EPIC v. FAA
Challenging the FAA's Failure to Establish Drone Privacy Rules
Congress required the FAA to develop a "comprehensive plan" to "safely" integrate drones into the national airspace. In 2012, over 100 organizations, experts, and advocates joined EPIC in petitioning the FAA to establish privacy protections prior to the deployment of commercial drones in the United States. In 2014, the FAA responded to EPIC's petition, claiming that drone privacy implications "did not raise an immediate safety concern." The FAA further stated, "the FAA has begun a rulemaking addressing civil operation of small unmanned aircraft systems in the national airspace system. We will consider your comments and arguments as part of that project." But in 2015 when the FAA announced a rulemaking on commercial drones, the agency purposefully ignored privacy concerns, stating that privacy "issues are beyond the scope of this rulemaking." EPIC promptly filed suit on against the FAA (“EPIC v. FAA I”) challenging the FAA’s denial of EPIC’s petition and the FAA’s failure to include privacy in the small drone rulemaking. The D.C Circuit ruled that EPIC’s was time-barred from challenging the denial of EPIC’s petition and premature in challenging the Small Drone Rulemaking. The FAA finalized the Small Drone Rulemaking in 2016 and EPIC filed suit again (EPIC v. FAA II) and has challenged the FAA’s failure to address privacy in the Small Drone Rulemaking.
- FAA Advisory Panel Recommends Remote Tracking and Identification of Drones: A federal advisory panel has issued a report with recommendations for the remote tracking and identification of drones. The FAA advisory report also said the "FAA must review privacy considerations, in consultation with privacy experts and other Federal agencies, including developing a secure system that allows for segmented access to the ID and tracking information." EPIC backed remote identification and tracking of drones in comments on the agency's drone registration rule. EPIC also recommended privacy protections for the personal data collected for hobbyist drone users, though EPIC's recommendations go beyond the proposals contained in the advisory panel report. EPIC is currently challenging the FAA's failure to establish privacy safeguards. EPIC v. FAA is before the D.C. Circuit Court of Appeals, with oral arguments scheduled for January 25, 2018. (Dec. 20, 2017)
- FAA Drone Registration Requirement Flies Again: A defense authorization bill signed by the President today restores the FAA's drone registration requirement. The registration requirement was struck down by a federal appeals court earlier this year. EPIC supports registration for commercial drones because of the unique privacy risks they pose. In 2015, EPIC submitted extensive comments to the FAA, proposing that commercial drones also routinely broadcast location, course, speed over ground, as well as owner identifying information, similar to the Automated Identification System for commercial vessels. Earlier this year, EPIC also submitted statements to the House Transportation Committee and the Senate Commerce Committee emphasizing the privacy risks of commercial drones. EPIC is currently challenging the FAA's failure to establish privacy safeguards. EPIC v. FAA is before the D.C. Circuit Court of Appeals, with oral arguments scheduled for January 25, 2018. (Dec. 12, 2017) More top news »
The FAA Modernization and Reform Act of 2012 (Public Law 112-95) orders the Transportation Department to conduct a public rulemaking to safely integrate drones into the national airspace. "Drones" or "unmanned aircrafts" are aerial vehicles that operate without a human pilot onboard. The Federal Aviation Administration (FAA), a component of the Department of Transportation, is the agency responsible for licensing domestic drones. Drones are equipped with highly sophisticated surveillance technology that threatens personal privacy. Drones' collection of personal information, including physical location, poses a public safety problem for millions of individuals. And, as stated by Senator Ayotte, Chair of the Subcommittee on Aviation Operations, Safety, and Security, "Unlimited surveillance by government or private actors is not something that our society is ready or willing or should accept. Because [drones] can significantly lower the threshold for observation, the risk of abuse and the risk of abusive surveillance increases."
On March 8, 2012, EPIC, joined by over 100 organizations, experts, and advocates, petitioned the FAA to "conduct a rulemaking to address the threat to privacy and civil liberties that will result from the deployment of aerial drones within the United States." On February 23, 2015, the FAA denied EPIC's petition. On this date, the FAA issued a notice of proposed rulemaking (NPRM) to "adopt specific rules to allow the operation" of drones. The NPRM states, "[t]he FAA also notes that privacy concerns have been raised about [drones]," but privacy issues "are beyond the scope of this rulemaking."
Congress explicitly ordered the Transportation Department to conduct a public rulemaking to safely integrate drones into the national airspace. As EPIC's petition described in detail, drones are equipped with increasingly sophisticated technology that gathers sensitive personal details, including location information and biometric information. A necessary component in the safe integration of drones is ensuring meaningful, effective privacy protections.
The FAA violated the law when it failed to issue and solicit public comments on proposed drone privacy regulations.
EPIC's Petition to the FAA
On March 8, 2012, EPIC, joined by over 100 organizations, experts, and advocates, petitioned the FAA to "conduct a rulemaking to address the threat to privacy and civil liberties that will result from the deployment of aerial drones within the United States." EPIC explained the substantial civil liberties and privacy threats that drones pose. For example "[g]igapixel cameras used to outfit drones are among the highest definition camera available, and can ‘provide real-time video streams at a rate of 10 frames a second.' " EPIC noted that some drones could track "up to 65 different targets across a distance of 65 square miles" and that drones can gather sensitive, personal information through drone infrared cameras, heat sensors, GPS, sensors that detect movement, automated license plate readers, and facial recognition technology. This type of technology presents a unique threat to privacy because of drones' persistent surveillance and, "by virtue of their design, their size, and how high they can fly, [drones] can operate undetected in urban and rural environments." EPIC highlighted examples of contemporary drone uses, including "paparazzi drones," private detectives using drones, Google's use of street-level drones for Google Street View, and criminals using drones to stalk and harass. EPIC petition states, "[w]ith special capabilities and enhanced equipment, drones are able to conduct far more detailed surveillance, obtaining high resolution picture and video, peering inside high level windows, and through solid barriers, such as fences, trees, and even walls."
EPIC urged the FAA to "assess the privacy problems associated with the highly intrusive nature of drone aircraft, and the ability of operators to gain access to private areas and to track individuals over large distances." In light of the substantial privacy threats that the impending deployment of drones in the U.S. poses, EPIC and the coalition petitioned the FAA to:
- conduct a notice and comment rulemaking on the impact of privacy and civil liberties related to the use of drones in the United States. In order to adequately address all of the potential threats, the FAA should examine and report on the impact on privacy to individuals within the scope of their comprehensive plan to safely integrate civil drones into the national airspace, required under 322(a) of the FAA Modernization and Reform Act;
- conduct a notice and comment rulemaking on the impact of privacy and civil liberties related to the use of drones by government operators pursuant to the agency actions required under § 324(c) of the FAA Modernization and Reform Act; and
- take into consideration during the notice and comment rulemaking the use and retention of data acquired by drone operators; the relation between drone operation and property rights; the ability of an individual to obtain a restraining order against a drone vehicle; and use limitations on drone vehicles and requirements for enforcement of those limitations. In relation to the government use of drones, the rulemakings should also consider the application of the Privacy Act of 1974 to the information gathered by drone operators.
On June 28, 2016, the FAA denied EPIC's petition. On this date, the FAA issued a final rule on the "Operation and Certification of Small" drones. The rule states that "privacy concerns have been raised regarding the integration of [drones] into the NAS," but privacy issues "are beyond the scope of this rulemaking." Instead of a public notice and comment rulemaking, the FAA and Transportation Department will participate in the National Telecommunications and Information Administration (NTIA) "multistakeholder process aimed at developing privacy best practices for the commercial and private use of [drones]." The NTIA "multistakeholder process" will not produce any legal restrictions on the use of domestic drones for aerial surveillance nor establish any legal rights for individuals who are subject to drone surveillance in the United States.
Prior to the NPRM, the FAA wrote a letter to EPIC on November 26, 2014, claiming that the "issue [EPIC has] raised is not an immediate safety concern." The FAA further stated, "the FAA has begun a rulemaking addressing civil operation of small unmanned aircraft systems in the national airspace system. We will consider your comments and arguments as part of that project."
But, as the FAA made clear when the agency issued the NPRM, the agency will not consider EPIC's comments because, according to the agency, privacy issues "are beyond the scope of this rulemaking."
- Documents Related to EPIC's Petition to FAA re: Drone Privacy Rulemaking
- EPIC's FAA Petition (March 8, 2012)
- FAA Letter Dismissing EPIC's Petition (November 26, 2014)
- FAA's Notice of Proposed Rulemaking, Denying EPIC's Petition (February 23, 2015)
- EPIC v. FAA I: U.S. Court of Appeals for the D.C. Circuit, Case No. 15-1075
- EPIC's Petition for Review to the D.C. Circuit (March 31, 2015)
- EPIC Docketing Statement (May 5, 2015)
- EPIC Statement of Issues (May 5, 2015)
- FAA Motion to Dismiss (May 15, 2015)
- EPIC Response in Opposition (May 28, 2015)
- FAA Reply (June 4, 2015)
- Order Referring the FAA Motion to the Panel (Aug. 13, 2015)
- EPIC Opening Brief (Sept. 28, 2015)
- FAA Brief (November 4, 2015)
- EPIC Reply Brief (November 18, 2015)
- Opinion (May 10, 2016)
- EPIC v. FAA II: U.S. Court of Appeals for the D.C. Circuit, Case No. 16-1297
- EPIC Petition for Review to the D.C. Circuit (August 22, 2016)
- EPIC Opening Brief (February 28, 2017)
- EPIC Addendum (February 28, 2017)
- Joint Appendix (February 28, 2017)
- EPIC Amended Opening Brief (March 2, 2017)
- EPIC Amended Addendum (March 2, 2017)
- FAA Opposition Brief (April 27, 2017)
- EPIC Reply Brief (May 12, 2017)
- Notice Concerning Oral Argument (Jan. 11, 2018)
- Congressional Research Service: Domestic Drones and Privacy: A Primer (March 30, 2015)
- Spotlight on Surveillance: DRONES: Eyes in the Sky
- EPIC Amicus Brief: State v. Davis (aerial surveillance)
- EPIC Testimony before Senate Judiciary Committee (domestic drones)
- Comments to the FAA re: Drone Test Sites
- Comments to the FAA re: Drone Test Site Program
- EPIC v. Army - Surveillance Blimps
- A. Michael Froomkin and Zak Colangelo, Self-Defense Against Robots (March 19, 2014)
- Ryan Calo, The Drone as Privacy Catalyst, 64 Stan. L. Rev. Online 29 (2011)
- Senate Aviation Operations, Safety, and Security Subcommittee hearing, "Unmanned Aircraft Systems: Key Considerations Regarding Safety, Innovation, Economic Impact, and Privacy" (March 24, 2015)
- Who will banish spy-cam drones from US skies? The FAA doesn't want to do it. EPIC disagrees, The Register, March 2, 2017
- FAA Wrong To Exclude Privacy From Drone Rules, EPIC Says, Law360, March 1, 2017
- Drones and Environmental Monitoring, Environmental Law Reporter, January 25, 2017
- United States: What Is The FTC Doing About Privacy And Drones?, Mondaq, November 3, 2016
- An Update On Drone Privacy Concerns, Law360, October 6, 2016
- Group Blasts Lack of Privacy Concerns in U.S. Drone Rules, Courthouse News Service, August 31, 2016
- The Federal Aviation Administration’s De Facto Drone Privacy Standards, Lexology, August 31, 2016
- Privacy advocates upset over FAA drone regulations, citizen takes action, SC Magazine, August 30, 2016
- New commercial drone rule takes effect, Atlanta Journal-Constitution, August 29, 2016
- FAA sued for lack of drone privacy rules, ZD Net, August 25, 2016
- FAA Sued Over Lack Of Privacy Controls In Final Drone Rule, Law 360, August 24, 2016
- FAA compromise bill drops key drone privacy provisions, Computerworld, July 14, 2016
- As Drones Fill the Skies, Privacy Worries Grow, The Fiscal Times, July 7, 2016
- Data, Drones and Apps: States Debate Privacy Protections as Technology Speeds Ahead, Stateline, July 1, 2016
- Commercial drone industry gets new relaxed rules, Naked Security, June 23, 2016
- F.A.A. Issues Commercial Drone Rules, New York Times, June 21, 2016
- We’ve Needed Commercial Drone Rules For Years. The FAA Just Released a First Step, Slate, June 21, 2016
- Drone Stakeholder Group Finalizes Best Practices, Law360, May 19, 2016
- DC Circ. Won't Review FAA Drone Privacy Challenge, Law360, May 11, 2016
- Court Denies Challenge to Lack of Drone Privacy Rules, Broadcasting & Cable, May 10, 2016
- EPIC Sues FAA Over Drone Rules, Wall Street Journal, April 1, 2015
- EPIC Sues FAA Over Lack Of Drone Privacy Rules, Law 360, April 1, 2015
- EPIC appeals to court for FAA drone privacy rules, CIO, April 1, 2015
- EPIC asks court for FAA drone privacy rules, Computerworld, March 31, 2015
- K.K., A looming threat, The Economist, March 19, 2015
- Eleanor Beardsley, French Authorities Pursue Drones Spotted Near Sensitive Sites, NPR, February 25, 2015
- Laura Sydell, Now You Can Sign Up To Keep Drones Away From Your Property, NPR, February 23, 2015
- Sam Sanders, FAA Proposal On Drones Highlights Safety Over Privacy Concerns, NPR, February 15, 2015
- Scott Neuman, Commercial Drone Rules To Limit Their Weight, Speed And Altitude, NPR, February 15, 2015
- 'Drone Shoot-Down Bill' Advances In Oklahoma, NPR, February 10, 2015
- Lily Hay Newman, Here's How to Set Up a No-Fly Drone Zone Over Your House, Slate, February 10, 2015
- Alwyn Scott, Americans OK with police drones - private ownership, not so much: Poll, Reuters, February 5, 2015
- Samantha Raphelson, Weekly Innovation: This Drone Fits In Your Pocket, NPR, October 9, 2014
- David Schaper, Lights, Camera, Drones: Hollywood's Lens Gets A Little Larger, NPR, September 26, 2014
- Rich Trenholm, Drone falls out of the sky and injures athlete, CNET, April 7, 2014
- Editorial, Putting Drones to the Test, NY TIMES, January 4, 2014<
- Matthew Walmarch, Domestic Drones Stir Imaginations, and Concerns, NY TIMES, March 17, 2013
- Ann Zaniewski,As drone use grows, so do privacy, safety concerns, USA Today, Detroit Free Press, March 7, 2013
- Op-Ed, The Dawning of Domestic Drones, NY TIMES, December 25, 2012
Share this page:
EPIC relies on support from individual donors to pursue our work.
Subscribe to the EPIC Alert
The EPIC Alert is a biweekly newsletter highlighting emerging privacy issues.
Privacy in the Modern Age