In 1946, the Supreme Court declared that our airspace is a “public highway” when it considered the case of military planes taking off and landing alarmingly close to the Causby family’s chicken farm. Fast forward to today, seventy years later, and it’s clear that the highway is about to become more crowded and closer to home than ever before, thanks to the rapidly increasing commercial and private use of unmanned aircraft systems (UAS) – or “drones.”
It’s easy to imagine the exciting possibilities that these flying robots will bring to the table. For example, it’s likely that seeing drones buzzing around with packages will soon become as common as seeing a UPS truck or a pizza delivery guy. With drones, first responders to a disaster area will be able to arrive at the scene within minutes, and farmers will have easier, more efficient means to tend to their crops. On the other hand, the privacy concerns that come with drones – some of which are very small, armed with cameras, and nearly silent – are obviously real. In fact, some people are so concerned about the prospect of drones hovering ominously close to their property, and possibly filming their every move, that they’ve resorted to shooting them out of the sky.
In order to reconcile the exciting possibilities of drone operations with these privacy concerns, last year President Obama called on interested stakeholders to establish best practices for “privacy, accountability, and transparency issues” regarding UAS. Today, the National Telecommunications and Information Administration (NTIA) announced that a group consisting of members of civil society (including CDT), trade groups, and companies has created a comprehensive consensus document.
This consensus document has been months in the making and, while not perfect, represents a significant step forward for individuals’ privacy as it relates to drone operations. There are areas where it does not go as far as CDT wanted when it comes to safeguarding privacy – in fact, we still believe the best practices are those that we proposed in December 2015. However, the document presents a sensible approach to protecting individuals from drone operators’ potentially widespread, invasive surveillance capabilities while, at the same time, preserving the First Amendment. We support it.
Like CDT’s best practices, these best practices borrow from many of the Fair Information Practice Principles (FIPPs). They restrict persistent and continuous collection of data about individuals, which will help prevent drones from creating a real-life “1984” society, in which surveillance follows us around every corner we turn and through every open window we pass by. In addition, the best practices require drone operators to minimize operations over or within private property without consent of the property owner or the appropriate legal authority. They ban using data, without consent and not pursuant to a contract, for determining eligibility for employment, credit, or health care, unless doing so is expressly permitted by law. They require drone operators to have a detailed data collection policy, to limit data collection to what is outlined in that policy, and to avoid retaining data longer than reasonably necessary. Moreover, the best practices encourage drone operators to give people control over data that concerns them by establishing a process for people to request access to and deletion or de-identification of data.
As a result, the consensus document fills a huge void that currently exists in the law. In large part, this is because the document encourages ethical practices that the law cannot mandate. The FAA Reauthorization bill recently passed in the Senate and many state laws do not include limits on the use, sharing, and retention of data collected by drones because doing so would raise legitimate First Amendment concerns. In addition, nothing in the FAA Reauthorization bill requires minimization of operations over or within private property, nor is there a restriction on persistent and continuous collection of data on individuals.
As a result, the consensus document fills a huge void that currently exists in the law. In large part, this is because the document encourages ethical practices that the law cannot mandate.
Nor do other codes of conduct come close to the protections afforded by this new consensus document. The FAA’s final privacy requirements for UAS test sites and the DOJ’s policy guidance only require a heightened degree of transparency, and are extremely bare-bones compared to the consensus document. The Mid Atlantic drones test site policy ties its protections to whether or not a person has a “reasonable expectation of privacy,” a legal term of art for an expectation that generally ends the moment you walk out your front door or open a window. In contrast, the consensus document ties protections to whether the information collected identifies or can be linked to a particular person. The document’s best practices even go beyond some of the stronger drones best practice recommendations in place throughout the rest of the world – for example, neither the European Parliament drones recommendations nor the Canadian government recommendations include specific limits on data use and retention, and they do not include restrictions on marketing and using data for employment, credit, or healthcare eligibility.
Overall, the best practices reflect a commitment to privacy while being mindful of the First Amendment and of the challenges that this nascent industry will face as it moves forward. We are pleased to join with key stakeholders including Amazon, the Association for Unmanned Vehicle Systems International, the Consumer Technology Association, CTIA – the Wireless Association, the Future of Privacy Forum, New America’s Open Technology Institute, PrecisionHawk, the Small UAV Coalition, and X (formerly Google[x]) in endorsing a document aimed at encouraging drone operators to behave ethically, respectfully, and responsibly from the start.