Just before the holidays, a Department of Homeland Security (DHS) working group released guidance for state and local agencies using drone aircraft. The document, Best Practices for Protecting Privacy, Civil Rights & Civil Liberties In Unmanned Aircraft Systems Programs, addresses concerns over the implications of high-tech tools that, without rigorous controls and oversight embedded in law and embodied in code, can easily be abused.
Process and substance to prevent predictable abuses
Some aspects of the guidance construct a robust process surrounding the adoption of drones. For instance, it suggests consultation with legal counsel and issue experts, as well as a clear definition of a program’s mission and scope. The guidance also recommends ongoing assessment of privacy impacts and a redress program.
By recognizing that encryption enhances security, the DHS guidance could undermine half-baked FBI proposals to subvert encryption.
Other more substantive provisions address the use of drones themselves. For instance, the DHS guidance suggests limits on how drones collect data, how the data used, how long it is retained, and to whom and for what purposes it is disseminated.
Strikingly, the working group even calls for accountability when data from drones is used improperly and addresses two contexts in which that has unfortunately recurred.
First, the working group recommended policies to prevent overzealous authorities from undermining the constitutional speech and assembly rights at the core of our democratic political process. It suggests that agencies:
Be attuned to the potential privacy risks…arising from inadvertently capturing images of individuals engaging in constitutionally protected activities, and establish appropriate guidelines and administrative controls to anonymize, destroy, safeguard or prevent the misuse of such data….
Second, responding to long-standing patterns of unconstitutional ethnic profiling by police agencies, the guidance reminds policymakers and agencies that:
Collection, use, dissemination, or retention of unmanned aircraft system-recorded data should not be based solely on individual characteristics (e.g., race, ethnicity, national origin, sexual orientation, gender identity, religion, age, or gender)….
To see such broad recommendations addressing needs from transparency to civil liberties coming from a government agency is an encouraging sign.
Insufficiencies and ironies
Unfortunately, the guidance also leaves much to be desired.
First, despite nodding to concerns about ethnic profiling, the guidance ultimately fails to address them. DHS suggests that drones not be used to collect data based solely on demographic indicia. It does, however, allow profiling based on a combination of factors, which lends itself to profiling particularly when no specific suspect description connects the target of an investigation to a discrete incident.
At root, the guidance remains advisory, binding neither state nor local agencies, nor even agencies within DHS itself. Longstanding concerns about inadequate transparency and protections by DHS component agencies will remain and continue to mount.
The guidance is also limited to particular settings. The working group said its guidance was “intended for first responders (e.g., emergency management, emergency medical service, fire departments, and security professionals responding to disasters and other emergencies) and does not seek to provide guidance in regard to investigative use of [drones],” despite the group’s recognition of historical patterns of recurring abuses by law enforcement agencies.
By declining to address investigative uses of drones, the guidance sidesteps an elephant in the room: the constitutional requirement for a judicial warrant. Several states as politically diverse as Illinois and Utah have legislatively reiterated the warrant requirement for drones even for law enforcement purposes.
One might hope that only thoughtful and conscientious professionals could get their hands on powerful tools by working for a public agency. Our Founders expected otherwise and created the warrant requirement to ensure the legitimacy of both criminal and non-criminal investigations by forcing the government to justify them.
One of the most timely aspects of the best practices is their recognition of the value of encryption. Despite self-serving claims by intelligence officials that encryption represents a threat to national security, DHS’ 2015 guidance on drones explicitly advises local and state authorities to employ encryption to ensure the security of data they collect and retain.
By recognizing that encryption enhances security, the DHS guidance could undermine half-baked FBI proposals to subvert encryption by mandating back doors for intelligence agencies and instead reinforce a common sense consensus uniting the tech community and privacy advocates.
Perhaps congressional policymakers less inclined to heed privacy concerns will prove more responsive to the security concerns of DHS officials. Regardless, the department’s recent guidance can help inform the debate, especially where local and state policymakers propose legislation to embody its most helpful recommendations.