The FAA’s 316-page Notice of Public Rulemaking on the Remote Identification of Unmanned Aircraft Systems only mentions the word “privacy” thirty-three times, including footnotes. However, the Notice profoundly impacts the privacy of various stakeholders.
It’s no surprise that the Federal Aviation Authority’s (FAA) Notice of Public Rulemaking (NRPM) on the Remote Identification (RID) of Unmanned Aircraft Systems (UAS) is light on privacy discussion. The FAA has repeatedly stated that privacy concerns were beyond the scope of its mission. However, the law requires a privacy impact analysis (PIA), and the FAA conducted a preliminary one as part of the proposed rule. The 16-page draft PIA states, “Similar to operating a motor vehicle on public roads or a manned aircraft in the airspace of the United States, operators are required to share limited PII to ensure safety and security of the airspace of the United States.” It ends by stating, “The FAA will address privacy concerns regarding the collection and retention of this data as it develops … technical requirements.” That’s what has people very concerned.
RID from 30,000 Feet
The NRPM ties RID requirements to the registration of UAS and requires compliance with design and production requirements. The Notice describes multiple purposes for RID, including ensuring public safety and the safety and efficiency of U.S. airspace by enabling the FAA and federal security partners to have near real-time situational awareness of UAS flying in the U.S.
The idea is to reduce potential security and safety risks. To achieve this, the NRPM requires RID compliance, with few exceptions, for all UAS over 0.55 pounds sold and used in the States. It categories RID UAS in three buckets: Standard RID, Limited RID and No RID. It hinges this categorization on both the ability to, and the means of, transmitting “message elements” via a UAS Service Supplier (USS). Think: LAANC. Message elements include:
- UAS identity: manufacturer-assigned serial number or USS-assigned Session ID (a randomly-generated alphanumeric code assigned on a per-flight basis)
- Control station latitude and longitude
- AGL UAS latitude and longitude (Standard RID only)
- Control station and UAS barometric pressure altitude
- Coordinated Universal Time (UTC) time mark
- Emergency status indicator
Using an USS, Standard RID UAS would transmit these required message elements through both broadcast and the Internet; Limited RID UAS, permitted to operate only within 400 feet from a control station, would only transmit RID message elements via the Internet. UAS without RID would only operate within an FAA-approved federally recognized identification area (FRIA), within visual line of sight.
The rubber meets the road when it comes to operator privacy in the registration and transmission requirements. On the topic of registration, the NPRM would require each UAS to be registered under a unique registration number, eliminating multiple recreational UAS to be registered under a single number. The applicant would also now be required to provide his/her telephone number(s). Regarding transmissions, UAS RID message elements would be publicly accessible. Law enforcement and security agencies would be able to cross-reference message element and registration information.
How do these new rules rack and stack, when it comes to privacy?
Registration: No Big Deal
As the NRPM proposes to update the registration rules, a review of those rules gives insight into what information the feds currently collect and what changes these new rules may impose on operators.
The 2015 Registration and Marking Requirements for Small Unmanned Aircraft (“Registration Rule”) established a web-based registration process for small UAS (SUAS) in 14 CFR part 48, as an alternative to 14 CFR part 4, and allowed SUAS to be registered under either part. To register under part 47, applicants must file a Registration Application (AC Form 8050-1) with the FAA Aircraft Registry that includes: aircraft manufacturer model and serial number, aircraft serial number, registration number (U.S.), applicant mailing address, physical address and telephone number. Part 48 registration can be done online, and applicants provide virtually the same information as for part 47 in the AC Form 8050-1, plus an email address.
Much ado has been made about the telephone number requirement in the NRPM, but it’s not novel. Part 47 filers already have to provide this; part 48 filers have to provide an email. The individual UAS registration requirement means that the applicant will be providing the same personal information multiple times. Not much in the NRPM registration process impacts privacy.
While the information collected at registration is not radically different from today, the NRPM requires “near real-time” transmissions of operational information to be beamed out during flights continuously from takeoff to touchdown.
Transmission: What the??!
To fully understand the privacy implications of requiring operational data transmissions, one must appreciate who will have access to that data, for how long, and for what uses.
The NRPM proposes USSs retain RID message element information for six months from the date the information is received or came into their possession. The FAA all but admits the “6” is random. Too short? Most security cameras delete film in 24 hours. Too long? Intelligence agencies can hold on to information for years. Perhaps less is more when it comes to data retention…
The really tricky part is who will get to see that information.
To start, the FAA will have access to registration data and to USS-received message element information in near real-time, either continuously or upon request. This makes sense. The FAA is the agency responsible for airspace safety. The FAA restricts access to its information consistent with privacy laws, regulations and policies including the Privacy Act, E-Government Act, Federal Records Act, and FAA Order 1370.121, FAA Information Security and Privacy Program & Policy. Information from the UAS registration system is not available to the public. The FAA is not proposing to change any of this. And to the extent that an USS collects collateral information from a UAS user, the FAA would not have access to that information.
USS companies would require access to registration data and message elements. The NRPM requires them to have policies to safeguard it, including operators’ PII and the association between a Session ID and UAS serial number. The proposed rule also requires the USS to obtain user permission for data sharing or additional information collection.
The NRPM envisions that manned aircraft, especially low-altitude operators would have access to RID message elements, using “the necessary equipment to display the location of UAS.” While the NRPM does not elaborate further on the means of doing so, manned aviation access to information that would create a holistic airspace picture makes an abundant amount of sense.
Contrast this with the NRPM provisions that RID message elements transmitted to an USS be considered publicly accessible information. So too would Standard RID UAS broadcasts, which must be compatible with commonly available personal consumer cellular phone, tablet, or other wireless device personal wireless devices.
This has operators concerned for their own privacy and safety. All too common are the horror stories of UAS operators being confronted, beaten up, and even shot at by misinformed bullies. Full public access too easily enables irate citizens who see a drone over their property to use their cell phone, track an operator, and resort to vigilante justice. Now imagine that the drone operator is a child.
Children under 13 don’t drive cars, but they do fly drones. This is why several UAS organizations, like DroneU, are highlighting the NRPM’s failure to address the Children’s Online Privacy Protection Act (“COPPA”) of 1998, 15 U.S.C. 6501–6505, implemented by the Federal Trade Commission (FTC) in 16 CFR Part 312. COPPA prohibits unfair or deceptive acts or practices in connection with the knowing collection, use, and/or disclosure of personal information from and about children under 13 years of age—including geolocational data—on the Internet. The ability for everyone to passively track and geolocate minors is a significant problem.
One easy way to alleviate this problem would be to have a benign identifier publicly available, and nothing more. This is where, perhaps, the “like a car” analogy works. Upset citizens who want to report an errant car driver write down the license plate and report it to police. Giving folks access to the UAS “electronic license plate” would allow them to do that, while preventing potential nightmare safety situations.
Although the message elements would be publicly accessible information, the ability to cross-reference that information with registry data would be limited to the FAA and security agencies. They would also be able to access USS RID information. Full spectrum access for security personnel would theoretically facilitate a relevant threat picture.
But how will this actually work? The NRPM does not address the technical means for access. It also avoids the legalities of Fourth Amendment search and seizure law, instead providing three hypothetical scenarios where, in the end, the agent takes unspecified “appropriate law enforcement” action.
Privacy, at both the federal and state level, is governed by the Fourth Amendment (for states, via the 14th Amendment). It requires a particularized warrant based on probable cause for searches and seizures, unless an established exception applies. There are several that could apply to on-the-scene UAS operator situations, such as consent, stop (and frisk), exigent circumstances, or the automobile exception (which applies to all vehicles). These will be fact-dependent.
The ability of police to triangulate RID UAS message element and registration data also has precedent in the practice of “running plates” against various databases. Beyond that, security personnel would likely be required to obtain a warrant. The NRPM doesn’t mention that the “normal rules” apply here, but should.
Who’s Watching? Everyone, For Now
Everyone’s watching to see what the final RID rule will look like holistically and from a privacy perspective. But not everyone should have the right to watch every last detail of UAS operations. The issues to keep watching are data retention periods; full public access to operational data, especially to operator locational information; and clarity on law enforcement authorities both within the NRPM, as well as external to it, at the federal and state levels. I’ve charted the final scorecard for all the visual learners out there. In the end, even though the tally favors “no big deal,” there is no real win here, because even one privacy foul is one too many. Here’s to watching out for our drone operators!
Figure: Privacy Scorecard
|No Big Deal
|Data Retention – 6 months
|*Consider lesser period
|Public Access to All Ops Data
|Limit to Registration, Serial or similar identifier
|Law Enforcement / Security Access to Ops Data
|*NRPM should clarify that civil liberties / rights still apply
|Manned Pilot Access ot Ops Data
|FAA Access to Ops Data
*The views and opinions in this article are those of the author and do not reflect those of the DOD, do not constitute endorsement of any organization mentioned herein and are not intended to influence the action of federal agencies or their employees.
Dawn M.K. Zoldi (Colonel, USAF, Retired) is a licensed attorney and a 25-year Air Force veteran. She is an internationally recognized expert on unmanned aircraft system law and policy, and a recipient of the Woman to Watch in UAS (Leadership) Award 2019.