Privacy nightmare? FAA's drone tracking rules have big consequences
Flying Sky Red Landscape Drone Sunset Dji
In the last week of December, while many of us were sleeping off a bizarre holiday season after a long, wearying year, the FAA announced final rules for Unmanned Aircraft (UA), more commonly known as drones. The new rules, which have long been anticipated and were closely watched in the sector, will require Remote Identification (Remote ID) of drones and allow operators of small drones to fly over people and at night under certain conditions.
On the one had, the relaxation of the strict embargo on small drones flying over people is a boon to a commercial small drone sector that's been chomping at the bit to catch up to international markets in areas like drone delivery. And clear guidance from the FAA, which has been cautious about issuing new rulemaking when it comes to drones, is going to help what has become the fastest-growing segment in the transportation sector (there are currently over 1.7 million drones registered with the FAA).
But there's been a vocal cry of disappointment by some in the drone sector, including Alphabet's Wing team, which sees a major privacy flaw in the FAA's new framework.
"At a basic level, the new rule would enable the real-time tracking of consumer's drone delivery orders by the general public," a public affairs spokesperson for Wing, told me by email. "American communities would not accept real-time surveillance of their deliveries or taxi trips on the road. They should not accept it in the sky."
To be clear, both the FAA and its critics support remote ID in drones as a necessary development. What Wing and others are taking exception to is the singluar way that flight information is broadcast in the current framework, and to whom. Wing addressed the distinction in a recent blog post:
Unfortunately, the final rule, unlike existing international standards, does not allow the use of equally effective network remote ID, and requires all UAS, no matter the use case, to use "broadcast" RID. This approach creates barriers to compliance and will have unintended negative privacy impacts for businesses and consumers. Unlike traditional aircraft flying between known airports, commercial drones fly closer to communities and between businesses and homes. While an observer tracking an airplane can't infer much about the individuals or cargo onboard, an observer tracking a drone can infer sensitive information about specific users, including where they visit, spend time, and live and where customers receive packages from and when. American communities would not accept this type of surveillance of their deliveries or taxi trips on the road. They should not accept it in the sky.
The FAA's stance is that the remote ID rules, which become effective 60 days after publication, is a necessary step toward integrating drones into the national airspace system. Like AIS in the maritime sector, Remote ID typically provides identification of drones in flight as well as the location of their control stations and even flight path and flight history, providing that crucial information to national security agencies and law enforcement. Part 107 of the federal aviation regulations currently prohibits drone operations over people and at night unless the operator obtains a waiver from the FAA, but the new FAA regulations jointly provide increased flexibility, which will be a boon to the nascent drone delivery sector.
"The new rules make way for the further integration of drones into our airspace by addressing safety and security concerns," said FAA Administrator Steve Dickson. "They get us closer to the day when we will more routinely see drone operations such as the delivery of packages."
Wing's stance is that there's ample room to use network-based RID for some use cases, especially delivery, which is a system that could discriminate what kind of information is available to whom. Leveraging the internet, for example, one possibility is an RID system for delivery drones where the general public could access basic information about a drone that flies by but would be locked out of more sensitive information, such as flight plans and history. That information would remain available to law enforcement via credentialed access.
"We hope the FAA and broader Administration will consider the many ways that drones will be used in the future and recognize and respect the privacy rights of Americans who rely on this technology," Wing writes.
The FAA's rules have been a long time in coming and they've worked closely with commercial partners through various trials of RID. How much the rules may evolve in the near term remains to be seen, but if privacy breaches do begin to surface as the delivery drone sector takes off there's going to be a lot of public pressure on the FAA to change course. Wing's stance may just be the warning bell.