The new government guidelines to protect you from drones won't protect you from drones
LatestOn Thursday, after more than a year, the National Telecommunications & Information Administration (NTIA) released a set of guidelines regarding “best practices” for maintaining privacy while operating unmanned aircraft systems, a.k.a. drones.
In February 2015, President Obama asked NTIA to work with private stakeholders in the drone industry, including companies operating private drones and digital privacy groups like Center for Democracy & Technology, to come up with the guidelines. The results are some pretty weak sauce to allay the concerns of people worried about drones hovering over their homes taking photos. (Those people would be better off buying an anti-drone defense system.)
Five guidelines are set forth in a brisk eight pages and mostly outline how private drone operators ought to collect, use, and protect data; which means taking photos or otherwise collecting identifying details about the people underneath the drone. (An exception is carved out for news organizations, to whom the best practices don’t apply, because of First Amendment limits on what the government can tell the press not to do.)
The guidelines broadly discourage flying commercial drones over private property unless absolutely necessary, and say you should do your best to secure data.
But here’s a lil’ snag: the guidelines remain entirely voluntary. Look, it’s right there in the title! “Voluntary Best Practices for UAS Privacy, Transparency, and Accountability.” The Senate has asked for more guidelines that could lead to legislation (in a yet-to-be-passed bill), but who knows when that might come along in an enforceable way.
In the meantime, all that stands in place to stop companies operating private drones from using subpar data protection is, effectively, whether or not they feel like they should. And, as digital privacy advocates Access Now point out in their post on the new guidelines, the recommendations put forth fall short of Federal Trade Commission standards for privacy protections, even if drone operators choose to put them in place. Writes Access Now:
[T]he outcome document undersells the very real threats that drones pose to individual privacy as merely “privacy concerns.” This framing cheapens a time-tested fact: the cheaper and easier it is to collect information, the more often it will be collected, stored, analyzed, and used in ways that may be either useless for or actually harmful to the data subject.
The FAA does have regulations for drones, and requires certain drones be registered, but privacy concerns are pretty much solely the province of the NTIA, and this is what they’ve produced.
Meanwhile, alternative means to avoid drones seem to be drying up. One illustrative example is NoFlyZone, a site that debuted last year and was billed by Slate as a way to “register your address in a database so drones will avoid flying over it.” The plan, while perhaps optimistic, seemed fairly comprehensive:
NoFlyZone’s long-term plan is to create a mobile app and offer a freemium model where registering addresses as no-fly zones is free, but using customizable features costs money. For example, you could pay a subscription to make the air above your house available to delivery drones, but indicate that you don’t want camera-equipped drones flying overhead. Or you could create Do Not Disturb time periods.
Today, the site is rather different. It consists of two pages and explains that “NoFlyZone maintains a comprehensive airspace database of critical infrastructure and sensitive sites.” In other words, not homes. The site goes on to explain that their list “includes civil and military airspace, airports, hospitals, schools, nuclear power plants, prisons and other sensitive locations.”
Don’t worry though: NoFlyZone’s founder, Ben Marcus, has kept busy. AirMap, his company providing apps and information to airports, drone pilots, and so on, raised $15 million in April. It’s unclear whether the addresses submitted to NoFlyZone are in AirMap’s database. Marcus, AirMap, and NoFlyZone have yet to respond to my emails or phone calls. [Update: AirMap co-founder Greg McNeal got back to me. His explanation is below.]
It’s great if regulators want to take privacy seriously when it comes to drones, but it’s going to require them to actually regulate, not just produce flimsy guidelines.
Update: Greg McNeal, AirMap’s co-founder explained that while AirMap continues, NoFlyZone, which was separate is no longer around. He explained why via email:
NoFlyZone no longer exists, Ben Marcus started the system as a way to help broker a compromise between the benefits of drone technology and people’s concerns with drones. While many people embraced the idea of letting drone operators know that flying over their property wasn’t welcomed, there was no clear legal basis on which those residents could exclude drones. Because of that, manufacturers didn’t feel the need to participate in the system, so the business was closed. The website is now largely a landing page for individuals interested in finding out how to protect critical infrastructure and sensitive sites that have some regulatory or legal restriction associated with them. For example, there is FAA guidance for aircraft, instructing such aircraft to not loiter over certain types of critical infrastructure like prisons or powerplants.
The explanation doesn’t include what happened to the addresses submitted to NoFlyZone, and I’ve written back to see if more information on what was done with those is available. [Update 2: McNeal tells me they were deleted.]
Ethan Chiel is a reporter for Fusion, writing mostly about the internet and technology. You can (and should) email him at [email protected]