Back in November, Commercial UAV News reported on the Department of the Interior’s (DOI) intention to ground its DJI fleet pending an investigation into the security risks that Chinese-manufactured drones may present. In an unfortunate turn of events, the DOI has decided to permanently halt its drone program. Considering the depth of their involvement with drone technology, this is not only surprising, but is being met with protests within the agency itself.

“The decision is being made despite widespread concerns among department staff that taking the fleet out of action will cost the government significant time and money,” reported The Financial Times. “Documents seen by The Financial Times reveal that staff at various agencies have protested against the proposals.” 

The DOI has nearly 1,000 drones in their fleet that have been used for multiple purposes from mapping and wildlife management/monitoring to fighting wildfires. The alternative methods for these types of jobs, like manned flight or manual surveying, monitoring, firefighting, and counting, tend to be more costly and/or time consuming. With so much at stake, we could conclude that the decision must have been made due to a real and imminent threat to national security, but some believe this is not necessarily the case.

“Despite several positive steps from DJI,” wrote Malek Murison, freelance editor and writer for Dronelife. “The manufacturer has consistently come under fire for, as far as we can tell, being based in China. The bigger picture, in this case, is that the machinery at work goes far beyond DJI or any single manufacturer’s data security history.”

The political machinery at work, whether there is justification or not, does not appear to be seeking out other alternatives to maintain its drone program, regardless of the cost of losing it, and this is setting an unsettling precedent. This indicates that the pressure from Congress to sanction all Chinese manufactured parts supersedes all other financial and functional objectives of government agencies. Whether this will end up having consequences for commercial UAV operations is yet to be seen, but the political environment and sentiments seem to have been established with this decision. We now know how far the current government is willing to go on this matter.

The commercial drone industry is not short of options to protect its data, however, and there are new avenues that are being explored in this field by companies like Red Cat. These solutions utilize security procedures, like blockchain, to encrypt data so that only the user and owner of the data can access it. Commercial UAV News recently spoke with Jeff Thompson, president and CEO at Red Cat to talk about what some of those solutions could be, why the government is putting sanctions on Chinese-made drones, how we can address the problems our current government has with drone data security and more.

Danielle Gagne: Since you work closely with issues of drone security, you are close to the current issue with Chinese drones. What are the issues that the US currently sees with foreign drones from “non-cooperative” countries? Can you break down the situation you have been seeing?

Jeff Thompson: Let’s break this down from a consumer, commercial, and government standpoint. When all of your registration, file systems, and data are sent to a Chinese company in order to provide services like tech support, registration, and data backup, this may not be important for your average consumer and it may or may not be important to your commercial consumer depending on the data they are collecting. But when a government, any government, has to go through the same process and usage model as a consumer, including giving your data to a company in another country, that’s a huge concern for governments across the globe. It’s a big deal.

Red Cat is trying to do something very similar to what Apple has done with its own devices: it’s your device, so it’s your data and no one else should ever be able to see that data unless you want them to see it.

So, how might that work? What would it take to get to that point where the user owns their own data, or rather what needs to happen in order to make drones safe regardless of their origin?  

Almost all the parts in the entire drone industry are made in china, and then we have the largest company, DJI, coming from China. They are the best drones for probably 70%–80% of the commercial drone applications out there. But most drone operators are not highly skilled software programmers, so they are unable to ensure that their data is not shared within the ecosystem of the drone manufacturer, regardless if it is China or someone else. So, if they are approached by a government agency to do a job, they aren’t able to provide that guarantee. 

I think this is a major issue. There are a lot of companies globally who don’t want their data to be tied to the manufacturer, regardless of origin. We need to cut that cord between the drone manufacturer and that data being collected and generated by the drone. Drones can do useful stuff for many governments across the globe, but that data has to be protected and secure and cannot be accessible to other governments who might use that data for bad things.

This is something we have been trying to address. We’re trying to make it so that drone manufacturers, through their process, can enable Red Cat to put the drone owner/operator in control of their own data, and make it so it cannot be accessed unless that drone operator wants it to be accessed.

This is similar to how Apple sets up your data on your iPhone. They do not let anyone have your data; they don’t let anyone crack it. We’re trying to give the drone operator that level of control with their data, and we do that through encryption protocols such as blockchain.

Can you tell us a little bit more about what blockchain is and why it is considered to be tamper proof? How does it protect users who may want to use a drone from a company like DJI?

It is basically a distributed leger in its simplest form. With blockchain, every time data is generated, it creates a transactional block that cannot be altered or changed once written. To reverse a transaction, a new block must be made and there is a permanent record of both transactions. The blocks are connected chronologically via an encrypted hash that references the block before it. The idea is simple but the algorithm that supports it is really complex.

What is great about blockchain is that it enables digital information to be distributed but never copied or modified. This means the data can be trusted. Secondly, that data can never be accessed unless you have the correct key to connect to that blockchain. So, it is also secure. This is why blockchain applications are starting to get utilized across a lot of different platforms such as FinTech and financial industries. Anything that uses typical ledger applications is using blockchain architecture. It’s just a simple, trusted technology that is starting to be utilized by many applications.

In order to avoid security issues and maintain chain of custody, many users are choosing to forego any networked connectivity with their drone at all, looking instead for local solutions like storing data on SIM cards. But with the way that the FAA has put the NPRM on Remote ID together, this will not be an option in the future, as most commercial drone usage will need to be connected to the internet. Is there a way to securely share and transmit data from any drone, regardless of origin? If so, what is the degree of security?

If people are choosing not to connect to anything and store their data on a SIM card, they’re also at a huge risk because most of the stored data on the drone is actually written in a text file, literally a .txt file.

In the worst-case scenario, if you are doing important work for the government and your drone crashes, someone can take that SIM card and very easily get the information off of it or even alter that information. So, this is not a total solution either, it’s an interim solution.

In the future, we’ll have high encryption on the drone distributing information in real time back to the blockchain. That is what Red Cat’s plans are.

But for now, let’s look at a lot of the interest in the drone industry right now. For example, Verizon bought the drone company Skyward. Verizon believes that all of these drones will be doing things like deliveries, blood deliveries, inspections—all the things that drones make better, faster, cheaper, and safer—and this will be driven by 5G networks.

Most drones fly 200 to 400 feet, and that is perfect for 5G. They’re not going to fly by GPS, because GPS is unreliable, if you fly behind a building, the drone can lose the signal. But a 5G network is going to enable drones to be hyperconnected with a very low latency and high bandwidth capabilities. So, drones will be able to fly very accurately.

You bring up a good point, we aren’t just looking at countries like China getting unauthorized access to our data, but how we can make that data secure and trustworthy no matter what. This ties into making that data collection process visible, transparent, reliable, and unalterable. Can you talk about how this kind of technology would enable that to happen?

This is a crucial item because the UAV market has been slowed down by the chicken and the egg problem. Regulators ask us to do X, and we want them to tell us what we can do and why. We go back and forth, but they won’t choose the technologies. We want to know what the rules are going to be, but everything is ambiguous.

The bottom line, however, is that if you have a very important device to do very important work, you want that information to be encrypted from the second it is generated. This is what Red Cat is looking to do with its software. All the information that the drone collects is protected the second it gets generated.

A lot of the flight controllers out there do not have the capability for encryption while they are flying the drone. We are looking for ways to help manufacturers of flight controllers and CPUs have that capability to do all the encryption while it is flying so that the data is 100% safe and only accessible to the owner of that drone, regardless of the origin of the manufacturer.

That’s one of the biggest attributes of any blockchain. If your drone, regardless of the manufacturer, falls out of the sky into a place you didn’t want it to go, if someone finds that drone, that data is 100% useless to them.

Once you protect the data, a lot of these government issues go away.

For example, if we look at when GPS became mainstream, all of a sudden people started paying attention to the privacy and security issues it presented—this technology enables you to find someone within three meters. We had to work through the security and privacy issues this presented. I think drones are going through the same phase right now. We are waking up to the value that drones offer to make work faster, safer, cheaper but we are also aware of the security risks, and we are starting to sort out how to make the data they collect secure.