By Christopher Adams

The Federal Aviation Administration (FAA) recently announced final rules governing the use of unmanned aircraft systems (UAS), implementing changes to the agency’s Remote ID requirement and establishing policies regarding small, unmanned aircraft flying over people and operating at night.

While unmanned aerial vehicle (UAV) commercial operators and hobbyists had been eager for these rules to become final — and the new ID regulation seems to be welcomed by the drone community — the changes have initiated some privacy concerns, experts told Digital Privacy News. 

The most alarming is the public availability of a drone operator’s location, which is under widespread attack by privacy advocates, as it could endanger the physical safety of UAV pilots.

“Now, the bigger implication for operators comes in the neighborhood of privacy — and this is a very serious concern,” said Ryan Latourette, director of regulatory affairs at Great Lakes Drone Co., based in Stevensville, Mich.

“The FAA has decided that GPS coordinate location of the drone operator needs to be publicly available,” he said. “Anyone at all with a cell phone will have the ability to determine exactly where the drone they are seeing in the sky is being flown from.”

This, Latourette said, could create volatile situations between citizens and drone operators. It’s also not yet clear whether FAA rules have produced a compromise palatable to the drone community, he noted.

Other Privacy Issues

In addition, the real-time tracking of parcels or items being delivered by drone service suppliers has raised privacy fears, experts said.

Wing, a delivery drone service based in Mountain View, Calif., noted a deficiency in the new FAA policy: The final Remote ID rule allows for real-time surveillance by the public. 

The Remote ID and overflight rules will take effect March 21, according to the Federal Register. 

“Anyone at all with a cell phone will have the ability to determine exactly where the drone they are seeing in the sky is being flown from.”

Ryan Latourette, Great Lakes Drone Co.

Remote ID covers broadcast details — the location of an aerial device and its user, for instance — about the UAS. That comprises the drone, its operator and the drone’s operating system.

The Remote ID rule applies to drones weighing 55 pounds or more and discloses the identification of UAVs in flight and their control stations — through radio frequency broadcasts versus an internet connection — reportedly to help national security and police agencies maintain public safety.

Lowering Costs

The latest FAA rules also allow for flexibility and lower costs to drone enthusiasts, and part 107 commercial drone pilots, while ensuring that law enforcement and the FAA can identify non-compliant operators, according to the Aircraft Owners and Pilots Association (AOPA).

“AOPA appreciates and supports the FAA’s hard work toward the development of the Remote ID rule that completes another step toward the safe integration of UAS with manned aircraft in the national airspace system,” Christopher Cooper, the association’s senior director of regulatory affairs, told Digital Privacy News. 

According to the FAA, Remote ID “requires remote identification of unmanned aircraft to address safety, security and law-enforcement concerns regarding the further integration of these aircraft into the airspace of the United States.”

It further explains that, while broadcast message elements will be publicly available, they cannot be cross-referenced with nonpublic registry data information.

An FAA spokesperson referred Digital Privacy News to the agency’s final rules when asked for further comment.

How to Comply

There are three ways to comply with the FAA mandate: an internal standard Remote ID that provides identification plus drone and control-station location; a Remote ID affixed to the UAV supplying the same information as well as launch data, and a drone not equipped with Remote ID but flying in FAA-recognized identification areas.

The rule for flying over people and at night is only applicable to the part 107 commercial drone operators and comprises four categories: vehicle weights, the severity of possible injuries caused by the device, airworthiness and maintenance.

Additionally, small and unmanned aircraft cannot have exposed rotating parts that could potentially lacerate human flesh upon contact.

Remote ID compliance by small, unmanned vehicle pilots shouldn’t be challenging, Latourette said.  

“What we do know at the most basic level is that for most operators becoming compliant with Remote ID is likely to be fairly easy,” he told Digital Privacy News.

“AOPA appreciates and supports the FAA’s hard work toward the development of the Remote ID rule.”

Christopher Cooper, AOPA.

“As it truly doesn’t go into effect for operators until greater than 30 months from now, the likelihood is that current operators will have purchased new drones by that point that already have the Remote ID broadcast capability integrated in the product.

“They won’t experience much of a difference,” he said, “other than having one more checkbox to tick on their pre-flight checklist of the Remote ID system doing a self-check prior to takeoff.”

Barrier to Changes

Latourette said the FAA had been considering changing their regulations that governed flight over people and at night, but the agency insisted it would have to implement the Remote ID rule to do this.

“They kept their word in that respect and finalized the new regulations that will allow drone operators to fly at night without needing to have a daylight waiver and to even fly over people,” he said.

“These are huge wins for the part 107 flyers who have been jealous that recreational fliers did not have the same restrictions over the past four years,” Latourette said.

He also expressed worry about the possibility of individuals or entities still being able to identify the location of a UAV pilot. 

“While the FAA had opportunity to limit the detail to just law enforcement, they instead opted to allow the drone-operator location to be public,” he said.

“As we’ve already seen a number of drone operators physically assaulted for legal flights by individuals who have negative perceptions of drones, this laying out of the exact site is sure to lead to an increase in confrontations.”

Drone Hostility

The new FAA rules indicated that 166 commenters were uneasy about the potential misuse of their data by people blatantly hostile to drones and their operators. 

Even oral altercations pose safety issues, detracting the unmanned aircraft pilot from controlling the flight of the UAV Latourette said.

This could ultimately, he suggested, lead to a fatal incident between two parties. 

“And I’ll offer that my worst fear is that we will see this lead to a fatality, either from a concealed-carrying drone operator standing their ground or from a hostile anti-drone vigilante armed with both a weapon and knowledge of the flyer’s location,” he said.

The FAA rules also noted that a Consumer Technology Association survey — included in the final rule’s public comments section on privacy concerns — revealed 90% of drone owners were uncomfortable with publicly providing pilot location, identification information and historical flight data.

In addition, approximately 40% were less inclined to buy a UAS if the disclosure of this information was mandated.

“Unfortunately for the public in general, the FAA still has done very little to address the privacy implications of drones in the national airspace.”

Jeramie Scott, EPIC.

Jeramie Scott, senior counsel for the Washington-based Electronic Privacy Information Center (EPIC), said the Remote ID rule “inadvertently” ameliorated the privacy of drone operators by eliminating the requirement that small, unmanned aircraft send ID information to third parties or Remote ID UAS service suppliers — but cautioned that these companies still might try to collect ID information.

“But we should push back against such mass public surveillance,” Scott told Digital Privacy News.

“Unfortunately for the public in general, the FAA still has done very little to address the privacy implications of drones in the national airspace — beyond the drone ID requirement itself,” Scott said.

A December blog post on Wing.com said, “While an observer tracking a drone can infer sensitive information about specific users — including where they visit, spend time and live and where customers receive packages from and when.

“American communities would not accept this type of surveillance of their deliveries or taxi trips on the road,” the post continued. “They should not accept it in the sky.”

Wing said it advocated for a network Remote ID in relationship to service or delivery cases but not in general.

“We are saying that for use-cases such as delivery, broadcast has serious privacy consequences,” a Wing spokesman told Digital Privacy News. “Broadcast may be appropriate for some use-cases, but it is a flawed technology for deliveries.

“Wing is arguing for a more flexible (Remote ID) requirement,” he said, “that recognizes the wide variety of UAV operators and use-cases.”

Christopher Adams is a Texas writer.

Sources:

• Federal Aviation Administration (FAA): Press Release – US Department of Transportation Issues Two Much-Anticipated Drone Rules to Advance Safety and Innovation in the United States
• Reuters: U.S. to allow small drones to fly over people and at night
• DroneDJ: Here’s the full FAA Remote ID Rule
• ZDNet : Privacy nightmare? FAA’s drone tracking rules have big consequences
• Wing: Broadcast-Only Remote Identification of Drones May Have Unintended Consequences for American Consumers – Wing