Government Surveillance, Privacy & Data
Domestic Drones are Coming; Will Privacy be Factored In?
Drones will be deployed in domestic airspace within the next two years, but the regulations that will govern the use of drones within the United States continue to be drafted and implemented. There are obvious benefits to the introduction of drones in domestic airspace, especially in encouraging stronger government accountability and the creation of new business models, but the federal government has recognized that the rollout must be handled carefully in order to ensure public safety and protect individual rights. Drones will initially be tested in a few “test sites” across the U.S. Those sites must be operated by a governmental entity, and will provide the Federal Aviation Administration with information about how drones could conceivably be used within U.S. airspace.
The Federal Aviation Administration recently released its final privacy requirements for the test sites where drones (or “unmanned aircraft systems,” in the FAA’s parlance) will be tested. Senator Ed Markey of Massachusetts has also recently introduced a bill that would create privacy and transparency requirements for those test sites, building on a bill he introduced earlier in 2013 when he was a member of the House. The interest in Washington in regulating the use of drones in domestic airspace points to the importance of protecting privacy and free speech as drones become commercially available. Because the FAA declined to standardize privacy requirements across test sites, Senator Markey’s bill is notable for requiring all test sites to follow uniform privacy protective standards. Markey’s approach provides a much stronger baseline for a uniform, nationwide approach to privacy practices in the coming domestic drone age.
Let’s take a closer look at the FAA’s proposal compared to the Senator Markey’s.
FAA Final Privacy Requirements
The FAA’s final privacy requirements largely mirror the proposed privacy requirements that it released in its request for comments earlier this year, which required privacy policies for test sites but didn’t detail specific requirements. The final requirements are strong in the following ways:
- The FAA has recognized that it has the institutional capacity to protect privacy, resisting claims that it doesn’t have the expertise to do so.
- It will require drone operators to detail in writing the use and retention of data collected through drones.
- It will require operators to annually audit test site operations for compliance with written operator policies and provide information to the public on the compliance outcomes.
These measures will absolutely help increase transparency and accountability to ensure that drone operators and test site operators protect individuals’ privacy interests, and to limit the potential chilling effect on public activity and freedom of association that the specter of drone-based surveillance raises.
However, we’re disappointed that the FAA declined to go further in protecting privacy, or in adopting the proposals we submitted in our comments. Some of the drawbacks include:
- The FAA will not require test site operators to incorporate specific requirements into their privacy policies, instead allowing each individual test site to develop its own policies in response to the relevant local stakeholders.
- The FAA declined to institute transparency requirements upon test site operators, reasoning that as all test site operators will be public entities, sufficient requirements already apply to those operators.
- The FAA declined to audit test site operators for similar reasons, or to adopt our proposal for a “license plate” for drones.
Taken together, the final privacy requirements may create an inconsistent patchwork of protection across test sites depending on the specific desires of each location. Given that the FAA has jurisdiction over the entire national airspace, it would have been more appropriate for the agency to mandate consistent test site privacy standards, rather than allow for conflicts to develop as part of the program.
In general, the FAA’s laissez-faire approach to direct supervision or instituting baseline national standards regarding test site privacy is discouraging. While some local and state regulatory standards may adequately protect individual civil liberties as drones are being tested, it is not clear that all jurisdictions will have in place sufficient protections, or that state and local political processes will be responsive enough to institute such protections in a timely way.
Senator Markey’s Bill
By contrast, Senator Markey, who had previously introduced legislation relating to domestic drone use, introduced a bill that would update the guidelines that Congress imposed on the FAA in 2012 relating to drone testing and deployment and address privacy in a uniform way. The new bill, entitled the Drone Privacy and Transparency Act, would institute multiple privacy protections relating to drone operations, several of which we supported in our comments to the FAA:
- The Markey bill would require drone operators to submit data collection and data minimization statements. Such statements would contain multiple pieces of information designed to increase transparency surrounding drone operations:
- The data collection statement would include operator name, flight plan and duration, data collection practices, descriptions of data use, and information on the sharing and retention of data.
- The data minimization statement would describe how an operator planned to take steps in order to minimize data unrelated to a crime or a criminal investigation.
- The FAA would be required to create an online, searchable database that included both data collection and data minimization statements.
- Governmental agencies could only use drones for law enforcement purposes pursuant to a warrant, except in exigent circumstances (such as the threat of imminent bodily injury or harm, or specific national security threats). Should such circumstances arise, the government would need to provide documentation of the threat and take steps to minimize the data collected (and destroy irrelevant data).
- The FTC, state attorneys general, and private citizens could file enforcement proceedings under the Markey bill.
The legislation institutes several of the requirements we urged the FAA to adopt in our comments to the agency, and we’re pleased to see that our policy recommendations align with Senator Markey’s. Most importantly, the bill establishes strong baseline standards for privacy protections across the nation, rather than the piecemeal approach the FAA has endorsed through its final privacy rule. Given the pervasive tracking and surveillance potential of drone technology, ensuring that Americans have consistent, strong privacy protections across the country is essential to safeguarding civil liberties in a coherent way. The Markey bill, unlike the FAA’s approach, would give appropriate weight to individual privacy interests as drone deployment begins, and we hope that other legislators will seek to enact similar provisions.