PSA: Verizon Locking Bootloaders On LTE Devices Likely Does Not Violate FCC Block C Spectrum Rules

It seems there's been some renewed interest in the subject of Block C LTE "no locking" provisions after news that the Motorola RAZR will come equipped with a locked bootloader per Verizon's request. About four months ago, I published an article on this very topic. To summarize: Verizon can basically do almost anything it wants with handsets on its network in the name of reasonable network management - subject to a few limitations and caveats.

But before we get into the reasoning for this, let's talk history.

The Block C Auction Of 2008

Back in 2008, the FCC auctioned off a block of the 700MHz wireless spectrum dubbed "Block C." Verizon was the sole purchaser of the block, having bid $4.7 billion to acquire the chunk of spectrum. Prior to the auction, Google petitioned the FCC to include certain provisions requiring the purchaser of Block C, if the price was over $4.6 billion, to keep devices and traffic on that network open.

The FCC chose to adopt two of Google's proposed stipulations:

Open applications: Consumers should be able to download and utilize any software applications, content, or services they desire;

Open devices: Consumers should be able to utilize a handheld communications device with whatever wireless network they prefer;

Sounds good, right? When Verizon purchased the spectrum, it immediately sued the FCC because of its opposition to these provisions, but later dropped the suit for undisclosed reasons. Not until 2010 did Verizon even release a product (a mobile hotspot) which utilized this spectrum. The first phone to access this spectrum was the HTC ThunderBolt, released in March of this year.

When Verizon began blocking mobile tethering applications on its Android phones, particularly the ThunderBolt, earlier this year, a complaint was filed with the FCC by a consumer advocacy group, alleging Verizon was violating its duties under Block C - more precisely the "Open applications" provision. The FCC does not discuss what complaints it chooses to investigate, but we're pretty confident we know the outcome regardless. Why?

Reasonable Network Management: The Trump Card

Verizon's purchase of Block C came equipped with the same provision found in general FCC regulations of wireless mobile broadband services, which were enumerated in a rulemaking session last year. Even though it is stated that carriers must provide open access to devices and software on the Block C network, those provisions are subject to the following exemption:

(b)(1) Insofar as such use [open access] would not be compliant with published technical standards reasonably necessary for the management or protection of the licensee’s network. 47 CFR §27.16

The FCC has continually recognized that mobile data networks present "special challenges" in terms of implementation and management. Whether those "challenges" are actually all that burdensome isn't at issue - the carriers obviously hold the position that they are. What constitutes "reasonable network management?" The FCC gave carriers significant leeway in this regard, and defined the term as follows in the Block C network access requirements:

(c)(1) Standards shall include technical requirements reasonably necessary for third parties to access a licensee’s network via devices or applications without causing objectionable interference to other spectrum users or jeopardizing network security. 47 CFR §27.16

Network security is Verizon's biggest loophole around the Block C openness requirements. Unlocking a device's bootloader allows the user to install any software on the device which is available, meaning the user may install software which the carrier has had no chance to review. Verizon could easily spin this to say that potentially harmful applications on such devices could be used to exploit vulnerabilities in its network, and/or to conceal a device's identity, or to steal service.

These assertions do need to be backed by standards, but the standards aren't hard to come by. Here's Verizon's CDMA security standards and best practices. If Verizon determines that allowing users to install "root access" level software, or custom operating systems, could in any significant way pose an obstacle to the secure management of its network as outlined in the standards, imposing restrictions would be reasonable network management. Such an obstacle could be the ability to obfuscate your device's identity, or to "steal" service (wireless tethering).

For example, if a model of phone on the Verizon network is known to have a major security flaw which could expose sensitive subscriber data, the company has an obligation to remedy that flaw once it is known. Rooted or unlocked devices, which may still have the flaw, may not be able to receive an OTA update from Verizon to correct it, because their software causes an incompatibility with the update. This would prevent Verizon from managing its network on some level. Once Verizon shows that it has a standard and that unlocking or rooting could cause users to go out of compliance with those standards, it merely needs to show that the standard is reasonable. If other industry members or organizations use similar standards, the standard is presumed to be reasonable. You can bet that all four major carriers use fairly similar network security standards.

Finally, we'll talk about tethering and Block C.

Much hoop-lah has been made of the following provision, as related to the legality of charging for wireless tethering on Verizon:

(c)(1)... The potential for excessive bandwidth demand alone shall not constitute grounds for denying, limiting or restricting access to the network. 47 CFR §27.16

The key issue is that this provision says nothing about limiting access on the basis of contractual obligations - it only applies when a carrier is limiting, restricting, or denying access to data services it has promised on the basis that a user is "congesting" the network. Verizon is still very much within its right to assert that it has the authority to prevent users from stealing access to a service it charges for, namely, tethering. Opponents say this is traffic discrimination and money-grabbing, Verizon says it's a perfectly legitimate usage-based access fee that it doesn't want users to circumvent.

There is absolutely nothing in the text of 27.16 suggesting carriers must provide unlimited data to users on networks operated on the 700MHz Block C frequencies. All (c)(1) is saying is that, once users have paid for a given service, carriers cannot discriminate against their traffic on the basis of bandwidth usage (eg, they can't throttle you) - but there's nothing to stop them from charging your more for using more. This is why Verizon's throttling only affects the top 5% of 3G, rather than 4G, users. I'm not sure if I explained that clearly, so I hope the distinction got across.

Of course, in matters involving regulatory authority, there's always going to be some wiggle room for discretion.

The FCC is unpredictable. There is no way to know if the agency will change its interpretation of its own rules, or if it will decide Verizon's particular actions aren't reasonable. This is all evaluated on a case by case basis. However, the agency's interpretation of reasonable network management in the past has tended to favor service providers in all but the most extreme cases (such as content-based throttling by Comcast), so it's hard for me to see them suddenly adopting a more demanding standard in regard to "reasonable network management."

To summarize: it seems highly unlikely that the current regulation of wireless network providers on Block C is worded strongly enough to force a carrier into selling unlockable handsets, but we'll have to wait and see to know for sure.