Man flying a drone showing the updated drone policy by U.S. Justice Department to address cybersecurity and privacy concerns
US Justice Department Updates Drone Policy to Address Cybersecurity, Privacy Concerns Nicole Lindsey

US Justice Department Updates Drone Policy to Address Cybersecurity, Privacy Concerns

The U.S. Justice Department, which often uses drones as part of its investigations, has released a new policy update on how it can use these Unmanned Aircraft Systems (UAS). The updated drone policy will take the place of its former 2015 policy guidance, which outlined a basic framework for how the Justice Department should be using drones. While much of this basic framework remains unchanged, the U.S. Justice Department has updated the policy to include provisions for both cybersecurity evaluations and the protection of privacy and civil liberties.

New cybersecurity provisions of the drone policy

Given the heightened concerns around corporate espionage and state-sponsored spying from rival nations such as China, the U.S. Justice Department is now making a cybersecurity evaluation mandatory for any new acquisition of UAS technology or components. Citing potential risks to the Justice Department’s supply chain and the Justice Department’s computer network, the new drone policy will require much greater attention to the source and origin of any new drone (or drone components) added to the DOJ drone fleet. Cybersecurity evaluations will be particularly important for those drones flying over sensitive infrastructure targets or heavily restricted airspace where defense or intelligence facilities are located.

In many ways, this new obsession over cybersecurity risks is based on experience from other federal departments and agencies, which have acknowledged that there are now heightened concerns that drones manufactured or assembled in China might be used as part of surveillance activities within the borders of the United States. The Department of the Interior, for example, recently grounded its fleet of 800 Unmanned Aerial Vehicles (UAVs) due to cybersecurity and public safety concerns involving footage taken from drone cameras. These UAVs routinely fly over sensitive infrastructure targets, and the concern is that state-sponsored hackers might hack into these drones for intelligence and surveillance purposes. For now, the drone policy at the Department of the Interior is that any drone made in China or made with parts from China needs to remain grounded. Only in the event of emergencies or search-and-rescue missions can the department use Chinese drone technology.

New privacy provisions of the drone policy

The new drone policy at the Department of Justice will also require government workers and law enforcement officials to pay particular attention to privacy and civil liberties issues. For example, given the concerns that camera footage from drones might be used to conduct surveillance on private citizens, the new drone policy specifically spells out that drones cannot be used for any monitoring of activities that are protected by the U.S. Constitution. In announcing the new policy, officials emphasized that the U.S. Department of Justice has “a strong commitment to protection of privacy and civil liberties.” As a result, the drone policy says that drones can only be used for “authorized investigations and activities.”

As proof of its commitment to these principles, the Department’s new drone policy will establish a 180-day limit on retaining any personally identifiable information (PII). In short, privacy sensitive information must be deleted within 180 days. In addition, the Department will continue to carry out an annual privacy review of drone use. Overall, the new drone policy calls for “responsible, appropriate and effective use of UAS.” This includes appropriate training for all staff personnel who will be operating drones or any other UAS technology.

Growing cyber concerns within the U.S. government

Within the past 12 months, there have been growing national security concerns within the U.S. government based on technology derived from nations such as China. The highest-profile case, of course, involves Chinese tech giant Huawei, which has been embroiled in an ongoing dispute with the U.S. government. While Huawei is looking to sell its 5G networking and communications gear worldwide, the U.S. government has warned that this equipment comes with surveillance “back doors” that could be used by the Chinese government to snoop on American citizens or steal trade secrets.

With that as backdrop, it’s easy to see why the new drone policy from the Department of Justice specifically mentions cybersecurity evaluations. The fear is that any drone or UAS that contains parts or components from China might somehow be used as part of a state-sponsored surveillance program.

For that reason, the past few months have seen a flurry of activity as different government agencies and legislators work to enact protections against potential Chinese spying activities. In February 2019, for example, the FAA issued new drone restrictions for any drones flying over Department of Justice or Department of Defense targets. There are now temporary UAS flight restrictions for any drones flying within 400 feet of specified boundaries.

In addition, in September 2019, U.S. legislators introduced the American Security Drone Act of 2019, which essentially places an outright ban on any federal departments or agencies purchasing any drones or drone-related equipment either fully or partially made with components from nations known to represent a direct national security threat to the United States – including both Iran and China. Then, in October 2019, the House Committee on Homeland Security introduced a new bill banning the Department of Homeland Security from procuring any Unmanned Aircraft Systems from China.

Implications for future drone use

The new updated drone policy at the Department of Justice clearly signals that cybersecurity and privacy issues will continue to inform how the government and its partners use new technology such as drones. In announcing the new drone policy, the DOJ pointed out that the new, updated policy would serve as a template for state, local and tribal leaders.

The good news is that government leaders are becoming much more informed on cybersecurity topics, and much more receptive to laws and regulations that enshrine the fundamental right to privacy. Responsible, appropriate and effective use of UAS, as outlined by the new drone policy, is a step forward in the right direction. While crime-fighting activities might be top-of-mind for Justice Department officials, it is important to keep in mind the need to balance privacy and civil liberties issues.