NBAA Raises Privacy Issue Over New Drone Regulation
The location of a drone operator should be made available to police but not to the public, the National Business Aviation Association (NBAA) says in a Jan. 19 critique of the FAA’s new Remote Identification of Unmanned Aircraft final rule.
“[W]hile NBAA broadly supported many of the provisions contained in the rule as a foundation for safety, national security and operational efficiency, concerns regarding privacy were acknowledged, but not corrected, in this final rule,” the association said.
The FAA published the so-called Remote ID regulation in the Federal Register on Jan. 15; it had released a prepublication draft on Dec. 28, 2020. The rule requires that all small drones weighing more than half a pound be capable of broadcasting identification and positional data to receiving devices on the ground.
As of Jan. 11, the FAA counted 1.25 million drone hobbyists who had registered their models and 522,645 registered commercial aircraft. There were 208,010 remote pilots certified to fly drones for business under the agency’s Part 107 regulation.
Drone operators will not be required to connect to a cellular network to transmit position data over the internet, a provision that caused controversy when the FAA in a December 2019 notice of proposed rulemaking (NPRM) suggested requiring both network and broadcast means of transmitting information. The draft rule generated 53,000 public comments; the estimated cost of the final rule is 60% cheaper to the public than the original NPRM.
The new Part 89 regulation becomes effective on March 16. Drone manufacturers must build transmitters into their models by Sept. 16, 2022. Operators have until Sept. 16, 2023, to retrofit an existing drone with a “broadcast module” or through a software upgrade.
Under the rule’s Standard Remote ID category, for a drone designed to broadcast its position, the signal it transmits must include either an aircraft serial number or a dynamically generated session identification; the location of the control station (latitude, longitude and geometric altitude); location of the aircraft (latitude, longitude, geometric altitude, velocity), time and an emergency status indication.
For remote identification using a broadcast module, the signal must include the serial number of the module, takeoff location, aircraft location and time. The location of the control station and an emergency indicator are not required.
“The broadcast module is not really integrated into the system, so it doesn’t really know where the controller is,” said Fox Rothschild attorney Mark McKinnon, who explained the rule during a Jan. 5 webcast. “As a proxy for that, [the FAA specified] the takeoff location with the idea that the controller is probably going to be in the vicinity of the takeoff location and, therefore, that will allow law enforcement and the FAA the ability to locate the person.”
Commenting on the regulation, the NBAA said it believes that location data for the drone control station should only be available to the police, certain other safety agencies and the FAA, but not to the general public. A concern that operators have raised on social media is that widespread knowledge of the control station’s location can lead to harassment of the operator.
“Ensuring privacy and security of drone operations would benefit many types of UAS missions, whether by protecting a company’s confidential business information or a last-mile delivery consumer’s right to privacy,” the association said.
“For decades, NBAA has focused on protecting privacy and security for our community. We want to keep the door open for continued efforts to find a reasonable solution to privacy and security risks created by compliance with this rule.”