The existence of the DOI directive was subsequently denied. The story died after a few days, but the controversy raised anew the question of data security. There seems to be no dispute that the DJI software is programmed to send certain data back to company servers in China (see http://www.ibtimes.com/dji-could-hand-over-phantom-drone-flight-data-hong-kong-china-if-requested-2356748). At this point, it is unclear what types of data are automatically sent. The focus to date has been on DJI and other Chinese companies which may or may not pose a security concern. However, one would expect that American and other drone manufacturers may have created similar protocols for transmission of data to allow them to improve their products and their customer service. While the level of security concerns may be as high with these companies, there still may well be commercial issues that bear investigation.
This type of controversy is not new. Similar questions about data interception and transmission by other types of network equipment have existed for years. Some Western governments have expressed concerns about and even gone so far as to forbid the use of Huaweii equipment by government agencies and contractors (see this report about NSA’s investigation: http://spectrum.ieee.org/tech-talk/computing/hardware/us-suspicions-of-chinas-huawei-based-partly-on-nsas-own-spy-tricks). In other countries, similar concerns have been expressed about the use of Cisco equipment and in some cases formal or informal bans on government purchases of Cisco equipment have been implemented.
Regardless of the DJI action, the controversy over the automatic transmission of data will continue. It illustrates the need for drone services providers and those using their services to ensure that they fully understand – and if necessary control – the transmission of drone-derived data. Customers and service providers who are using an integrate drone application need to stop thinking of drones as flying cameras or radars and view them for what they are (or will be once the FAA regulations permit their use in high-value operations) – data acquisition nodes on a world-wide, interconnected communications network.
The first area of concern for customers ought to be the privacy policies and use data usage policies of their service provider. Does the provider have the right to keep copy of the data and if so what use can the provider make of it? Similar concerns exist with regard to the platform providers. Most drone services companies will be using one of several platforms to upload store manipulate and obtain actionable information from the data for their customers. . The risk to service providers and their customers comes not just from potential back doors or malware, but also from the use and distribution of data by others in the network chain. For example, to this point there has been very little thought given by customers or most service providers to the use, storage and distribution of customer data by platforms such as Drone Deploy or Skyward.
There are no hard-and-fast answers for any of these issues at this point. Drone services providers and their customers need to keep these risks in mind as they purchase and provide services and develop the drone ecosystem.