Domestic Drones Should Embrace Privacy by Design



On Wednesday, the FAA held an online forum to seek input from members of the public on the agency’s development of a privacy policy for unmanned aircraft systems, or civilian drones. For two hours, privacy advocates, engineers, and representatives of the unmanned aircraft industry went around in circles debating whether drones even present novel privacy questions–and whether the FAA was the appropriate government agency to conduct such a conversation. If the unmanned aircraft industry wishes to encourage the widespread societal embrace of this technology, suggesting that drones do not present privacy challenges and moreover, arguing that our current legal and policy framework can adequately address any concerns is counterproductive.

Drones Are Different

As the Associated Press reported last week, public fear that unmanned aircraft technology will be misused threatens the health of the entire unmanned aircraft industry. Robert Fitzgerald, CEO of The BOSH Group, provides drone support services, was quoted as saying that the industry’s “lack of success in educating the public about unmanned aircraft is coming back to bite us.”

While it may be true as a technical matter that unmanned aerial surveillance is no different than a manned overhead flight, the privacy implications are worlds apart. As a practical consideration, unmanned aircraft are degrees cheaper and more accessible to use than their manned counterparts. The ACLU’s Jay Stanley has suggested that unmanned aircraft erase “natural limits” of aerial surveillance, and as drones become both smaller and more technically advanced, will pose bigger and bigger challenges to individual privacy.

But what truly makes unmanned aircraft so unique is that they provide a physical manifestation of our generally abstract, mental conceptions about privacy. Professor Ryan Calo surmises that drone surveillance is “visible and highly salient” in a ways that people experience quite different from network surveillance or commercial data brokerage. “People would feel observed, regardless of how or whether the information was actually used,” he explains.

Privacy Approaches to Unmanned Aircraft Systems

The Association for Unmanned Vehicle Systems International (AUVSI) has put forward a broad privacy statement that endorses efforts to ensure unmanned aircraft are used in an accountable and transparent fashion. So far, so good. However, the statement also calls for technology neutral policies. In other words, data collected from unmanned aircraft would be treated no differently from information uncovered from manned aircraft–or mobile phones. Additionally, while AUVSI has embraced limits on information collection, storage, use and sharing, it recommends enforcement via “established law and policy.” This might not be such a problem if the United States had more comprehensive privacy protections in place, but as Professor Calo and others have pointed out, there are few privacy laws that actually limit surveillance by either private or public parties.

Thus, because of this reality, it is problematic for organizations like AUVSI to suggest, as it did on Wednesday, that the solution is to trust the judicial system to sort out any privacy issues that may arise. Relying on either the traditional privacy torts or the Department of Justice to somehow police privacy intrusions by private companies is not only inefficient, but it does nothing to address the public’s broader concerns about unmanned aircraft. AUVSI claims to want a broad, society-wide discussion about privacy, but it fails to recognize that its own technology may well be the catalyst that forces us to readdress our privacy laws.

Alleviating these fears should be the industry’s top priority should it wish to see the projected economic boom from unmanned aircraft come to fruition. It may make sense to redirect this conversation to an agency with more substantive privacy expertise, but that will only further delay a policy discussion that is already behind where our technology is moving. As unmanned aircraft technology advances, it faces a patchwork of different laws and regulations across the country. A legislative fix by Congress is unlikely, and moreover, Congress has specifically mandated that the FAA work to safely integrate drones into our national airspace.

Given the slim likelihood of legislative action, stakeholders are more or less stuck with the FAA.  Thus, it is essential that the FAA work to develop guidelines that encourage public trust and confidence. The industry’s current approach is unlikely to accomplish this, so how can we best ensure the development of unmanned aircraft technology in a way that protects privacy? One strategy is to couple aircraft safety with privacy protections, and a number of mechanisms put forward by privacy advocates, such as metadata transmissions or “drone license plates,” would promote safety, as well. Another strategy is to develop policies that are informed by the Fair Informational Practice Principles (FIPPs), and for its part, this is the approach the FAA has suggested so far.

Incentives to Embrace Privacy by Design

Data minimization, security, transparency, and accountability are all important principles to respect, but one way of operationalizing these principles in the context of unmanned aircraft is to embrace the concept of Privacy by Design. Developed by Dr. Ann Cavoukian, the Information and Privacy Commissioner of Ontario, Canada, Privacy By Design encourages organizations to build privacy in–early, robustly and systematically–across products and business ecosystems.

According to the Federal Trade Commission, Privacy by Design requires entities to “promote consumer privacy throughout their organizations and at every stage in the development of their products and services.” Applying this notion to the field of robotics, researcher Aneta Podsiadła has suggested that privacy protections can be operationalized through a combination of technical solutions during product development and “embedding privacy” into an organization’s operation. Unmanned aircraft manufacturers and operators do not appear to be seriously thinking about privacy from either perspective, however.

Ironically, the vocal public concern about drones actually combats one of the biggest challenges to implementing Privacy by Design. Often economic incentives to protect privacy are simply inadequate. Privacy scholar Ira Rubinstein explains that this combines with inexact guidance by regulators on how to implement Privacy by Design to make investing in privacy safeguards costly to firms. In the case of unmanned aerial surveillance, however, public demand for privacy safeguards is salient–and indeed, an economic opportunity.  Already firms are developing surveillance “countermeasures” for sale to the general public.

This provides an opening to make the FAA’s privacy proposals a model for future privacy policies and operationalizing Privacy by Design. Both regulators and industry needs to begin elaborating design principles, discussing best practices, and researching how privacy can be engineered into unmanned aerial systems. Absent an ongoing dialog, we are committing ourselves to privacy protections that are more aspiration than reality in the skies above. All parties have every incentive to consider these issues: the drone industry anticipates adding 70,000 high-tech jobs and $14 billion to the economy by mid-decade. If we hope to see those figures come to fruition, everyone should be working with the FAA to encourage innovation and experimentation with privacy-protecting technologies.