The Federal Aviation Administration (FAA), which oversees the domestic deployment of the digital eyes in the sky known as drone aircraft, is suffering from a major blind spot: protection of personal privacy.
That message is now coming not just from privacy advocates but from both federal and state legislators, including Congressmen Ed Markey (D-Mass.), who recently filed a bill to require the FAA to strengthen privacy provisions governing drone surveillance.
The use of drones, more formally labeled unmanned aircraft systems (UAS), has expanded well beyond war zones. Their high-resolution, digital eyes are being used for surveillance in the U.S. with increasing frequency.
Estimates are that there will be 30,000 of them deployed domestically by 2020, by both commercial and government entities.
And the capabilities of those cameras combined with facial recognition technology and databases add up to "not just surveillance, but ubiquitous surveillance," said Bruce Schneier, author, blogger and chief security technology officer at BT. "Instead of 'follow that car,' it's 'follow every car.' And follow it for six months back."
USA Today reported recently that lawmakers are finally taking notice. "Congress and at least 10 state legislatures could consider bills this year that would limit the use of the camera-equipped, unmanned aircraft in the USA," it said.
Markey, now running for the U.S. Senate seat being vacated by recently confirmed Secretary of State John Kerry, filed a bill in December titled the Drone Aircraft Privacy and Transparency Act (DAPTA) to require privacy provisions "relating to data collection and minimization, disclosure, warrant requirements for law enforcement, and enforcement measures in the licensing and operation of ... drones."
Markey and U.S. Rep. Joe Barton (R-Texas) said in an earlier statement that it took them five months to get a response from the FAA on questions about privacy. And Markey said last Nov. 29 that the agency's answers "make it clear that privacy is a 'blind spot' in its oversight of non-military domestic drones. This is misguided and wrong."
Among still-unanswered questions, Markey said: "How [the FAA] plans to notify the public about where and when drones will be used, who will operate the drones, what data will be collected, how will the data be used, how long will the data be retained, and who will have access to the data."
Privacy advocates have been concerned about the proliferation of drones for some time. The Electronic Frontier Foundation (EFF) filed a Freedom of Information Act (FOIA) request nearly two years ago, in April 2011, and then a lawsuit a year ago against the FAA's parent agency, the Department of Transportation, seeking information on drone licensing. It finally obtained several thousand pages of records this past December on hundreds of domestic drones.
[See related: Drones increasing used for surveillance in the U.S.]
Part of the concern is over the capabilities of cameras and other equipment in drones, which can track people, vehicles and even small objects from altitudes greater than 20,000 feet. A recent video posted on YouTube shows Yiannis Antoniades of BAE Systems demonstrating the reach of the 1.8 gigapixel ARGUS-IS video surveillance camera, which can track people and vehicles in a medium-sized city of 15 square miles. Every moving object is tracked and stored.
Amie Stepanovich, associate litigation counsel at the Electronic Privacy Information Center (EPIC), said ARGUS means "a city can be under constant, 24/7 surveillance."
"[ARGUS] will likely operate with numerous, smaller drones that are able to navigate close to buildings and structures and carry sophisticated equipment, like facial recognition, terahertz scanners, and license plate readers," Stepanovich said.
The EFF complaint cited one drone that can crack Wi-Fi networks and intercept text messages and cell phone conversations, "without the knowledge or help of either the communications provider or the customer."
As several comments on the group's website noted, if the government allowed this to become public, it is likely well out of date, and the current capabilities are much greater.
That, according to author and former political consultant Naomi Wolf, is enough to declare that, "the police state [in the U.S.] is now officially here."
Writing in The Guardian, Wolf notes that among the information collected by EFF is that some drones are "as small as hummingbirds -- meaning that you won't necessarily see them, tracking your meeting with your fellow activists, with your accountant or your congressman, or filming your cruising the bars or your assignation with your lover, as its video-gathering whirs."
The drones will not all be from the government either. The FAA, which has already issued permits to Raytheon, General Atomics, Telford Aviation, and Honeywell to test new drones, has been charged by Congress to develop guidelines for both commercial and government drone use by October 2015.
"HSBC, Chase, Halliburton etc. can have their very own fleets of domestic surveillance drones," Wolf wrote. And that, combined with drones used by the military, by the Department of Homeland Security (DHS) and local law enforcement, adds up to some serious surveillance. "The meshing of military, domestic law enforcement, and commercial interests is absolute. You don't need a messy, distressing declaration of martial law."
Schneier agrees the technology is now in place for "a wholesale surveillance state."
"And, you have to remember that technology never gets worse," Schneier said. "It always gets better. That's what's worrisome."
He said Markey's bill will not solve the problem, because it is already arriving a bit late. "It's very difficult to produce regulations with money involved," he said. "Once there is a drone industry, it makes it harder."
But he said there is some value to that and other legislative efforts. "At least it gets a conversation started," Schneier said.
Stepanovich said EPIC has petitioned the FAA to issue "regulations that are based on principles of transparency and accountability for all drone operators."
Read more about data privacy in CSOonline's Data Privacy section.