The Def Con Proxy Ham talk was abruptly canceled by its presenter. No one provided any clear reason for the cancellation. However, I believe there is a relatively simple explanation for why the talk was canceled.
ProxyHam was a privacy device meant to disassociate an IP address from a physical location. After the Def Con 23 presentation about the device was canceled without any official reason, public opinion rushed to fill the void with all manner of explanation. However, I believe there is a relatively simple explanation for why the talk was canceled.
Note: A version of this post originally appeared on my old blog in July 2015. I’ve copied it here to preserve the content as I’m reorganizing my online properties.
When the talk was announced it received lots of attention, likely including attention from folks who are quite knowledgable in the matter of FCC regulations. I believe that once one or more of these folks suggested to the presenter, Ben Caudill, that his device was likely skirting the edge of legality (especially if he intended to market/sell it as a product), he decided it would be in his best interest to cancel. Regardless, theories are not what this post is about. This post is about the facts pertaining to the questionable legality of the ProxyHam device. I’ll preface this by saying that I don’t claim to be an expert; I’m merely a radio geek looking to dig up some truth.
Let’s start with the first point of confusion: the 900MHz band. There are many complexities in the FCC’s band allocations. Most bands have several allocated users and use cases, split between “primary” and “secondary” allocations. Indeed, the 900MHz band (comprising 902-928MHz) is one with many allocations. The primary user is the U.S. Navy, followed by several secondary users, including ISM and Amateur Radio.
The next point of confusion is the use of “ham” in the name. Many (myself included, a General-class licensed ham) assumed the device was utilizing licensed Amateur Radio privileges in the 900MHz (33cm) band. As detail emerged about the device’s capabilities, however, it became clear that this couldn’t legally be the case. FCC regulations for Amateur Radio (Part 97) forbid the use of codes (read: encryption). The ProxyHam device couldn’t legally run an encrypted WiFi bridge as such a “privacy device” would surely need.
There is much contention in the community about this point, but the rules are quite clear. The use of codes/ciphers meant to obscure the meaning of communication are only permitted for control signals. For example, in the case of ProxyHam, this means that only signals meant to control the base station could be encrypted if operating under Amateur Radio privileges.
With Amateur Radio ruled out, there remain only two potential possibilities for unlicensed operation of the ProxyHam device. The first is the industrial, scientific, and medical equipment (ISM) rules (Part 18). The second is the generic unlicensed intentional radiator rules (Part 15). Right away, we can easily disqualify ISM: section 18.107(c) explicitly excludes telecommunications devices. That leaves us with the very complex rules of FCC Title 47 Part 15 as they pertain to unlicensed, low-power telecommunications emitters.
Unlicensed Part 15 Operation
I’ve seen many conversations on Twitter indicating that people wrongly believe that consumer WiFi devices are ISM equipment since they operate in “ISM bands”. In reality, they’re actually unlicensed Part 15 devices operating as secondary users in shared band space (as described above). Given the evidence presented so far, the ProxyHam device must operate as a Part 15 device. Therefore, it’s required to meet a number of complex rules. I am not familiar with the exact transmission modulation(s) used by the commodity device in question (Ubiquiti M900), but some research shows that it’s similar to 802.11n OFDM. Given that OFDM is a spread-spectrum technology that’s not frequency hopping, it’s not clear which section of Part 15 governs the device. After several hours of reading I believe there are two options:
- Section 15.247: mostly refers to frequency hopping devices but in some instances mentions “digital modulation” and “spread spectrum” by themselves.
- Section 15.249: the catch-all for other intentional radiators in the 900MHz band.
In the first case, the device would be limited to a maximum of 1W (30dBm) output power. However, this is based on the use of a directional (beam) antenna with gain not exceeding 6dBi. When using a directional antenna with gain greater than 6dBi in 900MHz, you must lower the output power of the device by 1dB per dB over the 6dBi limit. In the case of the 16dBi Ubiquiti antenna seen in some ProxyHam photos (included below), this would mean lowering the output power of the M900 to 18dBm (down 10dB from the device’s maximum 28dBm power.
In the second case, the device would be limited to a maximum field strength of 50 millivolts per meter, measured at a distance of 3 meters. Actually measuring field strength requires specialized equipment that tends to be expensive.
Navigating the complexities of FCC regulations when it comes to these devices is neither easy nor straightforward. Just doing this research myself today left me in doubt about which regulations would actually apply to a device like ProxyHam, and I don’t think it’s a great leap to think that Mr. Caudill found himself in the same predicament. That said, I do believe that a device like ProxyHam (hopefully with a better name) is possible to build using off-the-shelf components, provided one is careful to conservatively adhere to the aforementioned regulations (adjusting power levels as needed).
If you’ve read this far, congrats and thanks! Hopefully you’ve learned something like I did while doing this research.