What Is the FCC and Why Does It Matter for Security Tools?
Table of Contents
What Is the FCC?
The Federal Communications Commission (FCC) is a United States government agency created in 1934. Its primary job is regulating interstate and international communications by radio, television, wire, satellite, and cable. For anyone working with wireless devices - security tools included - the FCC is the gatekeeper that determines what radio equipment can legally be sold and operated in the United States.
The FCC manages the radio frequency spectrum. Every wireless device that transmits radio signals in the US must comply with FCC rules. This includes WiFi routers, Bluetooth headphones, cell phones, baby monitors, garage door openers, and yes, wireless security research tools like the BLEShark Nano.
The FCC does not write criminal law. It writes technical rules about radio emissions. The distinction matters: the FCC certifies that a device meets radio emission standards. Whether you use that device legally or illegally is a separate question governed by other laws like the Computer Fraud and Abuse Act (CFAA).
graph TD
subgraph "FCC Regulatory Structure"
A[FCC] --> B[Spectrum Management]
A --> C[Equipment Authorization]
A --> D[Enforcement Bureau]
B --> E[Licensed Bands - Cellular, TV, etc]
B --> F[Unlicensed Bands - ISM, UNII]
C --> G[Lab Testing]
C --> H[FCC ID Database]
D --> I[Violations and Fines]
D --> J[Interference Complaints]
end
FCC organizational structure - spectrum management, equipment authorization, and enforcement
Part 15 and Unlicensed Devices
Title 47 of the Code of Federal Regulations (CFR) contains the FCC's rules. Part 15 specifically covers unlicensed radio frequency devices. This is the section that governs WiFi, Bluetooth, Zigbee, and most consumer wireless technology.
The term "unlicensed" is slightly misleading. It means you do not need an individual operator license to use the device (unlike amateur radio, which requires a personal license). However, the device itself must still be authorized by the FCC before it can be legally sold in the US.
Part 15 has several subparts. Subpart A covers general provisions. Subpart B addresses unintentional radiators - devices that emit radio signals as a byproduct of their operation, like computers and monitors. Subpart C covers intentional radiators - devices designed to transmit radio signals, like WiFi adapters and Bluetooth modules.
The BLEShark Nano falls under Subpart C as an intentional radiator. It contains both a WiFi transceiver and a Bluetooth Low Energy (BLE) transceiver, both operating in the 2.4 GHz ISM band.
Key Part 15 Requirements
Part 15 has two fundamental rules that apply to every unlicensed device:
Rule 1: Must accept interference. A Part 15 device must accept any interference received, including interference that may cause undesired operation. You cannot complain to the FCC that someone else's legal device is interfering with your Part 15 device.
Rule 2: Must not cause harmful interference. A Part 15 device must not cause harmful interference to licensed radio services or other authorized users. If your device does cause harmful interference, you must stop operating it when notified.
These two rules create an asymmetric relationship. Licensed services (like cellular networks and TV broadcasters) have interference protection. Unlicensed Part 15 devices do not. Your WiFi router has no legal right to a clean signal - it must coexist with every other device in the same band.
graph TD
subgraph "Part 15 Interference Rules"
A[Part 15 Device] -->|Must Accept| B[Interference from Licensed Services]
A -->|Must Accept| C[Interference from Other Part 15 Devices]
A -->|Must NOT Cause| D[Harmful Interference to Licensed Services]
A -->|Must NOT Cause| E[Harmful Interference to Other Users]
D -->|Violation| F[FCC Enforcement Action]
E -->|Violation| F
F --> G[Warning Letter]
F --> H[Equipment Seizure]
F --> I[Fines up to $100,000+]
end
Part 15 interference rules - what devices must accept and must not cause
Transmit Power Limits
Part 15 sets strict limits on how much power a device can transmit. For the 2.4 GHz ISM band (where WiFi and BLE operate), the limits are:
Conducted power: 1 Watt (30 dBm) maximum at the antenna connector.
EIRP (Effective Isotropic Radiated Power): 4 Watts (36 dBm) maximum, which accounts for antenna gain. A device with 1W conducted power and a 6 dBi antenna reaches the 4W EIRP limit.
For context, the BLEShark Nano's ESP32-C3 chip has a maximum transmit power of about 21 dBm (approximately 125 milliwatts) - well below the 1W conducted power limit. Most portable wireless devices operate far below the legal maximum.
The 5 GHz UNII bands have different limits depending on the sub-band, ranging from 50 mW to 1W. Some sub-bands also require Dynamic Frequency Selection (DFS) to avoid interfering with weather radar systems.
What FCC Certification Actually Means
When a device is "FCC certified," it means the device has been tested by an accredited testing laboratory and found to comply with the applicable Part 15 rules. The testing covers:
Conducted emissions: How much RF energy the device puts out through its antenna connector.
Radiated emissions: How much RF energy the device radiates, including unintentional emissions from circuit traces and cables.
Spurious emissions: Whether the device emits energy outside its intended frequency band.
Frequency stability: Whether the device stays within its assigned frequency range under varying conditions.
After testing, the device receives an FCC ID - a unique identifier listed in the FCC's public database. Anyone can search the FCC ID database to verify that a device has been certified and view its test reports.
graph LR
subgraph "FCC Certification Process"
A[Manufacturer Submits Device] --> B[Accredited Lab Tests Device]
B --> C{Passes All Tests?}
C -->|Yes| D[FCC ID Assigned]
C -->|No| E[Device Returned for Modification]
E --> A
D --> F[Listed in FCC Database]
F --> G[Legal to Sell in US]
G --> H[FCC ID Label on Device]
end
The FCC certification workflow - from submission to approval
The BLEShark Nano and FCC Certification
The BLEShark Nano is FCC certified. This certification confirms that the device's radio emissions - both WiFi and BLE transmissions from its ESP32-C3 chip - comply with Part 15 rules. The device operates within legal power limits and does not produce excessive spurious emissions.
FCC certification covers the hardware radio characteristics. It confirms that the device, as manufactured, meets emission standards. The certification applies to the physical device and its radio parameters - transmit power, frequency range, modulation type, and emission levels.
What FCC certification does NOT cover is software behavior. The FCC tests radio emissions, not what the software does with those emissions. A certified WiFi transceiver can be used to send normal WiFi frames or deauthentication frames - the FCC certification applies to the radio characteristics of both transmissions equally.
What the FCC Does NOT Regulate
The FCC regulates radio emissions. It does not regulate:
How you use a certified device. The legality of specific actions (like deauthenticating someone else's WiFi) falls under other laws, not FCC Part 15. Part 15 compliance means the device meets emission standards. It does not mean every possible use of the device is legal.
Ownership of radio equipment. Buying, owning, and possessing FCC-certified equipment is legal. The FCC does not restrict who can purchase Part 15 devices. There is no license required to own a WiFi-capable device.
Receiving radio signals. The FCC generally does not regulate the reception of radio signals. Listening to radio transmissions (with some exceptions for encrypted cellular communications) is not an FCC violation. Passive WiFi scanning and BLE scanning are receive-only operations from the FCC's perspective.
Computer network security. Unauthorized access to computer networks is governed by laws like the CFAA, not by FCC regulations. The FCC cares about radio emissions, not about what data you access through those emissions.
This distinction is important for security researchers. The legality of owning a tool like the BLEShark Nano is a separate question from the legality of using specific features on networks you do not own or have permission to test.
Conclusion
The FCC exists to manage the radio spectrum and ensure devices do not cause harmful interference. Part 15 sets the rules for unlicensed devices like WiFi routers, Bluetooth accessories, and security research tools. FCC certification means a device has been tested and approved for sale in the US based on its radio emission characteristics.
The BLEShark Nano carries FCC certification, confirming its radio hardware meets Part 15 requirements. Understanding the FCC's role - and its limits - helps security researchers distinguish between regulatory compliance (a hardware question) and legal use (a separate legal question entirely).
Get the BLEShark Nano - $36.99+