The FAA Creates Thin Privacy Guidelines For The Nation’s First Domestic Drone ‘Test Sites’


This article, compiled by activist April Glaser and senior staff attorney Jennifer Lynch, was originally published by the Electronic Frontier Foundation.

Commercial unmanned aerial systems are set to start flying over U.S. airspace in 2015. In November, the Federal Aviation Administration released its final privacy rules for the six drone “test sites” that the agency will use to evaluate how drones will be integrated into domestic air traffic. These new privacy requirements were issued just days after Senator Ed Markey (D-Mass.) introduced a new bill, the Drone Aircraft Privacy and Transparency Act (DAPTA), intended to codify essential privacy and transparency requirements within the FAA’s regulatory framework for domestic drones and drone test sites.

In 2012, Obama signed the Federal Aviation Administration Modernization and Reform Act, which mandated that the FAA implement “test sites” to fly domestic drones before opening the door to nationwide regulations and licensing for commercial drone flying. Twenty-four States have applied to be FAA drone test sites. While the FAA’s rules do establish minimal transparency guidelines for the new drone test sites, the new rules apply only to the test sites and do not apply to the drones that are already authorized to fly.

The new transparency rules require each test site operator to create, post and enforce its own privacy policy, as well as set up “a mechanism to receive and consider comments from the public.” The FAA rules further state that test sites must require all drone operators to establish “a written plan for the operator’s use and retention of data collected by the UAS.” Although the FAA’s rules require the test site privacy policies to be made available to the public, there seems to be no similar requirement for the UAS operators’ “written plans.” There also appears to be no FAA oversight for these transparency rules; the rules basically call for the test sites to police themselves.

While the Electronic Frontier Foundation appreciates the steps the FAA has taken so far, the agency could and should go further to require similar transparency from all drone operators. The FAA has already authorized almost 1,500 permits for domestic drones since 2007; but, despite EFF’s two Freedom of Information Act lawsuits for drone data, EFF still doesn’t know much about where these drones are flying and what data they are collecting.

EFF submitted comments in the FAA’s rule-making process about what a good privacy policy for the drone test sites would look like, and only a few of its proposals were adopted into the new rules. The FAA did not, as EFF recommended, develop and provide a model privacy policy for all test site operators — something that would have been relatively easy to produce, considering the Federal reach of the agency. The FAA also could have gone further to ensure that data collected at drone test sites does not exceed Constitutional and other legal limitations. Nine States have passed laws that restrict the use of drones by either law enforcement or private citizens. Some of these States have also applied to be drone test sites, which would then test those existing State policies.

It is especially important for the FAA to define basic data collection procedures for domestic drones, because the technology enables a kind of surveillance not achievable by manned aerial or ground-based law enforcement or commercial entities. Some drones are capable of staying in the air for 16 to 24 hours at a time, much longer than a manned aircraft ever could. Drones can fly altitudes above 20,000 feet with super-high-resolution cameras and can monitor and track many people at once or intercept phone calls and text messages. Drones also cost far less to purchase, operate and maintain than helicopters and planes.

A number of drone bills have been introduced in Congress over the past two years, but Markey’s proposed legislation is demanding of both the FAA and drone operators when it comes to protecting the Constitutional rights of Americans. DAPTA calls for the FAA to institute and enforce guidelines for all licensed domestic drone flights — not just test sites — that include clear data minimization procedures, as well as transparency rules that require drone test site operators to disclose their data collection practices and how drone operators use, retain and share all collected data.

Markey’s bill requires the FAA to create a publicly searchable database of all awarded drone operator licenses, the logistical details of their operation, and each drone operator’s data collection and minimization statement. Creating a database like this is within the FAA’s purview. The agency already runs other databases about aircrafts in national airspace, listing who is in the air, accident reports and safety information.

Law enforcement agencies across the country are already flying drones without set national privacy guidelines in place. But at this point, EFF’s most successful tactic for learning more about drones has been to sue for access to information. The American public shouldn’t have to submit a Freedom of Information Act request just to know if drones are overhead. Markey’s bill is a strong start to what needs to be an ongoing conversation about the future of American privacy standards in light of the coming age of domestic drones. We need more lawmakers to speak up for greater transparency and accountability of both government and commercial operation of drones in our national airspace.

Until there are laws in place that mandate transparency, EFF encourages you to submit requests to your local law enforcement agency and city council to learn more about drone flights in your area. EFF has partnered with MuckRock, an open government organization dedicated to helping people send requests for public records, to campaign for greater transparency about drones that are already flying in the United States. If you’re wondering what your own police agency may be doing with drones, go here and fill out this simple form so MuckRock can send in a public records request for you.

Personal Liberty

Electronic Frontier Foundation

From the Internet to the iPod, technologies are transforming our society and empowering us as speakers, citizens, creators, and consumers. When our freedoms in the networked world come under attack, the Electronic Frontier Foundation (EFF) is the first line of defense. EFF broke new ground when it was founded in 1990—well before the Internet was on most people's radar—and continues to confront cutting-edge issues defending free speech, privacy, innovation, and consumer rights today. From the beginning, EFF has championed the public interest in every critical battle affecting digital rights.

Join the Discussion

Comment Policy: We encourage an open discussion with a wide range of viewpoints, even extreme ones, but we will not tolerate racism, profanity or slanderous comments toward the author(s) or comment participants. Make your case passionately, but civilly. Please don't stoop to name calling. We use filters for spam protection. If your comment does not appear, it is likely because it violates the above policy or contains links or language typical of spam. We reserve the right to remove comments at our discretion.