Future Tense

Drone Pilots Deserve Privacy Too

A new (and needed!) system to identify drones in the air could have worrisome consequences.

A drone with a New York state license plate.
Photo illustration by Slate. Photos by scanrail/iStock/Getty Images Plus; Yevhenii Dubinko/iStock/Getty Images Plus.

Who’s flying that drone over my house, and what exactly are they looking for? Is the pilot a police officer, a search-and-rescue volunteer, or Creepy Steve from four doors down? These concerns over the origin and intention of small drones have bedeviled the drone industry for as long as it has existed. Our inability to figure out who is piloting the weird quadcopter over our neighborhoods surely has a lot to do with why so many still distrust drones.

People are working on it, though. Since 2015, the FAA, NASA, and a number of industry partners have been developing something called unmanned aircraft systems traffic management, or UTM. This “cloud-based software architecture” would, among other things, help drones communicate with other aircraft, secure flight permissions more quickly, and even allow drones to fly beyond the “visual line of sight” (which is currently not permitted in the United States without a hard-to-get waiver). It would also make it possible to identify drones in the air, likely via some means of electronic identification readable to people on the ground and linked to the pilot, whose information would be stored in a registry.

We’ll need something like it if we want drone delivery to become a reality. But there’s one thing I’m worried about. Unlike our existing air traffic control system, traffic control for drones will rely upon private companies. Those companies will in turn be empowered to collect data on the people who use it. While we need a better way of ensuring that we can find drone pilots who break the rules, this system has the potential—if it’s not implemented carefully—to expose even law-abiding pilots’ data to unexpected or unwanted uses. It’s also a small but concerning sign of a larger movement toward privatizing government, enabling companies to gain relatively unfettered access to evermore data about our lives.

The UTM system details are still being developed. It could rely on mobile phone connectivity to work (which could be a problem for areas without reliable cell service), or it might rely on direct (local) broadcast, which uses a drone’s existing radio communications signal to send out information on its location and identification to nearby receivers. Versions of this are currently being piloted across the United States, and one aspect of the system is already in beta testing. Low Altitude Authorization and Notification Capability allows drone pilots get superfast authorization from the FAA to fly in controlled airspace around airports. Before LAANC, getting this authorization could be a lengthy, frustrating process for drone pilots. Now, pilots can, in some cases, be cleared to fly in just a few minutes. The FAA doesn’t run the online system that pilots use to apply for LAANC authorization itself, though. Instead, it’s authorized a number of private companies to offer LAANC services, meaning that pilots must sign up for one of these companies—and share their data with the company—to use the system.

This public-private partnership model is probably what the larger, more complicated UTM system will look like. To implement it, the FAA and NASA are partnering with private companies including Amazon, Google, DHL, FedEx, and UPS as well as drone-oriented startups like AirMap, Project Wing, and KittyHawk. These companies will act as unmanned aircraft systems service suppliers, or as a USS. (The drone industry is, unfortunately, really into initialisms). Like in the LAANC system, they will essentially provide customers with software platforms by which they can participate in the larger UTM system. There won’t be a government-run means of connecting with UTM. The FAA authorizes these companies to collect the pilot’s name, phone number, and unmanned aircraft systems registration number, as well as information on the flight itself. But the FAA also writes that the USS company “may collect information that is not required by the FAA, and is not transmitted to the FAA.” This extra data will be subject to the privacy policies of the company itself. It could, in theory, include everything from home address and demographic information to location information, collected from either the drone itself or from the mobile phone that the drone is connected to. Defenders of the USS system will doubtless point out that there will be multiple companies in the mix, giving privacy-concerned pilots a choice about whom they sign up with. But there isn’t a guarantee that this healthy competition will last, or that any of these companies will truly be better at protecting privacy than the others.

Some of the companies developing the drone UTM system are pushing for a networked, mobile-communication reliant solution to identifying drones, which would require that they be equipped with a chip and a cell service subscription to function in the system. While this system would have some real advantages, like possibly giving pilots and regulators a nationwide picture of every drone in the air at any given time, I’m not sold on it. This could be a problem for people who live in areas without mobile services, although there are proposals that might allow users to default to “local broadcast” when they’re out of range. More worrisome, this system might let companies more effectively track drone owners, in ways similar to how private companies track your mobile phone today—perhaps even when the drone isn’t actively in the air, such as when you switch it on to update the software system at home. While it’s true that my drone relies upon my iPhone to function, that doesn’t mean that I’m particularly enthused about the prospect of having two devices actively tracking my location whenever I fly it, or having to trust the mobile phone and drone companies administering the system to keep that data secure (especially in light of recent news about mobile phone companies’ cheerful willingness to sell location data to others).

How might this tracking ability and location information be used against activists, reporters, scientists, or other groups who use drones in their work? Such location data could, at least in theory, be seized and then used by the government to track dissenters, or perhaps sold to individuals who want to track the locations of their political enemies. The data could also easily find its way into unauthorized hands if someone steals it or—intentionally or accidentally—leaks it. In the absence of meaningful protections against these abuses, many vulnerable drone users might decide that using the technology isn’t worth the risk, diminishing its potential to make the aerial perspective accessible to a bigger, more diverse portion of humanity.

Finally, the government’s collaboration with private companies on drone tracking is another example of the privatization of services that used to be the purview of the government—including collecting data on people who use public goods, like national airspace. The Trump administration made plays at privatizing air traffic control, electricity transmission systems that are currently publicly owned, the Postal Service, and even (to some extent) the Department of Veteran Affairs. In March, we found out that FEMA unnecessarily exposed 2.3 million people’s data to an outside contractor. Currently, the government is sharing information about citizens with a number of data-driven Silicon Valley companies, including Palantir, Amazon, and NEC. Or consider the privacy concerns over the Real ID Act, which will centralize driver’s license databases across the country. The system is being developed as a collaboration between the federal government and private contractors, and there is considerable uncertainty over who has access to what data. Both government and corporations, sometimes in active collaboration with one another, will continue to accumulate ever-larger amounts of information about us, from our drone-use habits to our political preferences.

But partnerships between the public sector and private industry don’t have to be exploitative, and they don’t have to rely upon the relentless monetization of data. We can—and should—push for a future in which our regulatory system better protects our privacy. We should also push for companies who work with the government to do a better, more transparent job of protecting our data. That’s where drone companies, which are still relatively new, could set themselves apart from the bigger technological pack. Instead of leaning into stereotypes about the inherent creepiness of the technology, they could, as they develop the UTM system, set an example for everyone else, by protecting their users’ data and declining to monetize it.

Future Tense is a partnership of Slate, New America, and Arizona State University that examines emerging technologies, public policy, and society.