OneTrust_Webcon_BB_300x250_ad_04.25.2016.v5-01

OneTrust_GDPRCompliance_square-banner1

By David Young, CIPP/US

Mention the use of drones—or unmanned aircraft systems (UAS)—and most Americans will likely think of either military uses in remote areas of Afghanistan or the potential for commercial drone use, such as Amazon package delivery. A great deal of attention has recently been focused on the latter, because the Federal Aviation Administration (FAA) has named test sites to research issues that will arise when commercial domestic uses of UAS are authorized. There has been substantial discussion that this process should also include consideration of privacy issues.

But often overlooked is the fact that the federal government has already been using drones for nonmilitary, domestic purposes, and privacy questions have already emerged. Organizations such as the ACLU and the Electronic Frontier Foundation (EFF) have been vocal in raising privacy concerns relating to these uses. See ACLU Legislative Counsel Chris Calabrese’s testimony to the Senate Commerce Committee on the “Future of Unmanned Aviation in the U.S. Economy” here.

The FAA has authorized 36 agencies—whose missions include firefighting, disaster relief, search and rescue, law enforcement, border security and military training—to operate unmanned aircraft. The most prevalent use has been undertaken by the Customs and Border Protection (CBP) Office of Air and Marine for the purpose of border patrol. CBP possesses the largest U.S. nonmilitary drone fleet.

News releases from CBP recount examples of successful drone missions spotting incidents of illegal immigration and the movement of illegal drugs across the border by land or marine craft. Less well-known is that other federal, state and local agencies, primarily related to law enforcement, effectively borrow the CBP drones by having CBP fly surveillance missions on their behalf.

In response to a Freedom of Information Act request of the EFF, CBP records revealed it had flown nearly 700 surveillance missions for other agencies during the two-year period between 2010 and 2012. While most of these missions were performed for the Coast Guard—for search and rescue missions, for example—or the Drug Enforcement Agency—for marijuana crop or methamphetamine lab searches, for example—some of the missions were for disaster relief or searches for missing persons. Other potential domestic government uses include environmental- or weather-monitoring.

There are hundreds of different types of drones and a wide spectrum of drone technology.

According to FAA Administrator Michael Huerta in his testimony before a Senate committee, drones “possess a wider operational range than manned aircraft, with a wider number of different physical and operational characteristics. Some UAS are the size of a fist and fly at low altitudes and slow speeds. Others have glider-like bodies with the wing span of a 737 and can fly above 60,000 feet. Many can fly and hover longer than manned aircraft.”  A piece for The Washington Post in 2011 called “Drones on the home front” showed four different types of drones used for domestic surveillance. And the PBS series NOVA, in an episode entitled “Rise of the Drones,” demonstrated an aerial surveillance system purportedly capable of high-resolution monitoring and recording of an entire city.

For the CBP, most prominent are the predator drones, which are unarmed but equipped with sophisticated sensors capable of detecting movement on the ground. Drones can be outfitted with high-powered cameras, live-feed video, thermal imaging and radar.

Given the potential for combining the data obtained from drones with sophisticated analytics software, the privacy concerns this technology presents are substantial.

In some respects, the issues raised are likely to resemble many of the same legal arguments already being presented by cell phones and global positioning system (GPS) tracking devices. Simply stated, our legal precedents were made in the context of technology that was not nearly as capable and efficient. While few would doubt the need for law enforcement to conduct surveillance of criminal suspects, near-continual surveillance of a broad geographic area enabled by vastly superior technology seems a different matter.

As a more innocent example, while most people might accept a speeding ticket from a police officer with minimal grousing, the feeling may turn to outrage upon receiving a ticket in the mail as a result of “automated law enforcement,” such as speeding cameras that capture any person who at any time exceeds the speed limit.

Privacy considerations in this context are likely to focus on:

  • limits to the geographic scope of UAS usage by government;
  • limits on the types and locations of activities monitored;
  • data retention restrictions;
  • warrant requirements;
  • limits on collecting data obtained from private UAS,
  • and limits on sharing of drone-obtained data with other government agencies and private entities.

With such concerns in mind, it is evident that the privacy boundaries specific to UAS technology have yet to be established.

There is a substantial body of First Amendment law that has upheld the right of persons to take photographs of people and things that are plainly visible from public spaces. Several Fourth Amendment Supreme Court decisions pertain to warrantless aerial surveillance by manned aircraft, but as yet, there is no Supreme Court case law on drones. For example, see Florida v. Riley, which said no warrant was required where police officers in a helicopter spotted marijuana from 400 feet above through a broken greenhouse roof; Dow Chem. Co. v. United States, which said there was no Fourth Amendment violation when the EPA used a precision aerial mapping camera to take photographs of a chemical plant from lawful navigable airspace, or California v. Ciraolo, which said no warrant was required for surveillance of an individual in his fenced-in backyard from an airplane flying at an altitude of 1,000 feet because, “Any member of the public flying in this airspace who glanced down could have seen everything that these officers observed.”

Would these cases have been decided differently had they involved unmanned aircraft methodically recording data from sweeps of a wide geographic area? 

The development of case law relating to GPS technology may also be instructive. Again, while few would doubt the need for law enforcement to tail a criminal suspect in another vehicle, some believe that the issue should be weighed differently when GPS technology is utilized, particularly over long periods of time.

In United States v. Jones, Justice Antonin Scalia’s opinion for the court emphasized the intrusion on private property incident to attaching a GPS device to a car. But in Justice Samuel Alito’s concurrence, four justices stated more broadly that “the use of longer term GPS monitoring in investigations of most offenses impinges on privacy. For such offenses, society’s expectation has been that law enforcement agents and others would not—and indeed, in the main, simply could not—secretly monitor and catalogue every single movement of an individual’s car for a very long period.” 

Several bills have been introduced in Congress to impose warrant requirements or other restrictions on government UAS usage. More than a dozen state legislatures have passed legislation regulating drone usage, with the obvious limitation that they cannot restrict activities outside that particular state. See, these two Virginia bills, approved April 3, 2013, placing moratorium on drone use by Virginia state agencies, with limited exceptions.

Finally, the FAA’s role in integrating drone operations into the national airspace system is one of safety and operational efficiency. Its role does not extend to restricting the purposes for which UAS are used or the privacy regulations that should accompany the uses. The FAA has, however, released a privacy policy that will apply by contract to the drone test sites to experiment with possible commercial uses of drone technology.

Accordingly, while government domestic use of drones has been underway for years, the privacy laws governing those activities remain uncertain. The sophistication and capabilities of these aircraft in a wide variety of settings—from disaster relief to law enforcement—is certain to create an increased demand for their use from government agencies. Given the lack of direct legal precedent, it is certain that Congress and the Supreme Court will be challenged in the coming years to define the privacy boundaries governing the use of UAS technology.

David Young, CIPP/US, is a partner in the Washington, DC, office of Goodwin Procter, LLP, and a member of the firm’s Privacy and Data Security and Intellectual Property practices. Young’s practice includes privacy law, advertising, intellectual property, and he has a particular interest in privacy issues relating to advertising, social media, higher education, location data and biometrics. Before entering private practice, Young clerked in the U.S. District Court for the Eastern District of Virginia and the Department of Justice and worked for several years as a legislative staffer on Capitol Hill.

Comments

If you want to comment on this post, you need to login.

Related

Board of Directors

See the esteemed group of leaders shaping the future of the IAPP.

Contact Us

Need someone to talk to? We’re here for you.

IAPP Staff

Looking for someone specific? Visit the staff directory.

Learn more about the IAPP»

Daily Dashboard

The day’s top stories from around the world

Privacy Perspectives

Where the real conversations in privacy happen

The Privacy Advisor

Original reporting and feature articles on the latest privacy developments

Privacy Tracker

Alerts and legal analysis of legislative trends

Privacy Tech

Exploring the technology of privacy

Canada Dashboard Digest

A roundup of the top Canadian privacy news

Europe Data Protection Digest

A roundup of the top European data protection news

Asia-Pacific Dashboard Digest

A roundup of the top privacy news from the Asia-Pacific region

Latin America Dashboard Digest

A roundup of the top privacy news from Latin America

IAPP Westin Research Center

Original works. Groundbreaking research. Emerging scholars.

Get more News »

Find a KnowledgeNet Chapter Near You

Network and talk privacy at IAPP KnowledgeNet meetings, taking place worldwide.

Women Leading Privacy

Events, volunteer opportunities and more designed to help you give and get career support and expand your network.

IAPP Job Board

Looking for a new challenge, or need to hire your next privacy pro? The IAPP Job Board is the answer.

Join the Privacy List

Have ideas? Need advice? Subscribe to the Privacy List. It’s crowdsourcing, with an exceptional crowd.

Find more ways to Connect »

Find a Privacy Training Class

Two-day privacy training classes are held around the world. See the complete schedule now.

NEW! Raise Staff Awareness

Equip all your data-handling staff to reduce privacy risk, with Privacy Core™ e-learning essentials.

Online Privacy Training

Build your knowledge. The privacy know-how you need is just a click away.

The Training Post—Can’t-Miss Training Updates

Subscribe now to get the latest alerts on training opportunities around the world.

Upcoming Web Conferences

See our list of upcoming web conferences. Just log on, listen in and learn!

Train Your Team

Get your team up to speed on privacy by bringing IAPP training to your organization.

Learn more »

CIPP Certification

The global standard for the go-to person for privacy laws, regulations and frameworks

CIPM Certification

The first and only privacy certification for professionals who manage day-to-day operations

CIPT Certification

The industry benchmark for IT professionals worldwide to validate their knowledge of privacy requirements

NEW! FIP Designation

Recognizing the advanced knowledge and issue-spotting skills a privacy pro must attain in today’s complex world of data privacy.

Certify Your Staff

Find out how you can bring the world’s only globally recognized privacy certification to a group in your organization.

Learn more about IAPP certification »

Get Schooled in Privacy

Looking to get some higher-ed in privacy? Check out these schools that include data privacy courses in their curricula.

Privacy Vendor List

Find a privacy vendor to meet your needs with our filterable list of global service providers.

NEW! Raise Staff Awareness

Equip all your data-handling staff to reduce privacy risk, with Privacy Core™ e-learning essentials.

The Industry of Privacy

Take stock, compare your practices to those of other organizations, and get budget with these studies on the industry of privacy.

More Resources »

P.S.R.—One Powerhouse Program

The program is too good to miss. The speakers are world-renowned. P.S.R. brings you the best of the best in privacy and security. Don't wait: Register now!

Speak at the Intensive!

The call for proposals for our London event, the Data Protection Intensive, is now open! Submit your session idea today.

Time to Get to Work at the Congress

Thought leadership, a thriving community and unrivaled education...the Congress prepares you for the challenges ahead. Register today.

GDPR Comprehensive London: Last Chance!

The IAPP GDPR Comprehensive heads to London this fall. This is your last chance at this popular program this year!

Sponsor an Event

Increase visibility for your organization—check out sponsorship opportunities today.

More Conferences »

Become a Member

Start taking advantage of the many IAPP member benefits today

Corporate Members

See our list of high-profile corporate members—and find out why you should become one, too

Renew Your Membership

Don’t miss out for a minute—continue accessing your benefits

Join the IAPP»