Naked Security Naked Security

US tightens rules on drone use in policy update

When it comes to managing drones (Unmanned Aircraft Systems, or UAS) the US Department of Justice wants Americans to know it’s on the case.

When it comes to the issue of managing drones (Unmanned Aircraft Systems, or UAS) the US Department of Justice wants Americans to know it’s on the case.

In 2015, the DOJ published what was meant to be a comprehensive policy governing how US Government departments and law enforcement use drones to take account issues such as privacy, law and the Constitution.

Four years on and things have moved on a bit, prompting tweaks addressing more recent concerns, including misuse, access to airspace, and the cybersecurity of the drones themselves.

Large parts of the 2015 policy and its 2019 update sound almost identical. On privacy, both policies limit departments gathering drone data that contains personally identifiable information (PII) to 180 days unless there’s a specific reason to keep it longer.

In other words, it’s much the same mix of privacy rules, limits, and exceptions applied to all areas of technology which give officials just enough wiggle room to gather and retain data in defined circumstances.

Cybersecurity

That said, a few of the 2019 policies could turn out to be significant, the most important relating to the cybersecurity design of the drones themselves.

It’s a complex new front that won’t be any easier to manage with drones than it is in other areas of computing. For instance, the section on drone procurement states:

The procurement of IT must comply with applicable laws, policies, and regulations, including those administered by the Office of the Chief Information Officer. The Department ensures appropriate security and privacy protections for data and IT through the risk-based Department Cybersecurity Program and effective IT management.

Which is a way of saying that before buying them departments must do the same cybersecurity assessment on drones that they would on other IT equipment.

On this topic, earlier this month the Department of the Interior (DOI) grounded many Chinese-made drones in use by government departments, in order to carry out a review of their security risk.

It seems US officials have grown concerned that foreign drones could be used to covertly take pictures of national infrastructure.

It’s not an outlandish worry although no evidence was provided that this had ever happened in the past, but the US Government is treating it with an abundance of caution, as indeed do other governments around the world.

A second anxiety is how drones might be misused. It doesn’t set any specific rules for this but mentions that the DOJ is talking to the Federal Aviation Authority (FAA) about the issue of “specialized air traffic and airspace management support.”

It’s not hard to imagine where that thought has come from – nearly a year ago drones brought London’s Gatwick Airport to a halt for two days, prompting mild panic after it became apparent that the authorities had no easy way of stopping them.

Repeat incidents are inevitable, but at least anyone trying such a thing now has been well warned. As the DOJ says in this week’s press release:

The Department welcomes lawful and beneficial uses of UAS, which promise to enhance the economy and transform the delivery of goods and the provision of critical services ranging from search-and-rescue to industrial inspections.  At the same time, the Department will not hesitate to take action against those who threaten the safety of our skies and the public.

Although the policy document is intended for internal government use, it could also be interpreted as a warning to commercial operators to make sure their drones aren’t hijacked, a scenario which a report from earlier this year warned might be possible.

For drone lovers, this is a lot to take in. In just a few years, these devices have gone from being viewed as entertaining novelties to dangerous military weapons or spying devices for criminals and foreign governments.