US bans new foreign-made consumer internet routers
There are almost no major brands of internet routers that are manufactured in the US.
www.bbc.com
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
US bans foreign routers - reason enough for a new Airport?
- Thread starter Reverend Benny
- Start date
- Sort by reaction score
www.bbc.com
Basic75
macrumors 68030
That definition also includes Ethernet switches. Heck, it barely avoids including Ethernet cables!
From what I understand, while there are security concerns with consumer routers, this is not especially an issue with TP-Link, which seems to often get mentioned in this context. A YouTube influencer posted this 3-months ago; I think it's the one that looked like an excellent summarization.
This will be very disruptive.
1.) Anybody wanting/needing a new router right now is in trouble. It could be some time before companies get exemptions.
2.) One or two companies getting those will have an enormous competitive advantage in the short-term, and this will be magnified if the buying public thinks access to those brands will be more reliable going forward.
3.) Just how secure is it practical to make consumer grade routers that need to be cheaper and simple and intuitive for the average Joe?
4.) Is having these things made in the U.S. likely to make them more foreign hacking resistant?
To address the original thread question - "...reason enough for a new Airport?" No, not unless this drags on quite awhile, consumer routers are subject to such demands that they're driven into the premium product range, and there's chronic constriction in the number of brands. Apple likes to make high-margin luxury goods, not low margin mass market commodities, in a sense. At least that's my take on it. By the time they went through product development to get a new Apple Airport out, I think this will be largely resolved.
This will be very disruptive.
1.) Anybody wanting/needing a new router right now is in trouble. It could be some time before companies get exemptions.
2.) One or two companies getting those will have an enormous competitive advantage in the short-term, and this will be magnified if the buying public thinks access to those brands will be more reliable going forward.
3.) Just how secure is it practical to make consumer grade routers that need to be cheaper and simple and intuitive for the average Joe?
4.) Is having these things made in the U.S. likely to make them more foreign hacking resistant?
To address the original thread question - "...reason enough for a new Airport?" No, not unless this drags on quite awhile, consumer routers are subject to such demands that they're driven into the premium product range, and there's chronic constriction in the number of brands. Apple likes to make high-margin luxury goods, not low margin mass market commodities, in a sense. At least that's my take on it. By the time they went through product development to get a new Apple Airport out, I think this will be largely resolved.
BotchQue
macrumors 65816
I just moved from OTA to fiber-optic internet, and had to replace my (ten-year?) old router just last month. I ended up with a TP-Link model, but this article:
https://www.pcmag.com/news/fcc-just...w&zdee=[Contact.email_zdee]&lctg=[Contact.Id] stated they're made in Vietnam (but of course no idea if they source chips from a Chinese subcontractor).
I've noted no increase in my surfing speed, going from 26 Mbps to 166 Mbps, but I have noticed my printer has never fallen off-line since, which is great (and my monthly 'net cost has dropped from $110 to $35, love it!)
https://www.pcmag.com/news/fcc-just...w&zdee=[Contact.email_zdee]&lctg=[Contact.Id] stated they're made in Vietnam (but of course no idea if they source chips from a Chinese subcontractor).
I've noted no increase in my surfing speed, going from 26 Mbps to 166 Mbps, but I have noticed my printer has never fallen off-line since, which is great (and my monthly 'net cost has dropped from $110 to $35, love it!)
What a whole ball of mess.
Is it really security or unrealistic bring back manufacturing?
How the Tick-Tock case went down tells me, as usual, more politics than technology.
Is it really security or unrealistic bring back manufacturing?
How the Tick-Tock case went down tells me, as usual, more politics than technology.
chrfr
macrumors G5
Fortunately, currently approved routers can continue to be sold, but this will be a big obstacle in the future to release any new equipment.
PC Magazine has an article: The FCC Just Banned the Sale of New Wi-Fi Router Models Made Outside US
Backing up what chrfr said, per that article: "“Nor does it prevent retailers from continuing to sell, import, or market router models approved previously through the FCC’s equipment authorization process,” the commission adds."
Wonder if this will create pressure to discount current router offerings to counter act consumer fear that brand might be restricted going forward?
It's also interesting that routers that can be sold now presumably have whatever vulnerabilities (if this is a legit issue) that the government is concerned about.
A big question for you more technical folks; are future 'made in America' routers likely to be all that much more secure against foreign hackers? Any opinion on whether this is likely to have a meaningful impact on online security in the U.S. (putting aside any political concerns, is this technically a good idea)?
Backing up what chrfr said, per that article: "“Nor does it prevent retailers from continuing to sell, import, or market router models approved previously through the FCC’s equipment authorization process,” the commission adds."
Wonder if this will create pressure to discount current router offerings to counter act consumer fear that brand might be restricted going forward?
It's also interesting that routers that can be sold now presumably have whatever vulnerabilities (if this is a legit issue) that the government is concerned about.
A big question for you more technical folks; are future 'made in America' routers likely to be all that much more secure against foreign hackers? Any opinion on whether this is likely to have a meaningful impact on online security in the U.S. (putting aside any political concerns, is this technically a good idea)?
More articles from PC Magazine that may be of interest:
The FCC's Wi-Fi Router Ban Explained: We Answer Your Biggest Questions
The FCC's Foreign-Made Router Ban: Is Your TP-Link or Asus Hardware Still Safe?
It makes sense the U.S. government might prefer to be very cautious about 'foreign made' routers on the grounds there might be some hacker exploit vulnerabilities, but driving new ones out of the U.S. consumer sector (though the huge number of current and older models in use and yet to be sold will remain in use for many years) raises the question of the practical benefits.
1.) U.S. Internet sites will still get interfaced by routers alleged to be vulnerable. So, if I have a TP-Link, but don't upgrade to a newer model, seems to not be helpful. What's more, Internet users from foreign nations will still be using that equipment.
2.) So, let's say for sake of argument U.S. users replace their foreign-made routers with some hypothetical 'made in America' alternative that doesn't exist yet. Many users from the U.K., the E.U. and elsewhere will still access U.S. Internet sites from abroad with those foreign-made routers.
3.) So, in terms of U.S. security, how much difference does it make if I, in the U.S., use a TP-Link router vs. a user in the U.K. using that same TP-Link router to access the same web sites I do?
I don't know the infrastructure involved when a foreign user accesses U.S. sites from abroad vs. when a domestic user does so, so I'm asking if there's some added layer of security involved.
Note: I don't mean to pick on TP-Link or imply their routers are less safe; from what I've read, that's not known to be the case. I like their gear fine.
The FCC's Wi-Fi Router Ban Explained: We Answer Your Biggest Questions
The FCC's Foreign-Made Router Ban: Is Your TP-Link or Asus Hardware Still Safe?
It makes sense the U.S. government might prefer to be very cautious about 'foreign made' routers on the grounds there might be some hacker exploit vulnerabilities, but driving new ones out of the U.S. consumer sector (though the huge number of current and older models in use and yet to be sold will remain in use for many years) raises the question of the practical benefits.
1.) U.S. Internet sites will still get interfaced by routers alleged to be vulnerable. So, if I have a TP-Link, but don't upgrade to a newer model, seems to not be helpful. What's more, Internet users from foreign nations will still be using that equipment.
2.) So, let's say for sake of argument U.S. users replace their foreign-made routers with some hypothetical 'made in America' alternative that doesn't exist yet. Many users from the U.K., the E.U. and elsewhere will still access U.S. Internet sites from abroad with those foreign-made routers.
3.) So, in terms of U.S. security, how much difference does it make if I, in the U.S., use a TP-Link router vs. a user in the U.K. using that same TP-Link router to access the same web sites I do?
I don't know the infrastructure involved when a foreign user accesses U.S. sites from abroad vs. when a domestic user does so, so I'm asking if there's some added layer of security involved.
Note: I don't mean to pick on TP-Link or imply their routers are less safe; from what I've read, that's not known to be the case. I like their gear fine.
chrfr
macrumors G5
It seems like more of a political move than one based in actual data security. It doesn't change my opinion on consumer networking and I think will serve to be anticompetitive more than anything else. It's not as if there's any useful level of US-based production for these devices currently, and probably not for several years, if ever.
What about routers targeting the business/professional rather than consumer demographics; are they also largely foreign-made? I suspect so, but I don't know so. I quick search suggests Ubiquiti's gear is foreign-made.
chrfr
macrumors G5
There are not many network equipment manufacturers that manufacture in the US, but there are some. Major companies like Cisco and Juniper (HP) aren't making their equipment in the US. Ubiquiti does not manufacture in the US, either.
How much more secure is it? Would just switching to that firmware address all the alleged security concerns?
Any thoughts on how much more secure the 'non-consumer grade' routers are? And just how much hassle it would be for a consumer to use such?
IvyKing
macrumors 6502
I would think most of the improvement in security would come from business grade routers being managed by better educated administrators, along with code being updated more frequently. I would guess that a large fraction of consumer routers never get updated, or are too old to receive updates.
"openwrt" is open source, so there should be less of a chance that a backdoor can be inserted without someone finding out. Whether "should be" plays out in real life is a good question.
"pwn'ed" routers are a problem with communication networks, hence the FCC having authority to make the rule.
Thanks. From that, some talking points:
1.) Putting professional grade gear in the hands of consumers may then not offer much improvement; it'll have to be 'dumbed down' with a nice, intuitive GUE interface and 'set it and forget it' settings and pre-sets.
2.) Openwrt, being open source, is subject to foreign influence. Perhaps that's not a technical issue, but it might be a political one if the powers that be get the idea the operating software on our routers is being coded in part by foreign entities.
3.) It's my understanding a router company could deploy their routers with openwrt on them, even a customized version, so depending on how well they hid it, in theory a 'back door' vulnerability could still be introduced (since only a tiny minority of users would ever replace what came on their router with something else).
Keeping an open mind, I'm still trying to figure out how this is going to greatly enhance online security. If government agencies, and perhaps by extension big companies operating servers and maintaining databases with sensitive personal information restricted their use to carefully vetted brands and models to minimize risk of vulnerabilities, that would make sense.
But the average private citizen home user?
I understand this thread is presenting in 'Networking,' not 'Politics,' so I'm not asking for debate on the political merits, just whether any of you think from a technical perspective it appears like this is going to meaningfully enhance U.S. security, and address vulnerability concerns?
M4th
Contributor
Short term, no... long term, doubtful (imho). In the meantime, follow the $ (as always).
IvyKing
macrumors 6502
I tend to agree with M4th that short term, i.e.the next few months, there won't be a meaningful enhancement of US security. Medium to long term there is a potential for an improvement - most useful change is to require software updates be available for up to 10 years after manufacture and that the manufacture be actively lookingg for and patching against security holes.
Users have complained for years that router manufacturers stop producing software patches, including security patches, within a year or two of product introduction. This may be an opportune time for Apple to bring back AirPort Express.. Apple places a high priority on security patches, even for years-old products. Also, Apple now makes its own WiFi and 5G cellular chips, so they have top-to-bottom control of the whole stack. And they have started manufacturing Mac Mini in the US, so a new AirPort Express could be American-made.
Fishrrman
macrumors Nehalem
What's this new ban going to do to the USA router/switch market in the near term?
Will existing stock be permitted to be sold off?
How long is the certification process for foreign-assembled routers going to take?
When does it start?
How long will it take to bring American designed/assembled products to market (I'd think at least a year or more)?
Again, what happens to the consumer market in the short term?
Will existing stock be permitted to be sold off?
How long is the certification process for foreign-assembled routers going to take?
When does it start?
How long will it take to bring American designed/assembled products to market (I'd think at least a year or more)?
Again, what happens to the consumer market in the short term?
If I understood correctly from the articles I've seen, brands and models already on the market, that already have FCC approval/certification/whatever, can continue to be sold. So, for example, the TP-Link AXE 75 6E router (which PC Magazine recommended and was evidently popular), that can continue to be manufactured, imported and sold new.
But if TP-Link designs a new model not currently on the market, that needs approval to be sold here, the FCC will withhold that certification until satisfied TP-Link meets the new requirements. It's like they're outlawed progress unless it jumps through the new hoops.
Which makes me think of the situation with DJI and the drone market. Seems like we're just stuck with progressively outdated drone options while the latest is marketed elsewhere. Has expecting a competitor to magically step in and offer 'as good or better' at the same price point worked in the drone market yet?
chrfr
macrumors G5
Your first 4 questions are answered in the links from posts 1 and 9 in the thread.
This is worth a focused look at. The options:
1.) No impact. Posturing by politicians or even an effort to 'make things better' that kind of fizzles out practically.
2.) Delay in release of new models, depending on how 'hardball' the government/FCC chooses to be in their demands on which certification is contingent.
3.) Possible competitive advantage or disadvantage to a given company if the FCC 'plays favorites,' or somebody is better positioned to pander to them. That company could get newer models out faster, and when the public figured out what's going on, consumer confidence in that brand would grow and in competitors would fall.
4.) FUD Factor - our old friend, fear/uncertainty/doubt. Even though this ban in theory effects virtually all consumer routers (aside from StarLink), including Netgear, and there is an American arm of TP-Link, there's a danger of loss of consumer confidence based on a mix of poorly informed impressions and some legitimate concerns, and it looks like this:
-----A.) Netgear and I suppose Eero (an Amazon subsidiary) are American companies (and their routers are made overseas, but whatever...).
-----B.) TP-Link is 'that Chinese company' (not exactly true, it's complicated, but how many people care to dig?).
-----C.) This government crackdown and the history with DJI and TikTok suggests the government might ban TP-Link, for example, but wouldn't ban an American company.
-----D.) So, for reliable warranty honoring, firmware updates and other support, Netgear and Eero sound like the more secure, 'safer' bets longterm.
Problem: one of the criticisms against TP-Link was 'price gouging,' releasing lots of cheap product, which tells me TP-Link routers are a strong value proposition and combined with strong reviews and and reputation I'm a fan. But I can see where the U.S. federal government saying 'Boo!' could drive more people toward Netgear and Eero, or at least away from any brand they think of as 'Chinese' (whether it is or not, and despite the fact 'Made in China' is stamped on a LOT of stuff they own).
So the big question in my mind in answer to your question is to what extent will this government intimidation have on consumer interest in TP-Link routers? ASUS is Taiwanese, but they have a broad product portfolio.
So what about you guys participating in this thread? Is this enough to make you shy away from TP-Link or any other brand should you need a new router in the near term future? If not, any thoughts on what would change your mind?
IvyKing
macrumors 6502
One would expect that ASUS would have a strong incentive to not include PRC backdoors.
I've had pretty good experience with ASUS routers. Doing a software update on their routers is pretty simple, their web interface is fairly easy to use, though the organization could be better.
With respect to the FCC: Almost all consumer "routers" are combined router and WiFi access point. The latter aspect is where the FCC has the unquestioned authority to regulate what "routers" can be sold in the US. In past years, the FCC had regulations stating that TV sets needed to be able to receive UHF as well as VHF TV, required car radios to have FM as well as AM reception.
chrfr
macrumors G5
The FCC regulates all equipment that might cause radio interference, and that includes equipment that doesn’t actually have radios:
“FCC Part 15 — Radio Frequency Devices and EMC
FCC Part 15 covers electronic products that intentionally or unintentionally radiate RF energy, including Wi-Fi routers, Ethernet switches, PoE devices, and computers.Part 15 defines emission limits, testing procedures, and labeling rules to minimize electromagnetic interference (EMI).
Even devices without wireless functions—such as Ethernet ports or digital controllers—can fall under Part 15 because they may produce unintentional emissions.”
Source: https://resources.l-p.com/knowledge-center/what-is-the-fcc-federal-communications-commission
Last edited by a moderator: