EPIC v. FAA

Challenging the FAA's Failure to Establish Drone Privacy Rules

Summary

EPIC sued the Federal Aviation Administration for failing to establish privacy rules for commercial drones as mandated by Congress. Congress required the FAA to develop a "comprehensive plan" to "safely" integrate drones into the national airspace. In 2012, over 100 organizations, experts, and advocates joined EPIC in petitioning the FAA to establish privacy protections prior to the deployment of commercial drones in the United States. In 2014, the FAA responded to EPIC's petition, claiming that drone privacy implications "did not raise an immediate safety concern." The FAA further stated, "the FAA has begun a rulemaking addressing civil operation of small unmanned aircraft systems in the national airspace system. We will consider your comments and arguments as part of that project." But in 2015 when the FAA announced a rulemaking on commercial drones, the agency purposefully ignored privacy concerns, stating that privacy "issues are beyond the scope of this rulemaking."

Top News

  • Congress to Examine Artificial Intelligence: Today the Senate Commerce Committee will hold a hearing on "The Dawn of Artificial Intelligence." Experts from industry and academia will provide "a broad overview of the state of artificial intelligence, including policy implications and effects on commerce." In a prepared statement, EPIC urged the Committee to support "Algorithmic Transparency," an essential public policy strategy to make AI accountable. The hearing follows two White House reports -Preparing for the Future of Artificial Intelligence and the National Artificial Intelligence Research and Development Strategic Plan. EPIC is currently litigating several "AI" cases including EPIC v. FAA (drone surveillance), Cahen v. Toyota (autonomous vehicles), EPIC v. CPB (U.S. traveler "risk assessments"), and Secret DNA Forensic Source Code. (Nov. 30, 2016)
  • European Parliament Explores Algorithmic Transparency: A hearing today in the European Parliament brought together technologists, ethicists, and policymakers to examine "Algorithmic Accountability and Transparency in the Digital Economy." Recently German Chancellor Angela Merkel spoke against secret algorithms, warning that that there must be more transparency and accountability. EPIC has promoted Algorithmic Transparency for many years and is currently litigating several cases on the front lines of AI, including EPIC v. FAA (drones), Cahen v. Toyota (autonomous vehicles), and algorithms in criminal justice. EPIC has also proposed two amendments to Asimov's Rules of Robotics, requiring autonomous devices to reveal the basis of their decisions and to reveal their actual identity. (Nov. 7, 2016)
  • More top news »
  • EPIC FOIA - FAA Defies Congress, Fails to Complete Drone Privacy Report » (Oct. 24, 2016)
    Through an EPIC Freedom of Information Act request, EPIC obtained documents revealing that the FAA never finished a drone privacy report required by Congress. The Appropriations Act of 2014, which provided funding for the agency, required the FAA to inform Congress on "how the FAA can address the impact of widespread use of [drones] on individual privacy." The FAA drone privacy report was to be completed before the end of 2015 and prior to any drone regulations were issued. Now, as the end of 2016 approaches, the FAA has moved forward with regulations lacking privacy safeguards, and the drone privacy report still unfinished. EPIC is currently suing the FAA for the agency's failure to establish drone privacy rules.
  • FTC Hosts Event on Drones and Privacy » (Oct. 13, 2016)
    Today the Federal Trade Commission will host a panel discussion on drones and privacy as part of the agency's Fall Technology Series. The Director of EPIC's Domestic Surveillance Project, Jeramie Scott, will participate in the panel. Mr. Scott previously testified before the Pennsylvania Senate on domestic drone surveillance and submitted a statement for record regarding a Maryland bill to limit drone surveillance. EPIC and leading experts previously urged the FAA to adopt privacy rules for drones, and when the agency refused, EPIC sued. EPIC v. FAA is currently pending before the D.C. Circuit Court of Appeals.
  • White House Releases Reports on Future of Artificial Intelligence » (Oct. 13, 2016)
    The White House has released two new reports on the impact of Artificial Intelligence on the US economy and related policy concerns. Preparing for the Future of Artificial Intelligence surveys the current state of AI, applications, and emerging challenges for society and public policy. The report concludes "practitioners must ensure that AI-enabled systems are governable; that they are open, transparent, and understandable; that they can work effectively with people; and that their operation will remain consistent with human values and aspirations." A companion report National Artificial Intelligence Research and Development Strategic Plan proposes a strategic plan for Federally-funded research and development in AI. President Obama will discuss these issues on October 13 at the White House Frontiers Conference in Pittsburgh. #FutureofAI EPIC has promoted Algorithmic Transparency for many years and is currently litigating several cases on the front lines of AI, including EPIC v. FAA (drones), and Cahen v. Toyota (autonomous vehicles).
  • FAA Drone Advisory Committee to Address Privacy » (Sep. 19, 2016)
    In its inaugural meeting, the FAA's newly assembled Drone Advisory Committee decided to address privacy concerns posed by the increasing deployment of drones in the United States. The FAA Committee, lacking consumer and privacy representatives, was assembled to make recommendations to the FAA on drone policy. According to the National Conference on State Legislatures, at least 38 states have considered drone legislation so far this year. EPIC and leading experts previously urged the FAA to adopt privacy rules for drones, and when the agency refused, EPIC sued. EPIC v. FAA is currently pending before the D.C. Circuit Court of Appeals.
  • EPIC Sues FAA, Challenges Failure to Establish Drone Privacy Safeguards » (Aug. 23, 2016)
    EPIC has filed suit against the Federal Aviation Administration, arguing the agency failed to establish privacy rules for drones as required by Congress. Congress in 2012 ordered the FAA to issue "comprehensive" rules for drone use. EPIC and more than 100 organizations and experts subsequently urged the FAA to establish privacy protections prior to permitting widespread drone deployment. The FAA denied EPIC's petition. EPIC then sued the agency, but a federal appeals court ruled that EPIC's suit was premature because the agency had not yet issued a final rule and might still consider the privacy concerns raised by EPIC and others. The FAA then proceeded to issue final rules for small drones without privacy safeguards. EPIC is now challenging the agency final rule.
  • White House Hosts Drone Workshop, FAA OKs Commercial Use, Ignores Privacy » (Aug. 4, 2016)
    The White House hosted “Drones and the Future of Aviation.” The FAA Administrator announced that the FAA will approve drone operations over people before the end of the year. The FAA also announced an industry-led task force that will promote voluntary privacy best practices.  In EPIC v. FAA, EPIC challenged the FAA's failure to establish drone privacy regulations following a petition endorsed by more than 100 experts and organizations. The FAA has repeatedly acknowledged the privacy risks of drones, but has refused to establish privacy safeguards.
  • FAA Reauthorization Grounds Drone Privacy Safeguards » (Jul. 13, 2016)
    Shortly before adjourning, Congress passed the FAA Extension, Safety and Security Act of 2016 without drone privacy provisions authored by Senator Markey, included in the original legislation. Senator Markey said "Now is the time to prevent these eyes in the skies from becoming spies in the skies." EPIC urged Congress and the FAA to establish limits on drone surveillance. In EPIC v. FAA, EPIC challenged the FAA's failure to establish drone privacy regulations following a petition endorsed by more than 100 experts and organizations. EPIC's proposal to require remote identification of drones was incorporated in the legislation enacted by Congress.
  • FAA Approves Commercial Drones Without Privacy Safeguards » (Jun. 21, 2016)
    The FAA released the final rule on commercial drones today. Despite nearly 180 comments regarding the privacy risks of drones, the FAA failed to address the privacy risks of deploying commercial drones into the national airspace. EPIC previously filed suit against the FAA after more than 100 groups and experts petitioned the agency to conduct a rulemaking on drone privacy. EPIC also recommended the FAA implement a national database detailing the surveillance capabilities of commercial drones. The FAA has repeatedly acknowledged the privacy risks of drone deployment, but has so far refused to adopt any privacy safeguards.
  • Court Rules EPIC Must Wait to Challenge Missing Drone Privacy Rules » (May. 10, 2016)
    The federal appeals court in Washington, DC ruled today that EPIC’s suit against the Federal Aviation Administration must be set aside because the agency has not yet finalized the rules for drone operations in the United States. EPIC previously filed suit against the FAA after more than 100 groups and experts petitioned the agency to conduct a rulemaking on drone privacy. The FAA has repeatedly acknowledged the need to address privacy in drone operations, but has so far refused to adopt any privacy rules. In a related case, EPIC recently uncovered the minutes of a secret FAA drone task force. According to one of the participants, the “Current state of non-regulation negatively affects the public perception of drones. There is no regulatory recourse for anyone who is negatively affected by a small UAV [drones]."
  • EPIC FOIA - Secret Drone Task Force Records Disclosed » (May. 9, 2016)
    In response to EPIC's FOIA lawsuit, the Department of Transportation has released the minutes of a secret meeting  of the FAA drone task force. The task force included industry groups such as GoogleX, Amazon, and DJI, but consumer groups and privacy advocates were excluded from the hastily created advisory committee. The documents shed light on the secret meetings held last November. Several participants warned about privacy risks in drone deployment. The minutes also stated, "Current state of non-regulation negatively affects the public perception of drones. There is no regulatory recourse for anyone who is negatively affected by a small UAV [drones]." EPIC has urged the agency to do more to safeguard the public, and in EPIC v. FAA, challenged the FAA's failure to establish privacy regulations for drones.
  • FAA Announces Drone "Advisory Committee" » (May. 5, 2016)
    Yesterday FAA Administrator Michael Huerta announced that the FAA will establish a Drone Advisory Committee. According to Administrator Huerta, the committee "will help identify and prioritize integration challenges and improvements." Intel CEO Brian Krzanich will chair the committee. The Federal Advisory Committee Act requires federal agencies to ensure that advisory committees are “objective and accessible to the public.” EPIC previously criticized the FAA Drone Registration Task Force, which met in secret and includes no consumer groups. EPIC is currently suing the FAA for the secret meeting records of the Registration Task Force. EPIC previously sued the FAA for failing to establish privacy rules for commercial dronesEPIC v. FAA is pending before the D.C. Circuit Court of Appeals.
  • Drone Privacy Safeguards Move Forward in Senate » (Mar. 16, 2016)
    A Senate committee has adopted several key privacy amendments concerning drone operations in the US. The amendments, sponsored by Senator Markey (D-Mass), limit the scope of drone surveillance and require more accountability for drone operators. Markey stated, "As more and more drones take flight in our skies, the need to protect Americans' privacy is paramount." EPIC urged Congress and the FAA to establish limits on drone surveillance and recommended the FAA establish a database detailing drone surveillance capabilities. EPIC has sued the FAA for its failure to establish commercial drone privacy rules.
  • Senate to Consider FAA Funding but Drone Privacy Safeguards Missing » (Mar. 14, 2016)
    On March 16, 2016 the Senate will consider the FAA Reauthorization bill. Senator John Thune introduced the legislation to fund the operations of the the federal agency responsible for aviation safety. The bill requires drone operators to post privacy policies, but provides no meaningful privacy safeguards that would limit surveillance by drone operators. EPIC has urged Congress and the FAA to establish real limits on surveillance by drones. EPIC also recommended that the FAA to establish a national database detailing the surveillance capabilities of commercial drones. And after the agency failed to establish privacy rules mandated by Congress, EPIC filed a lawsuit, EPIC v. FAA that is now pending before the DC Circuit Court of Appeals.
  • EPIC to Argue before Federal Appeals Court for Drone Privacy Rules » (Feb. 9, 2016)
    EPIC President Marc Rotenberg will argue EPIC v. FAA before the D.C. Circuit Court of Appeals on February 10, 2016. EPIC, joined by more than 100 groups and experts, petitioned the agency to conduct a public rule-making on the privacy impact of increased drone deployment in the United States. The FAA acknowledged the importance of privacy and responded in November 2014 that it would undertake the rulemaking. But in early 2015, the agency reversed course and announced it would not establish privacy safeguards for commercial drones. As of February 5, 2016, the agency has granted more than 3,300 waivers to drone operators who lack certification to demonstrate airworthiness.
  • EPIC Urges FAA to Make Drone Surveillance Capabilities Public » (Jan. 15, 2016)
    In comments to the FAA, EPIC urged the agency to make public the surveillance capabilities of drones operated in the United Staes. EPIC also proposed privacy safeguards for personal information. EPIC stated, "It is not the personal information of the drone registrant that should be readily available to the public, but the technical capabilities of the registered drone." The FAA recently published a rule requiring drone registration, which EPIC supported. EPIC previously sued the FAA for failing to establish privacy rules for commercial drones. EPIC v. FAA is pending before the D.C. Circuit Court of Appeals.
  • DHS Releases Drone Privacy Best Practices » (Jan. 6, 2016)
    The Department of Homeland Security has released a set of drone privacy best practices. The best practices reflect many of the recommendations made by EPIC in testimony to Congress, including limiting data collection, use, dissemination, and retention. The recommendations also propose a redress program so individuals can challenge inappropriate collection. The best practices are only guidelines, but a Presidential Memorandum on drones and privacy requires that all federal agencies to establish and publish drone privacy procedures by February 2016. EPIC has sued the Federal Aviation Administration, EPIC v. FAA to establish privacy rules for commercial drones. Oral arguments are scheduled before the D.C. Circuit Court of Appeals on February 10.
  • EPIC to FAA: Proposed Registration Requirements Fall Short » (Nov. 23, 2015)
    The FAA Drone Task Force Final Report fails to ensure the safe operation of drones in the United States. The committee proposed only that drone operators (1) register online, (2) receive a universal registration number, and (3) mark the number on drones prior to operation. In comments to the agency, EPIC recommended that drones broadcast registration numbers, and that registration include drone surveillance capabilities and contact information for operators, such as phone numbers. The FAA's former top drone official told the Associated Press that drone surveillance capabilities will contribute to safety risks. EPIC previously sued the FAA for failing to establish privacy rules for commercial drones. That case is pending before the D.C. Circuit Court of Appeals.
  • Congress Examines (Lack of) Drone Privacy and Safety » (Nov. 20, 2015)
    This week a House Committee examined "The Fast-Evolving Uses and Economic Impacts of Drones." Chairman Burgess, echoing comments from other committee members, stated, "there are important questions around privacy laws and safety." The FAA Modernization and Reform Act of 2012 required the FAA to develop a "comprehensive plan" to integrate drones into national airspace by September 30, 2015. Despite missing the deadline, the FAA has granted over 2,220 exemptions for commercial drones even as safety and privacy concerns increase. More than 100 privacy experts and organizations petitioned the FAA to establish privacy safeguards prior to the deployment of drones. EPIC has sued the agency, EPIC v. FAA, to establish privacy rules for commercial drones.
  • In Court: EPIC Pursues Drone Privacy Safeguards » (Nov. 19, 2015)
    EPIC has filed an additional brief in EPIC v. FAA. The case follows from an act of Congress requiring a "comprehensive plan" for drone deployment and EPIC's petition, joined by more than 100 hundred experts, that urged the agency to establish drone privacy rules. In the most recent court filing, EPIC challenged the agency's rationale for dismissing the petition. EPIC also argued the FAA improperly ignored privacy concerns in a recent rulemaking on small drones. The FAA conceded that drones, "because of their size and capabilities, may enhance privacy concerns," but still did not propose privacy safeguards. The United States Court of Appeals for the DC Circuit is expected to hear argument in the case early next year.
  • EPIC Supports Drone Registration Proposal » (Nov. 11, 2015)
    In comments to the FAA, EPIC urged the agency to require all drone operators to register in a federal drone registry. An FAA task force, lacking any privacy experts, is developing a plan for a national registry. EPIC said registration is critical for public safety and privacy protection. EPIC recommended that the FAA require drones to broadcast identification information and that the registration database detail a drone's surveillance capabilities. EPIC also urged the agency to provide privacy protections for the personal information of hobbyists. Earlier this year, EPIC sued the FAA for failing to establish privacy rules for commercial drones as mandated by Congress.
  • In EPIC Lawsuit, FAA Concedes Drone Privacy Risks » (Nov. 5, 2015)
    The Federal Aviation Administration has filed a brief in response to EPIC's lawsuit, EPIC v. FAA, charging that the agency failed to establish privacy rules for commercial drones as required by law. EPIC sued the agency after Congress required a "comprehensive plan" for drone deployment and a petition, backed by more than one hundred organizations and privacy experts, called for privacy safeguards. In its response to EPIC, the FAA acknowledged that the comprehensive plan "recognizes the privacy issues that may be heightened" by drone surveillance. The FAA also conceded that drones, "because of their size and capabilities, may enhance privacy concerns," but the agency has still not begun the process of developing regulations to safeguard privacy.
  • FAA To Establish Drone Registration Database, Privacy Safeguards Still Needed » (Oct. 20, 2015)
    The Department of Transportation and FAA announced that drone operators will be required to register with a national drone registration database. A task force will develop recommendations for the registration process by November 20. The registration requirement is aimed at protecting public safety and promoting accountability, but creates new privacy risks. EPIC sued the FAA to develop privacy regulations for commercial drones. In EPIC v. FAA, EPIC recently argued that the agency's failure to establish privacy rules for commercial drones is a violation of law and should be overturned.
  • Congress Holds Hearing on Drone Safety After FAA Misses Deadline on Drone Regs » (Oct. 9, 2015)
    The House Subcommittee on Aviation held a hearing on drone safety after the FAA's failure to meet a Congressional deadline to implement comprehensive drone regulations. The FAA Modernization and Reform Act of 2012 required the agency to develop a "Comprehensive Plan" to integrate drones into the national airspace by September 30, 2015. The agency missed the deadline. However, the FAA has granted over a 1,700 exemptions for drones to operate in the US even as safety and privacy concerns increase. Chairman LaBiondo (R-NJ) said at the hearing, "The real possibility of a mid-air collision must be taken seriously in order to prevent tragic consequences." EPIC recently sued the agency, EPIC v. FAA, to establish privacy rules for commercial drones.
  • FAA Misses Deadline on Drones Regs, Also Ignores Privacy » (Oct. 2, 2015)
    FAA has failed to meet a Congressional deadline to implement comprehensive drone regulations. The FAA Modernization and Reform Act of 2012 required the agency to develop a "Comprehensive Plan" to integrate drones into the national airspace by September 30, 2015. The agency missed the deadline. However, the FAA has granted over a 1,700 exemptions for drones to operate in the US even as safety and privacy concerns increase. EPIC recently sued the agency, EPIC v. FAA, to establish privacy rules for commercial drones.
  • In Court: EPIC Challenges FAA Failure to Establish Drone Privacy Rules » (Sep. 29, 2015)
    EPIC has filed the opening brief in a lawsuit against the Federal Aviation Administration. EPIC charged that the agency’s failure to establish privacy rules for commercial drones is a violation of law and should be overturned. The EPIC lawsuit followed an Act of Congress requiring a “comprehensive plan” for the integration of drones and petition, backed by more than one hundred organizations and privacy experts, calling for privacy safeguards. EPIC stated that “As the agency has determined not to issue rules, contrary to the FAA Modernization Act and EPIC’s Rulemaking Petition, the Court must now order the agency to do so.” The case is EPIC v. FAA, No. 15-1075. The United States Court of Appeals for the DC Circuit is expected to hear oral argument in the case early next year. Press Release - EPIC v. FAA
  • Congress to Examine Commercial Drones, Privacy and Safety Issues Loom Large » (Sep. 9, 2015)
    The House Judiciary Committee will hold a hearing on Unmanned Aerial Vehicles: Commercial Applications and Public Policy Implications. The FAA has granted nearly 1,500 exemptions to commercial drone operators even as public safety risks and privacy concerns increase. EPIC has sued the agency for its failure to establish privacy safeguards prior to the deployment of commercial drones in the United States. The lawsuit, EPIC v. FAA, follows an act of Congress requiring the agency to develop a "comprehensive plan" for the safe integration of drones in domestic airspace, and a petition, organized by EPIC and joined by over 100 experts organizations, calling on the FAA to establish privacy rules. EPIC previously testified in Congress in support of strong privacy legislation.
  • EPIC Challenge to FAA Failure to Establish Privacy Safeguards Moves Forward » (Aug. 13, 2015)
    The federal appeals court in Washington, DC has ordered briefing in EPIC's lawsuit against the Federal Aviation Administration. EPIC filed suit in March after the FAA failed to establish privacy rules for commercial drones as mandated by Congress. The EPIC lawsuit followed an earlier petition to the agency backed by more than a hundred organizations and privacy experts. The FAA had asked the D.C. Circuit to dismiss EPIC's lawsuit. But in today's order, the appellate court directed the parties to prepare merits briefing for a three-judge panel which will consider the case.
  • Justice Department Releases Drone Privacy Guidance » (May. 25, 2015)
    The Justice Department has released extensive "Policy Guidance" for the use of drones by federal agencies. The Guidance bans the use of drones to monitor activities protected by the First Amendment, requires routine logs of drone use, and requires the protection of civil liberties and privacy in all cases. However, the Guidance "does not create any right, benefit, trust, or responsibility" enforceable against the United States. EPIC supports the recommendations. EPIC has also testified before Congress in support of a comprehensive drone privacy law, petitioned the FAA for drone privacy regulations, and sued the FAA when the agency failed to create privacy safeguards.
  • EPIC Demands the FAA to Establish Drone Privacy Rules » (Apr. 25, 2015)
    EPIC has filed extensive comments, urging the Federal Aviation Administration to propose drone privacy safeguards. In 2012, EPIC led a coalition of over 100 experts and organizations in petitioning the FAA to establish privacy protections prior to the deployment of commercial drones in the United States. EPIC stated that, "As a consequence of the FAA’s failure to establish drone privacy rules, millions of Americans now face the possibility of unchecked monitoring and harassment." EPIC has sued the agency for its failure to protect the privacy of Americans.
  • "Eyes Over Washington:" EPIC Obtains Documents about Army Blimps in DC » (Apr. 15, 2015)
    As the result of a Freedom of Information Act lawsuit, EPIC has obtained several thousand pages about the blimps deployed by the Army, just north of the nation's capital. The records document the use of "JLENS," as well as the Army's relationship with the contractor Raytheon, which has proposed a video surveillance capability. The Army has disputed the claim that JLENS has surveillance capability. EPIC has recently filed suit against the FAA for failure to establish privacy rules for commercial drones in the US.
  • EPIC Sues FAA, Challenges Failure to Create Drone Privacy Safeguards » (Mar. 31, 2015)
    Today EPIC filed suit in the federal appeals court in Washington, DC arguing that the Federal Aviation Administration failed to establish privacy rules for commercial drones as mandated by Congress. Congress had required the FAA to develop a "comprehensive plan" for drone deployment. In 2012 EPIC and more than 100 organizations and experts also urged the federal agency to establish privacy protections prior to the deployment of commercial drones in the United States. The FAA denied the EPIC petition, claiming it "did not raise an immediate safety concern." Then last month the FAA announced a rulemaking on commercial drones and purposefully ignored privacy concerns, stating that privacy "issues are beyond the scope of this rule making."
  • FAA Ignores Privacy Concerns in Public Rulemaking on Commercial Drones » (Feb. 19, 2015)
    The Federal Aviation Administration announced a public rulemaking for the integration of small commercial drones into the National airspace. The rules will establish safety procedures but will not address privacy concerns. The agency stated that privacy "issues are beyond the scope of this rule making." EPIC and 100+ organizations, experts, and members of the public petitioned the FAA to conduct a public rulemaking on the privacy impact of domestic drone use. Several members of Congress, including Senator Markey and Senator Paul have urged the establishment of privacy laws before surveillance drones are deployed in the United States.
  • FAA Okays Hollywood Drone Use, But Privacy Safeguards Remain Grounded » (Sep. 26, 2014)
    The Federal Aviation Administration granted six exemptions for the commercial use of drones to companies in the film and television industry this week. The agency found that the proposed operation do not “pose a threat to national airspace users or national security.” Safety requirements include: line of site tracking, restrict flights to the “sterile area” on the set, inspection after each flight, and prohibiting operation at night. The agency is currently considering another 40 requests from various commercial entities. Currently, no privacy protections are in place to address the commercial use of drones. EPIC has testified in Congress in support of a comprehensive drone privacy law—calling for use limitations, data retention limitations, transparency, and public accountability. The Federal Aviation Administration to develop drone privacy guidelines after an EPIC-lead coalition petition. EPIC also urged the agency to mandate minimum privacy standards for drone operators. For more information, see EPIC: Domestic Drones.

Background

The FAA Modernization and Reform Act of 2012 (Public Law 112-95) orders the Transportation Department to conduct a public rulemaking to safely integrate drones into the national airspace. "Drones" or "unmanned aircrafts" are aerial vehicles that operate without a human pilot onboard. The Federal Aviation Administration (FAA), a component of the Department of Transportation, is the agency responsible for licensing domestic drones. Drones are equipped with highly sophisticated surveillance technology that threatens personal privacy. Drones' collection of personal information, including physical location, poses a public safety problem for millions of individuals. And, as stated by Senator Ayotte, Chair of the Subcommittee on Aviation Operations, Safety, and Security, "Unlimited surveillance by government or private actors is not something that our society is ready or willing or should accept. Because [drones] can significantly lower the threshold for observation, the risk of abuse and the risk of abusive surveillance increases."

On March 8, 2012, EPIC, joined by over 100 organizations, experts, and advocates, petitioned the FAA to "conduct a rulemaking to address the threat to privacy and civil liberties that will result from the deployment of aerial drones within the United States." On February 23, 2015, the FAA denied EPIC's petition. On this date, the FAA issued a notice of proposed rulemaking (NPRM) to "adopt specific rules to allow the operation" of drones. The NPRM states, "[t]he FAA also notes that privacy concerns have been raised about [drones]," but privacy issues "are beyond the scope of this rulemaking."

Congress explicitly ordered the Transportation Department to conduct a public rulemaking to safely integrate drones into the national airspace. As EPIC's petition described in detail, drones are equipped with increasingly sophisticated technology that gathers sensitive personal details, including location information and biometric information. A necessary component in the safe integration of drones is ensuring meaningful, effective privacy protections.

The FAA violated the law when it failed to issue and solicit public comments on proposed drone privacy regulations.

EPIC's Petition to the FAA

On March 8, 2012, EPIC, joined by over 100 organizations, experts, and advocates, petitioned the FAA to "conduct a rulemaking to address the threat to privacy and civil liberties that will result from the deployment of aerial drones within the United States." EPIC explained the substantial civil liberties and privacy threats that drones pose. For example "[g]igapixel cameras used to outfit drones are among the highest definition camera available, and can ‘provide real-time video streams at a rate of 10 frames a second.' " EPIC noted that some drones could track "up to 65 different targets across a distance of 65 square miles" and that drones can gather sensitive, personal information through drone infrared cameras, heat sensors, GPS, sensors that detect movement, automated license plate readers, and facial recognition technology. This type of technology presents a unique threat to privacy because of drones' persistent surveillance and, "by virtue of their design, their size, and how high they can fly, [drones] can operate undetected in urban and rural environments." EPIC highlighted examples of contemporary drone uses, including "paparazzi drones," private detectives using drones, Google's use of street-level drones for Google Street View, and criminals using drones to stalk and harass. EPIC petition states, "[w]ith special capabilities and enhanced equipment, drones are able to conduct far more detailed surveillance, obtaining high resolution picture and video, peering inside high level windows, and through solid barriers, such as fences, trees, and even walls."

EPIC urged the FAA to "assess the privacy problems associated with the highly intrusive nature of drone aircraft, and the ability of operators to gain access to private areas and to track individuals over large distances." In light of the substantial privacy threats that the impending deployment of drones in the U.S. poses, EPIC and the coalition petitioned the FAA to:

  1. conduct a notice and comment rulemaking on the impact of privacy and civil liberties related to the use of drones in the United States. In order to adequately address all of the potential threats, the FAA should examine and report on the impact on privacy to individuals within the scope of their comprehensive plan to safely integrate civil drones into the national airspace, required under 322(a) of the FAA Modernization and Reform Act;
  2. conduct a notice and comment rulemaking on the impact of privacy and civil liberties related to the use of drones by government operators pursuant to the agency actions required under § 324(c) of the FAA Modernization and Reform Act; and
  3. take into consideration during the notice and comment rulemaking the use and retention of data acquired by drone operators; the relation between drone operation and property rights; the ability of an individual to obtain a restraining order against a drone vehicle; and use limitations on drone vehicles and requirements for enforcement of those limitations. In relation to the government use of drones, the rulemakings should also consider the application of the Privacy Act of 1974 to the information gathered by drone operators.

FAA's Response

On June 28, 2016, the FAA denied EPIC's petition. On this date, the FAA issued a final rule on the "Operation and Certification of Small" drones. The rule states that "privacy concerns have been raised regarding the integration of [drones] into the NAS," but privacy issues "are beyond the scope of this rulemaking." Instead of a public notice and comment rulemaking, the FAA and Transportation Department will participate in the National Telecommunications and Information Administration (NTIA) "multistakeholder process aimed at developing privacy best practices for the commercial and private use of [drones]." The NTIA "multistakeholder process" will not produce any legal restrictions on the use of domestic drones for aerial surveillance nor establish any legal rights for individuals who are subject to drone surveillance in the United States.

Prior to the NPRM, the FAA wrote a letter to EPIC on November 26, 2014, claiming that the "issue [EPIC has] raised is not an immediate safety concern." The FAA further stated, "the FAA has begun a rulemaking addressing civil operation of small unmanned aircraft systems in the national airspace system. We will consider your comments and arguments as part of that project."

But, as the FAA made clear when the agency issued the NPRM, the agency will not consider EPIC's comments because, according to the agency, privacy issues "are beyond the scope of this rulemaking."

Legal Documents

Resources

News Items

Share this page:

Support EPIC

EPIC relies on support from individual donors to pursue our work.

Defend Privacy. Support EPIC.

#Privacy

EPIC Bookstore

Communications Law and Policy

Communications Law and Policy
Jerry Kang and Alan Butler