>>> 2022-07-21 preventing loss dot jpeg

Long time no post, or at least it feels that way! I have returned from a long vacation in a strange foreign country where the money is made of plastic, and I am slowly recovering from the tactile disturbance this caused. As tends to happen I ended up thinking a lot about the small details of international interoperation, and the issue of currency is an interesting one. I think my next post will be a bit about the mechanics of the relatively seamless ability to spend US funds in Canada or Mexico today. But first, a post that I started before I left and didn't finish until now...

EAS

You know how sometimes when you leave the grocery store, an alarm goes off which is either completely ignored or immediately reset by staff? What's up with that? Well, I can only really offer a satisfying explanation of the how, as the why is a topic of some complexity.

The whole world of tag-detection-based anti-theft technology can be broadly referred to as Electronic Article Surveillance, or EAS. One of the tricky things about understanding EAS is that, much like with proximity key systems, several significantly different technologies are in use simultaneously. There are a lot of "urban truths" about EAS that are often correct insofar as they apply to one particular EAS technology, but often not even one of the more widely used ones. The different practical and security properties of EAS systems are interesting from an evolution of technology perspective, and the cutting edge of EAS gets into some interesting areas of RF engineering.

The general principle of EAS is fairly simple: article tags are affixed to, or placed in, products that might be stolen. At the exits of a retailer, a "portal" system is installed that detects the tags. When an item is sold to a customer, a cashier uses some mechanism to either remove or deactivate the tag so that the customer can exit without causing the portal to alarm. What's less simple is the number of different ways of achieving this.

EAS systems are commonly, but mostly incorrectly, referred to as RFID. In fact, the most commonly deployed EAS use a technology which is quite dissimilar to RFID and relies on magnetic, rather than electric, field coupling. This makes it all the more interesting that EAS started out on the path to RFID, before taking rather substantial detours into the world of magnetics.

Minasy

There seems to be some confusion in common sources about the nature of the first EAS, although it's agreed to have been invented by Arthur Minasy in the mid '60s. It's actually not at all difficult to find the original patent granted to Minasy in 1966, in between Minasy's many other forays (he was the type of "serial inventor" which is rarely seen today). The original Minasy design, commercialized by a company he founded called Knogo, is a simple passive circuit that receives RF energy via an antenna, rectifies it to DC, and uses that to power an oscillator that emits RF at a different frequency. This is, of course, substantially similar to the RFID concept and I find it likely that Minasy would be listed today as among the significant contributors to RFID were it not for the fact that this original technology was quickly abandoned by Knogo and is little known today. This is true to such an extent that articles about the history of EAS, if they go into any real detail on early systems, tend to describe the replacement of the Minasy system as Minasy's original invention.

There is a fundamental problem with both Minasy's early design and modern RFID in EAS applications: it requires electronic components, and electronic components are expensive. This was true in Minasy's day when individual transistors were a meaningful impact on the BOM cost, and it remains true today when EAS tags are made in tremendous volumes and fractions of a cent make a major difference.

The Minasy system, often called "RF tags" or "resonant tags," are still in use today. The relatively high cost of the tags tends to limit them to applications where they can be reused, mostly in the form of "hard tags" attached to clothing and removed on sale using a special tool. That said, it is possible to "deactivate" resonant tags. LC tags can be manufactured with an intentional susceptibility to failure when exposed to an excessively strong RF field, for example by using a capacitor which will overheat and allow the plates to short together. The tags can then be placed on a device which emits the same frequency as the detectors but at a much higher power level, resulting in intentional failure of the tag.

A more recent (but not very recent) innovation is thinner and cheaper RF tags operating at a higher frequency---typically 8.2MHz, while the original Minasy system had been tuned for 2MHz with very low precision. These 8.2MHz tags look like rectangular thin paper stickers, and when peeled up the metal foil antenna is visible underneath. They operate on the same principle as Minasy's system but are almost always deactivated by RF field rather than removed. Their thin size makes them well suited to printed materials, but they can also be applied to boxes and other packaging.

Magnetics

Far more common today than RF tags are a later development, the magnetic EAS tag. Magnetic tags exist in two major variants, the first having been developed by 3M in 1970. The 3M technology, commonly known by its 3M brand name "Tattle Tape," can more generically be called electromagnetic or EM EAS. EM tags rely on an interesting property of magnetic fields, or rather their interaction with magnetic materials.

Magnetic materials such as iron can be "magnetized" by exposing them to a magnetic field, causing an alignment of the magnetic dipoles of the material's molecules. During this process some of the energy of the field is consumed. Magnetic materials also have a "saturation value," which is a measure of their greatest potential to become magnetized, or the point at which no further improvement in the magnetization of the material can be achieved. For most magnetic materials, the saturation value is quite high. It is possible, though, to design materials that are magnetizable but have a very low saturation value. The most common in EAS applications is an alloy called "metglas," so called because it has a non-crystalline structure more similar to glass than metal.

When a quantity of metglas is placed in a magnetic field, it absorbs some of the energy of the field in order to become magnetized. It quickly reaches saturation and stops interacting with the field. This behavior is quite useful as it can be detected by magnetic means.

So, an EM EAS system relies on a portal with two antennas, typically placed on the two sides of the door (in multi-door situations it is common to have multiple towers which alternate receiving and transmitting). The transmitting antenna emits a magnetic field. The receiving antenna on the other side of the portal observes this field. When metglas is introduced into the field, it briefly absorbs energy and then stops when it reaches saturation. This can be observed as a brief dip in field strength at the receiving antenna. By rapidly alternating the field emitted by the transmitting antenna (essentially using it as an AC electromagnet), this effect can be checked for many times a second.

Even better, the nonlinear behavior of metglas in a magnetic field causes a number of effects in a rapidly alternating magnetic field including harmonic frequencies resulting from the repeated magnetization and demagnetization of the metglas. Modern EM EAS systems use complex DSP techniques to observe for multiple different effects caused by the low-saturation-value material, making them less susceptible to false positives. In fact, false positives in the detection of metglas are quite rare (although EAS are usually quite prone to false positives, they come from other causes which we will discuss later). Because materials with a very low saturation value are exceptionally rare in nature, the presence of rapid magnetic saturation behavior is a very strong indication of the presence of a tag.

Magnetic EAS technology becomes even more interesting when you consider the issue of deactivation. EM tags are typically manufactured with a strip of a normal ferromagnetic material placed alongside the metglas strip. If this material is magnetized, it keeps the metglas strip constantly saturated, preventing it interacting with external fields. Thus an EM tag "deactivator" simply emits a strong enough field to magnetize the ferromagnetic strip. Even better, an "activator" can emit a rapidly alternating magnetic field which will effectively "scramble" the magnetic orientations of the underlying magnetic elements in the magnetic strip, causing it to lose its magnetic field. The metglas strip will no longer be held in constant saturation and will be detected as usual.

This ability to activate and deactivate EM tags at will is unique to EM tags and is the cause of their ongoing popularity in libraries. Libraries install tattle tape permanently, usually adhering it to a middle page near the spine where it is difficult to notice. The circulation desk deactivates tags when books are checked out and activates them when books are checked in, usually using a device that just has an "activate/deactivate" switch to select between a fixed and alternating magnetic field.

If this neat property of EM tags seems a little too good to be true, well, it does have caveats. First, the ferromagnetic element in EM tags is of relatively low coercivity (e.g. magnetically "soft") to allow for easy activation and deactivation. That also makes it prone to being affected by various environmental magnetic fields, and as a direct result EM tags have a tendency to "self-activate" over time. If you have ever renewed a library book a few times and then set off the door portal when returning it, this is due to the ferromagnetic element simply losing its magnetization over weeks of exposure to electrical equipment and other ferromagnetic materials.

Second, the only aspect of EM tags that can be detected is the presence of an active one. There is no way to differentiate EM tags from each other. This can be a practical problem in circulation environments like libraries. In my city, the county library has ended use of EM tags in favor of an RFID system, but much of their inventory is still "tattle taped." The tags in these older books are now almost all active due to environmental demagnetization, and so it is more or less guaranteed that carrying a county library book into the university library will set off the portal system... on the way in and out. This kind of nuisance alarm behavior will very quickly cause staff to disregard the EAS system, and so the county library's upgrade to RFID has no doubt significantly reduced the effectiveness of the university library's system.

EM tags are most often seen in the form of "tattle tape," whether made by 3M or a competitor. These tags are long, narrow strips that are usually self-adhesive. They are thin enough to sit inconspicuously in the pages of a book, but large enough that they would be tricky to get onto the packaging of smaller products. You don't see them very often, mostly because in their most common application of library books they're placed either in the spine or on a page very close to it, where they're concealed.

EM tags cannot really be permanently deactivated without physical destruction, and they require relatively strong fields to detect. These two downsides lead to the development of a variation on magnetic EAS, called AM EAS. The label is a little confusing here as most would read "AM" and assume "amplitude modulation," but in this context it's actually an abbreviation for "acousto-magnetic." These tags rely not just on the interaction of a material with a magnetic field, but also on acoustic resonance of the material. That's pretty neat.

AM tags contain a thin strip of a material that demonstrates "magnetostriction," or a change in physical shape when exposed to a magnetic field. They are sized such that they are resonant when vibrated at a particular frequency, usually 58KHz. The AM portal system emits short bursts of a 58KHz field and then, after transmitting, uses a receiving antenna to observe for any continued 58KHz magnetic oscillation. An AM tag will continue to vibrate for a short time after the original field disappears, causing a detectable "trail" from the transmitted burst. Once again, modern portals repeat this process rapidly and use DSP methods to check for multiple indications of a real tag.

AM tags can be deactivated much like EM tags, but there are important differences. AM tags also contain a strip of a ferromagnetic material, but its function is different. The ferromagnetic strip is magnetized normally and serves as a "bias magnet." As a bias magnet, it is carefully tuned so that it offsets the magnetic anisotropy of the magnetostrictive strip---its tendency to only react to magnetic fields coming from one direction. Without this bias magnet, the AM tag cannot be reliably detected. To deactivate AM tags, the magnetic strip is demagnetized by exposing it to a strong and alternating field. AM tags are the opposite of EM tags when it comes to activation and deactivation, and so they have a bias towards deactivation. This bias is weak though: the proximity of the bias magnet to the magnetostrictive strip and the inconsistent placement of these tags makes it impractical to remagnetize or reactivate them, so they're designed for one time use only. This means that the ferromagnetic material used for the bias magnet can be of relatively high coercivity and is less affected by normal environmental fields.

I'll go into a little bit more depth on typical AM equipment, because AM is the most common EAS technology used in US retail. Virtually every retailer has at least AM portals, and you have certainly seen AM tags. AM tags are relatively thick but small compared to EM tags. They're usually in a plastic housing of perhaps 4cm long (as common as they are I couldn't find one around to measure) and a few mm thick. The largest manufacturer of AM tags is Sensormatic, and so they often have the old "hand in crosshairs" Sensormatic logo printed on them.

AM tags are ubiquitous in part because they are the accepted technology for source tagging. Source tagging is a common industry convention in which anti-theft tags are placed in products by the original manufacturer rather than the retailer. There are a few advantages to source tagging: not only does it save labor on the part of the retailer, the manufacturer can usually place the AM tag in a more discrete and difficult to tamper with location. For example, it's very common for power tools to come from the manufacturer with an AM tag inside of the tool, often adhered to the inside of the plastic molding for the handle. I recently encountered an item of clothing with an AM tag sewn into a label, although fortunately this practice isn't common... AM tags are quite rigid and not especially comfortable to wear.

Source tagging also allows for the use of EAS throughout the supply chain. Fulfillment and shipping warehouses, for example, can use AM portals to deter theft by employees, even before delivery to a retailer.

AM deactivators consist of a large coil antenna, which may be constantly active but on modern equipment usually runs in a low-power "detection mode" where it behaves similarly to a portal. The coil only runs at full power to demagnetize when it detects the presence of an AM tag. This saves a bit of money on electricity but more importantly makes the deactivator less likely to deactivate someone's credit card, which had been an occasional problem with AM deactivators despite the high coercivity of payment card magnetic strips. Some AM deactivators, probably those that have received some physical abuse, demonstrate magnetostriction of the coil itself in the form of an audible "ping" or "twang" each time the coil is powered [1].

AM portals are the most common type you see. Older AM portals (and EM portals as well) sometimes stayed unpowered until they were activated by a pressure-sensitive mat or deck between the antennas, and you might still see this in libraries in particular where continued use of EM gives little motivation to upgrade equipment, but most portals today are able to use electronic and DSP methods to detect the possible presence of tags with a very low power consumption. This sometimes takes the form of "search" and "interrogate" modes (these terms are often used in remote sensing due to its military origin and so I tend to use them), where the portal normally operates in a low power mode and the detection of any kind of magnetic interaction causes the portal to switch to a higher power mode to distinguish tags from ordinary metals.

Sensormatic is the largest manufacturer of AM portals as well as tags, so you will likely recognize the Sensormatic product lineup that varies from "big beige towers" to clear lexan sheets with coils embedded in them. Newer portal systems are relatively small, and Sensormatic even offers a "concealed" option that mounts against the door frame (not really very discretely at all) instead of requiring freestanding towers for the antennas. Of course it is limited to a fairly short range due to the small size of the antenna coils and so it doesn't seem to be that common. A more recent innovation is the installation of surveillance cameras either on the antennas or at the door frame. Sensormatic controllers can trigger video surveillance systems [2] or retrieve images from a video surveillance system, either way offering correlation of detection events with video of the person walking through.

While AM portals are mostly effective and extremely common, they do have distinct downsides. They share with the EM the property that AM tags cannot be differentiated. A common downside emerges with source-tagged items: if you purchase a source-tagged item at a retailer that does not have an AM portal, they will likely not deactivate the tag on sale. It will then set off the portals at other retailers. This is an extremely common cause of false-positive alarms. The portal also cannot indicate how many items or what types of item were detected, which makes it difficult to investigate an alarm.

As a partial mitigation, vendors including Sensormatic now offer handheld "wand" AM tag detectors with a short range. These can be used much like a wand metal detector to identify the item, or at least location on the body, that triggered the alarm. WalMarts are usually equipped with one of these in a wall-mount charging cradle near the door, but I have never actually seen one used, which foreshadows a later point I'll discuss.

Another downside is the size of AM tags. They're not exactly large, but they are thick... too thick to be easily integrated into some types of packaging. Their larger size also makes them easier to locate and remove, if they're not hidden somewhere by source tagging. Retailers that apply AM tags to items will sometimes apply a larger sticker with anti-removal features (scoring so that it will not peel away in one place) to frustrate shoplifters that simply peel off the tag, but of course this isn't entirely effective.

RFID

As I mentioned, genuine RFID has been applied to retail EAS. It remains relatively uncommon because, despite advances in low-cost manufacturing of small electronics, active RFID tags remain considerably more expensive than AM tags.

Perhaps the greatest champion of RFID EAS is WalMart, which has invested considerably in both the installation of RFID equipment (manufactured by Sensormatic) and the standardization and promulgation of RFID Electronic Product Code or EPC tags. Much like UPC (Universal Product Code) or the closely related EAN (European Article Number), EPC is an effort to assign a unique numeric ID to every product in a retail environment... but EPCs tend to be more specific than UPC, to the SKU (stockkeeping unit) level rather than price level. This means that products that are offered in multiple variations (e.g. flavors) at the same price may share the same UPC, but will have distinct EPCs.

One of the driving motivators behind this technology is its advantages for inventory management. In order to effectively track shrink (theft, spoilage, loss, damage, etc) and other "dispositions" of purchased inventory other than sale, retailers need to actually count the inventory on the floor. This is also a required step in financial auditing, insurance underwriting, and various other business processes. Basically, large stores need to actually send people out to count everything.

In practice retailers rarely handle this in house, particularly because the auditing use of this information makes it valuable to have it collected by an independent third party. For example, the use of an inventory contractor makes it more difficult for an insider (employee) who is stealing products to cover for the loss by inflating inventory counts. The largest such contractor in the US is a company called RGIS, which regularly sends an army of temp workers equipped with handheld barcode scanners into each of America's stores in order to scan every individual item on the shelves.

Sidebar which is Critical of Capitalism, You Have Been Warned

Actually the history of retail inventory is itself rather interesting as RGIS has historically been a pioneer in the design of highly usable wearable computers, and in the era before the universal use of UPC/EAN labels the incredible speed at which experienced RGIS employees could operate a belt-worn ten-key was something of a legend. Of course in one way, the invention of the barcode was a labor-saving device that ought to accelerate the inventory process greatly.

However, as potently observed by Brian Justie in The Nonmachinables (Logic Magazine), many "automation technologies" are better viewed as "labor technologies" in that their primary purpose is not actually to speed up a process but to reduce the level of operator skill required, thus making the labor more readily replaceable. This phenomenon is rather clear in the case of RGIS, where more than speeding anything up the transition to barcodes facilitated RGIS's transition to nearly complete use of short-term temp agency employees.

Since RGIS workers no longer needed to learn the skill of rapid and accurate manual entry, they no longer needed to be paid at a level that motivated them to stick around. Anecdotally, it seems that the modern barcode-based RGIS system is quite possibly slower than the earlier belt-pack ten-key, but the operator only needs the barest of training and therefore only the barest of pay or benefits. This is one of numerous cases in which advancing technology has reduced costs as promised, but by facilitating lower wages, rather than by actual improvements in efficiency.

End of leftist discourse

The EPC scheme promises to significantly accelerate the inventory process by allowing "drive-by" inventory with a good sized antenna. It also offers a significant enhancement in EAS: an EPC-based EAS system can determine exactly which items are detected and report the list of items to the operator. Even better, EPC can include a unique serial number for each item. This way, "deactivation" of the tag can be performed in an "online" manner by marking that individual item as sold. This promises significantly more accurate EAS, easier investigations of alarms, and better overall inventory control and market research insight via end-to-end lifecycle tracking of individual products.

It is also, according to a surprisingly large segment of the American population, a sure sign of the coming apocalypse. I'm sort of kidding about this but only sort of. A meaningful vein of opposition to RFID technology in public discourse has been its potential resemblance to certain aspects of the Book of Revelations. To discuss this fascinating and surprisingly important artifact of American culture would be its whole own article, but I will note the comedy of "Not Today Satan Cross Christian Religious Credit Card RFID Blocker Holder Protector Wallet Purse Sleeves Set of 4" listed on WalMart.com coming up in the same search results as "ALERT, RFID CHIP READER IS AT WALMART THE MARK OF THE BEAST IS HERE IN VIRGINIA."

A much larger problem with RFID than its satanic origins remains the cost of tags, which has lead to a lot of hesitation on the part of manufacturers and distributors to participate in RFID source-tagging schemes. WalMart is of course a large enough part of the US economy that it has a powerful ability to push its suppliers around, and WalMart just recently announced that it will mandate source-tagging with EPC for a large portion of their products. This needs to be done at the expense of the supplier, of course, although WalMart notably continues to exclude groceries from the requirement. The required categories for EPC tagging are basically all higher-value and higher-theft products, showing the practical impact of the tag cost. This same trend is seen throughout the world of EAS: the cheaper and less attractive to thieves an item is, the less likely it will have any sort of tag. The more expensive or theft-prone an item, the more likely it is to feature AM and then RFID tagging.

Although the expansion of EPC tagging at WalMart is recent, the system itself is not, and WalMart has used EPC tags on product cases and some apparel items since 2003. So have other retailers, although usually not on as large of a scale. The technology lead to enough debate around privacy (and rapture) implications that WalMart attempted to placate public concern through "transparency" by putting an "EPC In Use" decal on entry doors somewhere between the other ten regulatory decals. Of course this has never achieved any type of benefit, but I do like the design of the sticker.

Another stronghold for RFID EAS technology is the library industry. The same requirements that kept libraries on EM make RFID attractive, and so most libraries are transitioning from EM to RFID (or already have in the case of most larger libraries). Besides allowing for very accurate online tracking of checked-in/checked-out status of books, it speeds up the circulation desk (or self-service kiosk) by allowing a whole stack of books to be scanned at once. Since library books are fairly expensive and have fairly long service lives, the cost of the tags is not so much of a deterrent to libraries, and RFID tags are readily available in a thin sticker format the goes just fine inside the cover of a book.

Most RFID EAS tags are thin stickers made of either paper or plastic. They're often square or fairly close to square. Usually either peeling one up and looking underneath or shining a light through an RFID tag will reveal a spiral or otherwise packed antenna, similar to PCB traces but more often just a metal foil on a paper or plastic backing. Some RFID tags have a serial number or barcode printed on them, but many are just blank. In the case of EPCs on apparel, it's common for the RFID tag to be adhered into the middle of a two-layer paper hangtag. Libraries usually put them inside of the front or back cover, and retail products often have them placed somewhere near the UPC/EAN barcode since this gives the cashier a good idea of which side of a large box to put against the reader.

RFID EAS portals are mostly not distinguishable from AM portals, since RFID support is usually just an add-on feature to an AM system (by adding extra antenna coils in the same tower enclosure). RFID EAS systems are a lot more likely to have some sort of operator interface like a display and keypad on the wall, rather than a simple alarm, since they're able to show a list of items detected.

Unexpected part break...

This has already become quite long and I have quite a bit more to add... as sometimes happens to me, everything I've said so far is really just background to what I really wanted to discuss. Let's break this up a bit by calling this part 1, and soon I will post part 2... which will cover both cutting-edge retail loss prevention technology and the reason why both existing and brand-new systems are increasingly ineffective. There will be more criticism of capitalism, but also more weird technology!

[1] Iron is slightly magnetostrictive and this effect is the source of a lot of cases where you can "hear electricity." The 60Hz hum of large power transformers, for example, is primarily the result of the transformer windings vibrating due to magnetostriction.

[2] Support for external triggers is a longstanding feature in video surveillance systems, allowing video to be recorded on demand or just tagged with the time of events. In older systems this takes the form of a relay on the EAS system that energizes a digital input on either the video recorder or a camera (digital surveillance cameras usually include one or two digital input/output pins and a protocol to inform the recorder when their state changes). In newer systems it is more likely to be all IP.

>>> 2022-06-22 thermostats

Let's discuss the humble thermostat. You probably have one in your house, and it probably connects to a set of wires. If you've ever replaced your thermostat, you've probably found those wires a little irritating due to the lack of well standardized nomenclature for identifying them. This is particularly clear in the new generation of smart thermostats which attempt to be "consumer-friendly" to install, and thus must have sort of complex install wizards (InstallShield (R) for Thermostats) just to generate your hookup instructions. So what's up with that?

Well, let's take a step back.

Your house is full of a bunch of 120VAC wiring. Well, that's assuming you live in the United States, and to be fair US residential wiring is typically 240v split phase, so you have both 240v and 120v wiring, depending on how you count. The idea of this split phase thing, if you're not familiar, is that the utility delivers to your house 240VRMS AC with a neutral wire that is at a potential halfway between the other two pairs. We could label this -120V, 0V, and +120V, which while "0V" is always arbitrary makes some sense since neutral is bonded to ground. These are all of course VRMS, which in this context is Volts Root Mean Square, not Virtual Richard M. Stallman (which is a piece of software that chastises you for being complicit in your own subjugation). Since AC implies a voltage that changes constantly, there are a few ways to measure, and VRMS is conventional. 120VRMS is about 170V peak to zero, or 340V peak to peak. We call it 120V because, well, that 170V only exists briefly at the two peaks of the waveform. 120V is a more useful number for actual power calculations, although AC power calculations can always become a bit complicated because the phase relationship of potential and current can vary (this is called power factor). This is all basically an irrelevant tangent, the point I want to make is that we all understand that residential electrical wiring is 120VAC or 240VAC depending on how you look at it [1]. But after all that, what if I told you that it is also conventional for residential electrical systems to have a low-voltage AC supply?

Well, it's true, but in sort of a limited sense and with a lot of variations. Almost all homes have at least one small transformer mounted on the side of a junction box in a basement or closet that produces 12-24VAC. There are two standard residential applications of low-voltage AC: the first is the doorbell, which typically uses 16VAC although 12VAC and 24VAC doorbells also exist. The second is the HVAC control circuit, which is nearly always 24VAC. Most of the time these have two separate transformers but you can use one for both purposes, although I'm not sure that it's wise or code compliant.

The reason for the low-voltage supply is that, in most cases, the thermostat switches low-voltage, current-limited (by the transformer) circuits that energize relays in the actual furnace/AC/etc. This allows thermostat wiring to be significantly smaller, and thus cheaper and easier to install. Code requirements for thermostat wiring are particularly lenient due to current limiting in the transformer, so they're commonly only 18 AWG. 18 AWG is small enough that the NEC ampacity tables don't even go that small; it's just not permissible for non-current-limited circuits. The size savings are particularly important since thermostats are most often hooked up using a five-wire cable.

The wires connected to a thermostat are conventionally identified by letters (but usage of these letters is not entirely consistent) that primarily refer to the conventional colors of the wires (while obviously a terrible practice, I have encountered thermostats where the colors were not used according to convention). In other words, if you are wondering what the "R" wire is, it's the Red wire. That's what R means. Similarly G for Green, Y for Yellow, and C for Blue (not to be confused with B for Blue). That's a joke, C is for Common, but the wire is conventionally blue, but a lighter blue than the B wire. Sometimes it's not blue. C is probably the one that varies the most.

Conventional (four|five)-wire systems

What do all these wires do? Well, the R or Red wire is the 24VAC power supply. Less commonly, there can be separate R wires for heating and cooling, usually labeled RH and RC. This usually happens when the heating and cooling equipment are in different locations and installed at different times, so they each have their own transformer without a connection between them. This actually comes up a lot in New Mexico because of people replacing swamp coolers with refrigerated air, which is often easier to do by putting a package unit (condenser and evaporator in one unit) on the roof on the original swamp cooler plenum. In this case the entire cooling system, from compressor to indoor air blower, is all on the roof and usually has its own thermostat wiring run [2].

The basic concept of the thermostat is that it takes the 24VAC supply and connects it to other wires, which go the coils of relays in the heating or cooling equipment to actually turn things on and off. The most common of these wires are W (White) which activates the heat, Y (Yellow) which activates the cooling, and G (Green) which activates the fan. A typical simple thermostat installation only provides these four wires: R, W, G, and Y. G is provided as a separate wire for the fan to enable the fan auto/on switch that most thermostats have.

But there's sort of a problem with this standard setup: 24VAC is available, but it cannot be used as a general purpose power supply! The reason is that there's no neutral wire to connect the 24VAC to that doesn't cause something in the HVAC equipment to turn on. This is why many digital thermostats are battery powered. Historically, the thermostat wiring was strictly a control circuit and could not be used as a power supply.

Modern smart thermostats, though, involve typical computing industry horrors like running a complete Linux environment, and therefore cannot run off of AAs with any reasonable lifespan [3]. They require a constant external power supply. This means they need a common, or C wire, which functions as a general purpose neutral. The C wire is a relatively new innovation in thermostat wiring and so a lot of homes don't have one, and on those that do the color can vary. Both blue and black are fairly typical. The C wire is only used if you have a thermostat that expects an external power supply; mechanical thermostats and older digital thermostats typically did not. Many newer digital thermostats can function off of either a C wire or batteries, but the combination of both is ideal since it avoids regular battery changing but also allows the thermostat to keep its clock during a power outage.

So now we have five wires, which as I said is the most common in a modern residential installation: R and C (24VAC and common), G (fan), and W and Y (heat and cooling).

There are more.

Some houses have more interesting HVAC equipment that involves extra wires to control extra features, or that for historic reasons just uses a little different control scheme.

Two-stage systems

Some homes are equipped with two-stage heat, two-stage cooling, or potentially both. Two-stage cooling seems more common but that might just be because I live in a climate that rarely stays below freezing all day, but does require all-day cooling more often than I'd like to admit. In most cases thermostats exercise only "bang-bang" control, a term that means that all they can do is turn a fixed heat or cooling output on or off. But in a two-stage system, there is a "low" setting and a "high" setting. In AC this is often implemented by having two compressors.

For two-stage systems, there will be two wires, one for each stage. These are usually called W1 and W2 for heat, and Y1 and Y2 for cooling. W2 is usually, but not always, brown, and Y2 is usually, but not always, light blue.

Heat Pumps

Heat pumps usually add one difference and potentially a second. First, heat pumps typically have some outdoor temperature at which they are no longer more efficient than resistive heating (or in other words they become 100% or less efficient, when heat pumps are typically more than 100% efficient. For newer heat pumps this temperature is usually low enough to be pretty uncommon, but older heat pumps in colder climates may get into this situation regularly.

Heat pumps are almost always installed with resistive electric heating for this situation. Switching to resistive heating in excessively cold weather basically makes 100% the minimum efficiency. Older heat pumps usually called this feature "emergency heat," but "emergency" sounds sort of dramatic and may have been a factor in people avoiding heat pumps ("do heat pumps run into a lot of emergencies?"). As a result, newer heat pumps and thermostats tend to call this "auxiliary heat." Either term works but auxiliary is probably better since it clarifies that the resistive heating is not just for situations where the heat pump has failed (although it is a cool bonus that heat pumps usually provide redundant heating, unlike gas or conventional electric heaters).

As you'd imagine, there's a wire for that. It's labeled "X" or maybe "Aux.", and it can be basically any color. There's no agreed upon norm.

I'm actually oversimplifying somewhat as "emergency heat" and "auxiliary heat" are technically different things, but it is still largely true that auxiliary heat has replaced emergency heat. What happened is that older heat pumps usually only used the resistive heat if the user turned on a switch on the thermostat, usually in response to loss of heat---an apparent emergency. Newer heat pumps usually turn on the resistive heat automatically, either when the outdoor temperature is too cold or when the thermostat is trying to close a large temperature difference quickly in which case the auxiliary heat just provides a boost. This is sort of a two-stage heat system. These newer systems still usually have an "emergency heat" switch on the thermostat which just forces it to use the auxiliary heat only, should the heat pump have failed.

As an additional complication, some heat pumps use a fundamentally different control scheme. I have never personally seen one of these, but I have read that some brands still work this way. To understand it we need to consider how a heat pump actually works: fundamentally, a heat pump does the same thing to heat and cool, but the direction of the loop is changed. This is accomplished by a "reversing valve." While many heat pumps have a heat and cool input (W and Y) and set the reversing valve and run the compressor based on those two inputs, some heat pumps use the W wire to run the compressor and then have an additional wire which sets the reversing valve as a separate function. The reversing valve wire may be powered for cooling (called B), or powered for heating (called O) depending on the manufacturer. Trane heat pumps seem to use a particularly eccentric scheme where B and O are both present but B energized is the same as the un-powered state, B is used a a common wire (it doesn't do anything, just like C on most thermostats) except when O is energized.

These wires are usually blue and orange, and called B and O as a result. The functional equivalency of these wires in certain combinations with W and Y wires results in a lot of thermostats having terminals that are labeled for both functions, which leads to further confusion.

Line Voltage

Everything I have said so far relates to conventional control voltage thermostats, which are most common because of their low install cost and universal support in forced-air furnaces. But line-voltage thermostats, which directly switch power to the device, also exist. Line-voltage thermostats are very common in my region on swamp coolers, which have relatively low current consumption and are traditionally controlled manually by a rotary switch or set of light switches. Most swamp cooler upgrades to thermostatic control are just done by putting a line-voltage thermostat in place of the old manual switches. These thermostats are somewhat specialized since there are operational factors specific to swamp coolers, for example the desire to pre-wet the media before starting the blower and the popularity of two-speed blower motors.

Line-voltage thermostats are also common with radiant electric heating systems like baseboard heaters and underfloor heating, where they're installed very near the heater more or less in line with the electrical wiring already going to it. They're also common for hydronic (water) heating systems, but this is a bit of an odd case as hydronic thermostats are still usually just actuating a control circuit... it's just that typical hydronic zone valves operate at line voltage, not low voltage, and actually have a fairly substantial current draw.

Wireless

Of course all of this nonsense with wires can be a huge pain, especially on a retrofit installation of central heat or when relocating a thermostat for better performance. To ease these kinds of situations and create a fun new set of failure modes, there are plenty of options for wireless thermostats that communicate with a box that "emulates" a traditional thermostat. The receiver/controller can then be connected directly to the HVAC equipment and the thermostat can go wherever you want. I had one of these once and the thermostat required 8 AA batteries that died constantly. There have probably been advancements in recent years.

Commercial thermostats

This simple scheme of the thermostat energizing relay coils is not very practical in commercial buildings. In fact, it's not that practical in residential buildings today either, and in modern heaters and air conditioners the thermostat wires are not necessarily connected to relays but instead may just be logical inputs to a control board. Still, the necessity of five or more pair wiring to each thermostat is a cost issue in commercial buildings where it is typical to have one thermostat in each room.

On top of that, commercial buildings tend to have a more complicated system design in which variable air volume (VAV) equipment is used, which means that thermostats control the amount of air delivered to a room instead of whether or not heating or cooling is active.

Historically, variable air volume commercial HVAC systems were often pneumatic. Rather than pressure based, they were vacuum based. Somewhere centrally in the building, a vacuum pump pulled a decent volume of air through a system of tubes running throughout the building. Vacuum lines were run to variable air volume dampers (VAVs) and then to thermostats. In response to out of range temperatures, thermostats would close or open the tube to the room air. In response to the change in vacuum pressure on the line (which would increase, or rather go more negative, when the thermostat closed its valve) a pneumatic servo actuator in the VAV would adjust the damper. If you've heard a thermostat making a constant faint whooshing noise, that's why... it's a pneumatic thermostat admitting air into the vacuum line.

Of course this pneumatic scheme had its downsides, and as technology advanced it became more attractive to use an electronic scheme. I am not very knowledgeable in this area, having had only very limited interactions with commercial HVAC equipment that mostly mounted to some collegiate security research on manipulating the temperature of unpopular faculty member's offices. Most modern commercial HVAC systems do seem to have consolidated on BACnet, which is a general purpose communications protocol for building automation equipment that originated in the HVAC industry (with a trade group called ASHRAE).

BACnet is a fairly simple protocol (intended for easy implementation on embedded devices) which has a lot in common with other protocols for similar use cases. It's primarily what I call a "high level remote memory access" protocol, meaning that it fundamentally consists of commands to read and write addresses (called "properties" in BACnet, unlike say modbus which more clearly shows its RDMA basis by calling them registers). BACnet enhances this model a bit by adding a simple discovery scheme that makes setup of BACnet networks easier. BACnet also specifies a set of standardized properties or addresses that facilitate compatibility between vendors.

BACnet is agnostic to the physical layer, which can be Ethernet but is often RS-485 or proprietary protocol LonWorks. An interesting property of BACnet is that it seems to be fairly common for access to the BACnet physical medium to be fairly easy to obtain, for installer convenience. In other words, a lot of commercial thermostats just have a Euroblock-type connector on the bottom that can be used to connect to the BACnet bus. You can imagine the potential.

[1] Unless you're on three phase delta power, which is a weird thing that is common in apartment complexes. Then you have 120V and 208V for reasons that require trigonometry.

[2] I live in a house with what I would call the New Mexico Transitional configuration, meaning that I have a normal AC evaporator mounted on my central furnace, but the condenser is nonetheless sitting on a platform on the roof on top of the old swamp cooler plenum. I think when there's already a roof frame for the swamp cooler this is just easier than putting the condenser on the ground, especially since the refrigerant lines can be run straight down through the old plenum or heater combustion air duct. It has the downside that the central furnace and AC continue to use the old swamp cooler plenum which is poorly sealed where the swamp cooler was removed and loses a lot of conditioned air into the attic. Nothing that eighteen cans of Great Stuff can't fix.

[3] This is not strictly a limitation of smart thermostats, I've used an Emerson Sensi thermostat which is WiFi-connected but still manages a reasonable life off of battery power. Of course it has a basic LCD display and physical buttons, not the full color touchscreen that everyone demands these days.

>>> 2022-06-10 analog phones

The greatest trend in telephone technology for the last decade or so has been the shift to all-IP. While this change is occurring inside telco networks as well (albeit more slowly), it's most visible in the form of IP-based end-user communications devices. In other words, the ubiquitous office IP phone.

Office IP phones have gone through various forms as vendors have come and gone, but I still tend to picture the Cisco 7900 series as the prototypical example. Some of this association probably comes from the 7960's starring role in the television series 24, where the fictional law enforcement and/or intelligence agency and/or paramilitary CTU is absolutely lousy with them and their distinctive ring tone. This is no coincidence, Cisco apparently had a generous promotional consideration deal with the 24 production team that ensured a number of Cisco office telecom products were clearly visible... and audible. I'm not sure how many people can place it, but I think a large portion of people around my age recognize the ringtone.

A Tangent About a Ringtone

One wonders, of course, where the sound known to many as the 24 ringtone actually came from. I wrote several paragraphs about the history of these ring sounds as I understood it before I did some careful listening and realized I was entirely wrong. Here's the issue: I thought, and from googling some other people seem to think as well, that the "24 ringtone" was a stock ringtone on Cisco 7900 series phones, and that it was a direct copy of a ringtone long present on AT&T/Lucent/Avaya office phones that dates back to the AT&T Merlin.

The Merlin, a historically notable office key system for several reasons, was also AT&T's first serious foray into digital, function-generator-based ringtones. Merlin phones contain a simple sine-wave-only variable frequency oscillator (VFO) to produce various beeps and blorps like keypress confirmation. To produce a pleasing ringing sound, the phone drives this VFO based on a simple "program" that consists of frequencies (in hertz) and time periods (in milliseconds). This system works well enough that it still sees use in telephone today, although the VFO is now software. Such "programs" are often written in a compact text format, and most IP phones today still use this basic approach for things like dial tone, ringback, etc... but for ringing proper, they usually expect a "proper" audio file. Not so with the Merlin, which didn't yet have the hardware to actually play audio samples. Lists of frequencies and durations were all you got.

Someone at AT&T presumably spent a long time messing around with these simple programs and it was worth it. The original eight Merlin ringtones remain, in my opinion, some of the finest phone ring sounds ever devised, and are still offered by many IP phones today. Western Electric, which manufactured the Merlin, became AT&T Technologies, which became Lucent, which became Avaya. These companies have largely honored AT&T's legacy in this era and Avaya IP phones continue to have a minimalist and commercial-feeling but also pleasing and thoughtful sound scheme... still largely based on simple sequences of one or two tones.

This is of course strictly a matter of opinion, but I am incredibly irritated by the path that phone sound design has taken. A modern smartphone, by default, offers basically zero ringtones that actually sound like phones. I realize that this comes from my idea of what a "phone" is having ossified when I was about four years old, but I do think there's a good objective argument for communications devices using simple, short, and highly recognizable notification sounds rather than the sort of bizarre set of one minute compositions you tend to get today.

But let's get back to the first tangent here. It turns out my recollection here was wrong: first, the "24 ringtone" is not actually a default ringtone on Cisco phones, but is a "default custom" ringtone that is provisioned to phones by a default installation of Cisco Call Manager (or Cisco Unified Communications Manager later, when Cisco was a major driver of the brief Unified Communications buzzword craze). Cisco IP phones are virtually always used with Cisco Call Manager because they don't use SIP, but rather a Cisco-proprietary protocol called SCCP (commonly referred to as "skinny," which was both an earlier internal name and a reference to SCCP's goal of being simpler and easier to implement on devices than SIP). As a matter of fact Cisco 7900 series phones actually did support SIP if you re-provisioned them with a different firmware image that Cisco provided for that purpose, but this was janky and it's not something I've actually seen used outside of my own home.

So, since Cisco 7900s are almost always used with Call Manager and Call Manager, by default, provisions the phones with these "custom" ringtones... they're pretty much default. The issue is pedantic but still sort of interesting, as it leads you to wonder what internal politics lead to additional default ringtones being included as part of the install package for Call Manager.

Second, though, and more importantly, the ringtone in question is not a Merlin ringtone. The most widely heard ringtone in 24 is very similar to, but noticeably different from, Merlin ringtone 6. The other ringtones heard in the show (which are other Cisco Call Manager defaults) are also "very much but not quite entirely" like the Merlin options.

This actually addresses a bit of a mystery to me. Cisco got its IP phone business by acquiring (pretty much immediately after founding) a company called Selsius. There is no historic business relationship between Cisco/Selsius and AT&T/Lucent/Avaya, so it would seem surprising for AT&T's classic ringtones to end up in a Cisco product. Well, they didn't, or at least not exactly. Although I can't find solid proof, it seems virtually guaranteed to me that the the Cisco Call Manager default set of custom ringtones are, in fact, ripoffs of the Merlin tones. The 24 ringtone is a fake! Given the '80s era prestige of the Merlin system, the Cisco ringtones are practically the "Louise Vittant" handbag of the telephone world.

To be fair, though, whatever anonymous Cisco employee sat down to copy the Merlin ringtones made some meaningful improvements. The staccato cadence of the Cisco ringtones, as opposed to the Merlin's legato, is very distinctive and probably more recognizable in a loud environment. It also sounds pretty cool, which sure helps with a TV series about a vague counter-terrorism agency with apparently superhuman abilities.

So here I'm 100 lines in and on a total tangent. I didn't mean to write about ringtones, I just like them. What I actually wanted to write about has to do with the ubiquity of IP phones themselves. Most office workers my age have probably had an IP phone on their desks for pretty much their entire career. I have, with the exception of one large institutional employer where I was lucky enough to be among the last employees issued an ISDN desk phone. This was rare enough by then that the amused telecom technician made a show of blowing the dust off of the "voice terminal" that she had pulled out of a closet junk heap. I actually loved that phone, but I loved it because it was weird and obsolete. Despite their own eccentricities (which are significant enough that IP phones are virtually always segregated to their own VLAN), IP phones are an increasingly pedestrian part of IT infrastructure that lack some of the intrigue of traditional analog and TDM instruments.

Despite the advantages of IP phones, a lot of organizations that make the switch to IP end up with various odd analog phones left over that, for various reasons, are more expensive to replace. It's fairly common to end up keeping landline telephone service to buildings just to support these devices. And here is the real purpose of this post: to tell you about a few cases where you will very frequently find analog phones, even in organizations and facilities that have otherwise switched to IP. The best part is that these are pretty much all weird types of phones (that's what makes them hard to replace with IP), and you know I love talking about weird phones.

Emergency Phones

One common category of holdover analog phones are emergency phones. The most common case are elevator phones, intended for use by an elevator occupant if they're stuck. In most cases, code requires elevator phones to use an outside line to call an attended call center. This means that they're usually proper phones hooked up to the PSTN. While IP elevator phones are available, they don't seem to be very common. A big factor here is that the elevator phone is typically hooked up by the elevator installer who will run an analog phone line with the elevator travel cable. Adding ethernet later is a pain on its own.

"Blue light" type emergency phones (whether or not made by the actual company Code Blue) are also often analog, although new installations are likely to use the IP versions.

Alarm Communicators

Burglar alarms historically used landline telephone for reporting almost exclusively. Well, historically meaning since the 1950s or so. Prior to that point there were a lot more private alarm monitoring networks in use that used either dedicated pairs per monitored system or telegraph technology. Today, a variety of burglar alarm reporting methods other than telephone are available, but there are still plenty of landline phone communicators in service.

Alarm communicators are not limited to burglar alarms. Some devices like generators and refrigeration equipment may be equipped with a device for reporting any test failures or alarms. Like burglar alarms, today these are often cellular and/or IP, but there's still older equipment out there using analog telephone for reporting.

Access Control Systems

It's fairly common for access control systems, that is electronic door locks, to be remotely programmable. This is common in small organizations where the system is fully managed by a locksmith, and in large organizations where it is managed centrally from a corporate office. Once again, newer systems are moving to IP but there's a lot out there that relies on something like a USRobotics modem for external access.

Paging and Radio Bridges

Something that I've personally seen a couple of times is held-over analog phone lines to support audio bridges to an overhead paging system or to a handheld radio service. There are plenty of IP bridges available for these kinds of applications, but this is another area (like elevators) where you run into a disconnect between contractors: if different organizations service the telephone system and the paging or radio system, you can get stuck on analog just because of the lack of coordination (and willingness to pay) for the switch.

Some Miscellaneous Phone Devices

Analog phone lines lead to a lot of odd situations inside of commercial buildings, especially smaller ones, both because they were easy to adapt to many purposes and because adding more lines was pretty expensive. There was an obvious desire to put more than one device on each phone line.

A common way to achieve this was via a device like "The Stick," which picked up phone calls, detected the presence of a fax or modem carrier, and directed the call to different ports as a result. These types of "lightweight switches" produce some interesting opportunities for phone phreaking. With the popular Stick, for example, DTMF sent immediately after pickup can be used to force it to direct the call to a different port. This can reveal devices like modems that otherwise don't "pick up."

The whole reason I personally know about The Stick is that I've seen it used for remote programming modem access to the access control system in two different buildings. There are obvious security implications of this practice.

How Analog Hides Out

So how do organizations that make a switch to IP support these existing analog telephone devices? To some readers it might seem obvious that an ATA (analog telephone adapter) could be used to connect them directly to an IP phone system. In some cases this is true. But it's important to understand that many VoIP systems use speech codecs that do not preserve enough bandwidth for digital signaling to work. This is most commonly encountered in the case of fax machines: a fax machine naively connected to VoIP via an ATA will likely work unreliably or not at all, depending on the codec selected for the call.

Instead, legacy analog devices are often supported by just keeping conventional telephone service. In a way this is a good solution, since some of these devices are safety or security related, and the telephone network is operated to a higher standard for reliability than most corporate networks. On the other hand, this can become a real headache when a PABX is in use. Although a somewhat extreme example (this was a very large organization with many legacy devices) I have seen one case of an entire 5ESS kept in service basically for analog (and some ISDN) cruft. This is a telephone switch of a scale that it has a staff, albeit now a small one. More commonly, there are definitely some smaller PABX systems that remain installed in commercial buildings to support fire and access control applications. There may be few people with knowledge of these switches and how they're configured.

Well, that was sort of a grab bag of topics but I hadn't written for a while and it was on my mind. I'm in the midst of a remodeling project and life is hectic in general at the moment, so I'm probably going to be following up with some more posts on odd topics. For example, I'm thinking a lot about thermostats right now, and I expect to write a bit on the curious world of HVAC control signaling.

>>> 2022-05-10 amateur hour

So we've talked about radio spectrum regulation in some detail, including the topic of equipment authorization (EA)---the requirement, under 47 CFR, that almost all electronics receive authorization from the FCC prior to sale. We've also talked about the amateur radio service (ARS, 47 CFR 97), and I've hinted that these two topics collide in an unusual way. So this of course raises the question: does amateur radio equipment require authorization? Or, more fun to type, does EA apply to ARS?

The answer is... it's complicated.

In fact, it's sort of surprisingly difficult to get a straight answer on this question. 47 CFR itself is not very clear on this point, because of course the authors of regulations are a lot more willing to throw in special cases to resolve special circumstances than to provide a convenient general rule. While amateur radio is mentioned in various places in Parts 2 and 15, and equipment authorization is touched on in Part 97, there's no general requirement or exception to be found in 47 CFR.

Further contributing to confusion, there is a lot of "armchair lawyering"[1] in the amateur radio community. You will get different answers from different people on even very basic questions about EA. Part of the reason is that the rules have changed over time, less due to 47 CFR itself than due to enforcement actions and regulatory guidance coming from the FCC Enforcement Burea. Part of the reason is because people are repeating things they heard eighth hand from somewhere in the 1950s. And, well, part of the reason is that amateur radio operators enjoy a rather unusual privilege: generally speaking, there are no EA [2] requirements for amateur radio.

In a way this is intuitive: amateur radio has a substantial tradition of home-built or home-modified equipment. "Vintage" HF equipment are sometimes colloquially referred to as "boat anchors" in reference to both weight and typical market value while sitting on a hamfest vendor's table. But, as a matter of fact, if you manage to construct a boat anchor into an RF transmitter you are welcome to use it in the amateur radio service, subject to the technical requirements of Part 97. A common way to explain this (common enough that the FCC itself says it in a number of places, even though it is not quite a literal part of the regulations) is to say that amateur radio privilege rests entirely with the person holding the license. As a licensed operator, you alone are responsible for the operation of your station... not the device manufacturers. You can make use of anything, subject to good engineering and amateur practice.

But I said it was complicated, didn't I?

The first reason is related to requirements on the sale of scanning receivers. As a convenience and because it is fairly easy to implement with modern electronics, almost all amateur transceivers on the market today offer wide-band reception. Any device capable of monitoring two or more frequencies between 30 and 960 MHz and switching to one on which a signal is received is considered a scanning receiver (47 CFR 15.3(v)). As of 1999, all scanning receivers require certification by the FCC (47 CFR 15.101(a)). Certification is used here in its current sense in the regulations, meaning that the FCC must actually review and approve the results of testing. A mere declaration of conformity from the manufacturer is not acceptable.

In other words, the majority of amateur radio transceivers sold today are actually subject to equipment authorization under Part 15, Part 97 be damned. If you remember our talking about the verboten band, this might be familiar: the certification requirement for scanning receivers was created specifically to prevent the sale of devices which would be used to eavesdrop on analog mobile calls. This ruling somewhat inadvertently introduced a de facto EA requirement for the amateur radio industry, and it is typical today for amateur radio devices to somewhat incongruously bear a Part 15 Device label.

Amateur radio transceivers can be marketed and sold without certification under Part 15 if, and only if, they do not meet the definition of a scanning receiver... not particularly likely since wideband reception and dual VFO with "dual watch" have become standard features on even the cheapest HTs. A more likely type of device to not fall under this requirement are HF transceivers, which are more likely to omit wideband reception and not have receive capabilities above 30MHz. Still, this is not especially common.

Given that the first complication boils down to reaction to mobile phone eavesdropping, it will perhaps be unsurprising (at least if you've read enough of my radio rambling) that the second complication boils down to citizens band.

For primarily cultural reasons that are hard for anyone under 40 to really comprehend, citizens band (CB) enjoyed a brief period of mass popularity, during which it was the primary thorn in the FCC's side. Like other services which are licensed-by-rule (e.g. FRS and GMRS), CB is available to individuals without training or registration. To prevent the band becoming unusable, there are strict limitations on CB equipment in terms of output power: 4 watts. That doesn't sound like a lot, but remember that unlike the consumer radios we're used to today, CB is HF. 4 watts travels surprisingly far below 30MHz, conditions allowing.

What makes CB very different, from a regulatory perspective, from FRS and GMRS was the absolutely huge extent of rule-breaking. While illegal operations at e.g. higher than permitted power is not unheard of in FRS and GMRS, it is not very common. At the height of the CB craze, illegal operation at 100W or more became practically the norm. While there were higher-than-limit CB radios available for purchase through various grey market channels, high CB output powers were most commonly achieved by adding an external power amplifier.

Power amplifiers would probably be unfamiliar to most radio users today, because we now use mostly VHF and UHF where power levels are relatively low and linear amplifiers are troublesome for technical reasons. But in the HF bands, still today in amateur radio, it's fairly normal to use a transmitter with an output power of, say, 4 watts, and direct that power to an external linear amplifier which uses it as the gate input for a very big power tube.

Power amplifiers were not legal to sell for CB use, but the CB band is close to the popular 10 meter amateur band. Close enough, in fact, that a power amplifier intended for 10M use will typically work acceptably when driven by a CB radio. The inevitable result: truck stops suddenly diversified into the lucrative amateur radio power amplifier market. Who amongst us has not stopped into a Pilot Travel Center to upgrade our 10M rig to 300W output?

The FCC addressed this runaround of the rules by creating 47 CFR 97.315. This exception to the general lack of EA rules in Part 97 states specifically that any power amplifier capable of operation below 144 MHz is subject to equipment authorization. The same section then provides broad exceptions for any such amplifier that is built, modified, or purchased used, but only when the user holds an amateur radio license.

What rules must such amplifiers meet to receive EA? 47 CFR 97.317 tells us that the amplifier must exhibit zero gain between 26 and 28 MHz, not be easily modified to demonstrate gain on those frequencies, and more broadly not be usable for services other than amateur radio. 26 to 28 MHz is, of course, the citizen's band. Just to reinforce this, along with some brief boilerplate amateur radio is mentioned in Part 2 (which, remember, states the general requirement for equipment authorization subject to whatever other part applies to the device) only once... 47 CFR 2.1060(c), which says that "Certification of external radio frequency power amplifiers may be denied when denial would prevent the use of these amplifiers in services other than the Amateur Radio Service." Here, the FCC protects "can be used for CB" as a reason to refuse authorization under Part 97---in the one case where it's required.

Why the 144 MHz cutoff? I'm not sure exactly but there is an obvious direction for speculation. 144 MHz is the start of the 2-meter band, which is for most purposes the lowest amateur band that is not HF. Power amplifiers designed for VHF and UHF use are fairly substantially different from those designed for HF and would be unlikely to produce usable output when driven by any HF transmitter, including a CB radio. The "below 144 MHz" rule seems to just give a pass for those power amplifiers that are unlikely to be part of the problem.

Now, if an amateur radio power amplifier can be modified for use in CB radio, what about a whole amateur transceiver? Yes, that's where the off-label CB market went next. Remember Pilot truck stops? Agents of the FCC Enforcement Bureau visited eleven of them in 2004---well into the decline of CB radio. They are not famous for their quick reaction to new trends. Still, the FCC found that these Pilot locations had oddly diversified again into amateur radio retail.

It's part of the American tradition to dream big, and it ought to inspire us all that Pilot aspired to best such barons of industry as Ham Radio Outlet and.... no, that's it, HRO is actually the only brick and mortar amateur radio retailer I have ever laid eyes on. The fact that their Portland location is still open can only be explained by miracle.

Of course this was not really the case, what Pilot was selling as amateur HF transceivers were just CB radios without equipment authorization. Or more accurately, they were 10M transceivers that had been intentionally designed to allow trivial modification to CB. For this bit of not-so-clever deception Pilot was ordered to pay $125,000 to the FCC. That includes an extra bonus forfeiture for continuing to sell them after the first set of violation notices was issued.

This notice of apparent liability for forfeiture[3], FCC docket 04-272 or better cited as 19 FCC Rcd 23113, is notable mostly because it is now the primary citation given for the fact that amateur radio equipment does not generally require equipment authorization. It states explicitly in paragraph 3 that "radio transmitting equipment that transmits solely on Amateur Radio Service frequencies is not subject to equipment authorization requirements prior to manufacture or marketing." Had the Enforcement Bureau not provided that plain statement in this particular NALF, the lack of EA requirements for amateur radio would remain a largely non-obvious consequence of the lack of any particular EA requirements in Part 97 (other than the one about sub-144 MHz power amplifiers).

Note though that, fortunately, the FCC didn't decide to address this problem by adding an EA requirement for amateur radio transceivers that could transmit anywhere near 30 MHz. Instead, the Enforcement Bureau finds that the existing rules are quite clear enough. Any transmitter intended for use in CB must be type certified for CB, and it was well established earlier in the CB craze that "easy modifiability" does not work as a loophole. A device which is sold on the premise that it can be easily modified for CB use is still, in the FCC's view, a CB radio.

Nonetheless, illegal CB equipment remains pretty easy to obtain. A trivial Google search found a 100W power amplifier for sale at just $88, apparently from an Italian manufacturer. The internet has made regulation of the radio market very challenging, as it has for most markets. Equipment is made for legal applications in other countries and then imported, or just starts out as a design for the US gray market.

This problem has become particularly large with the rise of the Chinese radio manufacturing industry. There is a substantial global market for inexpensive land-mobile radio equipment for business use, and many countries have rather lax regulations on radio services and devices. LMR radios in the United States are generally prohibited from being face-programmable, for example, but many other countries have no such prohibition. A set of Chinese radio manufacturers have emerged that sell products into this market. One of the cheaper ones has become less of a brand and more of a category in the amateur radio market: Baofeng.

Baofeng, more properly Fujian Baofeng Electronics Co., Ltd, was founded in 2001 by one Wang Jinding. With around 1000 employees, Baofeng produces a large line of VHF/UHF handheld radios, or Handie-Talkies as amateurs charmingly still like to call them (a term that dates back to WWII). For several years now, Baofeng seems to be represented in the United States by Baofeng Tech or BTech. Baofeng Tech conspicuously promotes themselves as based in the sub-1000 population town of Arlington, SD, and indeed the Secretary of State has the filings for B-Tech Distribution Inc, incorporated by one Andrew Brown. The same Andrew Brown at the same address has formed a variety of LLCs with names like "Three B Developments" and "Three B Investments," but I can find little else about them. The About page on the Baofeng Tech website ends in "if you have accepted Christ as your personal Savior – contact us today here to let us know and we will send you a one time package of literature."

BTech has also sent a one-time package of literature to the FCC, as they obtained equipment authorization on a number of Baofeng models based on test results commissioned from Bay Area Compliance Laboratories of Dongguan. These equipment authorizations are, in fact, type certifications for Part 90 land-mobile radio operation. As a result, for these models, it is perfectly legal to market and sell Baofeng radios in the United States. It is, though, still completely possible to purchase Baofeng models with no such equipment authorization, often shipping direct from China. This would constitute a violation of the FCC regulations on the part of the retailer.

But what of amateur radio? Type certifications are done against specific parts of the FCC rules. The Part 90 certificate for the Baofeng models list specific bands and modes (emission designators) for which they are authorized. Part 90 (private land-mobile radio) is not Part 97 (amateur radio), and so the radio is not really authorized per se.

But the trouble here is, amateur radio is largely exempt from equipment authorization in this way too. Much like Part 97 lacks equipment authorization requirements (except power amplifiers) on manufacturers, it also lacks any prohibition on the use of unauthorized equipment. In fact, both Part 2 and Part 97 contain exceptions to equipment authorization requirements that explicitly preserve the ability of amateur radio operators to use any equipment they choose. For example, Part 2 provides an exception to general requirements that modifications be authorized by the FCC: Amateur license holders can freely modify equipment for use in the amateur radio service. No approvals required.

It has for some time been a generally accepted practice to repurpose Part 90 equipment for amateur use. This was particularly true in the days of crystal-based mobile radios, when many ex-police HF radios were modified for amateur operation. I know of club repeaters today running on lobotomized Motorola P25 (trunking system typically used by law enforcement) equipment. And an active group of amateurs operates WiFi equipment in amateur bands, based on their overlap with foreign WiFi allocations.

As a result of this exceptional latitude, amateur radio operators are, as far as I can tell, completely permitted to use Part 90 authorized radios. Further, amateur radio operators can use radios that are not authorized at all. This actually shouldn't be that surprising: most amateur radios today only need equipment authorization under the 1999 anti-eavesdropping rule. Prior to '99 most all amateurs were operating unauthorized equipment!

Nonetheless, the organizations marketing and selling these unauthorized models are violating FCC rules. The FCC seems to have taken a light touch on the issue of selling unauthorized equipment for amateur use, not just a bit because doing so would only really violate normal Part 15 rules and not nominally harm any licensed service. But the FCC has increasingly taken an aggressive position on retailers selling unauthorized radios to non-licensed users. In a prominent case, hobby vendor Rugged Radios received a threat of a forfeiture notice if they did not cease sale of the RH5R (apparently a custom case version of the Baofeng UV-5R) and other models. The target market was primarily offroad and powersports users, who don't generally hold any radio license [4].

Offroad and powersports users might better be advised to use the licensed-by-rule services MURS or CB [5], or even apply for an industrial/business pool license as an organization (although the logistics of distributing Part 90 radios are somewhat complex, since they must be programmed externally). But Rugged Radios was selling unauthorized radios along with materials that included lists of Part 90 and Part 95 frequencies. This clearly constituted marketing of an unauthorized device to a use for which authorization is required.

The importation of radios not built to US regulations will continue to be a challenge in spectrum coordination. Incidents of drone FPV transmitters directly interfering with aviation radar show the practical effects. I tend to think, though, that the impact will always be limited: Today, consumer radio use not controlled by a licensed entity is largely limited to the microwave oven bands.

[1] This is as opposed to what I'm doing here, which is more like jailhouse lawyering.

[2] or device certification, type acceptance, or type certification. The FCC itself is not entirely consistent about how it uses these terms and they have changed over time, including a find-replace amendment to 47 CFR to swap out words.

[3] This has sort of come up a couple of times now. The FCC is not properly a part of the government (it's an independent agency) and so it does not issue fines. Instead, it issues Notices of Apparent Liability for Forfeiture, which tell the target how much they are expected to pay as a civil matter. NALFs are often attached to a Memorandum of Opinion and Order, which give an interpretation of how the regulations apply to the present situation. Those memoranda are sort of like court opinions in that they set precedent the Enforcement Bureau will rely on later.

[4] Unless they happen to also be amateur radio operators. While there are restrictions on the use of amateur radio for any commercial purpose, it's well accepted to use amateur radio in the course of other hobbies. That is, an amateur radio operator who also e.g. participates in off-road racing would be permitted to use amateur radio equipment and spectrum for that purpose so long as it is not a commercial activity (in which case the Part 90 industrial/business pool would be applicable). There is a particularly strong tradition of amateur radio in the RC world, where many amateur radio operators use amateur equipment and spectrum for telecontrol of RC aircraft and etc.

[5] MURS, the Multi-Use Radio Service, is a licensed-by-rule service similar to GMRS but in low band where propagation in the open tends to be better. MURS radios are more commonly mobile (i.e. automotive) than handheld, but ther are both handheld MURS radios and mobile GMRS radios on offer. GMRS is a slightly odd situation for that matter and there actually is such thing as a "GMRS license," which confers privileges beyond those of licensed-by-rule users such as repeater operation. This might also be attractive to off-road users. If you chuckle at the common pronunciation "murrs" you are probably going to hell but I am right there with you. Consult Baofeng Tech for advice on salvation.

>>> 2022-04-22 regulating radiation

One^wTwo days late for 4/20, I return to discuss equipment authorization. This is a direct followup to my last post about unlicensed radio. I apologize for my uncharacteristic decision to actually provide a promised follow-up in a prompt manner, and give you my assurances that it's unlikely to happen again. I will return to my usual pattern of saying "this is the beginning of a series" and then forgetting about the topic for two years.

But equipment authorization is sort of an interesting topic, and moreover I think I really shortchanged the last post by not going into it. Because ISM bands and other so-called "Part 15" bands are unlicensed, the limitations that exist on usage of those bands stem pretty much entirely from the equipment authorization process. I also think I shortchanged the last post a bit by not providing some background on the regulatory structure, so here that goes first:

when I refer to the "FCC regulations," I of course mean 47 CFR, or the 47th title of the Code of Federal Regulations. The CFRs are a compiled version of all of the regulations promulgated by various federal agencies and are not laws (those are found in the USC) but are sort of like them. The difference is basically in the way they are developed and changed: laws are set by legislators, while regulations are set by the staffs of agencies, but typically with some sort of formalized process that incorporates public comment. This whole concept of codified regulations is referred to as "administrative law." In practice, the way it works at the federal level (and simplified somewhat) is that agencies develop regulations using their normal process, they publish the new regulations in the Federal Register, and some staff pull the changes out of the Federal Register and compile them into the CFR which provides a handy reference to find all the federal regulations.

Because the stuff in the CFR comes from various agencies, it's broadly organized by those agencies. So 47 CFR is stuff that comes from the FCC, while the FAA produces what are often called the "Federal Aviation Regulations" but are more properly known as 14 CFR. This is useful knowledge because the federal government maintains eCFR.gov, a convenient website where you can browse and search the current version of the CFRs. This is a lot more convenient than the old system of going to a federal depository library to look at the big printed volumes that are already out of date.

When discussing FCC regulations, it is very common to talk about them in terms of Parts and identify services by the Part that describes them (this is broadly a common way to refer to federal regulations) [1]. So when we say "Part 15 device" we are describing a device which emits RF radiation under the rules in 47 CFR 15. In 47 CFR 15.1(a) we read:

This part sets out the regulations under which an intentional, unintentional, or incidental radiator may be operated without an individual license. It also contains the technical specifications, administrative requirements and other conditions relating to the marketing of part 15 devices.

So that pretty much lays it out. As a result, "Part 15 device" and "unlicensed device" are somewhat synonymous. Devices that are used under a license are discussed under other parts. Many types of license must be applied for, but there are licensed services that are "licensed by rule." This means that they are a licensed service covered in another part, but that license is granted automatically subject to certain conditions. An example of a licensed by rule service is the family radio service or FRS, which is one of the services used by the ubiquitous consumer walkie-talkies made by companies like Motorola and Midland. This is not a Part 15 or unlicensed service, but you also don't need to apply for a license, as 47 CFR 95 says that you automatically have one.

Now, all of this so far is talking about radio services. This distinction can be confusing because, particularly in Part 15, there is some crossing of the lines. Broadly, though, a radio service is a means of using the RF spectrum and the rules and regulations that apply to it. Point-to-point microwave is a radio service. Broadcast FM is a radio service. Amateur radio is a radio service.

There is a separate issue of equipment authorization. I tend to refer to this as device certification because that therm just makes more sense to me, but I should break the habit because the FCC consistently uses the term equipment authorization. Equipment authorization is broadly described in 47 CFR 2, and particularly 2.801 and up (Part 2 is sort of a general or definitions section, and contains the high-level rules for a lot of things). In 2.901, we read:

In order to carry out its responsibilities under the Communications Act and the various treaties and international regulations, and in order to promote efficient use of the radio spectrum, the Commission has developed technical standards for radio frequency equipment and parts or components thereof. The technical standards applicable to individual types of equipment are found in that part of the rules governing the service wherein the equipment is to be operated. In addition to the technical standards provided, the rules governing the service may require that such equipment be authorized under Supplier's Declaration of Conformity or receive a grant of certification from a Telecommunication Certification Body.

I'll spare quoting all the different sections that really put this together, but here is the general idea: you cannot market, sell, distribute, or use a radio frequency device unless it has an equipment authorization (EA). Part 2 lays out the process for getting that EA, which are either a declaration of conformity (manufacturer pinky promises it meets the rules) or an independent test depending on the device and service.

But what are the actual restrictions a device must meet? They're contained in the sections that describe services. For devices not associated with any service, Part 15 serves as a "catch-all." Part 15 thus covers unintentional and incidental radiators, and intentional radiators not associated with a licensed service. Sort of a "miscellaneous" basically.

I'm not going to spend much time on Part 2 because it's mostly procedural and not all that interesting. However, the prohibition on marketing laid out very explicitly in 2.801 has important implications that you have probably seen in the marketing of cellphones. You generally cannot advertise a device until it has an EA. If you do, you must clearly state that the device cannot yet be sold. Early marketing for cellphones often includes such a disclaimer:

This device has not been authorized as required by the rules of the Federal Communications Commission. This device is not, and may not be, offered for sale or lease, or sold or leased, until authorization is obtained.

Part 2 also provides some general exceptions. The basic idea is that it is permissible to operate a device that doesn't yet have an EA on an experimental basis with some protections and restrictions in place. It's even acceptable to distribute a device prior to EA, as long as distribution is only to people who will be using the device for testing/engineering/integration purposes and they are aware of and comply with the restrictions. In other words, the FCC is fine with prototypes, but requires that the prototypes be restricted to limited uses.

Finally, when the FCC approves an EA it issues a number usually called an FCC ID. Devices are required to be labeled with their FCC ID in a fairly conspicuous way, although because designers hate labels the FCC now allows the FCC ID to be presented in software and on packaging rather than physically on the device in some cases. Most smartphones are now like this.

That's probably enough of Part 2. Since the actual certification requirements are laid out in other parts, let's take a look at some, starting with our favorite Part 15.

Remember how right up there I quoted 15.1(a) saying that Part 15 applies to unlicensed devices? Let's just reinforce that real quick with 15.1(b) to remind us what's up.

The operation of an intentional or unintentional radiator that is not in accordance with the regulations in this part must be licensed pursuant to the provisions of section 301 of the Communications Act of 1934, as amended, unless otherwise exempted from the licensing requirements elsewhere in this chapter.

So this is basically the converse. If it's unlicensed, it's Part 15. If it's not Part 15, it needs to be licensed.

First, there's an interesting question of what devices are considered radio devices and thus subject to EA. It's fairly clear that any device that radiates RF radiation is either a license device or a Part 15 device and is thus subject to EA requirements. But what's RF radiation?

(u) Radio frequency (RF) energy. Electromagnetic energy at any frequency in the radio spectrum between 9 kHz and 3,000,000 MHz.

Okay so I set that up as a bit of a joke because this definition is kind of funny, but it's funny in an important way. For the purposes of FCC regulation, the radio spectrum ranges from 9kHz to 3THz. Below and above that range, it's not considered RF. Above tends not to be an issue because if you go much past 3THz you start being able to see it. Below 9kHz is a different issue: lots of devices emanate EM fields below 9kHz, but the FCC does not consider them to be RF devices.

Important implication: with few exceptions, any device that contains a clock or pulse of 9kHz or greater is a device that emits RF. In fact, the FCC is quite explicit elsewhere in the Part 15 definition that any digital device with a clock speed higher than 9kHz is an RF device, because it can be expected to emit some RF noise within the range considered the RF spectrum. This is the reason that virtually all electronic devices are subject to Part 15 regulation. If you don't want to deal with the FCC, 9kHz is effectively the speed limit for any kind of pulsing or modulation.

Also very important to understanding my previous post is 15.5(a):

(a) Persons operating intentional or unintentional radiators shall not be deemed to have any vested or recognizable right to continued use of any given frequency by virtue of prior registration or certification of equipment... (b) Operation of an intentional, unintentional, or incidental radiator is subject to the conditions that no harmful interference is caused and that interference must be accepted that may be caused by the operation of an authorized radio station, by another intentional or unintentional radiator, by industrial, scientific and medical (ISM) equipment, or by an incidental radiator.

In other words, the FCC doesn't give a shit about your WiFi network. There is some nuance to the term "accepted" here. They're not saying that Part 15 devices aren't allowed to shield themselves from interference. They're saying, in casual parlance, that Part 15 devices must put up and shut up. They don't have any regulatory protection from interference.

15.15 provides some very general engineering guidelines for Part 15 devices. I will not quote them, because they can be well summarized as "do a good job." The gist is that Part 15 devices must employ good engineering practices to minimize their RF emissions, and under no circumstances can exceed the specified limits.

15.23 is the home use exception. This should be of interest to all hobbyists and "makers." It essentially says that it is permissible to build and operate an RF device without an EA as long as it's for personal use, you don't market it, and you build fewer than 5. You are required to use good engineering practices to limit RF emissions, but you aren't required to perform testing. "It is recognized that the individual builder of home-built equipment may not possess the means to perform the measurements for determining compliance with the regulations" (15.23(b)). Thanks, FCC.

The majority of the remainder of Part 15 involves detailed technical standards. It lays out the emission limits and the ways that those limits should be measured. It's fairly long and boring, but also pretty easy to read, so you can feel free to take a look through it on your own time.

It is useful to understand that the limits and means of measurement vary by band and sometimes types of device, but for the most part "transmit power" is not a factor. This makes sense in light of the fact that Part 15 applies to unintentional or incidental radiators where there is no "transmit power." Part 15 limits are primarily specified in terms of field strength, in volts per meter, at various distances from the device. Rules about power and antenna characteristics are mostly reserved for licensed services, although there are some found in Part 15. For example, WiFi devices are mostly subject to a 1w transmit power limit, in addition to the limits on field strength, and there are more restrictive special limits if a high-gain antenna is used. This is some of the confusion of Part 15: WiFi is not a licensed radio service, but rules have been added to Part 15 to regulate it sort of like one, as far as having restrictions on power and antenna characteristics. It also implies that you can make a WiFi device non-compliant by fitting a high-gain external antenna. You can!

Notable as well is 15.103 which provides some "soft" exceptions. 15.103 is a list of types of devices which are subject to the general high level Part 15 rules, but not to the specific testing requirements. They include some major categories like things used exclusively in vehicles, medical devices used under supervision of a physician, and some digital devices with clock speed under 1.705MHz which are strictly battery powered (tends to apply to remote controls). These exceptions combine two different motivations: first, some of the excepted devices are excepted because they pose a very low risk of emitting problematic interference (simple battery powered electronics). Second, some of the excepted devices are subject to other engineering, regulatory, and application controls that limit the risk of interference (vehicle components and medical devices).

Finally, remember U-NII from the last post? the spectrum that allows for 5GHz and 6GHz WiFi? it's not a service, it's still Part 15, and it's discussed specifically in 15.401 and up. This includes the special characteristics of U-NII that I mentioned like DFS (radar avoidance) and AFC (automatic coordination).

Let's compare and contrast Part 15 to parts that cover licensed services. An obvious one is Part 73, Radio Broadcast Services. This includes your AM and FM radio stations. Much like Part 15, Part 73 is heavily concerned with limits on these broadcasters, but unlike part 15 they are generally expressed in terms of transmit power (which can actually be measured a few different ways, the regulations clarify how for each service) and antenna characteristics. More interesting is the type of emission regulation that really distinguishes a licensed service from Part 15: Part 73 describes the rules to protect broadcast stations from interference. Methods and calculations are described to determine, for example, whether or not an AM station is sufficiently far away from another AM station on the same or nearby frequency to avoid the two overlapping. Unlicensed devices must accept interference, licensed devices are generally protected from interference by the regulations.

The exact details of these limits can get fairly technical. Part 15 includes a number of formulae, Part 73 has even more as it gets even into the modulation used by transmitters. This is one of the reasons administrative law is differentiated from legislation: the details of regulation are often very technical, and so they are developed and evaluated by technical professionals. These things can be tricky, and so in places Part 73 reads almost like a textbook. In a number of spots it specifies the formula to be used, and then provides an example calculation just to make sure you really get it.

There are things like this (47 CFR 73.151(c)(2)(i)):

The computer model, once verified by comparison with the measured base impedance matrix data, shall be used to determine the appropriate antenna monitor parameters. The moment method modeled parameters shall be established by using the verified moment method model to produce tower current distributions that, when numerically integrated and normalized to the reference tower, are identical to the specified field parameters of the theoretical directional antenna pattern. The samples used to drive the antenna monitor may be current transformers or voltage sampling devices at the outputs of the antenna matching networks or sampling loops located on the towers...

Who knew regulations could be so fun! This is basically getting into the details of how the specifications of a directional antenna array for an AM radio station can be established. Antenna engineering is complex and I barely understand the most basic parts of it. When you get into arrays operating at low frequencies it can get very complex indeed and so the FCC specifies that computer modeling alone is not enough, the actual performance needs to be verified against the model.

How about another? Part 90 covers Private Land Mobile Radio Services. Land mobile radio (LMR) is a broad category of portable radios used on land... mostly handheld or in vehicles. LMR is a pretty big category because it encompasses everything from public safety dispatch to some cellular bands (most cellular bands in use today are part of other services, though). Land is specified because aviation and marine radio are both their own services.

Part 95C describes the Industrial and Business Pool, a widely-used service for everything from non-government vehicle fleets to some retail store handheld radios. A few different types of users are eligible to use the pool but under 47 CFR 90.35(a) it basically comes down to "anyone who is in business, and most organizations that aren't in business as well."

47 CFR 90.35(b)(3) is a lengthy table that lists the frequencies available for industrial and business use, which span many bands but are most dense in the popular VHF mid area (140MHz or so) and UHF low area (460MHz or so). These are very popular parts of the spectrum in general as they have good propagation and penetration characteristics and RF electronics for these wavelengths are relatively easy to construct. Amateur radio operators might recognize these as being more or less the 2m band and the 70 cm band [2], which are also perhaps the most popular bands in amateur radio. Most mobile radio services have some frequencies allocated in these areas and so they are fairly densely packed with different users. This approach highlights one of the many variations between different radio services: some radio services are allocated a band, some radio services are allocated a list of bands or even a list of specific frequencies scattered across many bands.

As with most things in radio regulation, this table comes with caveats and exceptions. For example, a number of I/B pool frequencies in the UHF band overlap UHF aviation radio used by the military. Note 61 on the table states that these frequencies cannot be licensed near any of a long list of airports and bases, and are subject to a lower power limit elsewhere.

Let's dwell for a moment on this topic of UHF military aviation radio, as it is an example of an important complexity of US spectrum regulation. Military aviation radio is not an FCC radio service. The FCC is an independent agency created by Congress. This means that while its leadership is appointed by the President and confirmed by Congress, it is not a part of any branch of government. For both historic and present reasons, the executive branch of the federal government maintains its own, separate authority to authorize radio use in the form of the National Telecommunications and Information Administration, which derives its authority directly from the President. Because the military is also part of the executive branch, its authority to use radio is granted by the NTIA and not the FCC. Obviously the NTIA and FCC must coordinate their activities to avoid conflicting allocations.

There can be some nuance to the line dividing NTIA and FCC authority. Aviation is once again a good example. Because VHF aviation radio is used by a wide set of individuals in the aviation field, and not only by the executive branch, it is regulated by the FCC (Part 87). The FAA, though, uses radio for its own internal purposes, such as for communication between control centers and remote equipment like radars and radio transceivers. Since this use is entirely within the executive branch, it is regulated by NTIA. Air traffic control thus simultaneously involves FCC and NTIA services, although the NTIA services are not exposed to pilots, since they are not part of the executive (except for military pilots, who are!). Further illustrating this complexity, the FAA has chosen to fully contract the operation of most of its radio facilities to a private company (L3Harris), on an M&O basis. Because Harris is not part of the executive, they must gain authorization from the FCC... leading to a process of the FAA "turning in" its NTIA licenses so that Harris can apply for an FCC license for the same equipment.

It is a somewhat common misconception that NTIA authorizations are somehow secret. This is not the case; while the NTIA has failed to provide the online records access that the FCC does, you can submit a FOIA request to the NTIA and receive in response a PDF of over 3,000 pages listing all NTIA frequency allocations. I have several times started on writing a parser to convert this report into a more usable database but I fear my lack of a computer science degree proper shows here and I have not succeeded. Maybe that automata class everyone else in the department took was good for something.

We will return to the topic of Part 90 to examine one last interesting aspect: frequency coordination. The role of the FCC is often mis-described as being coordination of frequencies. While there are exceptions, for the most part the FCC restricts itself to coordination of services and leaves the more detailed work to other organizations. In aviation, for example, the FAA does the actual frequency allocation. In the industrial/business pool, frequency coordination is entrusted to private corporations that have obtained a certification from the FCC. So, the first step in applying for an I/B license is typically to contact one of these organizations and receive their "suggested" frequency. You then include a letter from the coordinator as an attachment to your application, to show the FCC that you are requesting that particular frequency for a good reason. Many variations on these models exist, but the rule of thumb is that the FCC allocates bands or frequencies to a service, and what goes on within the scope of that service is coordinated by someone else. Broadcast radio is a very notable exception, since the FCC itself is also the agency responsible for non-spectrum regulation of broadcast radio.

Let's wrap up by discussing one last service, and I'll make this a fun one: Part 97, the amateur radio service. One of the interesting things about Part 97 is that it makes frequent reference to radio-telecommunications as an art, e.g. listing one of the purposes of the amateur radio service as "continuation and extension of the amateur's proven ability to contribute to the advancement of the radio art" (47 CFR 97.1(b)). This is a more aspirational view of communications technology which I attempt, but mostly fail, to capture in my writing: since the time of Marconi, Fessenden, etc., radio has been the type of human achievement that is appealing on both practical and aesthetic grounds.

Unfortunately, just as the consolidation of airlines and decay of entry-level general aviation has largely robbed flight of its romance, the consumerization of radio technology has removed much of the fun. Still, though, if you want to twiddle knobs and strain to hear through static, amateur radio is here for you. It's a lot of fun! And besides, the promise of advancement to the art seems to continue to pan out. The new generation of amateur radio operators has developed a number of innovative digital techniques and built infrastructure that is useful for theoretical and industrial research on atmospheric physics, propagation, astronomy, etc. Improvements in technology seem to now be driving a return to commercial use of HF radio, long of limited use due to a degree of complexity that tends to require an experienced operator. Many of the methods being used to automate HF operations are derived at least partially from dweebs tinkering around with GNU Radio for fun.

Anyway, enough of that. Let's look at the rules. 97.5 lays out the basics, namely that amateur radio stations must be "under the physical control of" a person who holds a license. There are various nuances to this rule but for the most part a very literal reading works. The main caveat is that the licensed operator need not be physically present; subject to some limitations amateur radio stations may operate unattended or by remote control as long as reasonable measures are in place to prevent tampering.

Much of Part 97 is fairly obvious and uninteresting, although there are some regulatory oddities like the fact that the National Environmental Policy Act applies to amateur radio and so amateur radio operators may need to complete environmental impact statements when siting stations or equipment in areas of environmental, historic, or cultural significance. NEPA is sort of a hobby interest of mine and I'll probably write about it in more length eventually.

On the flip side, Part 97 provides some positive protection to amateur radio stations. 97.15(a):

Except as otherwise provided herein, a station antenna structure may be erected at heights and dimensions sufficient to accommodate amateur service communications. (State and local regulation of a station antenna structure must not preclude amateur service communications. Rather, it must reasonably accommodate such communications and must constitute the minimum practicable regulation to accomplish the state or local authority's legitimate purpose. See PRB-1, 101 FCC 2d 952 (1985) for details.)

This was added in response to a series of municipal governments enacting zoning regulations that prohibited antenna structures. Radio, though, is regulated by the federal government, which claims supremacy on the topic. State and local laws generally cannot prevent activities which the FCC permits. A similar situation exists in aviation, where the FAA has supremacy, and leads to a confusing paradox related to bans on UAS or "drones" enacted by state and local governments. They lack the authority to do so, and so these bans are actually bans on ground operations, not flight. This whole federation thing can be complicated.

What about frequency coordination? 97.101 tells us that "Each station licensee and each control operator must cooperate in selecting transmitting channels and in making the most effective use of the amateur service frequencies. No frequency will be assigned for the exclusive use of any station." In other words, in keeping with the nature of amateur radio as a loosely regulated, hobbyist service, frequency coordination is light. Various organizations, typically the ARRL or organizations under its auspices, perform various types of frequency coordination in the amateur service. For the most part, this is purely voluntary and does not have the force of regulation, although one could argue (and the FCC has) that willfully ignoring organized frequency coordination constitutes a failure to operate in accordance with "good amateur practice" as is required at the beginning of 97.101.

97.111-97.117 regulate the use of amateur radio. The general idea is that amateur radio cannot be used for commercial purposes and is intended only for two-way (that is, not broadcast) use with limited exceptions. 97.119-97.221 provide regulations related to the operations of different types of stations and functions. 97.301 lists the authorized bands, with many caveats depending on the particular band. A notable thing about amateur radio is that it often shares its bands with other services. This is pretty common overall: a lot of radio services are allocated bands or frequencies on a secondary or shared basis, which makes more efficient use of the spectrum but does require radio users to take precautions to avoid interfering with other band users.

The rest of Part 97 deals with administrative details; things like exams, licensing, reporting, etc. It's the kind of thing that isn't much fun to read, but is useful to be familiar with a an amateur radio operator.

This concludes our general tour of 47 CFR. This has gone on for quite a while, and the great thing is that I still didn't get to the thing I meant to explain... the sort of odd rules regarding equipment authorization and amateur radio. But still, there's a lot here that gets towards that point: equipment is almost always required to be authorized by the FCC, and the specific requirements for authorization come either from Part 15 or from the Part that covers the service for which the equipment is to be used. As a result, equipment authorization is specific to a service. Generally speaking, a Part 15 device cannot be used in any licensed service. A device authorized under another Part can be used only with the specific service for which its authorized. The FCC itself sometimes refers to this as "type certification" or "type acceptance," and it is the dominant area where device manufacturers, marketers, and users are currently getting in trouble. So let's get into that topic properly... later.

[1] The CFRs are actually organized into chapters and subchapters for reading convenience, but the parts are numbered straight through. So no one ever writes "47 CFR I.A.15," just "47 CFR 15" or "Part 15" will do.

[2] For historic reasons amateur radio has a habit of referring to bands by wavelength rather than frequency, which I have always found frustrating. This is no longer common in most forms of commercial radio, where the IEEE radar band designations are more common (VHF low/mid/high, L band, C band, etc). Not that these are really any more convenient.