COMPUTERS ARE BAD is a newsletter semi-regularly issued directly to your doorstep to enlighten you as to the ways that computers are bad and the many reasons why. While I am not one to stay on topic, the gist of the newsletter is computer history, computer security, and "constructive" technology criticism.
I have an M. S. in information security, more certifications than any human should, and ready access to a keyboard. This are all properties which make me ostensibly qualified to comment on issues of computer technology. When I am not complaining on the internet, I work in engineering for a small company in the healthcare sector. I have a background in security operations and DevOps, but also in things that are actually useful like photocopier repair.
You can read this here, on the information superhighway, but to keep your neighborhood paperboy careening down that superhighway on a bicycle please subscribe. This also contributes enormously to my personal self esteem. There is, however, also an RSS feed for those who really want it. Fax delivery available by request.
So we've talked about radio spectrum regulation in some detail, including the
topic of equipment authorization (EA)---the requirement, under 47 CFR, that
almost all electronics receive authorization from the FCC prior to sale. We've
also talked about the amateur radio service (ARS, 47 CFR 97), and I've hinted
that these two topics collide in an unusual way. So this of course raises the
question: does amateur radio equipment require authorization? Or, more fun to
type, does EA apply to ARS?
The answer is... it's complicated.
In fact, it's sort of surprisingly difficult to get a straight answer on this
question. 47 CFR itself is not very clear on this point, because of course the
authors of regulations are a lot more willing to throw in special cases to
resolve special circumstances than to provide a convenient general rule. While
amateur radio is mentioned in various places in Parts 2 and 15, and equipment
authorization is touched on in Part 97, there's no general requirement or
exception to be found in 47 CFR.
Further contributing to confusion, there is a lot of "armchair lawyering" in
the amateur radio community. You will get different answers from different
people on even very basic questions about EA. Part of the reason is that the
rules have changed over time, less due to 47 CFR itself than due to enforcement
actions and regulatory guidance coming from the FCC Enforcement Burea. Part of
the reason is because people are repeating things they heard eighth hand from
somewhere in the 1950s. And, well, part of the reason is that amateur radio
operators enjoy a rather unusual privilege: generally speaking, there are no
EA  requirements for amateur radio.
In a way this is intuitive: amateur radio has a substantial tradition of
home-built or home-modified equipment. "Vintage" HF equipment are sometimes
colloquially referred to as "boat anchors" in reference to both weight and
typical market value while sitting on a hamfest vendor's table. But, as a
matter of fact, if you manage to construct a boat anchor into an RF transmitter
you are welcome to use it in the amateur radio service, subject to the
technical requirements of Part 97. A common way to explain this (common enough
that the FCC itself says it in a number of places, even though it is not quite
a literal part of the regulations) is to say that amateur radio privilege rests
entirely with the person holding the license. As a licensed operator, you alone
are responsible for the operation of your station... not the device
manufacturers. You can make use of anything, subject to good engineering and
But I said it was complicated, didn't I?
The first reason is related to requirements on the sale of scanning
receivers. As a convenience and because it is fairly easy to implement with
modern electronics, almost all amateur transceivers on the market today offer
wide-band reception. Any device capable of monitoring two or more frequencies
between 30 and 960 MHz and switching to one on which a signal is received is
considered a scanning receiver (47 CFR 15.3(v)). As of 1999, all scanning
receivers require certification by the FCC (47 CFR 15.101(a)). Certification
is used here in its current sense in the regulations, meaning that the FCC
must actually review and approve the results of testing. A mere declaration
of conformity from the manufacturer is not acceptable.
In other words, the majority of amateur radio transceivers sold today are
actually subject to equipment authorization under Part 15, Part 97 be damned.
If you remember our talking about the verboten
band, this might be
familiar: the certification requirement for scanning receivers was created
specifically to prevent the sale of devices which would be used to eavesdrop on
analog mobile calls. This ruling somewhat inadvertently introduced a de facto
EA requirement for the amateur radio industry, and it is typical today for
amateur radio devices to somewhat incongruously bear a Part 15 Device label.
Amateur radio transceivers can be marketed and sold without certification under
Part 15 if, and only if, they do not meet the definition of a scanning
receiver... not particularly likely since wideband reception and dual VFO with
"dual watch" have become standard features on even the cheapest HTs. A more
likely type of device to not fall under this requirement are HF transceivers,
which are more likely to omit wideband reception and not have receive
capabilities above 30MHz. Still, this is not especially common.
Given that the first complication boils down to reaction to mobile phone
eavesdropping, it will perhaps be unsurprising (at least if you've read enough
of my radio rambling) that the second complication boils down to citizens band.
For primarily cultural reasons that are hard for anyone under 40 to really
comprehend, citizens band (CB) enjoyed a brief period of mass popularity,
during which it was the primary thorn in the FCC's side. Like other services
which are licensed-by-rule (e.g. FRS and GMRS), CB is available to individuals
without training or registration. To prevent the band becoming unusable, there
are strict limitations on CB equipment in terms of output power: 4 watts. That
doesn't sound like a lot, but remember that unlike the consumer radios we're
used to today, CB is HF. 4 watts travels surprisingly far below 30MHz,
What makes CB very different, from a regulatory perspective, from FRS and GMRS
was the absolutely huge extent of rule-breaking. While illegal operations at
e.g. higher than permitted power is not unheard of in FRS and GMRS, it is not
very common. At the height of the CB craze, illegal operation at 100W or more
became practically the norm. While there were higher-than-limit CB radios
available for purchase through various grey market channels, high CB output
powers were most commonly achieved by adding an external power amplifier.
Power amplifiers would probably be unfamiliar to most radio users today,
because we now use mostly VHF and UHF where power levels are relatively low
and linear amplifiers are troublesome for technical reasons. But in the HF
bands, still today in amateur radio, it's fairly normal to use a transmitter
with an output power of, say, 4 watts, and direct that power to an external
linear amplifier which uses it as the gate input for a very big power tube.
Power amplifiers were not legal to sell for CB use, but the CB band is close to
the popular 10 meter amateur band. Close enough, in fact, that a power
amplifier intended for 10M use will typically work acceptably when driven by a
CB radio. The inevitable result: truck stops suddenly diversified into the
lucrative amateur radio power amplifier market. Who amongst us has not stopped
into a Pilot Travel Center to upgrade our 10M rig to 300W output?
The FCC addressed this runaround of the rules by creating 47 CFR 97.315. This
exception to the general lack of EA rules in Part 97 states specifically that
any power amplifier capable of operation below 144 MHz is subject to equipment
authorization. The same section then provides broad exceptions for any such
amplifier that is built, modified, or purchased used, but only when the user
holds an amateur radio license.
What rules must such amplifiers meet to receive EA? 47 CFR 97.317 tells us that
the amplifier must exhibit zero gain between 26 and 28 MHz, not be easily
modified to demonstrate gain on those frequencies, and more broadly not be
usable for services other than amateur radio. 26 to 28 MHz is, of course, the
citizen's band. Just to reinforce this, along with some brief boilerplate
amateur radio is mentioned in Part 2 (which, remember, states the general
requirement for equipment authorization subject to whatever other part applies
to the device) only once... 47 CFR 2.1060(c), which says that "Certification of
external radio frequency power amplifiers may be denied when denial would
prevent the use of these amplifiers in services other than the Amateur Radio
Service." Here, the FCC protects "can be used for CB" as a reason to refuse
authorization under Part 97---in the one case where it's required.
Why the 144 MHz cutoff? I'm not sure exactly but there is an obvious direction
for speculation. 144 MHz is the start of the 2-meter band, which is for most
purposes the lowest amateur band that is not HF. Power amplifiers designed for
VHF and UHF use are fairly substantially different from those designed for HF
and would be unlikely to produce usable output when driven by any HF
transmitter, including a CB radio. The "below 144 MHz" rule seems to just give
a pass for those power amplifiers that are unlikely to be part of the problem.
Now, if an amateur radio power amplifier can be modified for use in CB radio,
what about a whole amateur transceiver? Yes, that's where the off-label CB
market went next. Remember Pilot truck stops? Agents of the FCC Enforcement
Bureau visited eleven of them in 2004---well into the decline of CB radio. They
are not famous for their quick reaction to new trends. Still, the FCC found
that these Pilot locations had oddly diversified again into amateur radio
It's part of the American tradition to dream big, and it ought to inspire us
all that Pilot aspired to best such barons of industry as Ham Radio Outlet
and.... no, that's it, HRO is actually the only brick and mortar amateur radio
retailer I have ever laid eyes on. The fact that their Portland location is
still open can only be explained by miracle.
Of course this was not really the case, what Pilot was selling as amateur HF
transceivers were just CB radios without equipment authorization. Or more
accurately, they were 10M transceivers that had been intentionally designed to
allow trivial modification to CB. For this bit of not-so-clever deception Pilot
was ordered to pay $125,000 to the FCC. That includes an extra bonus forfeiture
for continuing to sell them after the first set of violation notices was
This notice of apparent liability for forfeiture, FCC docket 04-272 or
better cited as 19 FCC Rcd 23113, is notable mostly because it is now the
primary citation given for the fact that amateur radio equipment does not
generally require equipment authorization. It states explicitly in paragraph 3
that "radio transmitting equipment that transmits solely on Amateur Radio
Service frequencies is not subject to equipment authorization requirements
prior to manufacture or marketing." Had the Enforcement Bureau not provided
that plain statement in this particular NALF, the lack of EA requirements for
amateur radio would remain a largely non-obvious consequence of the lack of any
particular EA requirements in Part 97 (other than the one about sub-144 MHz
Note though that, fortunately, the FCC didn't decide to address this problem by
adding an EA requirement for amateur radio transceivers that could transmit
anywhere near 30 MHz. Instead, the Enforcement Bureau finds that the existing
rules are quite clear enough. Any transmitter intended for use in CB must be
type certified for CB, and it was well established earlier in the CB craze that
"easy modifiability" does not work as a loophole. A device which is sold on the
premise that it can be easily modified for CB use is still, in the FCC's view,
a CB radio.
Nonetheless, illegal CB equipment remains pretty easy to obtain. A trivial
Google search found a 100W power amplifier for sale at just $88, apparently
from an Italian manufacturer. The internet has made regulation of the radio
market very challenging, as it has for most markets. Equipment is made for
legal applications in other countries and then imported, or just starts out
as a design for the US gray market.
This problem has become particularly large with the rise of the Chinese radio
manufacturing industry. There is a substantial global market for inexpensive
land-mobile radio equipment for business use, and many countries have rather
lax regulations on radio services and devices. LMR radios in the United States
are generally prohibited from being face-programmable, for example, but many
other countries have no such prohibition. A set of Chinese radio manufacturers
have emerged that sell products into this market. One of the cheaper ones has
become less of a brand and more of a category in the amateur radio market:
Baofeng, more properly Fujian Baofeng Electronics Co., Ltd, was founded in 2001
by one Wang Jinding. With around 1000 employees, Baofeng produces a large line
of VHF/UHF handheld radios, or Handie-Talkies as amateurs charmingly still like
to call them (a term that dates back to WWII). For several years now, Baofeng
seems to be represented in the United States by Baofeng Tech or BTech. Baofeng
Tech conspicuously promotes themselves as based in the sub-1000 population town
of Arlington, SD, and indeed the Secretary of State has the filings for B-Tech
Distribution Inc, incorporated by one Andrew Brown. The same Andrew Brown at
the same address has formed a variety of LLCs with names like "Three B
Developments" and "Three B Investments," but I can find little else about them.
The About page on the Baofeng Tech website ends in "if you have accepted Christ
as your personal Savior – contact us today here to let us know and we will send
you a one time package of literature."
BTech has also sent a one-time package of literature to the FCC, as they
obtained equipment authorization on a number of Baofeng models based on test
results commissioned from Bay Area Compliance Laboratories of Dongguan. These
equipment authorizations are, in fact, type certifications for Part 90
land-mobile radio operation. As a result, for these models, it is perfectly
legal to market and sell Baofeng radios in the United States. It is, though,
still completely possible to purchase Baofeng models with no such equipment
authorization, often shipping direct from China. This would constitute a
violation of the FCC regulations on the part of the retailer.
But what of amateur radio? Type certifications are done against specific parts
of the FCC rules. The Part 90 certificate for the Baofeng models list specific
bands and modes (emission designators) for which they are authorized. Part 90
(private land-mobile radio) is not Part 97 (amateur radio), and so the radio is
not really authorized per se.
But the trouble here is, amateur radio is largely exempt from equipment
authorization in this way too. Much like Part 97 lacks equipment authorization
requirements (except power amplifiers) on manufacturers, it also lacks any
prohibition on the use of unauthorized equipment. In fact, both Part 2 and Part
97 contain exceptions to equipment authorization requirements that explicitly
preserve the ability of amateur radio operators to use any equipment they
choose. For example, Part 2 provides an exception to general requirements that
modifications be authorized by the FCC: Amateur license holders can freely
modify equipment for use in the amateur radio service. No approvals required.
It has for some time been a generally accepted practice to repurpose Part 90
equipment for amateur use. This was particularly true in the days of
crystal-based mobile radios, when many ex-police HF radios were modified for
amateur operation. I know of club repeaters today running on lobotomized
Motorola P25 (trunking system typically used by law enforcement) equipment. And
an active group of amateurs operates WiFi equipment in amateur bands, based on
their overlap with foreign WiFi allocations.
As a result of this exceptional latitude, amateur radio operators are, as far
as I can tell, completely permitted to use Part 90 authorized radios. Further,
amateur radio operators can use radios that are not authorized at all. This
actually shouldn't be that surprising: most amateur radios today only need
equipment authorization under the 1999 anti-eavesdropping rule. Prior to '99
most all amateurs were operating unauthorized equipment!
Nonetheless, the organizations marketing and selling these unauthorized models
are violating FCC rules. The FCC seems to have taken a light touch on the issue
of selling unauthorized equipment for amateur use, not just a bit because doing
so would only really violate normal Part 15 rules and not nominally harm any
licensed service. But the FCC has increasingly taken an aggressive position on
retailers selling unauthorized radios to non-licensed users. In a prominent
case, hobby vendor Rugged Radios received a threat of a forfeiture notice if
they did not cease sale of the RH5R (apparently a custom case version of the
Baofeng UV-5R) and other models. The target market was primarily offroad and
powersports users, who don't generally hold any radio license .
Offroad and powersports users might better be advised to use the
licensed-by-rule services MURS or CB , or even apply for an
industrial/business pool license as an organization (although the logistics of
distributing Part 90 radios are somewhat complex, since they must be programmed
externally). But Rugged Radios was selling unauthorized radios along with
materials that included lists of Part 90 and Part 95 frequencies. This clearly
constituted marketing of an unauthorized device to a use for which
authorization is required.
The importation of radios not built to US regulations will continue to be a
challenge in spectrum coordination. Incidents of drone FPV transmitters
directly interfering with aviation radar show the practical effects. I tend to
think, though, that the impact will always be limited: Today, consumer radio
use not controlled by a licensed entity is largely limited to the microwave
 This is as opposed to what I'm doing here, which is more like jailhouse
 or device certification, type acceptance, or type certification. The FCC
itself is not entirely consistent about how it uses these terms and they have
changed over time, including a find-replace amendment to 47 CFR to swap out
 This has sort of come up a couple of times now. The FCC is not properly a
part of the government (it's an independent agency) and so it does not issue
fines. Instead, it issues Notices of Apparent Liability for Forfeiture, which
tell the target how much they are expected to pay as a civil matter. NALFs are
often attached to a Memorandum of Opinion and Order, which give an
interpretation of how the regulations apply to the present situation. Those
memoranda are sort of like court opinions in that they set precedent the
Enforcement Bureau will rely on later.
 Unless they happen to also be amateur radio operators. While there are
restrictions on the use of amateur radio for any commercial purpose, it's well
accepted to use amateur radio in the course of other hobbies. That is, an
amateur radio operator who also e.g. participates in off-road racing would be
permitted to use amateur radio equipment and spectrum for that purpose so long
as it is not a commercial activity (in which case the Part 90
industrial/business pool would be applicable). There is a particularly strong
tradition of amateur radio in the RC world, where many amateur radio operators
use amateur equipment and spectrum for telecontrol of RC aircraft and etc.
 MURS, the Multi-Use Radio Service, is a licensed-by-rule service similar to
GMRS but in low band where propagation in the open tends to be better. MURS
radios are more commonly mobile (i.e. automotive) than handheld, but ther are
both handheld MURS radios and mobile GMRS radios on offer. GMRS is a slightly
odd situation for that matter and there actually is such thing as a "GMRS
license," which confers privileges beyond those of licensed-by-rule users such
as repeater operation. This might also be attractive to off-road users. If you
chuckle at the common pronunciation "murrs" you are probably going to hell but
I am right there with you. Consult Baofeng Tech for advice on salvation.
One^wTwo days late for 4/20, I return to discuss equipment authorization. This
is a direct followup to my last post about unlicensed radio. I apologize for my
uncharacteristic decision to actually provide a promised follow-up in a prompt
manner, and give you my assurances that it's unlikely to happen again. I will
return to my usual pattern of saying "this is the beginning of a series" and
then forgetting about the topic for two years.
But equipment authorization is sort of an interesting topic, and moreover I
think I really shortchanged the last post by not going into it. Because ISM
bands and other so-called "Part 15" bands are unlicensed, the limitations that
exist on usage of those bands stem pretty much entirely from the equipment
authorization process. I also think I shortchanged the last post a bit by not
providing some background on the regulatory structure, so here that goes first:
when I refer to the "FCC regulations," I of course mean 47 CFR, or the 47th
title of the Code of Federal Regulations. The CFRs are a compiled version of
all of the regulations promulgated by various federal agencies and are not laws
(those are found in the USC) but are sort of like them. The difference is
basically in the way they are developed and changed: laws are set by
legislators, while regulations are set by the staffs of agencies, but typically
with some sort of formalized process that incorporates public comment. This
whole concept of codified regulations is referred to as "administrative law."
In practice, the way it works at the federal level (and simplified somewhat) is
that agencies develop regulations using their normal process, they publish the
new regulations in the Federal Register, and some staff pull the changes out of
the Federal Register and compile them into the CFR which provides a handy
reference to find all the federal regulations.
Because the stuff in the CFR comes from various agencies, it's broadly
organized by those agencies. So 47 CFR is stuff that comes from the FCC, while
the FAA produces what are often called the "Federal Aviation Regulations" but
are more properly known as 14 CFR. This is useful knowledge because the federal
government maintains eCFR.gov, a convenient website where you can browse and
search the current version of the CFRs. This is a lot more convenient than the
old system of going to a federal depository library to look at the big printed
volumes that are already out of date.
When discussing FCC regulations, it is very common to talk about them in terms
of Parts and identify services by the Part that describes them (this is broadly
a common way to refer to federal regulations) . So when we say "Part 15
device" we are describing a device which emits RF radiation under the rules in
47 CFR 15. In 47 CFR 15.1(a) we read:
This part sets out the regulations under which an intentional, unintentional,
or incidental radiator may be operated without an individual license. It
also contains the technical specifications, administrative requirements and
other conditions relating to the marketing of part 15 devices.
So that pretty much lays it out. As a result, "Part 15 device" and "unlicensed
device" are somewhat synonymous. Devices that are used under a license are
discussed under other parts. Many types of license must be applied for, but
there are licensed services that are "licensed by rule." This means that they
are a licensed service covered in another part, but that license is granted
automatically subject to certain conditions. An example of a licensed by rule
service is the family radio service or FRS, which is one of the services used
by the ubiquitous consumer walkie-talkies made by companies like Motorola and
Midland. This is not a Part 15 or unlicensed service, but you also don't need
to apply for a license, as 47 CFR 95 says that you automatically have one.
Now, all of this so far is talking about radio services. This distinction can
be confusing because, particularly in Part 15, there is some crossing of the
lines. Broadly, though, a radio service is a means of using the RF spectrum and
the rules and regulations that apply to it. Point-to-point microwave is a radio
service. Broadcast FM is a radio service. Amateur radio is a radio service.
There is a separate issue of equipment authorization. I tend to refer to this
as device certification because that therm just makes more sense to me, but I
should break the habit because the FCC consistently uses the term equipment
authorization. Equipment authorization is broadly described in 47 CFR 2, and
particularly 2.801 and up (Part 2 is sort of a general or definitions section,
and contains the high-level rules for a lot of things). In 2.901, we read:
In order to carry out its responsibilities under the Communications Act and
the various treaties and international regulations, and in order to promote
efficient use of the radio spectrum, the Commission has developed technical
standards for radio frequency equipment and parts or components thereof.
The technical standards applicable to individual types of equipment are
found in that part of the rules governing the service wherein the equipment
is to be operated. In addition to the technical standards provided, the
rules governing the service may require that such equipment be authorized
under Supplier's Declaration of Conformity or receive a grant of
certification from a Telecommunication Certification Body.
I'll spare quoting all the different sections that really put this together,
but here is the general idea: you cannot market, sell, distribute, or use a
radio frequency device unless it has an equipment authorization (EA). Part 2
lays out the process for getting that EA, which are either a declaration of
conformity (manufacturer pinky promises it meets the rules) or an independent
test depending on the device and service.
But what are the actual restrictions a device must meet? They're contained in
the sections that describe services. For devices not associated with any
service, Part 15 serves as a "catch-all." Part 15 thus covers unintentional and
incidental radiators, and intentional radiators not associated with a licensed
service. Sort of a "miscellaneous" basically.
I'm not going to spend much time on Part 2 because it's mostly procedural and
not all that interesting. However, the prohibition on marketing laid out very
explicitly in 2.801 has important implications that you have probably seen in
the marketing of cellphones. You generally cannot advertise a device until
it has an EA. If you do, you must clearly state that the device cannot yet be
sold. Early marketing for cellphones often includes such a disclaimer:
This device has not been authorized as required by the rules of the Federal
Communications Commission. This device is not, and may not be, offered for
sale or lease, or sold or leased, until authorization is obtained.
Part 2 also provides some general exceptions. The basic idea is that it is
permissible to operate a device that doesn't yet have an EA on an experimental
basis with some protections and restrictions in place. It's even acceptable
to distribute a device prior to EA, as long as distribution is only to people
who will be using the device for testing/engineering/integration purposes and
they are aware of and comply with the restrictions. In other words, the FCC is
fine with prototypes, but requires that the prototypes be restricted to limited
Finally, when the FCC approves an EA it issues a number usually called an FCC
ID. Devices are required to be labeled with their FCC ID in a fairly
conspicuous way, although because designers hate labels the FCC now allows the
FCC ID to be presented in software and on packaging rather than physically on
the device in some cases. Most smartphones are now like this.
That's probably enough of Part 2. Since the actual certification requirements
are laid out in other parts, let's take a look at some, starting with our
favorite Part 15.
Remember how right up there I quoted 15.1(a) saying that Part 15 applies to
unlicensed devices? Let's just reinforce that real quick with 15.1(b) to remind
us what's up.
The operation of an intentional or unintentional radiator that is not in
accordance with the regulations in this part must be licensed pursuant to
the provisions of section 301 of the Communications Act of 1934, as
amended, unless otherwise exempted from the licensing requirements elsewhere
in this chapter.
So this is basically the converse. If it's unlicensed, it's Part 15. If it's
not Part 15, it needs to be licensed.
First, there's an interesting question of what devices are considered radio
devices and thus subject to EA. It's fairly clear that any device that radiates
RF radiation is either a license device or a Part 15 device and is thus subject
to EA requirements. But what's RF radiation?
(u) Radio frequency (RF) energy. Electromagnetic energy at any frequency in
the radio spectrum between 9 kHz and 3,000,000 MHz.
Okay so I set that up as a bit of a joke because this definition is kind of
funny, but it's funny in an important way. For the purposes of FCC regulation,
the radio spectrum ranges from 9kHz to 3THz. Below and above that range, it's
not considered RF. Above tends not to be an issue because if you go much past
3THz you start being able to see it. Below 9kHz is a different issue: lots of
devices emanate EM fields below 9kHz, but the FCC does not consider them to be
Important implication: with few exceptions, any device that contains a clock or
pulse of 9kHz or greater is a device that emits RF. In fact, the FCC is quite
explicit elsewhere in the Part 15 definition that any digital device with a
clock speed higher than 9kHz is an RF device, because it can be expected to
emit some RF noise within the range considered the RF spectrum. This is the
reason that virtually all electronic devices are subject to Part 15 regulation.
If you don't want to deal with the FCC, 9kHz is effectively the speed limit for
any kind of pulsing or modulation.
Also very important to understanding my previous post is 15.5(a):
(a) Persons operating intentional or unintentional radiators shall not be deemed
to have any vested or recognizable right to continued use of any given
frequency by virtue of prior registration or certification of equipment...
(b) Operation of an intentional, unintentional, or incidental radiator is
subject to the conditions that no harmful interference is caused and that
interference must be accepted that may be caused by the operation of an
authorized radio station, by another intentional or unintentional radiator,
by industrial, scientific and medical (ISM) equipment, or by an incidental
In other words, the FCC doesn't give a shit about your WiFi network. There is
some nuance to the term "accepted" here. They're not saying that Part 15
devices aren't allowed to shield themselves from interference. They're saying,
in casual parlance, that Part 15 devices must put up and shut up. They don't
have any regulatory protection from interference.
15.15 provides some very general engineering guidelines for Part 15 devices. I
will not quote them, because they can be well summarized as "do a good job."
The gist is that Part 15 devices must employ good engineering practices to
minimize their RF emissions, and under no circumstances can exceed the
15.23 is the home use exception. This should be of interest to all hobbyists
and "makers." It essentially says that it is permissible to build and operate
an RF device without an EA as long as it's for personal use, you don't market
it, and you build fewer than 5. You are required to use good engineering
practices to limit RF emissions, but you aren't required to perform testing.
"It is recognized that the individual builder of home-built equipment may not
possess the means to perform the measurements for determining compliance with
the regulations" (15.23(b)). Thanks, FCC.
The majority of the remainder of Part 15 involves detailed technical standards.
It lays out the emission limits and the ways that those limits should be
measured. It's fairly long and boring, but also pretty easy to read, so you
can feel free to take a look through it on your own time.
It is useful to understand that the limits and means of measurement vary by
band and sometimes types of device, but for the most part "transmit power" is
not a factor. This makes sense in light of the fact that Part 15 applies to
unintentional or incidental radiators where there is no "transmit power." Part
15 limits are primarily specified in terms of field strength, in volts per
meter, at various distances from the device. Rules about power and antenna
characteristics are mostly reserved for licensed services, although there are
some found in Part 15. For example, WiFi devices are mostly subject to a 1w
transmit power limit, in addition to the limits on field strength, and there
are more restrictive special limits if a high-gain antenna is used. This is
some of the confusion of Part 15: WiFi is not a licensed radio service, but
rules have been added to Part 15 to regulate it sort of like one, as far as
having restrictions on power and antenna characteristics. It also implies
that you can make a WiFi device non-compliant by fitting a high-gain external
antenna. You can!
Notable as well is 15.103 which provides some "soft" exceptions. 15.103 is a
list of types of devices which are subject to the general high level Part 15
rules, but not to the specific testing requirements. They include some major
categories like things used exclusively in vehicles, medical devices used under
supervision of a physician, and some digital devices with clock speed under
1.705MHz which are strictly battery powered (tends to apply to remote
controls). These exceptions combine two different motivations: first, some of
the excepted devices are excepted because they pose a very low risk of emitting
problematic interference (simple battery powered electronics). Second, some of
the excepted devices are subject to other engineering, regulatory, and
application controls that limit the risk of interference (vehicle components
and medical devices).
Finally, remember U-NII from the last post? the spectrum that allows for 5GHz
and 6GHz WiFi? it's not a service, it's still Part 15, and it's discussed
specifically in 15.401 and up. This includes the special characteristics of
U-NII that I mentioned like DFS (radar avoidance) and AFC (automatic
Let's compare and contrast Part 15 to parts that cover licensed services. An
obvious one is Part 73, Radio Broadcast Services. This includes your AM and FM
radio stations. Much like Part 15, Part 73 is heavily concerned with limits on
these broadcasters, but unlike part 15 they are generally expressed in terms of
transmit power (which can actually be measured a few different ways, the
regulations clarify how for each service) and antenna characteristics. More
interesting is the type of emission regulation that really distinguishes a
licensed service from Part 15: Part 73 describes the rules to protect broadcast
stations from interference. Methods and calculations are described to
determine, for example, whether or not an AM station is sufficiently far away
from another AM station on the same or nearby frequency to avoid the two
overlapping. Unlicensed devices must accept interference, licensed devices are
generally protected from interference by the regulations.
The exact details of these limits can get fairly technical. Part 15 includes a
number of formulae, Part 73 has even more as it gets even into the modulation
used by transmitters. This is one of the reasons administrative law is
differentiated from legislation: the details of regulation are often very
technical, and so they are developed and evaluated by technical professionals.
These things can be tricky, and so in places Part 73 reads almost like a
textbook. In a number of spots it specifies the formula to be used, and then
provides an example calculation just to make sure you really get it.
There are things like this (47 CFR 73.151(c)(2)(i)):
The computer model, once verified by comparison with the measured base
impedance matrix data, shall be used to determine the appropriate antenna
monitor parameters. The moment method modeled parameters shall be established
by using the verified moment method model to produce tower current
distributions that, when numerically integrated and normalized to the
reference tower, are identical to the specified field parameters of the
theoretical directional antenna pattern. The samples used to drive the
antenna monitor may be current transformers or voltage sampling devices
at the outputs of the antenna matching networks or sampling loops located
on the towers...
Who knew regulations could be so fun! This is basically getting into the
details of how the specifications of a directional antenna array for an AM
radio station can be established. Antenna engineering is complex and I barely
understand the most basic parts of it. When you get into arrays operating at
low frequencies it can get very complex indeed and so the FCC specifies that
computer modeling alone is not enough, the actual performance needs to be
verified against the model.
How about another? Part 90 covers Private Land Mobile Radio Services. Land
mobile radio (LMR) is a broad category of portable radios used on land...
mostly handheld or in vehicles. LMR is a pretty big category because it
encompasses everything from public safety dispatch to some cellular bands (most
cellular bands in use today are part of other services, though). Land is
specified because aviation and marine radio are both their own services.
Part 95C describes the Industrial and Business Pool, a widely-used service for
everything from non-government vehicle fleets to some retail store handheld
radios. A few different types of users are eligible to use the pool but under
47 CFR 90.35(a) it basically comes down to "anyone who is in business, and most
organizations that aren't in business as well."
47 CFR 90.35(b)(3) is a lengthy table that lists the frequencies available for
industrial and business use, which span many bands but are most dense in the
popular VHF mid area (140MHz or so) and UHF low area (460MHz or so). These are
very popular parts of the spectrum in general as they have good propagation and
penetration characteristics and RF electronics for these wavelengths are
relatively easy to construct. Amateur radio operators might recognize these as
being more or less the 2m band and the 70 cm band , which are also perhaps
the most popular bands in amateur radio. Most mobile radio services have some
frequencies allocated in these areas and so they are fairly densely packed with
different users. This approach highlights one of the many variations between
different radio services: some radio services are allocated a band, some radio
services are allocated a list of bands or even a list of specific frequencies
scattered across many bands.
As with most things in radio regulation, this table comes with caveats and
exceptions. For example, a number of I/B pool frequencies in the UHF band
overlap UHF aviation radio used by the military. Note 61 on the table
states that these frequencies cannot be licensed near any of a long list of
airports and bases, and are subject to a lower power limit elsewhere.
Let's dwell for a moment on this topic of UHF military aviation radio, as it is
an example of an important complexity of US spectrum regulation. Military
aviation radio is not an FCC radio service. The FCC is an independent agency
created by Congress. This means that while its leadership is appointed by the
President and confirmed by Congress, it is not a part of any branch of
government. For both historic and present reasons, the executive branch of the
federal government maintains its own, separate authority to authorize radio use
in the form of the National Telecommunications and Information Administration,
which derives its authority directly from the President. Because the military
is also part of the executive branch, its authority to use radio is granted by
the NTIA and not the FCC. Obviously the NTIA and FCC must coordinate their
activities to avoid conflicting allocations.
There can be some nuance to the line dividing NTIA and FCC authority. Aviation
is once again a good example. Because VHF aviation radio is used by a wide set
of individuals in the aviation field, and not only by the executive branch, it
is regulated by the FCC (Part 87). The FAA, though, uses radio for its own
internal purposes, such as for communication between control centers and remote
equipment like radars and radio transceivers. Since this use is entirely within
the executive branch, it is regulated by NTIA. Air traffic control thus
simultaneously involves FCC and NTIA services, although the NTIA services are
not exposed to pilots, since they are not part of the executive (except for
military pilots, who are!). Further illustrating this complexity, the FAA has
chosen to fully contract the operation of most of its radio facilities to a
private company (L3Harris), on an M&O basis. Because Harris is not part of the
executive, they must gain authorization from the FCC... leading to a process of
the FAA "turning in" its NTIA licenses so that Harris can apply for an FCC
license for the same equipment.
It is a somewhat common misconception that NTIA authorizations are somehow
secret. This is not the case; while the NTIA has failed to provide the online
records access that the FCC does, you can submit a FOIA request to the NTIA
and receive in response a PDF of over 3,000 pages listing all NTIA frequency
allocations. I have several times started on writing a parser to convert this
report into a more usable database but I fear my lack of a computer science
degree proper shows here and I have not succeeded. Maybe that automata class
everyone else in the department took was good for something.
We will return to the topic of Part 90 to examine one last interesting aspect:
frequency coordination. The role of the FCC is often mis-described as being
coordination of frequencies. While there are exceptions, for the most part the
FCC restricts itself to coordination of services and leaves the more detailed
work to other organizations. In aviation, for example, the FAA does the actual
frequency allocation. In the industrial/business pool, frequency coordination
is entrusted to private corporations that have obtained a certification from
the FCC. So, the first step in applying for an I/B license is typically to
contact one of these organizations and receive their "suggested" frequency.
You then include a letter from the coordinator as an attachment to your
application, to show the FCC that you are requesting that particular frequency
for a good reason. Many variations on these models exist, but the rule of
thumb is that the FCC allocates bands or frequencies to a service, and what
goes on within the scope of that service is coordinated by someone else.
Broadcast radio is a very notable exception, since the FCC itself is also the
agency responsible for non-spectrum regulation of broadcast radio.
Let's wrap up by discussing one last service, and I'll make this a fun one:
Part 97, the amateur radio service. One of the interesting things about Part 97
is that it makes frequent reference to radio-telecommunications as an art, e.g.
listing one of the purposes of the amateur radio service as "continuation and
extension of the amateur's proven ability to contribute to the advancement of
the radio art" (47 CFR 97.1(b)). This is a more aspirational view of
communications technology which I attempt, but mostly fail, to capture in my
writing: since the time of Marconi, Fessenden, etc., radio has been the type of
human achievement that is appealing on both practical and aesthetic grounds.
Unfortunately, just as the consolidation of airlines and decay of entry-level
general aviation has largely robbed flight of its romance, the consumerization
of radio technology has removed much of the fun. Still, though, if you want to
twiddle knobs and strain to hear through static, amateur radio is here for you.
It's a lot of fun! And besides, the promise of advancement to the art seems to
continue to pan out. The new generation of amateur radio operators has
developed a number of innovative digital techniques and built infrastructure
that is useful for theoretical and industrial research on atmospheric physics,
propagation, astronomy, etc. Improvements in technology seem to now be driving
a return to commercial use of HF radio, long of limited use due to a degree of
complexity that tends to require an experienced operator. Many of the methods
being used to automate HF operations are derived at least partially from
dweebs tinkering around with GNU Radio for fun.
Anyway, enough of that. Let's look at the rules. 97.5 lays out the basics,
namely that amateur radio stations must be "under the physical control of" a
person who holds a license. There are various nuances to this rule but for the
most part a very literal reading works. The main caveat is that the licensed
operator need not be physically present; subject to some limitations amateur
radio stations may operate unattended or by remote control as long as
reasonable measures are in place to prevent tampering.
Much of Part 97 is fairly obvious and uninteresting, although there are some
regulatory oddities like the fact that the National Environmental Policy Act
applies to amateur radio and so amateur radio operators may need to complete
environmental impact statements when siting stations or equipment in areas
of environmental, historic, or cultural significance. NEPA is sort of a hobby
interest of mine and I'll probably write about it in more length eventually.
On the flip side, Part 97 provides some positive protection to amateur radio
Except as otherwise provided herein, a station antenna structure may be
erected at heights and dimensions sufficient to accommodate amateur service
communications. (State and local regulation of a station antenna structure
must not preclude amateur service communications. Rather, it must reasonably
accommodate such communications and must constitute the minimum practicable
regulation to accomplish the state or local authority's legitimate purpose.
See PRB-1, 101 FCC 2d 952 (1985) for details.)
This was added in response to a series of municipal governments enacting zoning
regulations that prohibited antenna structures. Radio, though, is regulated by
the federal government, which claims supremacy on the topic. State and local
laws generally cannot prevent activities which the FCC permits. A similar
situation exists in aviation, where the FAA has supremacy, and leads to a
confusing paradox related to bans on UAS or "drones" enacted by state and local
governments. They lack the authority to do so, and so these bans are actually
bans on ground operations, not flight. This whole federation thing can be
What about frequency coordination? 97.101 tells us that "Each station licensee
and each control operator must cooperate in selecting transmitting channels and
in making the most effective use of the amateur service frequencies. No
frequency will be assigned for the exclusive use of any station." In other
words, in keeping with the nature of amateur radio as a loosely regulated,
hobbyist service, frequency coordination is light. Various organizations,
typically the ARRL or organizations under its auspices, perform various types
of frequency coordination in the amateur service. For the most part, this is
purely voluntary and does not have the force of regulation, although one could
argue (and the FCC has) that willfully ignoring organized frequency
coordination constitutes a failure to operate in accordance with "good amateur
practice" as is required at the beginning of 97.101.
97.111-97.117 regulate the use of amateur radio. The general idea is that
amateur radio cannot be used for commercial purposes and is intended only for
two-way (that is, not broadcast) use with limited exceptions. 97.119-97.221
provide regulations related to the operations of different types of stations
and functions. 97.301 lists the authorized bands, with many caveats depending
on the particular band. A notable thing about amateur radio is that it often
shares its bands with other services. This is pretty common overall: a lot of
radio services are allocated bands or frequencies on a secondary or shared
basis, which makes more efficient use of the spectrum but does require radio
users to take precautions to avoid interfering with other band users.
The rest of Part 97 deals with administrative details; things like exams,
licensing, reporting, etc. It's the kind of thing that isn't much fun to read,
but is useful to be familiar with a an amateur radio operator.
This concludes our general tour of 47 CFR. This has gone on for quite a while,
and the great thing is that I still didn't get to the thing I meant to
explain... the sort of odd rules regarding equipment authorization and amateur
radio. But still, there's a lot here that gets towards that point: equipment is
almost always required to be authorized by the FCC, and the specific
requirements for authorization come either from Part 15 or from the Part that
covers the service for which the equipment is to be used. As a result,
equipment authorization is specific to a service. Generally speaking, a Part
15 device cannot be used in any licensed service. A device authorized under
another Part can be used only with the specific service for which its
authorized. The FCC itself sometimes refers to this as "type certification" or
"type acceptance," and it is the dominant area where device manufacturers,
marketers, and users are currently getting in trouble. So let's get into that
topic properly... later.
 The CFRs are actually organized into chapters and subchapters for reading
convenience, but the parts are numbered straight through. So no one ever writes
"47 CFR I.A.15," just "47 CFR 15" or "Part 15" will do.
 For historic reasons amateur radio has a habit of referring to bands by
wavelength rather than frequency, which I have always found frustrating. This
is no longer common in most forms of commercial radio, where the IEEE radar
band designations are more common (VHF low/mid/high, L band, C band, etc).
Not that these are really any more convenient.
I had a strong feeling that I had written a post at some point in the past
that touched on license-free radio services and bands. I can't find it now,
so maybe it was all a dream. I wanted to expand on the topic, so here we are
As a general principle, radio licensing in the United States started out being
based on the operator. As an individual or organization, you could obtain a
license that entitled you to transmit within certain specifications. You could
use whatever equipment you wanted, something that was particularly important
since early on most radio equipment was at least semi-custom.
In some cases licenses rested with individuals, and in others they rested with
organizations. It tended to depend on the type of service; in the maritime
world in particular radio operators needed to hold licenses regardless of the
separate station licensing of the ship.
In other services like most land-mobile radio, a license held by an
organization may entitle its staff to use radios (within license parameters)
with no training or qualifications at all. These types of radio services impose
limitations intended to prevent unqualified users from causing undue
interference. A common example is the prohibition on face programming of most
land-mobile radios in business or government use: restricting users to choosing
from pre-programmed channels prevents use of unlicensed frequencies, based on
the assumption that the pre-programming was done by a competent radio
technician. This doesn't always hold true in real organizations  but the
idea, at least, is a good one.
Today, though, we most commonly interact with radio in a different form:
services that are fully unlicensed. We use WiFi constantly, but neither
ourselves nor our organizations have a radio license authorizing it. You might
think that the manufacturer of the equipment, perhaps, holds a license, but
that's not really the case. The reality is strange and a result of
Early in the history of radio, it was discovered that radio frequency had
applications other than communications. As a form of electromagnetic radiation,
RF can be a useful way to deliver energy. In 1933, Westinghouse demonstrated
the use of a powerful shortwave transmitter as an oven. This idea was not
especially practical due to the physics of heating with low-frequency RF, but
the basic concept became quite practical around a decade later when a Raytheon
engineer famously noticed that a specialized type of transmitter tube used for
radar systems melted a chocolate bar in his pocket. One wonders if the
localized heating to his body this would have involved as well was noticeable,
but presumably RF safety was less of a workplace priority at the time.
This specialized transmitter tube was, of course, the magnetron, which has
largely fallen out of use in radar systems but is still used today as the RF
transmitter in microwave ovens. A magnetron is a vacuum tube that exploits some
convenient physics to emit RF at a fairly high level of efficiency, and with
a fairly compact device considering the power levels involved. As a downside,
the output of magnetrons is not particularly precise in terms of frequency
control, and is also not very easy to modulate. This makes them unattractive
for modern communications purposes, but quit suitable for non-communications
use of strong RF emissions such as Totino's pizza rolls.
This whole tangent about the history of the microwave is a way to introduce a
field of RF engineering different from what those of us in the information and
communications industry usually think of. We could broadly refer to these
applications as "RF heating," and while the microwave oven is the most
ubiquitous form there are quit a few others. The use of RF for localized
heating, for example, is useful in a number of situations outside of the
kitchen. Synthetic textiles, particularly for more technical applications like
tents and life jackets, are sometimes "seamed" using RF welding. RF welders
clamp the fabric and then put a strong HF signal through the join to cause
heating. The result is similar to direct thermal welding but can produce a more
reliable join for some materials, since the heating process is more even
through the thickness of the material. Similarly, a variety of instruments are
used in medicine to cause RF heating of specific parts of the body. While
normally RF heating of the body is a Bad Thing caused by poor safety practices,
surgeons can apply it to destroy tumors, cauterize wounds, etc.
RF is also useful for non-heating purposes due to the way it penetrates
materials, and there are various measurement instruments that pass RF through
materials or emit RF and observe reflections. I am of course basically
describing bistatic and monostatic radar, but many of these devices are far
smaller and lower power than radar as we typically think of it and so it's
useful for them to be available without complex licensing or coordination
requirements. A somewhat extreme example of such devices are the millimeter
wave imagers used in airport security, which take advantage of the minimal
water penetration of very high frequencies in the range of 60GHz and above.
This whole category of RF devices is an interesting one because they are not
"radios" in the typical sense, but they still use the same spectrum and so
impact radio use. This is a particularly important issue since many RF heating
devices operate at very high power levels... few people possess a radio
transmitter in the range of a kilowatt, but most people have a microwave oven.
As a result, radio spectrum regulators like the FCC need to coordinate these
devices to prevent them causing severe interference with communications
applications. It was the microwave oven which first revealed this need, and so
it's no surprise that shortly after the Raytheon chocolate accident the FCC
proposed a set of bands which it called Industrial, Scientific, and Medical, or
ISM---this term intended to encompass the set of non-communications RF
applications known at the time (microwave ovens had not yet become practical
for home use).
The microwave oven continues to serve as an excellent case study for the
evolution of unlicensed radio, because for several reasons microwave ovens
operate at around 2.4GHz, and so one of the original ISM bands is the 2.4GHz
band. That number will be familiar because most WiFi standards except very old
ones and very new ones operate in that same band. What gives? Why does a
sensitive, high-rate digital radio system operate in a band that was explicitly
reserved for being hopelessly splattered by a thousand microwave ovens?
The answer is licensing. Because the ISM bands were basically reserved to be a
no-man's land that non-communications devices could freely emit into, there are
no licensing requirements for ISM emissions. ISM devices must pass only a
device certification process which exists mostly only to ensure that they do
not produce external emissions outside of safety limits or emit in other bands.
In other words, WiFi uses the 2.4GHz band because it's the easiest one to use.
Other ISM bands show the same problem. 900MHz is reserved for ISM applications,
also mostly for heating, but was widely used by cordless phones and baby
monitors. The lower ISM bands, in the HF range, are typically not used by
consumer devices due to the higher cost of HF power electronics, but there are
These unlicensed communications applications of the ISM bands have been
formalized over time, but remain from their origin a workaround on licensing
requirements. This original sin of many consumer radio devices is the reason
that, early on, microwave ovens were a major source of problematic interference
with radio devices. The thing is, everyone blamed the microwave ovens even
though it was actually WiFi that was intruding in spectrum that rightfully
belonged to hot pockets.
One might wonder why these unlicensed systems use bands that are allocated to
ISM applications, instead of bands that are actually intended for unlicensed,
low-power communications. The short answer is politics, and the longer answer
is that no such bands existed at the time (in usable parts of spectrum) and the
process to create them was a long one. Remember that for most of the history of
spectrum regulation radios were big, expensive devices that required expertise
to operate. It was the expectation that everyone using a radio either had a
license or had been issued it by a licensed organization. It was cordless phones
and baby monitors that really started to chip away at that expectation, and WiFi
caused it to completely collapse.
We talked about 2.4GHz WiFi, and so you might be wondering about 5GHz WiFi...
the band used by 802.11a, and at least optionally in 802.11n, 802.11ac, and
802.11 "WiFi 6" ax. There's good news: 5GHz is not an ISM band. Instead, it's
allocated for "Unlicensed National Information Infrastructure," or U-NII. The
term is both weirdly vague (Information Infrastructure) an weirdly specific
(National), but U-NII's history is revealing. The 5GHz band was first widely
applied by the HIPERLAN standard, an ultimately unsuccessful competitor to WiFi
in Europe. The model of HIPERLAN, though, caused none other than Apple Computer
to start the regulatory process to allocate a similar band in the US for
computer networking. Originally, in 1995, Apple largely envisioned the band
being used for wide-area networking, or what we might now call WISPS, but the
rules were made sufficiently general to allow for local area applications as
well. Apple never succeeded in this product concept but the band was selected
for 802.11a. 801.11a had limited success due to higher cost and poorer range,
and subsequent WiFi standards returned to 2.4GHz... but as interference became
a major problem for WiFi that lower range became more attractive, along with
the many advantages of a more dedicated band allocation.
The U-NII band was allocated relatively late, though, and so it comes with some
complexities. By the time it was allocated for U-NII it had already been in use
for some time for radar, and indeed the issue of 5GHz WiFi interfering with
radar proved severe. To resolve these issues, many 5GHz U-NII devices are now
required to implement a feature called Dynamic Frequency Selection or DFS. This
might be better referred to as "radar dodging," because that's what it does.
5GHz WiFi APs actively monitor the channel they're using for anything that
looks like a radar emission. If they detect one, they switch to a different
channel to avoid it. Because radar is relatively sparsely deployed, this
usually works quit well. If you live near an airport, for example, there may be
a terminal weather radar at 5GHz that will quickly scare your WiFi network off
of a particular channel. But it's almost always the only such radar anywhere
nearby, so there are still other channels available. The issue becomes a bit
trickier for higher-performance WiFi standards like WiFi "802.11ax" 6 that use
wider channels, and so some people might see more issues caused by DFS
(probably the 5GHz AP shutting off entirely), but this should remain uncommon.
WiFi continues to grow as a radio application, and so too does its allocated
spectrum. Just a couple of years ago, the FCC allocated a huge swath---5.925 to
7.125GHz---to unlicensed communications systems, as secondary users to existing
mostly point-to-point microwave links. This range has effectively been glued on
to the top of the existing U-NII, and so it is referred to as U-NII 5 through
U-NII 8 (U-NII 1-4 being the original 1997 allocation). Once again, WiFi must
take actions to play nice with existing spectrum users. Indoor WiFi APs don't
have to do anything too special but are limited to very low power levels to
ensure that their emissions do not substantially leak outside of the building.
Outdoor APs are allowed a higher power level since potential interference is
inevitable in an outdoor environment... but there's a cost.
Outdoor 6GHz WiFi APs must use "automatic frequency coordination." AFC is not
yet completely nailed down, but the general idea is that someone (I put my
money on L3Harris) will operate an online database of 6GHz spectrum users. AFC
WiFi APs will have to automatically register with this database and obtain a
coordinated frequency allocation, which will be selected by the database to
prevent interference with existing fixed users and, to the greatest extent
practical, other 6GHz WiFi APs. This system doesn't actually exist yet, but
we can expect it to add a layer of management complexity to outdoor use of
the 6GHz band that might limit it to campus operators and other enterprise
WiFi systems, at least in the short term.
But then the issue is kind of moot for the moment, because there are very few
actual 6GHz WiFi devices. In keeping with the decision to brand 802.11ax as
"WiFi 6," 6GHz application is called "WiFi 6E." We can all ponder the direct
parallels to the confusing, but the other way, marketing term DECT 6.0. At the
moment only indoor WiFi 6E APs are available (due to AFC not yet being
standardized), and only the very cutting edge of client devices support it.
This includes the Pixel 6, but not yet any iPhone, although it's a pretty safe
bet that the iPhone 14 announcement will change that. A few mini-PCI-e form
factor WiFi 6E adapters are available, often called "tri-band," and are
starting to pop up in high-end laptops. As usual with new bands, it will be
some years before WiFi 6E finds common use.
Of course I am upgrading my home APs to 6E models, so that whenever I use my
Pixel 6 Pro I can feel just a little but smug. That's the important thing about
new WiFi standards, of course: spending nearly a grand on an upgrade that only
even theoretically helps for your phone, where real-world performance is
render 140 characters of text, but it's getting that text at the better part of
a gigabit per second!
There's some more complexity to this situation related to FCC certification of
devices, which has become more complex and important over time, but that's a
story for another time...
 Everyone grumbles about Baofeng people, but I've had some contact with
rural police and fire departments and you would be amazed at the things their
"radio technician" (chief's nephew) thinks are a good idea.
Today, as New Mexico celebrates 4/20 early, seems an appropriate time to talk
about bhang... or rather, the bhangmeter.
The name of the bhangmeter seems to have been a joke by its designer and Nobel
laureate Frederick Reines, although I must confess that I have never totally
gotten it (perhaps I simply haven't been high enough). In any case, the
bhangmeter is one of the earliest instruments designed for the detection of a
nuclear detonation. In short, a bhangmeter is a photosensor with accompanying
discrimination circuits (or today digital signal processing) that identify the
"double flash" optical and heat radiation pattern which is characteristic
of a nuclear detonation.
The double flash originates from the extreme nature of the period immediately
after a nuclear detonation: the detonation creates an immense amount of heat
and light, but very quickly the ionized shockwave emerging from the explosion
actually blocks much of the light output. As the shockwave expands and loses
energy, the light can escape again. The first pulse is only perhaps a
millisecond long and has very sharp edges, while the second pulse appears more
slowly and as much as a second or so later (depending on weapon type,
The immensely bright light of a nuclear detonation, accompanied by this double
flash intensity pattern, is fairly unique and has been widely for remote
sensing for nuclear weapons. Today this is mostly done by GPS and other
military satellites using modern optical imaging sensors, and the same
satellites observe for other indications of nuclear detonation such as an X-ray
pulse to confirm . The bhangmeter itself, though, dates back to 1948 and
always showed potential for large-area, automated monitoring.
The United States first effort at large-scale automated nuclear detonation
monitoring was entrusted to the Western Union company, at the time the nation's
largest digital communications operator. By 1962, Western Union had completed
build-out of the uncreatively named Bomb Alarm System (BAS). BAS covered 99
locations which were thought to be likely targets for nuclear attack, and was
continuously monitored (including state of health and remote testing) from six
master control stations. It operated until the late '60s, when improved space
technology began to obsolete such ground-based systems.
Let's spend some time to look at the detailed design of the BAS, because it
has some interesting properties.
At each target site, three sensors are placed in a circle (at roughly 120
degrees apart) of eleven miles radius. This distance was chosen so that the
expected sensitivity of the sensors in poor weather would result in a
detonation at the center of the circle triggering all three, and because it
allowed ample time for a sensor to finish transmitting its alarm before it was
destroyed by shockwave-driven debris. If a nuclear weapon were to detonate off
center, it may destroy one station but the other two should complete
transmission of the alarm. This even allowed a very basic form of
The sensors were white aluminum cylinders mostly mounted to the top of
telephone poles, although some were on building roofs. On casual observation
they might have been mistaken for common pole-top transformers except that each
had a small cylindrical Fresnel lens sticking out of the top, looking not
unlike a maritime obstruction light. The Fresnel lens focused light from any
direction towards a triangular assembly of three small photocells. A perforated
metal screen between the lens and the photocells served both to attenuate light
(since the expected brightness of a nuclear detonation was extremely high) and
as a mounting point for a set of xenon flash bulbs that could be activated
remotely as a self-test mechanism.
In the weatherproof metal canister below the lens was a substantial set of
analog electronics which amplified the signal from the photocells and then
checked for a bright pulse with a rise time of less than 30ms, a brightness
roughly equivalent to that of the sun, and a decay to half brightness within
30ms. A second pulse must reach the same brightness within one second and
decay within one second.
Should such a double flash be detected, the sensor interrupted the 1100Hz
"heartbeat" tone modulated onto its power supply and instead emitted 920Hz for
one second followed by 720Hz for one second. These power supply lines, at 30vdc
(give or take the superimposed audio frequency tone), could run for up to 20
miles until reaching a signal generating station (SGS).
The SGS was a substantial equipment cabinet installed indoors that provided the
power supply to the sensor and, perhaps more importantly, monitored the tone
provided by the sensor. The SGS itself is very interesting, and seems to have
been well ahead of its time in terms of network design principles.
Long series of SGS could be connected together in a loop of telegraph lines.
Each SGS, when receiving a message on its inbound line, decoded and re-encoded
it to transmit on its outbound line. In this way the series of SGS functioned
as a ring network with digital regeneration at each SGS, allowing for very long
distances. This was quite necessary as the SGS rings each spanned multiple
states, starting and ending at one of the three master control stations.
Further, SGS performed basic collision avoidance by waiting for inbound
messages to complete before sending outbound messages, allowing the ring
network to appropriately queue up messages during busy periods.
During normal operation, the master control station transmitted into the ring a
four-character "poll" command, which seems to have been BBBG. This is based on
a telegraph tape shown in a testing document, it is not clear if this was
always the signal used, but BBBG does have an interesting pattern property in
Baudot that suggests it may have been used as a polling message as a way of
testing timing consistency in the SGS. An SGS failing to maintain its
baudot clock would have difficulty differentiating "B" and "G" and so would
fail to respond to polls and thus appear to be offline.
In response to the poll, each station forwarded on the poll message and checked
the tone coming from its attached sensor. If the normal heartbeat or "green"
tone was detected, it sent a "green" status report. For example, "JGBW," where
the first three characters are an identifier for the SGS. Should it fail to
detect a tone, it could respond with a trouble or "yellow" status, although I
don't have an example of that message.
Since each station sending its status would tie up the line, stations further
down would have to wait to report their status. The way this queuing worked
out, a noticeable amount of time after initiating the poll (around ten seconds
by my very rough estimation) the master control station would receive its own
poll command back, followed by green or yellow status messages from each SGS
in the loop, in order. This process, repeated every couple of minutes, was
the routine monitoring procedure.
Any SGS which failed to receive a poll command for 2.5 minutes would
preemptively send a status message. This might seem odd at first, but it was a
very useful design feature as it could be used to locate breaks in the loop. A
damaged telegraph line would result in no responses except for 2.5 minute
status messages from all of the SGS located after the break. This localized
the break to one section of the loop, a vital requirement for a system where
the total loop length could be over a thousand miles.
Should a sensor emit the 920Hz and 720Hz pattern, the attached SGS would wait
for the inbound line to be idle and then transmit a "red" message. For example,
"JGBCY," where "JG" is a station ID, "B" is an indicator of approximate yield
(this appears to have been a later enhancement to the system and I am not sure
of how it is communicated from sensor to SGS), "C" indicates an alarm and "Y"
is an optional terminator. The terminator does not seem to be present on
polling responses, perhaps since they are typically immediately followed by
The SGS "prioritizes" a red message in that as soon as an inbound message ends
it will transmit the red message, even if there is another inbound message
immediately following. Such de-prioritized messages will be queued to be sent
after the red alert. For redundancy, a second red message is transmitted a bit
later after the loop has cleared.
In the master control center, a computer sends poll messages and tracks
responses in order to make sure that all SGS are responsive. Should any red
message be received polling immediately stops and the computer begins recording
the specific SGS that have sent alarms based on their ID letters. At the same
time, the computer begins to read out the in-memory list of alarming stations
and transmit it on to display stations. Following this alarm process, the
computer automatically polls again and reports any "yellow" statuses to the
display stations. This presumably added further useful information on the
location and intensity of the detonation, since any new "yellow" statuses
probably indicate sensors destroyed by the blast. Finally, the computer
resets to the normal polling process.
When desired, an operator at a master control station can trigger the
transmission of a test command to a specific SGS or the entire loop. When
receiving this command, the SGS triggers the xenon flash bulbs in the sensor.
This should cause a blast detection and the resulting red message, which is
printed at the master control center for operator confirmation. This represents
a remarkably well-thought-out complete end-to-end test capability, in good form
for Western Union which at the time seemed to have a cultural emphasis on
complete remote testing (as opposed to AT&T which tended to focus more on
redundant fault detection systems in every piece of equipment).
To architect the network, the nation was first split roughly in half to form
two regions. In each region, three master control centers operated various
SGS loops. Each target area had three sensors, and the SGS corresponding to
each of the three sensors was on a loop connected to a different one of the
three master control centers. This provided double redundancy of the MCCs,
making the system durable to destruction of an MCC as well as destruction
of a sensor (or really, destruction of up to two of either).
In each display center, a computer system decoded the received messages and lit
up appropriate green, yellow, or red lights corresponding to each sensor. The
green and yellow lights were mounted in a list of all sensors, but the red
lights were placed behind a translucent map, providing an at-a-glance view of
the receiving end of nuclear war.
In the '60s, testing of nuclear defense systems was not as theoretical as it is
today. While laboratory testing was performed to design the sensors, the
sensors and overall system were validated in 1963 by the Small Boy shot of
Operation Dominic II. A small nuclear weapon was detonated at the Nevada Test
Site with a set of three BAS sensors mounted around it, adjusted for greater
than usual sensitivity due to the unusually small yield of the test weapon.
They were connected via Las Vegas to the operational BAS network, and as
expected detonation alarms were promptly displayed at the Pentagon and Ent and
Offutt Air Force Bases of the Strategic Air Command, which at the time would be
responsible for a reprisal.
I have unfortunately not been able to find detailed geographical information on
the system. The three Master Control Stations for the Western United States
were located at Helena, SLC, and Tulsa, per the nuclear test report. A map in a
Western Union report on the system that is captioned "Theoretical system
layout" but seems to be accurate shows detector coverage for Albuquerque,
Wyoming, and Montana in the Western region. These would presumably correspond
to Sandia Labs and Manzano Base and the Minuteman missile fields going into
service in the rural north around the same time as BAS.
The same map suggests Eastern master control stations at perhaps Lancaster,
Charlottesville, and perhaps Greensboro, although these are harder to place.
Additional known target areas monitored, based on several reports on the
 This system, called USNDS as a whole, has a compact space segment that
flies second-class with other military space systems to save money. The main
satellites hosting USNDS are GPS and the Defense Support Platform or DSP, a
sort of general-purpose heat sensing system that can detect various other
types of weapons as well.
I haven't written for a bit, in part because I am currently on vacation in
Mexico. Well, here's a short piece about some interesting behavior I've noticed
I use a cellular carrier with very good international roaming support, so for
the most part I just drive into Mexico and my phone continues to work as if
nothing has changed. I do get a notification shortly after crossing the border
warning that data might not work for a few minutes; I believe (but am not
certain) that this is because Google Fi uses eUICC.
eUICC, or Embedded Universal Integrated Circuit Card, essentially refers to a
special SIM card that can be field reprogrammed for different carrier
configurations. eUICC is attractive for embedded applications since it allows
for devices to be "personalized" to different cellular carriers without
physical changes, but it's also useful for typical smartphone applications
where it allows the SIM to be "swapped out" as a purely software process.
Note well, although the "embedded" seems to suggest it eUICC is not the same as
an "embedded SIM" (e.g. one soldered to the board). eUICC is instead a set of
capabilities of the SIM card and can be implemented either in an embedded SIM
or in a traditional SIM card. Several vendors, particularly in the IoT area,
offer eUICC capable SIMs in the traditional full/mini/micro SIM form factors
to allow an IoT operator to move devices between cellular networks and
Anyway, my suspicion is that Google Fi cuts down on their international service
costs by actually re-provisioning devices to connect to a local carrier in the
country where they are operating. I can't find any information supporting this
theory though, other than clarification that Fi does use embedded (eSIM) eUICC
capability in Pixel devices. Of course the eUICC capabilities can be delivered
in traditional SIM form factor as well, so carrier switching by this mechanism
would not be limited to devices with eSIM. The history of Google Fi as
requiring a custom kernel supports the theory that they rely on eUICC
capabilities, since until relatively recently eUICC was poorly standardized and
Android would likely not normally ship with device drivers capable of
In any case, that wasn't even what I meant to talk about. I was going to say
a bit about cellular voice-over-IP capabilities including VoWiFi and VoLTE,
and the slightly odd way that they can behave in the situation where you are
using a phone in a country other than the one in which it's provisioned. To
get there, we should first cover a bit about how VoIP or "over-the-top
telephony" interacts with modern cellular devices.
Historically, high-speed data modes did not always combine gracefully with
cellular voice connections. Many older cellular air interface standards only
supported being "in a call" or a "data bearer channel," with the result that a
device could not participate in a voice call and a data connection at the same
time. This makes sense when you consider that the data standards were developed
with a goal of simple backwards-compatibility with existing cellular
infrastructure. The result was that basic cellular capabilities like voice
calls and management traffic (SMS, etc) were achieved by the cellular baseband
essentially regressing to an earlier version of the protocol, disabling
high-speed data protocols such as the high-speed-in-name-only HSPDA. Most
early LTE devices carried on this basic architecture, and so when you dialed a
call on many circa 2010s smartphones the baseband basically went back in time
to the 3G days and behaved as a basic GSM device. No LTE data could be
exchanged in the mean time, and some users noticed that they could not, for
example, load a web page while on a phone call.
This is a good time to insert a disclaimer: I am not an expert on cellular
technologies. I have done a fair amount of reading about them, but the full
architecture of modern cellular networks, then combined with all of the legacy
technologies still in use, is bafflingly complicated. I can virtually guarantee
that I will get at least one thing embarrassingly wrong in the length of this
post, especially since some of this is basically speculative. If you know
better I would appreciate if you emailed me, and I will make an edit to avoid
spreading rumors. There are a surprising number of untrue rumors about these
This issue of not being able to use data while in a phone call became
increasingly irritating as more people started using Bluetooth headsets of
speakerphone and expected to be able to do things like make a restaurant
reservation while on a call with a friend. It clearly needed some kind of
resolution. Further, the many layers of legacy in the cellular network made
things a lot more complicated for carriers than they seemed like they ought
to be. Along with other trends like thinner base stations, carriers saw an
obvious way out... one shared with basically the entirety of the telecom
If you are not familiar, over-the-top or OTT delivery is an architecture mostly
discussed in fixed telecoms (e.g. cable and wireline telephone) but also more
generally useful as a way of understanding telecom technologies. The basic
idea of OTT is IP convergence at the last mile. If you make every feature of
your telecom product run on top of IP, you simplify your whole outside plant to
broadband IP transport. The technology for IP is very mature, and there's a
wide spectrum of vendors and protocols available. In general, IP is less
expensive and more flexible than most other telecom transports. An ISP is a good
thing to be, and if cellular carriers can get phones to operate on IP alone,
they are essentially just ISPs with some supported applications.
Modern LTE networks are steering towards exactly this: an all-IP air segment
with a variety of services, including the traditional core of voice calls,
delivered over IP. The system for achieving this is broadly called the IP
Multimedia Subsystem or IMS. It is one of an alarming number of blocks in a
typical high-level diagram of the LTE architecture, and it does a lot of work.
Fundamentally, IMS is a layer of the LTE network that allows LTE devices to
connect to media services (mostly voice although video, for example, is also
possible) using traditional internet methods.
Under the hood this is not very interesting, because IMS tries to use standard
internet protocols to the greatest extent possible. Voice calls, for example,
are set up using SIP, just as in most VoIP environments. Some infrastructure is
required to get SIP to interact nicely with the traditional phone system, and
this is facilitated using SIP proxies, DNS records, etc so that both IMS
terminals (phones) and cellular phone switches can locate the "edges" of the
IMS segment... or in other words the endpoints that they need to connect to in
order to establish a call. While there are a lot of details, the most important
part of this bookkeeping is the Home Subscriber Server or HSS.
The HSS is responsible for tracking the association between end subscribers and
IMS endpoints. This works like a SIP version of the broader cellular network:
your phone establishes a SIP registration with a SIP proxy, which communicates
with the HSS to register your phone (state that it is able to set up a voice
connection to your phone) and obtain a copy of your subscriber information for
use in call processing decisions.
This all makes quite a bit of sense and is probably the arrangement that you
would come up with if asked to design an over-the-top cellular voice system.
Where things get a bit odd is, well, the same place things always get odd: the
edge cases. One of these is when phones travel internationally.
An interesting situation I discovered: when returning to our rented apartment,
I sometimes need to call my husband to let me in the front gate. If my phone
has connected to the apartment WiFi network by this point, the call goes
through normally, but with an odd ringing pattern: the typical "warble"
ringback plays only briefly, before being replaced by a fixed sine tone. If, on
the other hand, my phone has not connected to the WiFi (or the WiFi is not
working, the internet here is rather unreliable), the call fails with an error
message that I have misdialed ("El número marcado no es correcto," an unusually
curt intercept recording from Telcel).
Instead, calls via LTE must be dialed as if international: that is, dialed
00-1-NXX-XXX-XXXX. This works fine, and with normal ringback to boot.
So what's going on here?
This answer is partially speculative, but I think the general contours are
correct. First, Google Fi appears to use Telcel as their Mexican carrier
partner. I would suspect this works similarly to Fi's network switching to
Sprint and US Cellular, with a "ghost number" being temporarily assigned (at
least historically, all Google Fi numbers are "homed" with T-Mobile). When not
connected to WiFi, the phone is either using "traditional" GSM voice or is
connecting to Telcel IMS services located using LTE management facilities. As a
result, my phone is, for all intents and purposes, a Mexican cellphone. Calls
to US numbers must be dialed as international because they are international.
However, when connected to WiFi, the phone likely connects to a Google-operated
IMS segment which handles the phone normally, as if it were in the US. Calls to
US numbers are domestic again.
It's sort of surprising that the user experience here is so awkward. This is
pretty confusing behavior, especially to those unfamiliar with WiFi calling.
It's not so surprising though when you consider the generally poor quality of
Android's handling of international travel. Currently many text messages and
calls I receive are failing to match up with contacts, apparently because the
calling number is coming across with an '00' international dialing prefix and
so not matching the saved phone number. Of course, if the call arrives via
WiFi or the message by RCS, it works correctly. One would think that Android
core applications would correctly handle the scenario of having to remove the
international dialing prefix, but admittedly it would probably be difficult
to come up with an algorithmic rule for this that would work globally.
Another interesting observation, also with some preamble: I believe I have
mentioned before that Mexico has a complex relationship with NANP, the unified
numbering scheme for North American countries that makes up the "+1" country
code. While Mexico originally intended to participate in NANP, a series of
events related to the generally complex history of the Mexican telecom industry
prevented that materializing and Mexico was instead assigned country code +52.
The result is that Mexico is "NANP-ish" but uses a distinct numbering scheme,
and the NANP area codes originally assigned to Mexico have since mostly been
recycled as overlays in the US.
A full history of telephone number planning in Mexico could occupy an entire
post (perhaps I'll write it next time I'm here). It includes some distinct
oddities. Most notably, area codes can be either 2 or 3 digits, with 2 digit
area codes being used for major cities. While Mexico had formerly used type of
service prefixes (specific dialing prefixes for mobile phones), these were
retired fairly recently and are no longer required or even permitted.
In principal, telephone numbers for 2-digit area codes can be written
XX-XXXX-XXXX, while three-digit area codes can be written XXX-XXX-XXXX. Note
the lack of Ns to specify digits constrained to 2-9 as in NANP. This is not
entirely intentional, I just don't know if this restriction exists in Mexico
today. Putting together the current Mexican dialing plan from original sources
is a bit tricky as IFT has published changes rather than compiled versions of
the numbering plan. My Spanish is pretty bad so reading all of these is going
to take a while, and it's getting to be pretty late... I'll take this on later,
so you can look forward to a future post where I answer the big questions.
An extremely common convention in Mexico is to write phone numbers as
XX-XX-XX-XX-XX. I'm not really sure where this came from as I don't see e.g.
IFT using it in their documents, but I see it everywhere from handwritten signs
to the customer service number on a Coca-Cola can. Further complicating things,
I have seen the less obvious XXX-XXXX-XXX in use, particularly for toll free
numbers. This seems like perhaps the result of a misunderstanding of the digit
grouping convention for 2 digit area codes.
It seems to be a general trend that countries with variable-length area codes
lack well agreed upon phone number formatting conventions. In the UK, for
example, there is also variability (albeit much less of it). This speaks to one
of the disadvantages of variable-length area codes: they make digit grouping
more difficult, as there's a logical desire to group around the "area code" but
it's not obvious what part of the number that is.
Anyway, there's some more telephone oddities for you. Something useful to think
about when you're trying to figure out why your calls won't connect.
Update: reader Gabriel writes in with some additional info on Mexican telephone
number conventions. Apparently in the era of manual exchanges, it was
conventional to write 4-digit telephone numbers as XX-XX. The "many groups of
two" format is sort of a habitual extension of this. They also note that in
common parlance Mexico City has a 1-digit area code '5' as all '5X' codes are
allocated to it.