“Big Brother” in the Private Sector: Privacy Threats Under the FAA’s New Civilian Drone Regulations

Brooklyn Law Review, Jul 2017

The Federal Aviation Administration’s (FAA) recent promulgation of civilian drone regulations triggered the growth of a new consumer industry. As this industry grows, so do the privacy threats it presents. Drones with advanced technological capabilities can record and store a wide range of data, without the consent of the data’s source. Privileged information captured by drones—whether for innocent purposes or not—is in turn vulnerable to misappropriation, as civilian drones are far from hack-proof. Despite the likely privacy implications of large-scale drone legalization, the FAA’s new regulations do not include any privacy protections. This note provides a criticism of the FAA’s new drone regulations, with a focus on their disregard for the privacy threats presented by civilian drone legalization. As an illustration, this note more specifically analyzes the privacy concerns presented by civilian drones’ vulnerability to hackers. It concludes that new federal legislation is necessary, and suggests some potential contents of drone privacy regulations that would help combat the privacy problems associated with civilian drones’ mass entry into United States’ skies.

A PDF file should load here. If you do not see its contents the file may be temporarily unavailable at the journal website or you do not have a PDF plug-in installed and enabled in your browser.

Alternatively, you can download the file locally and open with any standalone PDF reader:

https://brooklynworks.brooklaw.edu/cgi/viewcontent.cgi?article=1558&context=blr

“Big Brother” in the Private Sector: Privacy Threats Under the FAA’s New Civilian Drone Regulations

This Note is brought to you for free and open access by the Law Journals at BrooklynWorks. It has been accepted for inclusion in Brooklyn Law Review by an authorized editor of BrooklynWorks. “Big Brother” in the Private Sector: Privacy Thr eats Under the FA A's New Civilian Drone Regulations Sean M. Nolan Follow this and additional works at: https://brooklynworks.brooklaw.edu/blr Part of the Privacy Law Commons, and the Science and Technology Law Commons - “Big Brother” in the Private Sector INTRODUCTION With the advent of a mass market for civilian drones in the United States on the horizon, cybersecurity concerns regarding potential data misappropriation are greater than ever before. These concerns were compounded in 2015 when the Federal Aviation Administration (FAA)1 released a draft of small, unmanned aerial vehicle (drone) regulations for public notice and comment, which, notably, did not include any privacy provisions.2 Following the FAA’s issuance of proposed regulations, the Electronic Privacy Information Center (EPIC), along with a number of other privacy advocacy organizations, commenced a legal action against the FAA, which ultimately sought to force the FAA to include privacy provisions in its new drone regulations.3 EPIC’s petition was dismissed as premature in May of 2016 by the Court of Appeals for the D.C. Circuit, which held that only final regulations may be challenged, and the regulations at issue were still in draft form.4 Soon after the D.C. Circuit’s decision, the FAA announced that it had promulgated a final version of these regulations, which took effect on August 29, 2016.5 EPIC proceeded to commence a new lawsuit against the FAA, challenging these final drone regulations.6 Because the D.C. Circuit dismissed EPIC’s concerns as premature during the FAA’s drafting stage, which allowed the FAA to promulgate final versions of the regulations as currently drafted, the privacy invasion concerns that were voiced will likely become a reality faster than the rulemakers can respond. With effective legal status, civilian drones will overwhelm our skies, capturing data on a massive scale—data that will subsequently become exposed to hackers.7 The now-inevitable, wide-scale deployment of civilian drones presents numerous unique and serious problems that the United States is currently ill equipped to handle. This note provides a criticism of the FAA’s new drone regulations with a focus on their disregard for the privacy threats they present. More specifically, it analyzes the privacy concerns presented by civilian drones’ vulnerability to hackers. Part I provides background on the growth of the domestic civilian drone industry, the various threats to individual privacy stemming from this growth, and the current state of the law with regard to civilian drone use. Part II analyzes privacy concerns unaddressed by the current legal landscape for civilian drones, with a specific focus on the ability of drones to capture and retain sensitive data that is vulnerable to hackers. Part III discusses the current scope of the FAA’s new small civilian drone regulations, and EPIC’s legal challenges to the existing regulations as representative of various other civil rights organizations. Finally, Part IV suggests a solution to the major problems posed—identifying potential ways to effectively integrate civilian drones into domestic airspace without eroding the privacy rights of American citizens. First, Congress should amend the existing statute that mandates the FAA to develop drone regulations—or pass a separate statute—to explicitly require that the regulations include privacy protections. Then, after receiving an express grant of congressional authority, the FAA should repeal its current drone regulations, revise them to include privacy provisions, and reopen the revised regulations for public commentary. Statutory action by Congress would force 6 See Petition for Review, Elec. Privacy Info. Ctr. v. Fed. Aviation Admin., No. 16-1297 (D.C. Cir. Aug. 22, 2016), https://epic.org/privacy/litigation/apa/faa/drones/EPICPetition-08222016.pdf [https://perma.cc/57J6-5GDV] [hereinafter Second EPIC Petition for Review]. 7 See Electronic Privacy Information Center, Comments on Notice of Proposed Rulemaking: Operation and Certification of Small Unmanned Aircraft Systems 1–2, 13– 15 (Apr. 24, 2015), http://www.regulations.gov/#!documentDetail;D=FAA-2015-0150-4314 [hereinafter EPIC Comments]. the FAA to issue significant new regulations that adequately quell the large-scale privacy threat presented by civilian drones. CIVILIAN DRONE USE IN THE UNITED STATES AND ITS IMPACT ON PRIVACY RIGHTS The Birth and Development of the Civilian Drone Industry Largely attributable to globalization and society’s headfirst dive into the digital age, technological advancement has occurred at an exponential pace in modern history, with some sources estimating that computer processing ability currently doubles every twelve to (...truncated)


This is a preview of a remote PDF: https://brooklynworks.brooklaw.edu/cgi/viewcontent.cgi?article=1558&context=blr

Sean M. Nolan. “Big Brother” in the Private Sector: Privacy Threats Under the FAA’s New Civilian Drone Regulations, Brooklyn Law Review, 2017, Volume 82, Issue 3,