The Federal Aviation Administration (FAA) will soon rule on Beyond Visual Line of Sight (BVLOS) drones, which are capable of flying while its operator (pilot) is far away. While these types of drones might offer benefits to society—think of deliveries, infrastructure inspection, and precision agriculture—they also pose serious threats to our privacy. The FAA and the BVLOS industry need to meaningfully address the privacy issues that these types of operations pose to people. Do we want a future with private industry flying drones over our heads with no transparency or protections for our privacy?
What Are BVLOS Drones?
Drones are uncrewed aircraft that can either fly autonomously or are remotely operated. Sometimes they are called unmanned aircraft systems (UAS). You have probably seen people flying small drones to take photos or videos of landscapes or events. In the last few years, drones have become very popular among hobbyists for drone racing, video, and photography. In 2016, the FAA published rules as Part 107 and later RemoteID which cover many of these small drones. However, the operator must be within visual line of sight of the drone—that is, you need to be able to see with your own eyes where your drone is.
BVLOS is when operators are not within visual distance of the drone, allowing the drones to fly much longer distances. The pilots could be over the horizon or even on the other side of the world.
BVLOS drones bring new challenges to operations. For example, since BVLOS drones fly longer distances, maintaining communication and control of the drone is even more important. Also, because you are not there to see where it is and have a full view of the airspace around the drone, maintaining awareness of the surrounding airspace becomes more challenging. For these and many other reasons, BVLOS drones require their own rules, and will be flown mostly by industry.
If you want to fly a BVLOS drone, there are no rules yet, so you would have to apply for a waiver with the FAA. Because of this uncertainty, industry has been asking the FAA for BVLOS rules. And so, the FAA convened an Aviation Rulemaking Committee (ARC) on BVLOS drones to start working on these rules.
What Are the Privacy Threats?
BVLOS rules will open the doors for larger commercial operations to fill the skies with long-distance drones. They will deliver merchandise and inspect equipment. Many communities will be impacted by multiple BVLOS drones flying over their heads, with all types of sensors that collect all kinds of data.
Because drones are flying over your house and other property at low altitude, the traditional barriers like fences to your privacy do not apply. Drones can see into your backyard and they can have better views of your private life.
With drones potentially flying over your home multiple times per day, industry can have a better sense over the chronology of your routines. For example, if they have cameras, they can see if there are cars outside, how many and what type, at what times, and even the license plates. They could also conduct facial recognition on the people present, to see who is in your backyard at various times during the week. And it’s not just about cameras: Drones can also have microphones, LiDAR, Wi-Fi Scanners, and any other mounted sensor.
When industry uses sensors to collect information about you, industry all too often shares it with the government. For example, Ring collects visual and audio information from residents and passersby and has given access to law enforcement without warrants or user consent. All manner of government agencies are exploiting private surveillance networks and data brokers to circumvent protections for the people.
What Is an ARC?
ARCs are advisory groups that help the FAA make recommendations on rulemaking. A group of experts sit down for a period of time to discuss all possible aspects on a particular topic, such as operation, certification, maintenance, etc. Then those suggestions are considered by the FAA when it writes the rules.
In June 2021, the FAA convened a new ARC on BVLOS. EFF, the American Civil Liberties Union (ACLU), and the Electronic Privacy Information Center (EPIC) were some of the organizations participating, though this committee was largely dominated by industry.
On March 10, 2022, the FAA released the Final Report from the UAS BVLOS ARC, which contains the recommendations to which most other participants could agree—but EFF, ACLU, and EPIC voted as non-concurrent with the final report and submitted letters of dissent.
Why Did EFF Dissent With the Final Recommendations?
While we appreciate the effort that the FAA made to include civil society organizations like ours in the BVLOS ARC, the setup was not right for a full discussion of the civil liberties threats that these drones pose. The ARC was heavily dominated by industry, the target time to come up with a proposal was only six months, and none of the working groups were designed to address privacy issues thoroughly. Indeed, when we raised the topic of privacy, some industry groups pushed back to not even have a conversation on privacy.
We proposed some basic principles. We also suggested that another process be created with the right members (including diverse groups and communities) to thoroughly discuss and propose privacy rules.
Our main concerns with the ARC report are:
- Voluntary privacy practices: Non-binding principles offer no protection for the public nor any real incentive for operators to comply, leaving the field wide open for abuse.
- Lack of transparency: These rules do not ensure the public can understand what’s flying over them, which is the first step towards holding industry accountable.
- Lack of community engagement and control on invasive operations.
- Lack of thorough considerations of negative uses and impacts of drones.
Transparency is essential to empower people and to maintain accountability, but the drone industry lacks that transparency. During the BVLOS ARC, we proposed a set of balanced transparency principles for industry that addressed the possible intrusions from government. One consideration is privacy (not secrecy) for drone operators as well.
For example, we suggested that when applying to operate a BVLOS Drone, the operator must report the types of sensors and their use. This should include:
- Type and purpose of the drone operation: The operator should detail the purpose of its operation, so the public can understand its nature and also hold them accountable for mission creep.
- Technical capabilities: This should include not only the operational capabilities of the aircraft (distance, air time, altitude, payload weight, etc.) but also the sensors on board, their capabilities, and the data collection in which they will engage. For example, if the drone carries cameras, the operator would have to disclose the power of any zoom lens, how that zoom is controlled (automated processes or remote operator), the camera’s resolution, the camera’s spectral range, and any live AI or analytics capabilities that it uses.
- Data collected: The operator should detail all data collection that will occur during the operation. For example, if video will be collected, this would include information on when that video will be collected.
- How that data is used: The operator should detail the collected data's intended use, for example, for navigational purposes, detection and avoidance of obstacles, infrastructure inspection, etc.
- Data disclosure: Who other than the operator can access the data, or with whom will it be proactively shared, and for what purpose?
- Privacy impact assessment: The operator should provide an assessment of how the operation—with the sensors, data collection, and sharing that it involves—will affect communities over which this operation will take place, and what mitigations will address these issues.
So What Now?
Now we wait for the FAA to publish its rules on BVLOS drone operations. We hope that this time, the FAA will address our concerns and add some of our proposals.