April 23, 2013
The ACLU today submitted comments to the FAA on the agency’s incorporation of privacy into its drone “test zones” program. (You can read our comments here.) Through the FAA Modernization and Reform Act of 2012, Congress has required the FAA to develop a plan for incorporating drones into the national airspace, including the establishment of six test sites where such integration can be tested. The FAA has faced delays on the establishment of the test sites, which the FAA has attributed to privacy issues that have, until now, gone unaddressed. So on February 14, 2013, the FAA published proposed privacy requirements for test site operators. The ACLU’s comments on those proposed requirements commend the FAA’s effort to focus on privacy impacts, while also advocating for more meaningful protections.
We’ve recommended four primary changes to the FAA’s proposed rules:
- The FAA should require strict adherence to the FIPPS. The FAA has proposed that the privacy policies governing the use of drones at these test sites “should be informed by the Fair Information Practice Principles” (FIPPs). That’s great news—the FIPPs are a smart and time-tested framework for addressing privacy risks. But the language here is too soft—to be “informed” by something simply means to be based on a general understanding of that thing. This gives site operators the discretion to pick and choose which privacies they want to protect and which they feel are not “informed” by the FIPPS. We believe it is critical that the FAA strengthen the language employed in the rule to ensure the principles are followed rather than merely considered.
- Incorporate privacy expertise as a criterion. Finally, the FAA should choose the sites based, at least in part, on whether the test site operator has any experience with privacy issues. If they have a record of violating privacy, that should count against them. And if they have a stated interest in researching privacy impacts and the ethical implication of surveillance, that should count in their favor. In addition to examining their privacy record, the FAA should also pick at least one test site near a densely populated urban area. Rural privacy and urban privacy are different issues, and both need to be tested.
We think it’s very promising that the FAA is thinking about privacy and using the FIPPs. But in order for this effort to be effective, they need to make sure compliance with the FIPPs is required and that test site operators are held accountable for their actions. We hope the FAA integrates our feedback into their final rule, and we’ll keep you informed as the rulemaking continues.