including the modulation type, operating frequency and power level are controlled or modified by software, and must describe the security or authentication methods that are incorporated to prevent unauthorized software changes. The description can include text, logic or flow diagrams, state descriptions 106 or other material that provides the Commission’s staff with a reasonable understanding of the operation of a device being certified and whether the device complies with the rules. The Commission’s staff will work with applicants for certification to ensure that these requirements are clear and will issue appropriate additional guidance as necessary. 69. In circumstances in which commercial information is required to be submitted to the government, the Commission, consistent with statute, may withhold such records where release would likely cause substantial harm to the competitive position of the submitting party. 107 The Commission’s rules explicitly list certain types of materials in the category of trade secrets and commercial and financial information that are automatically afforded certain degrees of protection from public inspection. 108 As a general matter, the harm must flow from affirmative use of the information by competitors and not consist solely of injuries that flow from customer disgruntlement or public embarrassment. 109 We also are obliged to consider any adverse impact that disclosure might have on government programs, including the impact on the Commission’s ability to implement its statutory responsibility under the Communications Act. 110 70. We agree with TIA and Motorola that information on how software within a software defined radio operates would be company proprietary information and that making this information publicly available would result in competitive harm to a manufacturer. Further, we find that information on the 105 See 47 C. F. R. § 2.1033( b)( 4) and (b)( 5). 106 A state description is the current or last known status of a process, such as a software routine in a radio. 107 See 5 U. S. C. § 552( b) (4) (under exemption 4 of the Freedom of Information Act, agencies may withhold “trade secrets and commercial or financial information obtained from a person [that is] privileged or confidential”). See also Critical Mass Energy Project v. NRC, 975 F. 2d 871, 880 (D. C. Cir. 1992) (en banc); National Parks & Cons. Ass’n v. Morton, 498 F. 2d 765 (D. C. Cir. 1974). 108 See 47 C. F. R. § 0.457( d)( 1). 109 See, e. g., CNA Fin. Corp. v. Donovan, 830 F. 2d 1132, 1152, 1154 & n. 158 (D. C. Cir. 1987); Public Citizen Health Research Group v. FDA, 704 F. 2d 1280, 1291 n. 30 (D. C. Cir. 1983); Gen. Elec. Co. v. NRC, 750 F. 2d 1394, 1402 (7th Cir. 1984); Center to Prevent Handgun Violence v. United States Dep't of the Treasury, 981 F. Supp. 20, 23 (D. D. C. 1997). 110 See, e. g., Critical Mass, 975 F. 2d at 879 (recognizing third, program impairment prong of exemption 4); 9 to 5 Org. for Women Workers v. Bd. Of Governors of the Fed. Reserve Sys., 721 F. 2d 1, 10 (1st Cir. 1983); Pub. Citizen Health Research Group v. NIH, 209 F. Supp. 2d 37, 42- 43 (D. D. C. 2002) (alternative holding); Allnet Comm. Srvs. V. FCC, 800 F. Supp. 984, 990 (D. D. C. 1992). 25 Federal Communications Commission FCC 05- 57 26 security methods that manufacturers employ to prevent unauthorized modifications to the RF operating parameters of a device would be considered company proprietary information. Additionally, making information on security measures publicly available could assist unauthorized parties in determining ways to defeat them. We also conclude that, if we were to make information on software defined radio operation and security measures generally available to the public, entities seeking equipment certification may not provide sufficient information for the Commission to determine whether the device at issue would operate in compliance with our rules. Accordingly, we will modify Section 0.457( d) of the rules to state that the descriptions of the security features and software operation for a software defined radio are presumptively protected from public disclosure and will not routinely be made available for public inspection. This presumptive protection will apply only to the descriptions of the security features and software operation for a software defined radio and not to any other exhibits in the application for certification which will normally be made available for public inspection after grant of the application. An applicant for certification of a software defined radio must file a specific request and pay the appropriate filing fee to have other exhibits in the application held confidential, assuming the exhibits are eligible for confidential treatment. To avoid possible delays in processing applications, applicants should ensure that exhibits for which confidential treatment is automatically afforded or for which it is requested are clearly identified and that these exhibits do not contain information that is not eligible for such treatment. 71. We decline to allow TCBs to certify software defined radios at this time. The changes that we are adopting to automatically afford confidential treatment to the description of software and security features in software defined radio applications address the confidentiality concerns of parties who requested that TCBs be allowed to certify software defined radios to protect this information from public disclosure. Additionally, as the Commission has previously stated, because software defined radio is a new technology, TCBs will not be permitted to certify software defined radios until the Commission has more experience with them and can properly advise TCBs on how to apply the applicable rules. 111 The Commission’s Laboratory maintains a list of types of devices, including software defined radios, that TCBs are excluded from certifying. The Laboratory will remove software defined radios from this exclusion list when it determines that TCBs are capable of certifying them. 3. Automatic frequency selection by unlicensed devices 72. We are changing Part 15 of the rules to allow certification of unlicensed transmitters that are capable of operation outside of permissible Part 15 frequency bands, provided the transmitters incorporate an automatic frequency selection mechanism to ensure that they operate only on frequencies where unlicensed operation is permitted when operated in the United States. 73. Many frequency bands where unlicensed operation is permitted are not harmonized worldwide. 112 Unlicensed transmitters are now being manufactured in which the frequency range of operation is software selectable to allow operation in multiple countries. However, a transmitter cannot 111 See First Report and Order in ET Docket No. 00- 47, 16 FCC Rcd 17373 (2001). 112 For example, in the United States, unlicensed operation is permitted in the 2400- 2483.5 MHz portion of the 2400- 2500 MHz ISM band. The 2483.5- 2500 MHz portion of this ISM band is used for the Mobile Satellite Service (MSS) in the United States and is a restricted band under Part 15 of the rules. Unlicensed devices are not permitted to transmit in that band in the United States to prevent interference to the MSS, while in other countries unlicensed operation is permitted in all or part of the 2483.5- 2500 MHz band. See 47 C. F. R. §§ 15.205, 15.247, 15.249 and 25.202. 26 Federal Communications Commission FCC 05- 57 27 be approved in the United States unless it is capable of complying with the technical requirements of the rule part under which it will be operated. 113 Therefore, an unlicensed transmitter that is capable of operation outside permissible bands of operation under Part 15 of the rules cannot be certified for operation in the United States. Manufacturers would like the ability to certify devices to operate over a wider frequency range than is permissible in the United States, but incorporate technology that selects the appropriate operating frequency ranges based on the country in which they are used. A device could limit its operation to permissible frequencies when used in the United States, but could operate on additional frequencies as permitted in other countries. This approach could allow the production of devices that could be used worldwide, or at least in a number of different countries, and eliminate the need for manufacturers to produce multiple versions of a device for use in different countries. 74. In the Notice, we proposed to allow certification of Part 15 devices that are capable of operating on non- Part 15 frequencies to benefit consumers and manufacturers by reducing production costs and allowing production of devices that can be used in both the United States and other countries. 114 We proposed to require that such devices incorporate a method to determine the country of operation and select the appropriate operating frequency range, which must be limited to permissible Part 15 frequencies when the device is used in the United States. 115 75. Several parties support the proposals to allow frequency selectable devices and recommend that the Commission allow the use of the IEEE 802.11d feature for enabling/ disabling transmissions in certain bands. 116 The Wi- Fi Alliance states that the IEEE 802.11d feature uses a master/ client scheme similar to multi- band mobile phones where a signal from the controller indicates the proper channels to the client devices. 117 The Wi- Fi Alliance, ITI and Dell recommend that the Commission limit the certification of access points 118 to the frequency range permitted in the United States. 119 Several parties 113 See 47 C. F. R. § 2.915( a)( 1). 114 See Notice at 26895. 115 Id. 116 See Wi- Fi Alliance comments at 7, ITI comments at 10, Cisco comments at 15 and Dell comments at 5. 117 See Wi- Fi Alliance comments at 7. The IEEE 802.11 Task Group d (TGd) developed IEEE Std 802.11d- 2001, which is an amendment to IEEE Std 802.11, 1999 Edition. The 802.11d standard describes specifications for operation of wireless LANs in different regulatory domains, e. g., different countries. According to this standard, a wireless LAN can transmit a data string that includes a code that identifies the country of operation and allows devices in a system to configure their operation to the parameters permitted in that country. When a device that is enabled for operation across regulatory domains commences operation, it passively scans to locate at least one valid channel upon which it detects IEEE Std 802.11 data frames. The frames contain information on the country, maximum allowable transmit power and permitted channels of operation. The device can then send out a request on an authorized channel for any additional regulatory information that it has not yet received. 118 An access point is a transceiver that operates either as a bridge in a peer- to- peer connection or as a connector between the wired and wireless segments of the network. The Commission’s rules define access point in the context of the U- NII rules, but the term is also commonly used for devices that operate under other rule parts. See 47 C. F. R. § 15.403( a). 119 See Wi- Fi Alliance comments at 7, ITI comments at 10 and Dell comments at 5. 27 Federal Communications Commission FCC 05- 57 28 believe that allowing an individual end user to configure a master/ client system would create an unnecessary risk that a device would be deployed on an unauthorized frequency, but support giving the ability to configure a system to a system installer in an enterprise or service provider environment. 120 Intel states that devices operating under the control of a master controller should be exempted from DFS or other requirements, which would be consistent with the U- NII proceeding and allow devices to be manufactured much more economically while not sacrificing interference protection. 121 76. The Society for Broadcast Engineers opposes allowing the importation and marketing of devices that are capable of operating in the 2483.5- 2500 MHz band because they may cause interference to grandfathered broadcast auxiliary service stations that operate in this band. 122 It states that the need for a device to be able to determine the country it is located in would likely increase the cost of the device beyond that practical for a mass produced, low cost Part 15 device, and there would be a strong incentive to defeat the 2483.5- 2500 MHz frequency lock out. 123 77. We will allow certification of Part 15 devices that operate outside permissible frequency bands using a master/ client model. The terms “master” and “client” were defined in the U- NII proceeding for U- NII devices. 124 We will define these terms for other types of Part 15 devices consistent with the U-NII definitions. That is, a master device will be defined as a device operating in a mode in which it has the capability to transmit without receiving an enabling signal. In this mode it is able to select a channel and initiate a network by sending enabling signals to other devices. A network always has at least one device operating in master mode. A client device will be defined as a device operating in a mode in which the transmissions of the device are under control of the master. A device in client mode is not able to initiate a network. We, of course, require master devices marketed within the United States to operate only in permissible Part 15 frequency bands, which will ensure that they enable operation of client devices only within permissible Part 15 frequency bands. Manufacturers that wish to market master devices that are hardware- capable of operating outside of permissible Part 15 frequency bands for use in other countries, but use software to limit their operation to permissible Part 15 frequency bands, must incorporate security features into them to limit the operating frequency range for devices marketed in the United States and must certify the devices as software defined radios. Different software can then be installed in master devices that are used outside of the United States to change the operating frequency range for use in other countries. Client devices that can also act as master devices must meet the certification requirements of a master device, and thus must be certified as software defined radios if the manufacturer wishes to incorporate additional frequency bands for use in other countries. 78. We will allow the certification of client devices such as wireless LAN cards used in desktop or notebook computers if they have the capability of operating outside permissible Part 15 frequency 120 See ITI comments at 9, Dell comments at 4, Cisco comments at 15 and TIA comments at 9. 121 Id. 122 See SBE comments at 4. 123 See SBE comments at 4- 5. 124 See Report and Order in ET Docket No. 03- 122, 18 FCC Rcd 24484 (2003) at Appendix C. 28 Federal Communications Commission FCC 05- 57 29 bands. 125 As defined above, client devices may transmit only under the control of a master device. Because master devices are limited to operation on permissible Part 15 frequencies, they will direct client devices to operate on only permissible Part 15 frequencies. 79. The changes we are adopting will benefit manufacturers by allowing production of devices that can be used in multiple countries, thus reducing equipment costs. 126 At the same time, the requirement to limit the frequency range of master devices sold in the United States will minimize the likelihood that devices will operate outside permissible frequency bands and cause interference to authorized services. C. Interruptible Spectrum Leasing 80. In this section, we are describing the technical methods that a cognitive radio could use to enable interruptible secondary use of licensed spectrum by other parties. The concepts in this section would apply to lessors who want a high level assurance of reclaiming leased spectrum when they need it. 81. In the Notice, we sought comment on how cognitive radios could enable secondary markets in licensed spectrum. We described two general categories of access and reversion mechanisms that could be used by a lessee to gain access to spectrum on a secondary basis and allow the spectrum to revert back to the primary licensee when necessary. 127 One category relies on the overt permission of the licensee and the other relies on equipment that senses the spectrum operating environment. 128 82. A particular access/ reversion mechanism described in the Notice that relies on the overt permission of the licensee is a “beacon” that can enable leased spectrum. Under this approach, use can be interrupted quickly with a high degree of reliability. 129 In a beacon system, the lessee’s transmitter must have the ability to receive a control signal sent continuously by the licensee at times when transmissions by the lessee are permitted. The lessee may not commence transmissions if the beacon signal is not received, and if the beacon signal is present but then stops while the lessee is transmitting, transmissions must cease within a specified time interval. The beacon could be an RF signal sent by the licensee on a designated control frequency, or it may be a signal received over a physical connection such as fiber, copper or coaxial cable. If the beacon signal suffers from unfavorable propagation or the physical connection is lost, the licensee has “fail- safe” protection against interference, because if the lessee cannot hear the beacon signal, it must cease transmission. 83. Another mechanism that relies on the overt permission of the licensee involves a “handshaking” approach. This would offer more reliability and security by requiring the lessee to receive explicit permission to use spectrum before each transmission. However, implementation of a 125 Note, however, that devices such as LAN cards that can function in master mode in networks like mesh networks, and in master mode can enable clients or peers to function outside authorized Part 15 frequencies, must be certified as master devices. 126 The ability of a manufacturer to sell equipment in other countries would, of course, be determined by relevant regulatory authorities in those countries. 127 See Notice at 26880. 128 Id. 129 Id. 29 Federal Communications Commission FCC 05- 57 30 handshaking approach may increase the complexity of implementation. Other examples of access/ reversion mechanisms that rely on the overt permission of a licensee include one that would allow a lessee to transmit until the licensee signals the user to cease operation. The reliability of this approach is limited because a lessee who is unable to hear the signal ordering it to cease operation may not be aware that it should relinquish use of the spectrum. 84. In the Notice, we sought comment on possible regulatory approaches for the use of the beacon model or other access/ reversion mechanisms for interruptible spectrum leasing. One approach would be to establish a technical model for reliable access to and secure reversion of leased spectrum that certain licensees would have the option of using to structure their leasing arrangements. Another would be for the Commission to adopt the technical model in the form of rules for lessees of spectrum. We stated that under either approach, the establishment of technical criteria for cognitive radio devices to provide access/ reversion of leased spectrum could help to achieve the significant benefits of spectrum leasing without detrimentally affecting licensees’ ability to access spectrum. 85. Although there was interest in the availability of interruptible spectrum leasing, 130 parties did not address the specific technical mechanisms we set out in the Notice. Several parties generally express concern about the technical viability of interruptible spectrum leasing. 131 However, two of these parties claim that interruptible leasing may be practical on trunked systems, which have a centralized system control. 132 Other parties believe that cognitive based leasing mechanisms such as beacon networks are possible, but worry that they would result in high leasing costs. 133 No party suggested that it would be helpful at this point for the Commission to adopt a particular technical model for interruptible spectrum leasing. 86. As described below, we find that there are technologies available now or under development that could safely allow for interruptible spectrum leasing. We find that cognitive radio technologies, or even trunked radio technologies, would allow implementation of the following general principles that interested parties state would be essential to enable interruptible leased use of spectrum: 1. The licensee must have positive control as to when the lessee can access the spectrum. 2. The licensee must have positive control to terminate the use of the spectrum by the lessee so it can revert back to the licensee’s use. 3. Reversion must occur immediately upon action by the licensee unless that licensee has made specific provisions for a slower reversion time. 4. The equipment used by the licensee and the lessee must perform access and reversion functions with an extremely high degree of reliability. 130 See St. Clair County ex parte submission received July 23, 2004. 131 See New York State Office for Technology reply comments at 3, APCO comments at 4 and Motorola comments at 15. 132 See New York State Office for Technology reply comments at 3 and APCO comments at 4. 133 See Ericsson comments at 8 and Nokia comments at 4. 30 Federal Communications Commission FCC 05- 57 31 5. The equipment used by the licensee and the lessee must incorporate security features to prevent inadvertent misuse of, and to thwart malicious misuse of, the licensee’s spectrum. 87. There are at least three different technical approaches that currently exist or are under development that a licensee could employ that would comply with the intent of these principles and enable interruptible spectrum leasing. One approach would be for a licensee to allow leasing using an existing trunked system. A trunked system uses a central controller to select the operating frequencies of radios in the system. When a radio is ready to begin transmitting, it sends a request for an operating frequency to a central controller over a control channel. The controller dynamically assigns an operating frequency to that radio and the other radios with which it communicates. Such a centralized system could be used to assign channels to radios operating under the terms of a lease, or de- assign channels when a licensee needs to use the spectrum. This could be done through a wireless control channel as is currently done to assign channels to radios in the system. Alternatively, information about leased channel availability could be provided by the trunked system controller to the lessee’s equipment through a wired link. 88. The beacon approach proposed in the Notice and described above is similar to a trunked system in that it uses a centralized controller to enable operation of lessee’s equipment. The beacon could operate either on a frequency licensed to the public safety entity or on a separate control frequency in another band. The approach would require additional infrastructure such as the beacon transmitters and radios that are capable receiving the beacon and adjusting their operation in response to the beacon signal. 89. A third method that could enable leased use of spectrum is by an exchange of “tokens” sent to the lessee’s devices. Token approaches rely on the encrypted exchange of unique information to verify a user’s identity when opening and maintaining a secure communications exchange. Tokens would provide a means of ensuring that lessees transmit only on available frequencies when they receive an electronic token authorizing them to do so. These tokens could also enforce terms of a lease such as the specific period of time that transmission on a frequency is allowed, thus providing a licensee with a high level of confidence that lessees will vacate the spectrum when required under the terms of the lease. Such token technology is already in use in other resource allocation problems, such as the enforcement of software license terms and avoiding data transmission conflicts between computers on local area networks. 134 90. At this point, we see no need to adopt any particular technical model for interruptible spectrum leasing. Ultimately, a licensee must itself be satisfied that the technical mechanism being implemented under a lease does in fact provide it with the ability in real time to reclaim use of its spectrum when necessary. 134 Token ring networks send an electronic message (a token) successively to each computer in the network. To avoid conflicts, a computer is permitted to send data only when it has received the token. If a computer has no data to send, it passes the token to the next computer in the network. Each computer may hold the token for only a limited amount of time. Token ring networks were developed in the 1970’s and are addressed in the IEEE 802.5 standard. 31 Federal Communications Commission FCC 05- 57 32 IV. PROCEDURAL MATTERS 91. Final Regulatory Flexibility Analysis. The Final Regulatory Flexibility Analysis for this Report and Order, pursuant to the Regulatory Flexibility Act, see 5 U. S. C. § 604, is contained in Appendix C. 92. This document contains modified information collection requirements subject to the Paperwork Reduction Act of 1995 (PRA), Public Law 104- 13. It will be submitted to the Office of Management and Budget (OMB) for review under Section 3507( d) of the PRA. OMB, the general public, and other Federal agencies are invited to comment on the new or modified information collection requirements contained in this proceeding. In addition, we note that pursuant to the Small Business Paperwork Relief Act of 2002, Public Law 107- 198, see 44 U. S. C. 3506( c)( 4), we previously sought specific comment on how the Commission might “further reduce the information collection burden for small business concerns with fewer than 25 employees.” 93. In this present document, we have assessed the effects of requiring certain devices to contain security features and be certified as software defined radios and of requiring a software description in place of software source code at the time of product certification. We find that these changes would affect all businesses equally regardless of size. 94. For further information regarding this Report and Order, contact Mr. Hugh L. Van Tuyl, Office of Engineering and Technology, (202) 418- 7506, e- mail Hugh. VanTuyl@ fcc. gov. V. ORDERING CLAUSES 95. Accordingly, IT IS ORDERED that pursuant to the authority contained in Sections 4( i), 301, 302, 303( e), 303( f) and 303( r) of the Communications Act of 1934, as amended, 47 USC Sections 154( i), 301, 302, 303( e), 303( f) and 303( r), this Report and Order IS ADOPTED and Parts 0, 2 and 15 of the Commission’s Rules ARE AMENDED as set forth in Appendix A effective 90 days after publication in the Federal Register. 96. IT IS FURTHER ORDERED that the Commission's Consumer and Governmental Affairs Bureau, Reference Information Center, SHALL SEND a copy of this Report and Order, including the Final Regulatory Flexibility Analysis in Appendix C, to the Chief Counsel for Advocacy of the Small Business Administration. FEDERAL COMMUNICATIONS COMMISSION Marlene H. Dortch Secretary 32 Federal Communications Commission FCC 05- 57 33 APPENDIX A: FINAL RULE CHANGES Part 0 of Title 47 the Code of Federal Regulations is amended as follows: 1. The authority citation for Part 0 continues to read as follows: AUTHORITY: Secs. 5, 48 Stat. 1068, as amended; 47 U. S. C. 155. 2. Section 0.457 is amended by appending the following text to paragraph (d)( 1)( ii) § 0.457 Records not routinely available for public inspection. * * * * * (d) * * * (1) * * * (ii) * * *Portions of applications for equipment certification of software defined radios that describe the operation of the device’s software and security features will not be made available for inspection. * * * * * Part 2 of Title 47 of the Code of Federal Regulations is amended as follows: 3. The authority citation for Part 2 continues to read as follows: AUTHORITY: 47 U. S. C. 154, 302a, 303 and 336, unless otherwise noted. Section 2.1 is revised by changing the following definition: 4. § 2.1 Terms and definitions. * * * * * (c) * * * Software defined radio. A radio that includes a transmitter in which the operating parameters of frequency range, modulation type or maximum output power (either radiated or conducted), or the circumstances under which the transmitter operates in accordance with Commission rules, can be altered by making a change in software without making any changes to hardware components that affect the radio frequency emissions. * * * * * 5. Section 2.932 is revised by removing paragraph (e). 6. Section 2.944 is revised to read as follows: § 2.944 Software defined radios. (a) Manufacturers must take steps to ensure that only software that has been approved with a software defined radio can be loaded into the radio. The software must not allow the user to operate the transmitter with operating frequencies, output power, modulation types or other radio frequency parameters outside those that were approved. Manufacturers may use means including, but not limited to the use of a private network that allows only authenticated users to download software, electronic signatures in software or coding in hardware that is decoded by software to verify that new software can 33 Federal Communications Commission FCC 05- 57 34 be legally loaded into a device to meet these requirements and must describe the methods in their application for equipment authorization. (b) Any radio in which the software is designed or expected to be modified by a party other than the manufacturer and would affect the operating parameters of frequency range, modulation type or maximum output power (either radiated or conducted), or the circumstances under which the transmitter operates in accordance with Commission rules, must comply with the requirements in paragraph (a) of this section and must be certified as a software defined radio. (c) Applications for certification of software defined radios must include a high level operational description or flow diagram of the software that controls the radio frequency operating parameters. 7. Section 2.1033 is revised by adding new paragraphs (b)( 12) and (c)( 18) to read as follows: § 2.1033 Application for certification. * * * * * (b) * * * (12) An application for certification of a software defined radio must include the information required by §2.944. * * * * * (c) * * * (18) An application for certification of a software defined radio must include the information required by §2.944. * * * * * Section 2.1043 is amended by revising paragraph (b)( 3) to read as follows: § 2.1043 Changes in certificated equipment. * * * * * (b)* * * (3) A Class III permissive change includes modifications to the software of a software defined radio transmitter that change the frequency range, modulation type or maximum output power (either radiated or conducted) outside the parameters previously approved, or that change the circumstances under which the transmitter operates in accordance with Commission rules. When a Class III permissive change is made, the grantee shall supply the Commission with a description of the changes and test results showing that the equipment complies with the applicable rules with the new software loaded, including compliance with the applicable RF exposure requirements. The modified software shall not be loaded into the equipment, and the equipment shall not be marketed with the modified software under the existing grant of certification, prior to acknowledgement by the Commission that the change is acceptable. Class III changes are permitted only for equipment in which no Class II changes have been made from the originally approved device. 34 Federal Communications Commission FCC 05- 57 35 NOTE TO PARAGRAPH (b)( 3): Any software change that degrades spurious and out- of- band emissions previously reported to the Commission at the time of initial certification would be considered a change in frequency or modulation and would require a Class III permissive change or new equipment authorization application. * * * * * Part 15 of Title 47 of the Code of Federal Regulations is amended as follows: 8. The authority citation of Part 15 continues to read as follows: AUTHORITY: 47 U. S. C. 154, 302, 303, 304, 307, 336, and 544A. 9. A new Section 15.202 is added to read as follows: § 15.202 Certified operating frequency range Client devices that operate in a master/ client network may be certified if they have the capability of operating outside permissible Part 15 frequency bands, provided they operate on only permissible Part 15 frequencies under the control of the master device with which they communicate. Master devices marketed within the United States must be limited to operation on permissible Part 15 frequencies. Client devices that can also act as master devices must meet the requirements of a master device. For the purposes of this section, a master device is defined as a device operating in a mode in which it has the capability to transmit without receiving an enabling signal. In this mode it is able to select a channel and initiate a network by sending enabling signals to other devices. A network always has at least one device operating in master mode. A client device is defined as a device operating in a mode in which the transmissions of the device are under control of the master. A device in client mode is not able to initiate a network. 35 Federal Communications Commission FCC 05- 57 36 APPENDIX B: LIST OF COMMENTING PARTIES Parties filing comments 1. Electronic Frontier Foundation 2. The Technology Companies/ Center for Internet and Society 3. New York State, Office for Technology, Statewide Wireless Network 4. Mesh Networks 5. Wireless Broadband Operators Coalition 6. The Wi- Fi Alliance 7. IEEE USA 8. IEEE 802 9. Data Flow Systems, Inc. 10. Tucson Amateur Packet Radio Corporation 11. Vanu, Inc. 12. Itron, Inc. 13. National Public Safety Telecommunications Council 14. Information Technology Industry Council 15. Shared Spectrum Company 16. Motorola, Inc. 17. Cingular Wireless LLC and BellSouth Corporation 18. Public Knowledge and Consumers Union 19. Cisco Systems, Inc. 20. Ericsson Inc 21. Sirius Satellite Radio Inc. and XM Radio Inc. 22. Eli Sheffer 23. Cellular Telecommunications & Internet Association 24. Globalstar, L. P. et al. 25. Telecommunications Industry Association 26. Verizon Wireless 27. Association of Public- Safety Communications Officials- International, Inc. 28. Nokia Inc. 29. Thomas W. Hazlett and Matthew L. Spitzer 30. Alvarion Inc. 31. Nextel Partners, Inc. 32. Wireless Communications Association International, Inc. 33. Society of Broadcast Engineers, Inc. 34. Allen Petrin 35. Raytheon 36. Access Spectrum, LLC 37. Dell 38. Pulse Link 39. Intel Corporation 40. Radio Amateur Satellite Corp. 41. SDR Forum 42. Industrial Telecommunications Association, Inc. 43. HYPRES, Inc. 44. ARRL, the National Association for Amateur Radio 36 Federal Communications Commission FCC 05- 57 37 45. NAS/ Committee on Radio Frequencies 46. National Association of Manufacturers and MRFAC, Inc. 47. The Port Authority of New York and New Jersey 48. Texas Instruments Incorporated 49. E- ZPass Interagency Group 50. National Radio Astronomy Observatory 51. V- COMM 52. Charles Wimber 53. WaveRider Communications 54. Ken Krechmer 55. Fredric D. Letson, KC2JKQ 56. Nickolaus E. Leggett Parties filing reply comments 1. Cornell University 2. The Technology Companies 3. IEEE 802.18 4. New York State Office for Technology 5. Shared Spectrum Company 6. V- Comm, L. L. C. 7. Verizon Wireless 8. Sprint 9. Society of Broadcast Engineers 10. AT& T Wireless Services, Inc. 11. Intel Corporation 12. Sirius Satellite Radio, Inc. and XM Radio, Inc. 13. Nextel Partners, Inc. 14. Wireless Broadband Operators Coalition 15. National Telecommunications and Information Administration 37 Federal Communications Commission FCC 05- 57 38 APPENDIX C: FINAL REGULATORY FLEXIBILITY ANALYSIS As required by the Regulatory Flexibility Act (RFA), 135 an Initial Regulatory Flexibility Analysis (IRFA) was incorporated in the Notice of Proposed Rule Making and Order, Facilitating Opportunities for Flexible, Efficient, and Reliable Spectrum Use Employing Cognitive Radio Technologies (Notice). 136 The Commission sought written public comments on the proposals in the Notice, including comment on the IRFA. 137 This Final Regulatory Flexibility Analysis conforms to the RFA. 138 A. Need for, and Objectives of, the Report and Order Advances in technology are creating the potential for radio systems to use radio spectrum more intensively and more efficiently than in the past. Software- defined and cognitive, or “smart,” radios are allowing and will increasingly allow more intensive access to, and use of, spectrum than possible with traditional, hardware- based radio systems. In this Report and Order, the Commission continues the process of modifying the rules to reflect these ongoing technical developments in radio technologies. The Commission first adopted rules for software defined radios in 2001, recognizing that manufacturers were beginning to use software to help determine the RF characteristics of radios, and that the equipment rules, which assumed hardware changes were needed to modify a radio’s behavior, held the potential of discouraging development of software defined radios by requiring repeated approvals for repeated software changes. In light of the Commission’s experience with these rules, and the record in this proceeding, it is modifying and clarifying the equipment rules to further facilitate the development and deployment of software defined and cognitive radios. In the Report and Order, the Commission makes several changes to Parts 2 and 15 of the rules. Specifically, it: 1) eliminates the requirement for applicants and grantees of certification of software defined radios to supply a copy of the software that controls the RF operating parameters of the radio upon request 2) requires applicants for certification of software defined radios to supply a high level operational description of the software that controls the radio frequency operating parameters 3) requires that radios in which the software that controls the RF operating parameters is designed or expected to be modified by a party other than the manufacturer to incorporate a means to prevent unauthorized software changes, and requires such radios to be certified as software defined radios 4) allows certification of unlicensed transmitters that have the capability of operating outside permissible Part 15 frequency bands, provided the transmitters incorporate a software control to limit operation to permissible Part 15 frequency bands when used in the United States 135 See 5 U. S. C. § 603. The RFA, see 5 U. S. C. § 601 – 612, has been amended by the Small Business Regulatory Enforcement Fairness Act of 1996 (SBREFA), Pub. L. No. 104- 121, Title II, 110 Stat. 857 (1996). 136 See Notice of Proposed Rule Making and Order in ET Docket No. 03- 108, 18 FCC Rcd 26859 (2003). 137 Id. 138 See 5 U. S. C. § 604. 38 Federal Communications Commission FCC 05- 57 39 B. Summary of Significant Issues Raised by Public Comments in Response to the IRFA None. C. Description and Estimate of the Number of Small Entities To Which the Rules Apply The RFA directs agencies to provide a description of, and, where feasible, an estimate of the number of small entities that may be affected by the proposed rules, if adopted. 139 The RFA defines the term “small entity” as having the same meaning as the terms “small business,” “small organization,” and “small business concern” under Section 3 of the Small Business Act. 140 Under the Small Business Act, a “small business concern” is one that: (1) is independently owned and operated; (2) is not dominant in its field of operations; and (3) meets may additional criteria established by the Small Business Administration (SBA). 141 Wireless Communications Equipment Manufacturers The SBA has established a small business size standard for radio and television broadcasting and wireless communications equipment manufacturing. Under this standard, firms are considered small if they have 750 or fewer employees. 142 Census Bureau data for 1997 indicate that, for that year, there were a total of 1,215 establishments 143 in this category. 144 Of those, there were 1,150 that had employment under 500, and an additional 37 that had employment of 500 to 999. The percentage of wireless equipment manufacturers in this category is approximately 61.35%, 145 so the Commission estimates that the number of wireless equipment manufacturers with employment under 500 was actually closer to 706, with and additional 23 establishments having employment of between 500 and 999. Given 139 See U. S. C. § 603( b)( 3). 140 Id. § 601( 3). 141 Id. § 632. 142 1997 Economic Census, Manufacturing, Industry Series, Radio and Television Broadcasting and Wireless Communications Equipment Manufacturing, Document No. E97M- 3342B (August 1999), at 9; 1997 Economic Census, Manufacturing, Industry Series, Other Communications Equipment Manufacturing, Document No. EC97M- 3342C (September 1999), at 9 (both available at http:// www. census. gov/ prod/ www/ abs/ 97ecmani. html). 143 The number of “establishments” is a less helpful indicator of small business prevalence in this context than would be the number of “firms” or “companies,” because the latter take into account the concept of common ownership or control. Any single physical locations for an entity is an establishment, even though that location may be owned by a different establishment. Thus, the numbers given may reflect inflated numbers of businesses in this category, including the numbers of small businesses. In this category, the Census breaks out data for firms or companies only to give the total number of such entities for 1997, which was 1,089. 144 U. S. Census Bureau, 1997 Economic Census, Industry Series: Manufacturing, “Industry Statistics by Employment Size,” Table 4, NAICS code 334220 (issued August 1999). 145 Id. Table 5, “Industry Statistics by Industry and Primary Product Class Specialization: 1997.” 39 Federal Communications Commission FCC 05- 57 40 the above, the Commission estimates that the majority of wireless communications equipment manufacturers are small businesses. D. Description of Projected Reporting, Recordkeeping, and Other Compliance Requirements Unlicensed transmitters are required to be certified before they can be imported into or marketed within the United States. The certification process requires the manufacturer or other party responsible for compliance to have the equipment tested and electronically file an application form, measurement report and other information on the equipment with the Commission or a designated Telecommunication Certification Body (TCB). Software defined radios at present may be approved only by the Commission and not by TCBs, although the Commission has stated that it will eventually allow TCBs to approve them. The Report and Order does not change this requirement. Applicants for certification of a software defined radio will be required to supply a high level operational description of the software that controls the radio frequency operating parameters. Manufacturers of radios in which the software that controls the radio frequency operating parameters is designed or expected to be modified by a party other than the manufacturer must incorporate a means to prevent unauthorized software changes that must be described in the application for certification. Such software changeable radios must be declared as software defined radios in the application for certification. Most radios at the present are not software modifiable, and manufacturers of those that are generally already take steps to prevent unauthorized modifications, so we expect that only rarely would manufacturers have to redesign equipment to comply with this requirement. E. Steps Taken to Minimize Significant Economic Impact on Small Entities, and Significant Alternatives Considered The RFA requires an agency to describe any significant alternatives that it has considered in reaching its proposed approach, which may include the following four alternatives (among others): (1) the establishment of differing compliance or reporting requirements or timetables that take into account the resources available to small entities; (2) the clarification, consolidation, or simplification of compliance or reporting requirements under the rule for small entities; (3) the use of performance, rather than design, standards; and (4) an exemption from coverage of the rule, or any part thereof, for small entities. 146 The Commission sought comment in the Notice about whether it should make compliance with the software defined radio rules, including the requirement to demonstrate that a radio incorporates security features, mandatory rather than optional for certain types of radio transmitters. Based on the comments received, the Commission made these requirements mandatory only for the small subset of radio transmitters in which the software that controls the radio frequency operating parameters is designed or expected to be modified by a party other than the manufacturer. This change will ensure that radio transmitters can not be easily modified and cause interference to authorized services, while minimizing the filing burden on applicants for certification by requiring only a small number of devices to be certified as software defined radios. 146 See 5 U. S. C. § 603( c). 40 Federal Communications Commission FCC 05- 57 41 The Commission simplified the filing requirements for software defined radios to benefit all entities, including small entities. It eliminated the requirement to supply software source code upon request because such software is not generally useful for certification review and may have become an unnecessary barrier to entry. The Commission will instead require the submission of a software description at the time of certification as supported by a number of parties in comments. Because such a description would generally be considered company proprietary information, the Commission will automatically hold such information confidential without the need for applicants for certification to file a specific request for confidentiality and pay a fee. Eliminating the need to file a specific confidentiality request and pay a fee is expected to benefit small entities that have fewer resources to comply with regulatory requirements. Report to Congress: The Commission will send a copy of the Report and Order, including this FRFA, in a report to be sent to Congress pursuant to the Congressional Review Act, see 5 U. S. C. § 801( a)( 1)( A). In addition, the Commission will send a copy of the Report and Order, including FRFA, to the Chief Counsel for Advocacy of the Small Business Administration. A copy of the Report and Order and FRFA (or summaries thereof) will also be published in the Federal Register. See 5 U. S. C. § 604( b). 41 Federal Communications Commission FCC 05- 57 42 STATEMENT OF COMMISSIONER JONATHAN S. ADELSTEIN Re: Facilitating Opportunities for Flexible, Efficient, and Reliable Spectrum Use Employing Cognitive Radio Technologies ET Docket No. 03- 108; Report and Order I’ve been fortunate to be involved in our work on cognitive radio technologies since helping the Office of Engineering and Technology open its workshop on cognitive radio technologies in the spring of 2003. I remarked then that cognitive radios could play a key role in shaping our spectrum use in the future. As we see in our item today, the enormous potential of cognitive radios is being realized increasingly every day. I very much appreciate the effort of OET and others in pushing this forward – making sure our rules keep pace with this cutting edge technology. I believe that cognitive radios will play an important role in “spectrum facilitation.” That means stripping away barriers – regulatory, economic, or technical – to get spectrum into the hands of operators serving consumers at the most local levels. Cognitive radios can literally leapfrog the technical and legal problems that currently hamper many of today’s spectrum access opportunities. Spectrum policy is a two- sided coin: a framework for innovation on one side, with spectrum facilitation on the other. These technologies should lead to the advent of smarter unlicensed devices that make greater use of spectrum than is possible today. Cognitive radios may also provide licensees with innovative ways to use their current spectrum more efficiently, and to lease their spectrum more easily on the secondary market. I’ve seen cognitive radios up close and am just amazed by their potential. While we don’t tackle the issue here, I remain particularly interested in our proposal from the original NPRM to allow higher power operation for unlicensed devices operating in rural and other areas of low spectrum use. I regularly hear from WISPs across the country that they need improved access to spectrum. Higher power operation can drive broadband deployment deeper and farther into all parts of America. I also find the discussion of interruptible spectrum leasing very useful. Such a development may enable previously reluctant licensees to explore a technological fix to address some of the current challenges of spectrum leasing. It has been suggested that interruptible spectrum use could be a tool for public safety licensees should we decide to allow them to lease their spectrum to commercial providers in the future. While I remain unsure whether such a policy change is appropriate in light of our Herculean work on public safety spectrum use in the 700 and 800 MHz bands over the past couple of years, I very much appreciate the value in having a discussion on the technical aspects of interruptible spectrum leasing. For these reasons, I enthusiastically support this item. 42