The FCC entered into a Consent Decree with a wireless device manufacturer after investigating whether the company violated various rules pertaining to the authorization and marketing of devices that emit radio frequency (“RF”) radiation.
In particular, the FCC looked into the manufacturer’s U-NII (Unlicensed National Information Infrastructure) devices. These devices are commonly used for Wi-Fi and other broadband access technology. However, U-NII devices that operate in the 5 GHz radio band risk interfering with certain weather radar systems. As a result, the FCC regulates how manufacturers make these devices available to the public.
Section 15.407(i) of the FCC’s Rules requires all U-NII devices to “contain security features to protect against” third-party modifications to the devices. The FCC promulgated this rule in 2014 after a series of investigations found that modified U-NII devices had been negatively affecting the Federal Aviation Administration’s Terminal Doppler Weather Radar (“TDWR”) system. Air traffic controllers use TDWR to monitor potential weather-related risks for aircraft.
Section 2.803 of the Rules prohibits parties from marketing devices that do not comply with the FCC’s authorization, technical, and labelling requirements.
Earlier this year, the FCC’s Enforcement Bureau sent a Letter of Inquiry to the device manufacturer in response to questions raised by the FCC’s Office of Engineering and Technology. During the investigation, the FCC found that private users were able to disable the device’s dynamic frequency selection (“DFS”) mechanism. DFS detects radar signals like TDWR and prevents the U-NII device from interfering with them.
The manufacturer cooperated with the FCC’s investigation and took remedial action, removing the ability to disable the DFS mechanism from its new devices, and deploying software updates to disable the feature in its already-deployed products. The company subsequently negotiated a settlement with the FCC, resulting in the Consent Decree to resolve the investigation.
In addition to a formal admission of liability, the Consent Decree requires the company to make a $95,000 payment and to implement a company-wide compliance plan. The compliance plan mandates the appointment of a compliance officer, implementation of new operating procedures, creation of a compliance manual, employee training, and annual compliance reports to the FCC for the next three years. In addition, the company must report any violation of the FCC’s rules or the Consent Decree within 15 days of discovery of the violation.