The drone debate: Does the coming swarm of flying gadgets require new privacy laws?

While the Federal Aviation Administration is being sued because its proposed drone policy doesn't address privacy, others argue that unmanned aerial vehicles don't require new privacy standards, saying that existing laws are enough.

A camera drone flown by a cameraman flies near the scene where two buildings were destroyed in an explosion, in the East Harlem section in New York City, in this file photo taken March 12, 2014.

Mike Segar / Reuters

April 22, 2015

It took three years for the Federal Aviation Administration to come up with a proposal for how to regulate drones. But it took only about a month after the recommended framework was released for privacy activists to sue.

Noticeably missing from the recommendations unveiled earlier this year were any privacy oversights. For the Electronic Privacy Information Center (EPIC), the plaintiffs in the suit against the FAA, that was inexcusable.

The advocacy group's website site is full of unnerving facts about camera-wielding drones. They can be equipped with facial recognition, license plate scanners, the capacity to track multiple targets, and the ability to operate at distances and heights making them impossible to detect. Drones are "designed to undertake constant, persistent surveillance to a degree that former methods of video surveillance were unable to achieve," according to EPIC.

Tracing fentanyl’s path into the US starts at this port. It doesn’t end there.

The courts are not the only avenue to affect policy change at the FAA. Public comment on the framework will be accepted until this Friday.

But many experts argue that the FAA isn't the governing body that should be charged with ensuring drones don't violate privacy. What's more, others – chiefly drone-makers and their advocates – question whether unmanned aerial vehicles, or UAVs, even require a new set of privacy standards, saying that existing laws are already enough.

In a privacy impact assessment issued alongside the proposed framework, the FAA stated that while it “acknowledges that privacy concerns have been raised about unmanned aircraft operations … these issues are beyond the scope of this rulemaking.”

While some privacy advocates are worried that the omission may allow for invasive surveillance from commercial or government drones operating inside the US, the drone community said those concerns are more of a red herring than anything else.

“The FAA has wisely backed off all privacy issues [because] there’s no need for a new federal privacy bureaucracy [when] states already have protections in place,” says Charles Tobin, a privacy rights lawyer at the law firm Holland & Knight, who represents a coalition of media outlets advocating for drone usage for the purposes of journalism.

“The laws that are on the books are all technology agnostic. They apply to computers, they apply to still cameras, they apply to wireless microphones, they apply to video cameras … and there’s no reason that they can’t be applied – as already written – to UAV,” he says.

Relying on existing legal protections should be the obvious choice, says Brendan Schulman, head of the Unmanned Aircraft Systems practice at the law firm Kramer Levin in New York.

Nicknamed “the Drone Lawyer,” Mr. Schulman says that “if the concern is physical intrusion or inappropriate photographs, state law governing offenses such as trespass, stalking, peeping or unlawful surveillance … apply.” That means that what people are most fearful of – being stalked, harassed, or surveilled by a drone, or being victimized by a peeping tom behind a drone – are already acts bound by law. 

Simply put: the states have things covered, he says.

Regulators lag behind technology

A presidential memorandum issued the same day as the FAA’s proposed regulations relays the responsibility to “develop a framework regarding privacy, accountability, and transparency for commercial and private [unmanned aerial systems] use” to the Department of Commerce. The memo states that the department must initiate a “multistakeholder engagement process” within 90 days of the memo’s release – so it must begin work by mid-May. 

But government trying to regulate a specific piece of technology is not the best approach, says Matt Waite, professor of journalism and founder of the Drone Journalism Lab at the University of Nebraska-Lincoln, which explores the ways in which drones can be used to further journalistic aims.

“As we are already seeing, the government lags way behind technology when it comes to laws that would deal with that technology. It’s taken the FAA a long time to come up with [proposed] rules for these drones and they’re flying around right now. They’re being used for commercial purposes even though the FAA says, ‘No, you can’t do that.’ ”

Mr. Waite says it’s important to determine exactly what people can’t do – what actions need to be stopped. “We need to start thinking about what we consider a reasonable expectation of privacy in our modern times. And if that’s not allowing [me to] photograph [someone] streaking in their backyard, then that’s great. We can say I can’t do that. But it shouldn’t matter how I do that, [just that] you don’t want me to do it.”

It’s about recognizing that once privacy has been violated, how it was violated is no longer important, says Helen Greiner, chief executive officer of Massachusetts robotics and drone company CyPhy Works. She says that although she understands the privacy concerns related to the commercial use of drones, those concerns are often misdirected: “It’s not a drone issue. It’s a camera issue. In that way, it’s kind of a red herring.” 

“You need to go to the real issue, which is pointing cameras at things they shouldn’t be pointed at,” Ms. Greiner says. “And if we’re going to talk about privacy with cameras, it should be for all cameras … whether they’re on a drone or a balloon.”

She says she doesn’t worry that public fear might hurt her business because the drones sold by CyPhy Works are used to perform specific commercial functions. “They may be used to survey a property or a facility, for example,” but they’re not being used to capture footage surreptitiously, Greiner says. 

“I believe privacy is an important issue and that it should be regulated, but rules already exist,” she explains. She says it’s unlikely that fears related to the perceived loss of privacy will bog down final passage of FAA regulations – something she’s anxiously awaiting: “It might be wishful thinking, but I don’t foresee a tightening in terms of the finalized regulations.”

The case for privacy policies

A public commentary period on the proposed regulations expires Friday, but there’s no firm deadline for when the FAA must have finalized regulations in place. Experts think it could take two years, possibly longer – which means the waiting game has only begun. It also means that commercial drone use will remain technically illegal for the duration, outside of a handful of exemption-type permissions granted by the FAA.

Amie Stepanovich, senior policy counsel for privacy advocacy group Access Now, says that there’s room for improvement when it comes to ensuring personal privacy. That’s because drone technology is in a league of its own: “Drones have [the] capacity to bring a bunch of different surveillance technologies onto a singular platform and to reach into areas that other vehicles have not been able to get to.”

Ms. Stepanovich says that limitations should be put in place to restrict the ways in which government agencies can use drone technology for the purpose of surveillance. “We need things that will, for example, protect users’ location information from being collected and tracked,” she says. “It comes back to tracking people over time without a warrant and being able to pinpoint their exact location. … and we need to make sure that that information is adequately protected.”

But she’s also a fan of technology agnosticism. She says that whatever restrictions are put in place, they should not be drawn up as drone-specific. “There are several other different kinds of technologies that are coming out,” she says, referring to Stingray trackers that are now being used by law enforcement agencies to gather data from cellphones.

The presidential memo issued in conjunction with the FAA’s proposal states that agencies must “comply with the Privacy Act of 1974, which, among other things, restricts the collection and dissemination of individuals’ information that is maintained in systems of records, including personally identifiable information.”

Although the White House’s assurance that government agencies will be held accountable to legacy privacy standards is a start, Stepanovich recommends further attribution and transparency.

“The FAA has a publicly accessible database of who is able to fly airplanes in any specific geographic area in the United States. But they haven’t made a similar commitment to do that for drone operators,” Stepanovich says. She calls that a double standard.

People won’t know which agency, company, or person is behind the remote control of the drone flying over their homes, Stepanovich says. “So the FAA definitely has a role to play in protecting privacy,” she says.

Stepanovich suggests the FAA incorporate a registry: “We’re talking about transparency, requiring that drone users register what technology they are deploying on their drones, and what capacity these drones will have. This just gets at making sure people are aware of what’s going on in their own area.”