“Big Brother” in the Private Sector: Privacy Threats Under the FAA’s New Civilian Drone Regulations
This Note is brought to you for free and open access by the Law Journals at BrooklynWorks. It has been accepted for inclusion in Brooklyn Law Review
by an authorized editor of BrooklynWorks.
“Big Brother” in the Private Sector: Privacy Thr eats Under the FA A's New Civilian Drone Regulations
Sean M. Nolan
Follow this and additional works at: https://brooklynworks.brooklaw.edu/blr Part of the Privacy Law Commons, and the Science and Technology Law Commons
-
“Big Brother” in the Private Sector
INTRODUCTION
With the advent of a mass market for civilian drones in
the United States on the horizon, cybersecurity concerns
regarding potential data misappropriation are greater than ever
before. These concerns were compounded in 2015 when the
Federal Aviation Administration (FAA)1 released a draft of small,
unmanned aerial vehicle (drone) regulations for public notice and
comment, which, notably, did not include any privacy provisions.2
Following the FAA’s issuance of proposed regulations, the
Electronic Privacy Information Center (EPIC), along with a
number of other privacy advocacy organizations, commenced a
legal action against the FAA, which ultimately sought to force the
FAA to include privacy provisions in its new drone regulations.3
EPIC’s petition was dismissed as premature in May of 2016 by
the Court of Appeals for the D.C. Circuit, which held that only
final regulations may be challenged, and the regulations at issue
were still in draft form.4 Soon after the D.C. Circuit’s decision, the
FAA announced that it had promulgated a final version of these
regulations, which took effect on August 29, 2016.5 EPIC
proceeded to commence a new lawsuit against the FAA,
challenging these final drone regulations.6
Because the D.C. Circuit dismissed EPIC’s concerns as
premature during the FAA’s drafting stage, which allowed the
FAA to promulgate final versions of the regulations as currently
drafted, the privacy invasion concerns that were voiced will
likely become a reality faster than the rulemakers can respond.
With effective legal status, civilian drones will overwhelm our
skies, capturing data on a massive scale—data that will
subsequently become exposed to hackers.7 The now-inevitable,
wide-scale deployment of civilian drones presents numerous
unique and serious problems that the United States is currently
ill equipped to handle.
This note provides a criticism of the FAA’s new drone
regulations with a focus on their disregard for the privacy
threats they present. More specifically, it analyzes the privacy
concerns presented by civilian drones’ vulnerability to hackers.
Part I provides background on the growth of the domestic
civilian drone industry, the various threats to individual
privacy stemming from this growth, and the current state of
the law with regard to civilian drone use. Part II analyzes
privacy concerns unaddressed by the current legal landscape
for civilian drones, with a specific focus on the ability of drones
to capture and retain sensitive data that is vulnerable to
hackers. Part III discusses the current scope of the FAA’s new
small civilian drone regulations, and EPIC’s legal challenges to
the existing regulations as representative of various other civil
rights organizations. Finally, Part IV suggests a solution to the
major problems posed—identifying potential ways to effectively
integrate civilian drones into domestic airspace without
eroding the privacy rights of American citizens. First, Congress
should amend the existing statute that mandates the FAA to
develop drone regulations—or pass a separate statute—to
explicitly require that the regulations include privacy protections.
Then, after receiving an express grant of congressional authority,
the FAA should repeal its current drone regulations, revise them
to include privacy provisions, and reopen the revised regulations
for public commentary. Statutory action by Congress would force
6 See Petition for Review, Elec. Privacy Info. Ctr. v. Fed. Aviation Admin., No.
16-1297 (D.C. Cir. Aug. 22, 2016),
https://epic.org/privacy/litigation/apa/faa/drones/EPICPetition-08222016.pdf [https://perma.cc/57J6-5GDV] [hereinafter Second EPIC Petition
for Review].
7 See Electronic Privacy Information Center, Comments on Notice of Proposed
Rulemaking: Operation and Certification of Small Unmanned Aircraft Systems 1–2, 13–
15 (Apr. 24, 2015), http://www.regulations.gov/#!documentDetail;D=FAA-2015-0150-4314
[hereinafter EPIC Comments].
the FAA to issue significant new regulations that adequately
quell the large-scale privacy threat presented by civilian drones.
CIVILIAN DRONE USE IN THE UNITED STATES AND ITS IMPACT ON PRIVACY RIGHTS
The Birth and Development of the Civilian Drone Industry
Largely attributable to globalization and society’s
headfirst dive into the digital age, technological advancement has
occurred at an exponential pace in modern history, with some
sources estimating that computer processing ability currently
doubles every twelve to (...truncated)