CompTIA, the world’s largest non-profit IT association, has been closely involved with developing standards and best practices for the drone industry for several years now. A key component of their association, the CompTIA Drone Advisory Council, recently released a response to the FAA’s Remote ID (RID) Notice of Proposed Rulemaking (NPRM). The members of the council are industry leaders from every sector of the ecosystem who have been charged with developing strategies and standards to ensure the success of the industry, so needless to say, they have a lot of experience and expertise between them. In the three paragraphs of their statement (printed in its entirety in the below infographic), the council expresses its key issues with the NPRM on RID, which revolve around privacy, the burden of cost (financial and otherwise), and law enforcement.
Commercial UAV News spoke with two members of the Drone Advisory Council, David Kovar CEO of URSA Inc. and Brian Kravets UAS operations and IT Systems Manager of Spaceco Inc., to gain further insight into these comments, what they believe the issues currently are with the NPRM on RID, what the FAA can do to make changes before releasing the final Remote ID regulation, and more.
Danielle Gagne: In the comment released by the Drone Advisory Council, it mentions that the NPRM on RID would bring “troublesome, prohibitive consequences that would hamper growth, raise serious security issues, and have a damaging effect on drone pilots and businesses” can you talk about what the council saw as some of those consequences?
David Kovar: There are a lot of potential consequences that different groups are perceiving. Some of the ones that we perceived and went into formulating this response are related to cost, limiting of access and activity, and security/privacy issues.
With respect to cost, one of the things that the FAA’s NPRM acknowledged was that setting up the Remote ID infrastructure was going to be expensive. However, they didn’t clearly articulate where that money was going to come from. The proposal suggested that service providers would cover the cost of setting it up, and then they would somehow recoup that expense, which we expect will be passed on to end users somehow in the form of fees or something else. That uncertainty about how this is going to be funded creates a great deal of concern.
With concern to limiting access and activity, the National Airspace is a resource that should be available to everybody who wishes to use it within reason. We have a fundamental belief that a UAV operator who is compliant within FAA regulations should have relatively unfettered access to the airspace. However, the way the NPRM is written it could potentially limit the types of activities you can perform.
How the NPRM is potentially limiting for commercial activities comes down to the requirement that you have to transmit your location in real time. If, for example, you are operating in a remote area without internet connectivity, you would potentially be limited on what sorts of activities you can engage in. The challenge here is that a lot of commercial operations are taking place in areas that don’t have internet connectivity such as surveying a new pipeline or conducting a search and rescue operation in the wilderness. If those activities are limited by the remote ID requirements, it can potentially affect public safety and commercial activities.
The issue with security is problematic for a couple of different reasons. One interpretation of the NPRM is that the operators’ physical location while they are flying would potentially be available to the general public. I don’t believe that was anybody’s intention, including the FAA’s, but there is certainly a way of reading the NPRM where that is a possibility.
UAV operators have already been harassed while legally and respectfully flying their drones. If every operators’ physical location while flying were made available publicly, it would potentially create opportunities for the public to either intentionally or unintentionally harass or otherwise interfere with these operations.
To put it another way, one of the primary safety regulations for operating a drone is to constantly keep visual line of sight of the drone while in flight. If one or more members of the public came up to an operator while their drone was in flight and start talking to them and asking them questions, that operator’s ability to safely fly that drone could be potentially compromised.
There are other concerns as well concerning data privacy and security. There is an enormous amount of valuable information that would be available about the operator, such as the type of aircraft that is being flown and where they are flying. From that data, a lot of other things can be deduced. You could, for instance, figure out where the operator lives or the type of business they are conducting.
This type of data is valuable to somebody. We’ve seen this already with other technologies, companies track browsing data from our computers or where we are located by the GPS in our cellphones or fitness trackers. So, this is a very valid concern, based on many years of private companies making revenue from our personal data. We are potentially exposing people to additional risks that would manifest itself via Remote ID.
Who will have access to the data and what they can use it for is of great interest and concern for us, and ensuring that data is only used for its originally stated purpose of legitimate law enforcement investigations.
Additionally, your statement mentions undue burdens on commercial operators, what are some of these burdens and can you explain why the council believes they are undue?
Brian Kravets: One of the requirements of the NPRM is that the drone and ground station be connected to the internet at all times. To do this will require upgrading equipment for some users, as well as obtaining a sufficient data plan and a subscription to a third-party service supplier who will do the actual transmission of the location information and correlating of that data. All of these are additional costs that will be a burden on many drone operators who have been lawfully operating their drones for years and have helped to drive critical growth in the industry.
We feel there should be a way to implement Remote ID without adding all this additional financial burden to the people who are driving the growth of the industry.
In the final paragraph of the council’s statement you call for more education on FAA 107 rules for law enforcement. Why is this important in the context of the NPRM RID? Who do you think should be responsible for that education?
David Kovar: To answer the first part of that question, why is this important. There have already been negative or confrontational interactions between the public, law enforcement, and drone operators, and many of these incidents have been due to a lack of education on one person’s part. Addressing that lack of education will help us reduce those confrontations, which are frustrating for all people concerned and can potentially lead to some negative interactions, such as people being unjustly arrested or having to deal with expensive, frivolous lawsuits, and so on.
I think it is important for law enforcement as well as any other government entity that law enforcement reports to, to clearly understand what the FAA is responsible for and what their rules, regulations, and requirements for operating in the National Airspace are. I also think it is critically important for law enforcement, and particularly the people they are reporting to, to understand what their local jurisdictions cover.
What we are asking law enforcement to do is essentially enforce federal law relating to the US National Airspace. I cannot come up with any similar circumstances in which local law enforcement has been charged with enforcing rules for the National Airspace. This is not something that a police officer in charge of their local neighborhood has ever had to be concerned with before. The rules of the National Airspace are complicated, and this is an additional burden that they have not been trained to take on. We need to provide them with that training so that they know exactly what is and isn’t legal.
Also, the FAA does not have jurisdiction over things like personal privacy. For example, if a drone is within regulations hovering over someone’s backyard but the camera is pointing into their neighbor’s yard, that person may potentially perceive that as an invasion of their personal privacy. They may choose to call local law enforcement to complain about an FAA Part 107 violation. Law enforcement needs to understand that there is no FAA regulation violation, it is rather a violation of someone’s privacy and that is not the FAA’s responsibility. This would be up to local and regional laws to determine.
Another reason that this education is crucially important for local law enforcement, and for the jurisdiction they are responsible to, is to help ensure that rule-making bodies are writing local laws that are actually enforceable. We saw this play out recently in Michigan, in which the court threw out a local law that it deemed was not enforceable.
In terms of who is responsible, I think there are multiple people who are responsible. I think the FAA is absolutely responsible for being very clear about what is legal or illegal for a drone operator to do and to be very clear about what is not within the FAA’s jurisdiction. I also think it is very important for the politicians who are responsible for law enforcement agencies to educate themselves and ensure that this education is available for their law enforcement agencies and to the public they are serving.
We also need a variety of organizations, non-profits like CompTIA and otherwise, to educate their membership on what is actually legal and illegal. There is also a certain amount of education that any drone operator should take upon themselves—the federal, state, and local government can only go so far with their limited resources. Individual operators need to take responsibly for their own education so that they can protect themselves if questioned.
I think these things combined are the only way we are all going to become educated.
What kind of topics should be covered in this education? And how do you envision it could be implemented?
Brian Kravets: Definitely airspace restrictions, how drone operators are allowed to interact with airspace around airports especially, any rules regarding where and when it’s okay to fly a drone—for instance not flying over people but being able to fly over properties in certain circumstances. But really, they should be taught all of the Part 107 rules—they are not terribly complex, and it is not a terribly hard test, especially with all the other rules and regulations that a law enforcement agency needs to know.
In terms of implementation, I think online courses and seminars would be a good idea as they can reach a large population without having to use classrooms. There is such a variation of understanding on the Part 107 rules by the public and law enforcement that just getting everyone on the same page is important.
What are the key areas of change the council hopes to see in the final RID rule?
Brian Kravets: The big one for me is education for law enforcement agencies, as well as ensuring we do everything to keep the financial burden down and codifying how operators’ location data will be protected. Is it going to be encrypted? How is the data stored? It is really easy to get hacked, so how is this data going to be stored and kept safe? I’d like to see that spelled out more in the final rule.
David Kovar: Similar to Brian, I believe that the final ruling needs to be very clear that Remote ID is intended to support authorized law enforcement investigations and that the data collected by the system is only used for that purpose. It is not available to the general public, it is not available to be monetized by service providers, and it is not available for whatever other purposes.
We need to protect everyone’s access to the National Airspace at minimal to no cost for all legal operations even if they are operating in an area without the internet to enable public safety and commercial operations as well as hobbyist recreation. Making the Remote ID dependent on internet access is going to restrict activity within and access to the National Airspace, and that will have a negative impact on commercial, public safety, and hobbyist operations.
Additionally, there needs to be clarification about how this system will be designed, developed, and ultimately paid for. At the moment, the intent is that private sector service operators will design, stand up, operate, and somehow pay for all the infrastructure required to do this. But that leaves a lot of questions unanswered, and a lot of those questions create concerns about the risks of operational safety and data privacy, costs, and all the other things we’ve talked about.