WASHINGTON—When the Federal Aviation Administration released its proposed “framework of regulations” for governing the commercial use of small unmanned aircraft systems last month, people were surprised. After years of failing to act on a 2012 congressional order to develop regulations, the FAA’s proposal seemingly fell from the sky – unexpected, and as it turns out, an unexpected gift to the drone community.
But noticeably missing from the proposed regulations? Privacy.
And the FAA owned up to it. In a privacy impact assessment issued along with the proposed framework, the agency stated that it “acknowledges that privacy concerns have been raised about unmanned aircraft operations. … These issues are beyond the scope of this rulemaking.”
That makes sense, according to Matt Waite. Privacy is not in its wheelhouse.
“The FAA has said all along that it is not a privacy organization – It is an aviation safety organization. They don’t have the experience or the skill[set] to be in the privacy business,” Waite added.
A professor of journalism and founder of the Drone Journalism Lab at the University of Nebraska-Lincoln, Waite said that the FAA more or less intentionally walked away from building privacy regulations into its proposal. “They had been talking about it and had been claiming that that was the reason it was all being delayed [as] they were considering privacy regulations … But ultimately, nothing.”
Waite said that the implications of that choice suggest that states are going to have to make up the difference.
“The FAA has wisely backed off all privacy issues [because] there’s no need for a new federal privacy bureaucracy [when] states already have protections in place,” said Charles Tobin, a privacy rights lawyer and partner at Holland & Knight.
“The laws that are on the books are all technology agnostic. They apply to computers, they apply to still cameras, they apply to wireless microphones, they apply to video cameras … and there’s no reason that they can’t be applied – as already written – to UAVs,” Tobin added.
He said he understands why people are concerned, but suggests we look to history for any insight we might need. “Since the turn of the century, people have expressed concerns about every single new phase of technology [that has been] developed to allow people to gather information in public places and private places, and so over the decades, states have developed a strong series of statutes and precedents in the courts that deal with electronic surveillance, eavesdropping, trespassing and just about any other concern for invasion of privacy.”
To add additional statutes would be more than redundant, Tobin said. It would be confusing for everyone involved. It also leaves the possibility that one law could potentially violate the other.
While recognizing that the FAA made the appropriate call when it chose to step aside, Tobin said the baton has simply been passed on down the line. A presidential memorandum issued the same day as the FAA’s proposed regulations relays the responsibility to “develop a framework regarding privacy, accountability, and transparency for commercial and private UAS use” to the Department of Commerce. The memo states that the department must initiate a “multi-stakeholder engagement process” within 90 days of the memo’s release – so it must begin work by mid-May. According to Tobin, “the development of private industry best practices” by the Department of Commerce is a positive step – but it should avoid stepping further.
Government trying to involve itself in the regulation of a specific piece of technology is just a terrible idea, Waite said. “As we are already seeing, the government lags way behind technology when it comes to laws that would deal with that technology. It’s taken the FAA a long time to come up with rules for these drones and they’re flying around right now. They’re being used for commercial purposes even though the FAA says, ‘No, you can’t do that.’” Law will forever lag behind technology, he said.
“So if that’s the case, then legislatures and policymakers need to acknowledge and accept that and begin to craft rules that are technology agnostic,” Waite added. Because therein lies the solution to any concerns that privacy might be invaded.
Waite said that the key is deciding what we don’t want people to do – what we need to prevent from happening. “We need to start thinking about what we consider a reasonable expectation of privacy in our modern times. And if that’s not allowing [me to] photograph [someone] streaking in their backyard, then that’s great. We can say I can’t do that. But it shouldn’t matter how I do that, [just that] you don’t want me to do it.”
It’s about understanding what we’re offended by. And then realizing that if privacy was violated, then how it was done is unimportant, he added.
The drone-related privacy concerns of the average American are actually pretty obvious, Waite said. They’re afraid of a drone operator peering into their windows like a 21st Century peeping tom, or using them to stalk and harass people. And they’re also afraid that someone might gather information about them and their behaviors.
Amie Stepanovich, senior policy counsel for privacy advocacy group Access Now, said these concerns are genuine because drone technology is in a league of its own. “Drones have [the] capacity to bring a bunch of different surveillance technologies onto a singular platform and to reach into areas that other vehicles have not been able to get to. For example, up into very high buildings or into inside spaces.”
But many of the acts people are fearful of are actually crimes, Waite said. They’re already illegal. “It is illegal for you to fly up and peer in[to] someone’s window, those peeping tom laws already handle that.” He admitted that some states aren’t as advanced as others because they require that an offender physically be on the property to be prosecuted as a peeping tom. “[But] that doesn’t take a great leap of mind to fix that real quick,” he added.
Gathering information through surveillance is a different issue, however, one steeped with potential for abuse. Stepanovich said that limitations should be put in place to restrict the ways in which government agencies can use drone technology. “It’s highly advanced and gives them a great deal [of] increased capability and can be used to collect a great deal of information,” she said.
“We need things that will, for example, protect users’ location information from being collected and tracked. … It comes back to tracking people over time without a warrant and being able to pinpoint their exact location. And this is true with drones but … there are several other different kinds of technologies that are coming out. And we need to make sure that that information is adequately protected.”
The presidential memo issued in conjunction with the FAA’s proposal states that agencies must “comply with the Privacy Act of 1974, which, among other things, restricts the collection and dissemination of individuals’ information that is maintained in systems of records, including personally identifiable information.”
The White House’s assurance that government agencies will be held accountable to legacy privacy standards is a good thing, Stepanovich said, but she recommends further attribution and transparency.
“The FAA has a publicly accessible database of who is able to fly airplanes in any specific geographic area in the United States. But they haven’t made a similar commitment to do that for drone operators,” Stepanovich said. She calls that a double standard.
People won’t know which agency, company or person is behind the remote of the drone flying over their homes. They’re already fearful, so that’s not the best way to go about this, Stepanovich added.
“And so the FAA definitely has a role to play in protecting privacy,” and she recommends the agency operate a full registry. “We’re talking about transparency, requiring that drone users register what technology they are deploying on their drones, and what capacity these drones will have. This just gets at making sure people are aware of what’s going on in their own area,” she added.
“But it should be up to Congress and other agencies to ensure that users don’t violate one another’s privacy rights.” That requires a separate law, but Stepanovich said it would be a mistake to make a new law for a singular piece of technology.
Like Waite and Tobin, she advises technology agnosticism when it comes to lawmaking. Because technology changes frequently. And for that same reason, Stepanovich said the drone privacy debate is an important one: “It will definitely be worth paying attention to because it’s really deciding the future of this technology in the U.S.”
All three agree that the next 24 months will be very exciting. “We’re sort of in the early years of the Wild West stage here, where the rules and the court cases [haven’t happened] yet,” Waite said. “But things are going to happen and they’re going to be tested in court and they’re going to be squared to our constitutional values and when they are, we’ll actually have a fairly stable system.”
“But until then you’re going to have some crazy stuff going on,” Waite added. “You’re going to see people doing things that were never envisioned and you’re going to see [drones] being used in ways that we hadn’t thought of yet. And some of that’s going to be cool and neat and some of it’s going to be kind of ugly.”
One thing is guaranteed: The waiting game has just begun.