[Federal Register Volume 70, Number 85 (Wednesday, May 4, 2005)]
[Rules and Regulations]
[Pages 23032-23040]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 05-8808]


=======================================================================
-----------------------------------------------------------------------

FEDERAL COMMUNICATIONS COMMISSION

47 CFR Parts 0, 2, and 15

[ET Docket No. 03-108; FCC 05-57]


Cognitive Radio Technologies and Software Defined Radios

AGENCY: Federal Communications Commission.

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: This document modifies the Commission's rules to reflect 
ongoing technical developments in cognitive radio technologies. In 
light of the Commission's experience with these rules, the Commission 
is modifying and clarifying the equipment rules to further facilitate 
the development and deployment of software defined and cognitive 
radios. These actions are taken to facilitate opportunities for 
flexible, efficient, and reliable spectrum use by radio equipment 
employing cognitive radio technologies and enable a full realization of 
their potential benefits.

DATES: Effective August 2, 2005.

FOR FURTHER INFORMATION CONTACT: Hugh Van Tuyl, Office of Engineering 
and Technology, (202) 418-7506, e-mail: [email protected].

SUPPLEMENTARY INFORMATION: This is a summary of the Commission's Report 
and Order, ET Docket No. 03-108, FCC 05-57, adopted March 10, 2005 and 
released March 11, 2005. The full text of this document is available on 
the Commission's Internet site at http://www.fcc.gov. It is also 
available for inspection and copying during regular business hours in 
the FCC Reference Center (Room CY-A257), 445 12th Street, SW., 
Washington, DC 20554. The full text of this document also may be 
purchased from the Commission's duplication contractor, Best Copy and 
Printing Inc., Portals II, 445 12th St., SW., Room CY-B402, Washington, 
DC 20554; telephone (202) 488-5300; fax (202) 488-5563; e-mail 
[email protected].

Summary of the Report and Order

    1. An accelerating trend in radio technologies has been the use of 
software in radios to define their transmission characteristics. The 
incorporation of cognitive radio technologies to allow the more 
efficient use of spectrum is also becoming increasingly common. As 
demonstrated in this and earlier proceedings, this Commission has a 
continuing commitment to recognize these important new technologies and 
make any necessary changes to its rules and processes to facilitate 
their development in the public interest.
    2. Over the past several years, manufacturers have increased the 
computer processing capabilities of radio system technologies. As a 
result, radio systems are increasingly incorporating software into 
their operating design. Incorporating software programming capabilities 
into radios can make basic functions easier to implement and more 
flexible. As the capabilities have advanced, radio systems have been 
gaining increased abilities to be ``cognitive''--to adapt their 
behavior based on external factors. This ``ability to adapt'' is 
opening up a vast potential for more flexible and intensive use of 
spectrum.
    3. On December 17, 2003, we adopted a Notice of Proposed Rule 
Making and Order, 69 FR 7397, February 17, 2004, (``NPRM'') in this 
proceeding to explore the uses of cognitive radio technology to 
facilitate improved spectrum access. The NPRM addressed: (1) The 
capabilities of cognitive radios, (2) permitting higher power by 
unlicensed devices in rural or other areas of limited spectrum use, (3) 
enabling the development of secondary markets in spectrum use, 
including interruptible spectrum leasing, (4) applications of cognitive 
radio technology to dynamically coordinated spectrum sharing, and (5) 
software defined radio and cognitive radio equipment authorization rule 
changes. A total of 56 parties filed comments and 14 parties filed 
reply comments in response to the NPRM.

Discussion

    4. The development of cognitive radio technology has been and will 
continue to be evolutionary in nature. As the technology evolves, our 
intent is to delete, change, or adopt rules in phases so as to ensure 
that our rules facilitate the market-based development and deployment 
of these technologies. In this Report and Order, we first cover in some 
detail various wide-ranging efforts being undertaken today by both 
government and industry to further in the near term the development of 
cognitive capabilities in software-based radio systems and in the 
longer term the evolution into fully capable cognitive radio systems.
    5. To facilitate the market-based development and introduction of 
new technologies into the market, we addressed certain issues in the 
Report and Order that have arisen with respect to the certification of 
software-based radio equipment. Based on our experience and the 
comments in the record, we modify and clarify certain of

[[Page 23033]]

our rules that address software defined radios to facilitate the market 
based development of this technology. Specifically, we require radios 
in which the software that controls the RF operating parameters is 
designed or expected to be modified by a party other than the 
manufacturer to comply with the rules for software defined radios, 
including the requirement to incorporate security features to prevent 
unauthorized modifications to the software. We also modify the 
definition of software defined radio to include devices where a 
software change could make the device non-compliant with the 
Commission's radio frequency emission rules. We are eliminating the 
rule that the manufacturer supply radio software (source code) to the 
Commission upon request for certification because such software is 
generally not useful for certification review and may have become an 
unnecessary barrier to entry. We always retain the right to request and 
examine any component (whether software or hardware) of a specific 
radio system when needed for certification under Commission rules. We 
are requiring that the manufacturer supply a functional description of 
the radio software that controls its RF characteristics and a 
description of the means that will be used to protect that software 
from unauthorized tampering. Furthermore, since these descriptions are 
apt to involve proprietary intellectual property, we will make 
provisions to keep these specific items confidential, for Commission 
use only.
    6. The Report and Order also considered the technical measures that 
a cognitive radio could incorporate to enable secondary use of 
spectrum, yet allow the use of such spectrum to quickly and reliably 
revert back to the licensee when necessary. We conclude that such 
measures are, or will be, technically feasible, but see no need to 
adopt any particular technical model for interruptible spectrum 
leasing.

Cognitive Radio Technology Developments

    7. The efforts being undertaken by industry, often working with 
governmental agencies, standards bodies, and others to research, 
develop, and implement various software-defined radio and cognitive 
radio capabilities have been striking. These accomplishments were made 
possible through various advanced radio technologies such as those of 
the Department of Defense Joint Tactical Radio System (JTRS) in 
development of a common software architecture and the first actual 
software defined radios. Industry, working in conjunction with the 
military, is also taking a lead in developing and implementing new 
technologies and is serving as the impetus for further technical 
developments that should spur the commercial deployment of SDRs and 
cognitive radios. In addition, efforts are underway within industry 
forums and standards organizations to adopt internationally accepted 
standards for software defined radios and cognitive radios. These 
efforts and the resultant technical developments undoubtedly will lead 
to even greater flexibility in the future, with some touting the 
ultimate adoption of radios incorporating a cognition cycle as the 
foundation for a fully flexible cognitive radio.
    8. The advent of cognitive radios and associated technologies has 
the potential to initiate a new era in radio frequency spectrum 
utilization. With radios that are able to recognize spectrum 
availability and able to negotiate protocols for rapid reconfiguration, 
these radios will employ software defined radio technologies to change 
their operational characteristics and open new opportunities for 
spectrum use. As highlighted in our NPRM, applications such as dynamic 
spectrum sharing, interruptible spectrum sharing, and rapidly 
reconfigurable secondary markets in spectrum use will be attainable 
with cognitive radios.

Enabling Cognitive and Software Defined Radio

    9. In this section, we are making certain changes to our current 
rules and clarifying them in other respects. First we are modifying the 
definition of software defined radio to include radios that employ 
software that determines not just the operating parameters, but also 
the circumstances under which the radio transmits pursuant to those 
parameters. We clarify that equipment that is designed or expected to 
be modified by a party other than the manufacturer must be certified as 
software defined radios and comply with security requirements to 
prevent unauthorized modifications to the radio frequency operating 
parameters. We also clarify the security requirements that such 
equipment must meet.
    10. In addition to these changes, we make several other changes to 
the authorization requirements for software defined radios. We find 
that the specific rule that requires manufacturers to supply a copy of 
their radio software (source code) to the Commission upon request is 
unnecessary because such software is generally not useful for 
certification review and may have become an unnecessary barrier to 
entry. In addition, the Commission already has authority to request to 
request and examine any component (whether software or hardware) of a 
radio system when needed for certification under Commission rules. We 
therefore delete this requirement as discussed below. Further, we 
clearly define the information about the radio software that must be 
submitted with applications for software defined radios. Additionally, 
we allow certification of certain part 15 unlicensed transmitters that 
have the technical capability of operating outside part 15 frequency 
bands, provided the equipment incorporates features to limit operation 
to authorized frequencies when used in the United States.

Cognitive and Software Defined Radio Security

a. Software Defined Radio Definition and Applicability of Rules

    11. To reflect new kinds of conditions sometimes being included in 
our certification rules, we are broadening the definition of software 
defined radio to include devices where a software change could change 
not only the operating parameters of frequency range, modulation type 
or maximum output power, but also the circumstances under which a 
transmitter operates in accordance with Commission rules. For example, 
to make available otherwise unusable spectrum, we have required that 
certain radio transmitters include a DFS algorithm that further 
conditions use of spectrum beyond frequency range, modulation type, and 
maximum output. We are also changing the rules to require certain 
equipment to comply with the rules for software defined radios, 
including the requirement to incorporate security features to prevent 
unauthorized modifications to the software that controls the RF 
operating parameters. Specifically, we are requiring equipment in which 
the software that controls the radio frequency operating parameters is 
designed or expected to be modified by a party other than the 
manufacturer to comply with the rules for software defined radios. 
Because this change is limited to radios that contain RF affecting 
software that is third party modifiable, we believe that this change 
will affect only a small subset of equipment available in the 
marketplace today. We are making no change to the authorization 
requirements for the vast majority of devices such as cellular/PCS 
telephones, Wi-Fi equipment and two-way radios where the software that

[[Page 23034]]

controls the RF operating parameters is not designed or expected to be 
modified by a party other than the manufacturer.
    12. We have modified our definition of software defined radio 
because, under recent rules, certain software changes that do not 
directly affect the technical operating parameters affect whether the 
device can be certified under our rules. The direct effects are 
addressed in the current definition of a software defined radio: 
frequency range, modulation type or maximum output power (either 
radiated or conducted). Our rules, however, now sometimes require 
additional radio functions such as DFS to prevent interference to other 
users. Even though these functions are being implemented and controlled 
by software in a radio, they do not currently fall within the 
definition of a software defined radio.
    13. We are changing the definition of software defined radio to 
address software changes that directly or indirectly affect the 
compliance of a device with the Commission's rules. The modified 
definition will read as follows.

    Software defined radio. A radio that includes a transmitter in 
which the operating parameters of frequency range, modulation type 
or maximum output power (either radiated or conducted), or the 
circumstances under which the transmitter operates in accordance 
with Commission rules, can be altered by making a change in software 
without making any changes to hardware components that affect the 
radio frequency emissions.

    14. We are also changing the applicability of our rules to address 
software defined radios with relevant software that is designed or 
expected to be modified by a party other than the manufacturer. If a 
radio is not certified as a software defined radio, a manufacturer is 
not required to demonstrate in the equipment certification process that 
it incorporates features designed to prevent unauthorized changes to 
the software that would permit violation of Commission rules the 
equipment's certification, thus increasing the risk of interference to 
authorized radio services. We find that such a showing is in the public 
interest when a radio's RF-affecting software is designed or expected 
to be modified by a third party other than the manufacturer. In 
addition to minimizing the potential for unauthorized modifications to 
software defined radios, these changes will benefit manufacturers by 
allowing them to take advantage of the streamlined Class III permissive 
change procedure when they develop revised software that affects the RF 
operating parameters of the radio.
    15. We find that the rules we are adopting that require the 
certification of certain radios as software defined radios will not be 
unduly burdensome on manufacturers or restrain the development of 
technology. Only a relatively small number of radios will be affected 
by this requirement because most RF affecting radio software is not 
designed or expected to be modified by a party other than the 
manufacturer, and we are not changing the rules for radios that are not 
designed or expected to be modified by a party other than the 
manufacturer. Thus, there will be no change to the authorization 
requirement for the vast majority of devices including cellular/PCS 
telephones, land mobile transceivers and Wi-Fi equipment, provided the 
software that directly or indirectly controls the RF emissions of these 
devices is not designed or expected to be modified by a party other 
than the manufacturer. Also, manufacturers of radios that are software 
modifiable typically already take steps to prevent unauthorized 
modifications to the software in a radio, so we expect that only rarely 
will manufacturers have to make significant design changes to comply 
with the security requirements. In addition, as discussed below, we are 
adopting changes to simplify the information that must be submitted 
with an application for a software defined radio. Finally, we find that 
the requirements we are adopting are consistent with the Commission's 
authority under section 302 of the Communications Act to make 
reasonable regulations, consistent with the public interest, which 
govern the interference potential of radio frequency devices.
    16. We find that the standard we are adopting adequately protects 
against interference to other users. We disagree with the commenters 
who argue that only radios that can be remotely modified in large 
numbers should be required to be certified as software defined radios. 
We first find this definitional standard to be too difficult to apply. 
We also note that a radio that lacks security features to prevent 
unauthorized changes to the RF operating parameters could be easily 
modifiable to operate in unauthorized bands, and therefore has a high 
potential to interfere with authorized users in many different bands, 
including public safety bands. We therefore find that the requirement 
to certify certain radios as software defined radios should apply to 
all radios which are software modifiable by the user, not just those 
which could be remotely modified in large numbers.
    17. Permissive changes to software defined radios. We are modifying 
the Class III permissive change rule, Sec.  2.1043(b)(3), to make the 
wording consistent with the modified definition of software defined 
radio adopted. Additionally, we are setting forth a policy for 
permissive changes to radios that were approved before the effective 
date of the rules adopted in this Report and Order. Specifically, when 
a grantee wishes to make a permissive change to a previously approved 
device, the device will continue to be classified in the same manner 
that it was at the time it was originally certified, i.e., software 
defined or non-software defined radio. Thus, a device that was approved 
as a non-software defined radio before the rules adopted herein become 
effective will not have to be re-certified as a software defined radio 
even if it meets the new standard for mandatory certification as a 
software defined radio. A device that was certified as a software 
defined radio will continue to be treated as such when a request for a 
permissive change is filed. Parties should note that we are not 
changing the requirement that Class III changes are permitted only for 
software defined radios in which no Class II changes have been made 
from the originally approved device.

b. Security Requirements for Software Defined Radios

    18. We are clarifying the requirements in the rules that are 
intended to prevent unauthorized changes to the operating parameters of 
software defined radios. The Commission's equipment approval rules 
currently require that manufacturers take steps to ensure that only 
software that has been approved with a software defined radio can be 
loaded into such a radio. The current rule states that the software 
must not allow the user to operate the transmitter with frequencies, 
output power, modulation types or other parameters outside of those 
that were approved. Manufacturers may use authentication codes or any 
other means to meet these requirements, and must describe the methods 
in their application for equipment authorization.
    19. We find that the current approach that manufacturers take steps 
to prevent unauthorized changes to the software in a radio, but does 
not require the use of specific security measures, is the most 
appropriate method to ensure the security of software defined radios. 
This approach allows manufacturers to respond to improvements in 
security technology more quickly and with the best solutions for a 
particular product

[[Page 23035]]

because no Commission action is necessary to permit manufacturers to 
use new security technologies. Therefore, we are maintaining the 
current security requirement. The record shows that manufacturers are 
aware of the need to incorporate security measures in software defined 
radios and are in fact doing so. We note that NTIA has recommended 
that, as a long term goal, we consider requiring ``Protection 
Profiles''--an approach currently under consideration in the SDR 
Forum--as part of the equipment certification process for software 
defined radios. After industry progresses further in its deliberations, 
we may consider the possible applicability of Protection Profiles, or 
certain concepts of Protection Profiles, to equipment certification in 
a future proceeding that addresses the security of software defined and 
cognitive radios.
    20. Our security requirements for software defined radios give 
manufacturers flexibility to determine the appropriate security 
measures for a device. However, manufacturers also have the 
responsibility to choose security measures that can not be easily 
defeated by unintended parties. In the event that a software defined 
radio is found to be easily modifiable by end users, we would expect 
the responsible party as defined by our rules to immediately cease 
marketing the equipment and to take steps to ensure that future 
production of the equipment complies with the rules. Any potential 
forfeiture for non-compliance with the software defined radio security 
requirements would be considered on a case-by-case basis, taking into 
account all relevant factors, in the same manner as forfeitures are 
considered for non-compliant hardware-based equipment. In determining 
whether to issue any forfeiture penalties for a non-compliant device, 
the Commission takes into account the nature, circumstances, extent and 
gravity of the violations and, with respect to the violator, the degree 
of culpability, any history of prior offenses, ability to pay, and such 
other matters as may be relevant and appropriate. The Commission has 
specific guidelines for assessing forfeitures, but may issue higher or 
lower forfeitures than provided in the guidelines, issue no forfeiture 
at all, or apply alternative or additional sanctions as permitted by 
statute.
    21. We decline to establish specific limitations on the responsible 
party's liability for a device that incorporates specific type(s) of 
security measures in the event that it is later determined that 
unauthorized modifications can be easily made to the radio frequency 
operating parameters of the device. The responsible party's liability 
for a non-compliant device is most appropriately determined on a case-
by-case basis. Further, we agree with Intel that such an approach could 
be counterproductive because manufacturers would tend to design 
equipment to incorporate specific security features and may have little 
incentive to design equipment with robust security features, especially 
where more secure features add cost to a device. However, the 
Commission may consider compliance with industry security standards as 
a factor in determining the responsible party's liability.
    22. We are simplifying the structure of the rules for software 
defined radios by moving the security requirements for software defined 
radios from Sec.  2.932(e) into Sec.  2.944. Section 2.944 currently 
contains a requirement for parties to submit a copy of radio software 
to the Commission upon request. We are changing that requirement as 
well as the applicability of the security requirements for software 
defined radios. We are placing the requirements for software defined 
radios into a single rule section, Sec.  2.944, for easier reference. 
We are also modifying Sec.  2.1033, which lists the information to be 
included in an application for certification, to make clear that an 
application for certification of a software defined radio must include 
the information specified in the revised Sec.  2.944.
    23. As part of the revisions to Sec.  2.944, we are providing 
specific examples of the types of security measures that the Commission 
may consider to be acceptable for preventing unauthorized modifications 
to equipment. These examples are intended only to provide guidance to 
industry, and the use of one or more of these methods in a particular 
device should not be construed to limit a manufacturer's liability or 
responsibility to take appropriate corrective action in the event that 
parties other than the manufacturer are able to make unauthorized 
modifications to a device. This section will state that manufacturers 
may use any reasonable means to prevent impermissible modifications to 
the radio software including, but not limited to, the following and 
must describe the method(s) used for a particular device in the 
application for certification:
     The use of a private network that allows only 
authenticated users to download software.
     Coding in hardware that is decoded by software to verify 
that new software can be legally loaded into a device.
     Electronic signatures in software.

c. Amateur Equipment and D/A Converters

    24. In the NPRM, we proposed to exempt manufactured software 
defined radios that are designed to operate solely in amateur bands 
from any mandatory declaration and certification requirements, provided 
the equipment incorporates features in hardware to prevent operation 
outside of amateur bands. We also sought comment on the need to 
restrict the mass marketing of high-speed digital-to-analog (D/A) 
converters that could be diverted for use as radio transmitters. No 
parties have provided any information that shows that software 
programmable amateur transceivers or high-speed D/A converters present 
any significantly greater risk of interference to authorized radio 
services than hardware radios. Therefore, we decline to adopt any new 
regulations for amateur transceivers or D/A converters at this time. 
However, we note that certain unauthorized modifications of amateur 
transmitters are unlawful, and may revisit both of these issues in the 
future if misuse of such devices results in significant interference to 
authorized spectrum users.

Submission of Radio Software

    25. We are removing the requirement that an applicant for 
authorization of a software defined radio or the grantee or other party 
responsible for the compliance of a software defined radio submit a 
copy of the software that controls the radio frequency operating 
parameters upon request. We find that a copy of software source code is 
generally not be a useful aid in determining whether unauthorized 
changes have been made to the operating parameters of a device because 
software changes that have no effect on these parameters are frequently 
made by manufacturers. We also are concerned that this specific rule 
may be overly burdensome because we have observed that some equipment 
that could be authorized under the rules for software defined radios is 
not being authorized under these rules. The fact that the software in a 
device being marketed may differ somewhat from software previously 
supplied to the Commission would not necessarily indicate that any 
unauthorized changes have been made to a device's RF affecting 
operating parameters. In the event that questions arise about the 
compliance of a particular device, the

[[Page 23036]]

Commission has the authority to request and examine any component 
(whether software or hardware) of a radio system when needed for 
certification under Commission rules without the need for a specific 
requirement to submit radio software. Grantees of equipment 
certification are required to maintain records of equipment 
specifications and any changes that may affect compliance and must make 
these records available for inspection by the Commission. Further, the 
party responsible for the compliance of the device or any party who 
markets the device must supply a sample of the device to the Commission 
upon request.
    26. We are adopting a requirement to submit a high level software 
operational description or flow diagram. The requirement we are 
adopting is analogous to the requirements in the rules that were 
developed for hardware based equipment that require applicants for 
equipment certification to supply a block diagram, schematic diagram 
and a brief description of the circuit functions of a device, along 
with a statement describing how the device operates. In this regard, 
the software operational description or flow diagram must describe or 
show how the RF functions in the radio, including the modulation type, 
operating frequency and power level are controlled or modified by 
software, and must describe the security or authentication methods that 
are incorporated to prevent unauthorized software changes. The 
description can include text, logic or flow diagrams, state 
descriptions or other material that provides the Commission's staff 
with a reasonable understanding of the operation of a device being 
certified and whether the device complies with the rules. The 
Commission's staff will work with applicants for certification to 
ensure that these requirements are clear and will issue appropriate 
additional guidance as necessary.
    27. We agree with comments that information on how software within 
a software defined radio operates would be company proprietary 
information and that making this information publicly available would 
result in competitive harm to a manufacturer. Further, we find that 
information on the security methods that manufacturers employ to 
prevent unauthorized modifications to the RF operating parameters of a 
device would be considered company proprietary information. 
Additionally, making information on security measures publicly 
available could assist unauthorized parties in determining ways to 
defeat them. We also conclude that, if we were to make information on 
software defined radio operation and security measures generally 
available to the public, entities seeking equipment certification may 
not provide sufficient information for the Commission to determine 
whether the device at issue would operate in compliance with our rules. 
Accordingly, we will modify Sec.  0.457(d) of the rules to state that 
the descriptions of the security features and software operation for a 
software defined radio are presumptively protected from public 
disclosure and will not routinely be made available for public 
inspection. This presumptive protection will apply only to the 
descriptions of the security features and software operation for a 
software defined radio and not to any other exhibits in the application 
for certification which will normally be made available for public 
inspection after grant of the application. An applicant for 
certification of a software defined radio must file a specific request 
and pay the appropriate filing fee to have other exhibits in the 
application held confidential, assuming the exhibits are eligible for 
confidential treatment. To avoid possible delays in processing 
applications, applicants should ensure that exhibits for which 
confidential treatment is automatically afforded or for which it is 
requested are clearly identified and that these exhibits do not contain 
information that is not eligible for such treatment.
    28. We decline to allow TCBs to certify software defined radios at 
this time. The changes that we are adopting to automatically afford 
confidential treatment to the description of software and security 
features in software defined radio applications address the 
confidentiality concerns of parties who requested that TCBs be allowed 
to certify software defined radios to protect this information from 
public disclosure. Additionally, as the Commission has previously 
stated, because software defined radio is a new technology, TCBs will 
not be permitted to certify software defined radios until the 
Commission has more experience with them and can properly advise TCBs 
on how to apply the applicable rules. The Commission's Laboratory 
maintains a list of types of devices, including software defined 
radios, that TCBs are excluded from certifying. The Laboratory will 
remove software defined radios from this exclusion list when it 
determines that TCBs are capable of certifying them.

Automatic Frequency Selection by Unlicensed Devices

    29. We are changing part 15 of the rules to allow certification of 
unlicensed transmitters that are capable of operation outside of 
permissible part 15 frequency bands, provided the transmitters 
incorporate an automatic frequency selection mechanism to ensure that 
they operate only on frequencies where unlicensed operation is 
permitted when operated in the United States.
    30. We will allow certification of part 15 devices that operate 
outside permissible frequency bands using a master/client model. The 
terms ``master'' and ``client'' were defined in the U-NII proceeding 
for U-NII devices. We will define these terms for other types of part 
15 devices consistent with the U-NII definitions. That is, a master 
device will be defined as a device operating in a mode in which it has 
the capability to transmit without receiving an enabling signal. In 
this mode it is able to select a channel and initiate a network by 
sending enabling signals to other devices. A network always has at 
least one device operating in master mode. A client device will be 
defined as a device operating in a mode in which the transmissions of 
the device are under control of the master. A device in client mode is 
not able to initiate a network. We, of course, require master devices 
marketed within the United States to operate only in permissible part 
15 frequency bands, which will ensure that they enable operation of 
client devices only within permissible part 15 frequency bands. 
Manufacturers that wish to market master devices that are hardware-
capable of operating outside of permissible part 15 frequency bands for 
use in other countries, but use software to limit their operation to 
permissible part 15 frequency bands, must incorporate security features 
into them to limit the operating frequency range for devices marketed 
in the United States and must certify the devices as software defined 
radios. Different software can then be installed in master devices that 
are used outside of the United States to change the operating frequency 
range for use in other countries. Client devices that can also act as 
master devices must meet the certification requirements of a master 
device, and thus must be certified as software defined radios if the 
manufacturer wishes to incorporate additional frequency bands for use 
in other countries.
    31. We will allow the certification of client devices such as 
wireless LAN cards used in desktop or notebook computers if they have 
the capability of operating outside permissible part 15 frequency 
bands. Client devices may transmit only under the control of a master 
device. Because master devices are limited to operation on permissible

[[Page 23037]]

part 15 frequencies, they will direct client devices to operate on only 
permissible part 15 frequencies.
    32. The changes we have adopted will benefit manufacturers by 
allowing production of devices that can be used in multiple countries, 
thus reducing equipment costs. At the same time, the requirement to 
limit the frequency range of master devices sold in the United States 
will minimize the likelihood that devices will operate outside 
permissible frequency bands and cause interference to authorized 
services.

Interruptible Spectrum Leasing

    33. In this section, we are describing the technical methods that a 
cognitive radio could use to enable interruptible secondary use of 
licensed spectrum by other parties. The concepts in this section would 
apply to lessors who want a high level assurance of reclaiming leased 
spectrum when they need it. We find that there are technologies 
available now or under development that could safely allow for 
interruptible spectrum leasing. We find that cognitive radio 
technologies, or even trunked radio technologies, would allow 
implementation of the following general principles that interested 
parties state would be essential to enable interruptible leased use of 
spectrum:
    1. The licensee must have positive control as to when the lessee 
can access the spectrum.
    2. The licensee must have positive control to terminate the use of 
the spectrum by the lessee so it can revert back to the licensee's use.
    3. Reversion must occur immediately upon action by the licensee 
unless that licensee has made specific provisions for a slower 
reversion time.
    4. The equipment used by the licensee and the lessee must perform 
access and reversion functions with an extremely high degree of 
reliability.
    5. The equipment used by the licensee and the lessee must 
incorporate security features to prevent inadvertent misuse of, and to 
thwart malicious misuse of, the licensee's spectrum.
    34. There are at least three different technical approaches that 
currently exist or are under development that a licensee could employ 
that would comply with the intent of these principles and enable 
interruptible spectrum leasing. One approach would be for a licensee to 
allow leasing using an existing trunked system. A trunked system uses a 
central controller to select the operating frequencies of radios in the 
system. When a radio is ready to begin transmitting, it sends a request 
for an operating frequency to a central controller over a control 
channel. The controller dynamically assigns an operating frequency to 
that radio and the other radios with which it communicates. Such a 
centralized system could be used to assign channels to radios operating 
under the terms of a lease, or de-assign channels when a licensee needs 
to use the spectrum. This could be done through a wireless control 
channel as is currently done to assign channels to radios in the 
system. Alternatively, information about leased channel availability 
could be provided by the trunked system controller to the lessee's 
equipment through a wired link.
    35. The beacon approach proposed in the NPRM and described above is 
similar to a trunked system in that it uses a centralized controller to 
enable operation of lessee's equipment. The beacon could operate either 
on a frequency licensed to the public safety entity or on a separate 
control frequency in another band. The approach would require 
additional infrastructure such as the beacon transmitters and radios 
that are capable of receiving the beacon and adjusting their operation 
in response to the beacon signal.
    36. A third method that could enable leased use of spectrum is by 
an exchange of ``tokens'' sent to the lessee's devices. Token 
approaches rely on the encrypted exchange of unique information to 
verify a user's identity when opening and maintaining a secure 
communications exchange. Tokens would provide a means of ensuring that 
lessees transmit only on available frequencies when they receive an 
electronic token authorizing them to do so. These tokens could also 
enforce terms of a lease such as the specific period of time that 
transmission on a frequency is allowed, thus providing a licensee with 
a high level of confidence that lessees will vacate the spectrum when 
required under the terms of the lease. Such token technology is already 
in use in other resource allocation problems, such as the enforcement 
of software license terms and avoiding data transmission conflicts 
between computers on local area networks.
    37. At this point, we see no need to adopt any particular technical 
model for interruptible spectrum leasing. Ultimately, a licensee must 
itself be satisfied that the technical mechanism being implemented 
under a lease does in fact provide it with the ability in real time to 
reclaim use of its spectrum when necessary.

Final Regulatory Flexibility Analysis

    38. As required by the Regulatory Flexibility Act (RFA),\1\ an 
Initial Regulatory Flexibility Analysis (IRFA) was incorporated in the 
Notice of Proposed Rule Making and Order, Facilitating Opportunities 
for Flexible, Efficient, and Reliable Spectrum Use Employing Cognitive 
Radio Technologies (NPRM).\2\ The Commission sought written public 
comments on the proposals in the Notice, including comment on the 
IRFA.\3\ This Final Regulatory Flexibility Analysis conforms to the 
RFA.\4\
---------------------------------------------------------------------------

    \1\ See 5 U.S.C. 603. The RFA, see 5 U.S.C. 601-612, has been 
amended by the Small Business Regulatory Enforcement Fairness Act of 
1996 (SBREFA), Public Law 104-121, Title II, 110 Stat. 857 (1996).
    \2\ See Notice of Proposed Rule Making and Order in ET Docket 
No. 03-108, 18 FCC Rcd 26859 (2003), 69 FR 7397, February 17, 2004.
    \3\ Id.
    \4\ See 5 U.S.C. 604.
---------------------------------------------------------------------------

A. Need for, and Objectives of, the Report and Order

    39. Advances in technology are creating the potential for radio 
systems to use radio spectrum more intensively and more efficiently 
than in the past. Software-defined and cognitive, or ``smart,'' radios 
are allowing and will increasingly allow more intensive access to, and 
use of, spectrum than possible with traditional, hardware-based radio 
systems. In this Report and Order, the Commission continues the process 
of modifying the rules to reflect these ongoing technical developments 
in radio technologies. The Commission first adopted rules for software 
defined radios in 2001, recognizing that manufacturers were beginning 
to use software to help determine the RF characteristics of radios, and 
that the equipment rules, which assumed hardware changes were needed to 
modify a radio's behavior, held the potential of discouraging 
development of software defined radios by requiring repeated approvals 
for repeated software changes. In light of the Commission's experience 
with these rules, and the record in this proceeding, it is modifying 
and clarifying the equipment rules to further facilitate the 
development and deployment of software defined and cognitive radios.
    40. In the Report and Order, the Commission makes several changes 
to parts 2 and 15 of the rules. Specifically, it:
    (1) Eliminates the requirement for applicants and grantees of 
certification of software defined radios to supply a copy of the 
software that controls the RF

[[Page 23038]]

operating parameters of the radio upon request;
    (2) Requires applicants for certification of software defined 
radios to supply a high level operational description of the software 
that controls the radio frequency operating parameters;
    (3) Requires that radios in which the software that controls the RF 
operating parameters is designed or expected to be modified by a party 
other than the manufacturer to incorporate a means to prevent 
unauthorized software changes, and requires such radios to be certified 
as software defined radios;
    (4) Allows certification of unlicensed transmitters that have the 
capability of operating outside permissible part 15 frequency bands, 
provided the transmitters incorporate a software control to limit 
operation to permissible part 15 frequency bands when used in the 
United States.

B. Summary of Significant Issues Raised by Public Comments in Response 
to the IRFA

    41. None.

C. Description and Estimate of the Number of Small Entities To Which 
the Rules Apply

    42. The RFA directs agencies to provide a description of, and, 
where feasible, an estimate of the number of small entities that may be 
affected by the proposed rules, if adopted.\5\ The RFA defines the term 
``small entity'' as having the same meaning as the terms ``small 
business,'' ``small organization,'' and ``small business concern'' 
under section 3 of the Small Business Act.\6\ Under the Small Business 
Act, a ``small business concern'' is one that: (1) Is independently 
owned and operated; (2) is not dominant in its field of operations; and 
(3) meets may additional criteria established by the Small Business 
Administration (SBA).\7\
---------------------------------------------------------------------------

    \5\ See U.S.C. 603(b)(3).
    \6\ Id. 601(3).
    \7\ Id. 632.
---------------------------------------------------------------------------

Wireless Communications Equipment Manufacturers

    43. The SBA has established a small business size standard for 
radio and television broadcasting and wireless communications equipment 
manufacturing. Under this standard, firms are considered small if they 
have 750 or fewer employees.\8\ Census Bureau data for 1997 indicate 
that, for that year, there were a total of 1,215 establishments \9\ in 
this category.\10\ Of those, there were 1,150 that had employment under 
500, and an additional 37 that had employment of 500 to 999. The 
percentage of wireless equipment manufacturers in this category is 
approximately 61.35 percent,\11\ so the Commission estimates that the 
number of wireless equipment manufacturers with employment under 500 
was actually closer to 706, with and additional 23 establishments 
having employment of between 500 and 999. Given the above, the 
Commission estimates that the majority of wireless communications 
equipment manufacturers are small businesses.
---------------------------------------------------------------------------

    \8\ 1997 Economic Census, Manufacturing, Industry Series, Radio 
and Television Broadcasting and Wireless Communications Equipment 
Manufacturing, Document No. E97M-3342B (August 1999), at 9; 1997 
Economic Census, Manufacturing, Industry Series, Other 
Communications Equipment Manufacturing, Document No. EC97M-3342C 
(September 1999), at 9 (both available at http://www.census.gov/prod/www/abs/97ecmani.html).
    \9\ The number of ``establishments'' is a less helpful indicator 
of small business prevalence in this context than would be the 
number of ``firms'' or ``companies,'' because the latter take into 
account the concept of common ownership or control. Any single 
physical locations for an entity is an establishment, even though 
that location may be owned by a different establishment. Thus, the 
numbers given may reflect inflated numbers of businesses in this 
category, including the numbers of small businesses. In this 
category, the Census breaks out data for firms or companies only to 
give the total number of such entities for 1997, which was 1,089.
    \10\ U.S. Census Bureau, 1997 Economic Census, Industry Series: 
Manufacturing, ``Industry Statistics by Employment Size,'' Table 4, 
NAICS code 334220 (issued August 1999).
    \11\ Id. Table 5, ``Industry Statistics by Industry and Primary 
Product Class Specialization: 1997.''
---------------------------------------------------------------------------

D. Description of Projected Reporting, Recordkeeping, and Other 
Compliance Requirements

    44. Unlicensed transmitters are required to be certified before 
they can be imported into or marketed within the United States. The 
certification process requires the manufacturer or other party 
responsible for compliance to have the equipment tested and 
electronically file an application form, measurement report and other 
information on the equipment with the Commission or a designated 
Telecommunication Certification Body (TCB). Software defined radios at 
present may be approved only by the Commission and not by TCBs, 
although the Commission has stated that it will eventually allow TCBs 
to approve them. The Report and Order does not change this requirement.
    45. Applicants for certification of a software defined radio will 
be required to supply a high level operational description of the 
software that controls the radio frequency operating parameters.
    46. Manufacturers of radios in which the software that controls the 
radio frequency operating parameters is designed or expected to be 
modified by a party other than the manufacturer must incorporate a 
means to prevent unauthorized software changes that must be described 
in the application for certification. Such software changeable radios 
must be declared as software defined radios in the application for 
certification. Most radios at the present are not software modifiable, 
and manufacturers of those that are generally already take steps to 
prevent unauthorized modifications, so we expect that only rarely would 
manufacturers have to redesign equipment to comply with this 
requirement.

E. Steps Taken To Minimize Significant Economic Impact on Small 
Entities, and Significant Alternatives Considered

    47. The RFA requires an agency to describe any significant 
alternatives that it has considered in reaching its proposed approach, 
which may include the following four alternatives (among others): (1) 
The establishment of differing compliance or reporting requirements or 
timetables that take into account the resources available to small 
entities; (2) the clarification, consolidation, or simplification of 
compliance or reporting requirements under the rule for small entities; 
(3) the use of performance, rather than design, standards; and (4) an 
exemption from coverage of the rule, or any part thereof, for small 
entities.\12\
---------------------------------------------------------------------------

    \12\ See 5 U.S.C. 603(c).
---------------------------------------------------------------------------

    48. The Commission sought comment in the NPRM about whether it 
should make compliance with the software defined radio rules, including 
the requirement to demonstrate that a radio incorporates security 
features, mandatory rather than optional for certain types of radio 
transmitters. Based on the comments received, the Commission made these 
requirements mandatory only for the small subset of radio transmitters 
in which the software that controls the radio frequency operating 
parameters is designed or expected to be modified by a party other than 
the manufacturer. This change will ensure that radio transmitters can 
not be easily modified and cause interference to authorized services, 
while minimizing the filing burden on applicants for certification by 
requiring only a small number of devices to be certified as software 
defined radios.
    49. The Commission simplified the filing requirements for software 
defined radios to benefit all entities, including

[[Page 23039]]

small entities. It eliminated the requirement to supply software source 
code upon request because such software is not generally useful for 
certification review and may have become an unnecessary barrier to 
entry. The Commission will instead require the submission of a software 
description at the time of certification as supported by a number of 
parties in comments. Because such a description would generally be 
considered company proprietary information, the Commission will 
automatically hold such information confidential without the need for 
applicants for certification to file a specific request for 
confidentiality and pay a fee. Eliminating the need to file a specific 
confidentiality request and pay a fee is expected to benefit small 
entities that have fewer resources to comply with regulatory 
requirements.

F. Congressional Review Act

    The Commission will send a copy of the Report and Order, including 
this FRFA, in a report to be sent to Congress pursuant to the 
Congressional Review Act, see 5 U.S.C. 801(a)(1)(A). In addition, the 
Commission will send a copy of the Report and Order, including FRFA, to 
the Chief Counsel for Advocacy of the Small Business Administration.

Ordering Clauses

    50. Parts 0, 2, and 15 of the Commission's Rules are amended as 
specified in rule changes, effective August 2, 2005. This action is 
taken pursuant to the authority contained in sections 4(i), 301, 302, 
303(e), 303(f) and 303(r) of the Communications Act of 1934, as 
amended, 47 U.S.C. sections 154(i), 301, 302, 303(e), 303(f) and 
303(r).
    51. The Commission's Consumer and Governmental Affairs Bureau, 
Reference Information Center, shall send a copy of the Report and 
Order, including the Final Regulatory Flexibility Analysis to the Chief 
Counsel for Advocacy of the Small Business Administration.

List of Subjects in 47 CFR Parts 0, 2, and 15

    Communications equipment, Radio. Report and recordkeeping 
requirements.

Federal Communications Commission.
Marlene H. Dortch,
Secretary.

Rule Changes

0
For the reasons discussed in the preamble, the Federal Communications 
Commission amends 47 CFR parts 0, 2, and 15 as follows:

PART 0--COMMISSION ORGANIZATION

0
1. The authority citation for part 0 continues to read as follows:

    Authority: Secs. 5, 48 Stat. 1068, as amended; 47 U.S.C. 155.


0
2. Section 0.457 is amended by revising paragraph (d)(1)(ii) to read as 
follows:


Sec.  0.457  Records not routinely available for public inspection.

* * * * *
    (d) * * *
    (1) * * *
    (ii) Applications for equipment authorizations (type acceptance, 
type approval, certification, or advance approval of subscription 
television systems), and materials relating to such applications, are 
not routinely available for public inspection prior to the effective 
date of the authorization. The effective date of the authorization 
will, upon request, be deferred to a date no earlier than that 
specified by the applicant. Following the effective date of the 
authorization, the application and related materials (including 
technical specifications and test measurements) will be made available 
for inspection upon request (See Sec.  0.460). Portions of applications 
for equipment certification of scanning receivers and related materials 
will not be made available for inspection. This information includes 
that necessary to prevent modification of scanning receivers to receive 
Cellular Service frequencies, such as schematic diagrams, technical 
narratives describing equipment operation, and relevant design details. 
Portions of applications for equipment certification of software 
defined radios that describe the operation of the device's software and 
security features will not be made available for inspection.
* * * * *

PART 2--FREQUENCY ALLOCATIONS AND RADIO TREATY MATTERS; GENERAL 
RULES AND REGULATIONS

0
3. The authority citation for part 2 continues to read as follows:

    Authority: 47 U.S.C. 154, 302a, 303 and 336, unless otherwise 
noted.

0
4. Section 2.1(c) is amended by revising the following definition of 
``software defined radio'' to read as follows:


Sec.  2.1  Terms and definitions.

* * * * *
    (c) * * *
    Software defined radio. A radio that includes a transmitter in 
which the operating parameters of frequency range, modulation type or 
maximum output power (either radiated or conducted), or the 
circumstances under which the transmitter operates in accordance with 
Commission rules, can be altered by making a change in software without 
making any changes to hardware components that affect the radio 
frequency emissions.
* * * * *


Sec.  2.932  [Amended]

0
5. Section 2.932 is amended by removing paragraph (e).

0
6. Section 2.944 is revised to read as follows:


Sec.  2.944  Software defined radios.

    (a) Manufacturers must take steps to ensure that only software that 
has been approved with a software defined radio can be loaded into the 
radio. The software must not allow the user to operate the transmitter 
with operating frequencies, output power, modulation types or other 
radio frequency parameters outside those that were approved. 
Manufacturers may use means including, but not limited to the use of a 
private network that allows only authenticated users to download 
software, electronic signatures in software or coding in hardware that 
is decoded by software to verify that new software can be legally 
loaded into a device to meet these requirements and must describe the 
methods in their application for equipment authorization.
    (b) Any radio in which the software is designed or expected to be 
modified by a party other than the manufacturer and would affect the 
operating parameters of frequency range, modulation type or maximum 
output power (either radiated or conducted), or the circumstances under 
which the transmitter operates in accordance with Commission rules, 
must comply with the requirements in paragraph (a) of this section and 
must be certified as a software defined radio.
    (c) Applications for certification of software defined radios must 
include a high level operational description or flow diagram of the 
software that controls the radio frequency operating parameters.

0
7. Section 2.1033 is amended by adding new paragraphs (b)(12) and 
(c)(18) to read as follows:


Sec.  2.1033  Application for certification.

* * * * *
    (b) * * *

[[Page 23040]]

    (12) An application for certification of a software defined radio 
must include the information required by Sec.  2.944.
* * * * *
    (c) * * *
    (18) An application for certification of a software defined radio 
must include the information required by Sec.  2.944.
* * * * *

0
8. Section 2.1043 is amended by revising paragraph (b)(3) to read as 
follows:


Sec.  2.1043  Changes in certificated equipment.

* * * * *
    (b) * * *
    (3) A Class III permissive change includes modifications to the 
software of a software defined radio transmitter that change the 
frequency range, modulation type or maximum output power (either 
radiated or conducted) outside the parameters previously approved, or 
that change the circumstances under which the transmitter operates in 
accordance with Commission rules. When a Class III permissive change is 
made, the grantee shall supply the Commission with a description of the 
changes and test results showing that the equipment complies with the 
applicable rules with the new software loaded, including compliance 
with the applicable RF exposure requirements. The modified software 
shall not be loaded into the equipment, and the equipment shall not be 
marketed with the modified software under the existing grant of 
certification, prior to acknowledgement by the Commission that the 
change is acceptable. Class III changes are permitted only for 
equipment in which no Class II changes have been made from the 
originally approved device.

    Note to paragraph (b)(3): Any software change that degrades 
spurious and out-of-band emissions previously reported to the 
Commission at the time of initial certification would be considered 
a change in frequency or modulation and would require a Class III 
permissive change or new equipment authorization application.

* * * * *

PART 15--RADIO FREQUENCY DEVICES

0
9. The authority citation of part 15 continues to read as follows:

    Authority: 47 U.S.C. 154, 302, 303, 304, 307, 336, and 544.

0
10. Section 15.202 is added to read as follows:


Sec.  15.202  Certified operating frequency range

    Client devices that operate in a master/client network may be 
certified if they have the capability of operating outside permissible 
part 15 frequency bands, provided they operate on only permissible part 
15 frequencies under the control of the master device with which they 
communicate. Master devices marketed within the United States must be 
limited to operation on permissible part 15 frequencies. Client devices 
that can also act as master devices must meet the requirements of a 
master device. For the purposes of this section, a master device is 
defined as a device operating in a mode in which it has the capability 
to transmit without receiving an enabling signal. In this mode it is 
able to select a channel and initiate a network by sending enabling 
signals to other devices. A network always has at least one device 
operating in master mode. A client device is defined as a device 
operating in a mode in which the transmissions of the device are under 
control of the master. A device in client mode is not able to initiate 
a network.

[FR Doc. 05-8808 Filed 5-3-05; 8:45 am]
BILLING CODE 6712-01-P