You are viewing an archived webpage. The information on this page may be out of date. Learn about EPIC's recent work at epic.org.

EPIC v. FAA

Challenging the FAA's Failure to Establish Drone Privacy Rules

Summary

Congress required the FAA to develop a "comprehensive plan" to "safely" integrate drones into the national airspace. In 2012, over 100 organizations, experts, and advocates joined EPIC in petitioning the FAA to establish privacy protections prior to the deployment of commercial drones in the United States. In 2014, the FAA responded to EPIC's petition, claiming that drone privacy implications "did not raise an immediate safety concern." The FAA further stated, "the FAA has begun a rulemaking addressing civil operation of small unmanned aircraft systems in the national airspace system. We will consider your comments and arguments as part of that project." But in 2015 when the FAA announced a rulemaking on commercial drones, the agency purposefully ignored privacy concerns, stating that privacy "issues are beyond the scope of this rulemaking." EPIC promptly filed suit on against the FAA (“EPIC v. FAA I”) challenging the FAA’s denial of EPIC’s petition and the FAA’s failure to include privacy in the small drone rulemaking. The D.C Circuit ruled that EPIC’s was time-barred from challenging the denial of EPIC’s petition and premature in challenging the Small Drone Rulemaking. The FAA finalized the Small Drone Rulemaking in 2016 and EPIC filed suit again (EPIC v. FAA II) and has challenged the FAA’s failure to address privacy in the Small Drone Rulemaking.

Top News

  • Federal Government Advises on Federal Laws Potentially Violated When Intercepting Drones: The FAA, DOJ, FCC, and DHS jointly issued the "Advisory on the Application of Federal Laws to the Acquisition and Use of Technology to Detect and Mitigate Unmanned Aircraft Systems." The advisory covers the applicable federal laws that non-federal or private entities might violate if they sought to detect or mitigate drone threats, including the Wiretap Act and Computer Fraud and Abuse Act. Congress previously granted the DOJ and DHS broad authority to detect and mitigate drone "threats" in the Preventing Emerging Threats Act of 2018 that was incorporated into the FAA Reauthorization Act of 2018. The FAA Reauthorization Act of 2018 required a report on drone surveillance risks but did not establish any baseline privacy safeguards. EPIC has repeatedly urged both Congress and the FAA to take decisive action to limit the use of drones for surveillance and to establish a national database detailing drone surveillance capabilities. (Aug. 19, 2020)
  • Privacy Safeguards Lacking for FAA Drone Registration System: The Inspector General for the Department of Transportation released an report of the FAA's drone integration system, which includes personal data for drone registration. The IG report found that the "FAA did not adequately assess privacy and security controls for protecting PII." The report also found that the "FAA's inadequate monitoring of security controls increases the risk of the systems being compromised." EPIC stated that "the FAA should adopt safeguards to protect registrants' information from improper release." EPIC also warned that "the FAA's proposed rule fails to consider the privacy implications for recreational drone operators" who will be required to provide personal information. (Apr. 20, 2020)
  • More top news »
  • Following EPIC's Recommendations, FAA Launches Rulemaking for Remote Drone ID » (Dec. 31, 2019)

    Five years after EPIC first recommended that the Federal Aviation Administration establish drone identification rules "similar to the Automated Identification System for commercial vessels,” the Federal Aviation Administration has proposed regulations that would require nearly all drones in U.S. airspace to be remotely identifiable. Drones would be required to transmit their location and identification details to an online FAA tracking system. Drones flying more than 400 feet from their operators would also be required to broadcast location and ID to surrounding areas. In 2015, EPIC wrote “Drones should be required to broadcast their registration information to allow members of the public and law enforcement officials to easily identify the operator and responsible party.” EPIC further stated any drone operating in the national airspace system include a mandatory GPS tracking feature that would always broadcast the location of a drone when aloft (latitude, longitude, and altitude), course, speed over ground, as well as owner identifying information and contact information.” The European Union’s drone regulations incorporate these recommendations. Comments on the FAA proposed rule are due March 2, 2020.

  • EPIC to FAA: Drone Advisory Committee Needs Privacy and Security Experts » (Jul. 2, 2019)
    EPIC has sent a letter to the Federal Aviation Administration, urging the agency to name privacy and security experts to the Drone Advisory Committee. EPIC filed suit last year to enforce the transparency obligations of the industry-dominated Committee, which conducted much of its work in secret. EPIC's case forced the Advisory Committee to release hundreds of documents that it unlawfully withheld. The documents obtained by EPIC show that the Committee recognized drone privacy risks and even planned to form a "Privacy Subcommittee." Yet the Committee entirely failed to address privacy issues before making final policy recommendations to the FAA. The FAA has recently come under criticism from members of Congress and the Department of Defense concerning commercial drones that enable remote surveillance.
  • EPIC to Senate Committee: Press FAA on Drone Privacy » (May. 9, 2019)
    Prior to a hearing on "New Entrants in the National Airspace," EPIC has urged the Senate Commerce Committee to ensure that the FAA establish drone privacy safeguards. EPIC also said the FAA should require remote identification of drones. "Currently, individuals cannot hold drone operators accountable because it is essentially impossible to identify the drone or the operator of a drone," EPIC said. EPIC recently filed comments on the FAA's proposal for external ID for drones. Last week, Senators Edward Markey (D-MA) and John Thune (R-SD) urged the FAA to quickly publish a rule for the realtime, remote identification of drones. In 2012 EPIC, backed by more than one hundred organizations and privacy experts, petitioned the agency to establish privacy safeguards for drones. EPIC also cited a 2012 law requiring the FAA to develop a "comprehensive plan" for drone deployment. EPIC subsequently filed suit against the FAA, challenging the agency rule authorizing commercial drone operations without privacy safeguards.
  • EPIC to FAA: Mandate Drones Broadcast ID and Location, Course » (Apr. 16, 2019)
    In response to Federal Aviation Administration request for comments regarding drone security and drones flying over people, EPIC urged the agency to mandate cybersecurity safeguards and privacy protections for populated areas subject to aerial surveillance. EPIC repeated the earlier recommendation that the agency require drones to broadcast identifying information, location, course, purpose, and surveillance capabilities. Earlier this year, Senator Edward Markey (D-MA) stated, "Privacy cannot be an afterthought as the FAA seeks to make it easier and safer for commercial drones to take flight." Starting with a 2012 petition, EPIC has recommended that the FAA establish drone privacy regulations and to ensure that drones broadcast ID.
  • EPIC Urges FAA to Require Remote ID for Drones » (Mar. 15, 2019)
    EPIC, joined by other privacy groups, submitted comments on the FAA’s interim final rule for external ID for drones. The proposal requires the external display of registration numbers on drones. While EPIC agreed external marking are preferable to hidden identifiers, EPIC said the rule did not go far enough. EPIC wrote, “Because drones present substantial privacy and safety risks, EPIC recommends that the FAA require any drone operating in the national airspace system to broadcast location when aloft (latitude, longitude, and altitude), course, speed over ground, as well as owner identifying information and contact information[.]” EPIC also suggested the agency require operators register and broadcast surveillance capabilities. EPIC has long advocated for remote identification mandates for drones and petitioned for regulation of these surveillance tools.
  • FAA to Require Visible Registration Numbers on Drones » (Feb. 21, 2019)
    The Federal Aviation Administration has published an interim final rule that will require a visible registration number on the exterior of drones. Previously, registration numbers could be hidden inside drones. EPIC supported improved drone identification, but has urged the FAA to go much further. In extensive comments to the FAA, EPIC wrote that drones should broadcast location, course, and operator identification, much like the Automated Identification Systems for planes and boats. EPIC also sued the FAA to force the agency to establish national rules to limit drone surveillance. EPIC is currently pursuing records about a key FAA task force, trying to understand why the agency has not promoted better privacy safeguards in the US. Comments on the FAA rule on "External Marking Requirement for Small Unmanned Aircraft" are due March 15, 2019 (Docket: FAA-2018-1084). EPIC recommends that commentators ask the FAA to establish stronger requirements for remote identification of drones.
  • EPIC Commends FAA Comment Opportunity on Aircraft Security, Urges More Public Reporting » (Jan. 8, 2019)
    In comments to the Federal Aviation Administration, EPIC praised the agency for inviting public input on technology that exposes aircraft control networks to remote hacking. EPIC previously warned the FAA that, "hackers can exploit weaknesses in drone software to gain control of a drone's movement and other features." EPIC has also called attention to the potential for connected cars and Internet of Things devices to be hacked. EPIC recommended that the FAA routinely report on the growing risks of cyber attack.
  • FAA Funding Bill Passed by Senate Ignores Drone Surveillance Risks » (Oct. 3, 2018)
    The Senate has passed legislation to reauthorize the FAA and expand drone integration, but the bill ignores pressing concerns about the privacy impact of drones. A previous version of the bill included privacy protections originally proposed by Sen. Markey and Rep. Welch in the Drone Aircraft Privacy and Transparency Act. The version passed by the House and Senate only requires a report on drone surveillance risks but does not establish any baseline privacy safeguards. The bill now goes to the President's desk. EPIC has repeatedly urged both Congress and the FAA to take decisive action to limit the use of drones for surveillance and to establish a national database detailing drone surveillance capabilities. EPIC sued the FAA to establish privacy rules for drones, after more than 100 experts and organizations petitioned the agency.
  • FAA Funding Bill Ignores Drone Surveillance Risks » (Sep. 25, 2018)
    Congress is considering legislation to reauthorize the FAA and expand drone integration, but the bill ignores pressing concerns about the privacy impact of drones. A previous version of the bill included privacy protections originally proposed by Sen. Markey and Rep. Welch in the Drone Aircraft Privacy and Transparency Act. The pending bill only requires a report on drone surveillance risks but does not establish any baseline privacy safeguards. EPIC has repeatedly urged both Congress and the FAA to take decisive action to limit the use of drones for surveillance and to establish a national database detailing drone surveillance capabilities. EPIC sued the FAA to establish privacy rules for drones, after more than 100 experts and organizations petitioned the agency.
  • Federal Court Upholds Regulations for Drone Hobbyists » (Jul. 13, 2018)
    In a companion case to EPIC v. FAA, the D.C. Circuit ruled in Taylor v. FAA that the regulations for drones operated by hobbyists are within the agency's statutory authority. The D.C. Circuit previously ruled that EPIC lacked standing to compel the FAA to establish privacy rules for commercial drones. The D.C. Circuit declined to reach the merits of EPIC's challenge. The FAA is expected to issue rules later this year that will require drones to identify themselves with radio beacons, as EPIC had previously urged.
  • DC Circuit Denies EPIC's Petition, Will Not Mandate Privacy Rules for Drones » (Jun. 19, 2018)
    The D.C. Circuit ruled today in EPIC v. FAA that EPIC lacked standing to compel the FAA to establish privacy rules for commercial drones. In 2012 EPIC, backed by more than one hundred organizations and privacy experts, petitioned the agency to establish privacy safeguards for drones. EPIC also cited a 2012 law requiring the FAA to develop a "comprehensive plan" for drone deployment. EPIC subsequently filed suit against the FAA, challenging the 2016 rule authorizing commercial drone operations without any privacy safeguards. Today the D.C. Circuit declined to reach the merits of EPIC's challenge, finding that neither EPIC nor its members had established an "injury" caused by the FAA rule. EPIC will continue to push for the establishment of drone privacy safeguards at the FAA. The drone privacy case is EPIC v. FAA, No. 16-1297 (D.C. Cir.).
  • EPIC Advises Senate on Drone Privacy Issues » (May. 7, 2018)
    In advance of a Senate hearing "Keeping Pace with Innovation - Update on the Safe Integration of Unmanned Aircraft Systems into the Airspace," EPIC submitted a statement to inform the committee of EPIC's ongoing work to establish transparency and oversight for the use of unmanned aircraft in the United States. EPIC believes that strong drone privacy rules are vital for the safe integration of commercial drones in the National Air Space. EPIC is now proceeding in the U.S. Court of Appeals of the D.C. Circuit against the FAA for the agency's failure to establish drone privacy safeguards. EPIC has also filed suit to enforce the transparency obligations of the Drone Advisory Committee, a body created by the FAA to study and make recommendations on U.S. drone policy. EPIC has also pursued several open government matters regarding the FAA's decision making process, which appears intended to purposefully avoid the development of meaningful privacy safeguards.
  • EPIC Sues to Enforce Transparency Obligations of FAA's Drone Advisory Committee » (Apr. 12, 2018)
    EPIC has filed suit to enforce the open government obligations of the Drone Advisory Committee, an industry-dominated committee that advises the Federal Aviation Administration on U.S. drone policy. For over a year, the Committee has conducted much of its work in secret and ignored the privacy risks posed by the deployment of drones, even after the Committee identified privacy as a top public concern. EPIC's lawsuit would force the Committee to disclose its work to the public. EPIC has a long history of promoting government transparency. EPIC's case to establish drone privacy regulations, EPIC v. FAA, No. 16-1297, is pending before the D.C. Circuit Court of Appeals.
  • EPIC FOIA: EPIC Sues DHS for Drone Reports » (Mar. 9, 2018)
    EPIC has filed a Freedom of Information Act lawsuit against the Department of Homeland Security to obtain the public release of information about the use of drones for domestic surveillance. EPIC cited a Presidential Memorandum that required all federal agencies to prepare public reports on drone deployment. EPIC's lawsuit charges that the DHS has failed to make these reports public. In a previous lawsuit against the DHS, EPIC obtained records which revealed that DHS drones had the capability to intercept electronic communications and identity humans at a distance. EPIC has also brought a lawsuit against the FAA to establish drone privacy regulations in the United States.
  • D.C. Circuit to Hear Arguments in EPIC Drone Privacy Case » (Jan. 24, 2018)
    The U.S. Court of Appeals for the D.C. Circuit will hear arguments this week in EPIC v. FAA, a lawsuit concerning the FAA's failure to establish privacy rules for commercial drones. EPIC's case is based on an Act of Congress requiring a "comprehensive plan" for drone deployment in the United States and a petition, backed by more than one hundred organizations and privacy experts, calling for privacy safeguards. As EPIC argued in a brief to the Court, "It is not possible to address the hazards associated with drone operations without addressing privacy in the final rule for small commercial drones." Arguments will be held Thursday morning at the American University Washington College of Law. EPIC Senior Counsel Alan Butler will argue the case. EPIC's case is EPIC v. FAA, No. 16-1297 (D.C. Cir.).
  • FAA Advisory Panel Recommends Remote Tracking and Identification of Drones » (Dec. 20, 2017)
    A federal advisory panel has issued a report with recommendations for the remote tracking and identification of drones. The FAA advisory report also said the "FAA must review privacy considerations, in consultation with privacy experts and other Federal agencies, including developing a secure system that allows for segmented access to the ID and tracking information." EPIC backed remote identification and tracking of drones in comments on the agency's drone registration rule. EPIC also recommended privacy protections for the personal data collected for hobbyist drone users, though EPIC's recommendations go beyond the proposals contained in the advisory panel report. EPIC is currently challenging the FAA's failure to establish privacy safeguards. EPIC v. FAA is before the D.C. Circuit Court of Appeals, with oral arguments scheduled for January 25, 2018.
  • FAA Drone Registration Requirement Flies Again » (Dec. 12, 2017)
    A defense authorization bill signed by the President today restores the FAA's drone registration requirement. The registration requirement was struck down by a federal appeals court earlier this year. EPIC supports registration for commercial drones because of the unique privacy risks they pose. In 2015, EPIC submitted extensive comments to the FAA, proposing that commercial drones also routinely broadcast location, course, speed over ground, as well as owner identifying information, similar to the Automated Identification System for commercial vessels. Earlier this year, EPIC also submitted statements to the House Transportation Committee and the Senate Commerce Committee emphasizing the privacy risks of commercial drones. EPIC is currently challenging the FAA's failure to establish privacy safeguards. EPIC v. FAA is before the D.C. Circuit Court of Appeals, with oral arguments scheduled for January 25, 2018.
  • EPIC to Congress: FAA Must Establish Drone Privacy Safeguards and ID Requirements » (Nov. 28, 2017)
    EPIC sent a statement to a House Committee on Transportation ahead of a hearing on drone deployment in the United States. EPIC said that "privacy rules and identification requirements" are vital for the safe integration of commercial drones in the national air space. EPIC explained that the FAA has failed to establish necessary safeguards and has purposefully ignored privacy and public safety risks. In 2015, EPIC sued the FAA, arguing that the agency failed to comply with a Congressional mandate and a petition from leading experts. EPIC also told Congress that the FAA has excluded privacy experts from the agency task force on drone policy. In October 2017, CNN reported the first drone strike on a commercial aircraft.
  • Presidential Memo Promotes Local Drone Regulations » (Oct. 26, 2017)
    A Presidential Memorandum on "Unmanned Aircraft Systems Integration Pilot Program" seeks to promote local state involvement in "development and enforcement" of Federal regulations as well as "inform the development of future Federal guidelines and regulatory decisions" on drone operations nationwide. As the FAA has failed to establish national standards for privacy, many local governments have passed laws to regulate the use of drones. According to the National Conference on Site Legislation, at least 38 states are considering legislation related to drones in the 2017 legislative session. In 2016, EPIC renewed its suit against the FAA, arguing the agency failed to protect the public from aerial surveillance. EPIC v. FAA is currently before the D.C. Circuit Court of Appeals. Argument will likely take place this fall.
  • Government Drone Advisory Group Holds Secret Meetings with Industry, Ignores Privacy » (Oct. 26, 2017)
    According to a Washington Post article, the FAA's Drone Advisory Committee hosted secret meetings and asked participants to sign confidentiality agreements. Documents obtained earlier by EPIC uncovered similar secret meetings leading to the FAA policy on drones that ignored privacy safeguards. The closed-door meetings appear to violate the Federal Advisory Committee Act. EPIC has also sued the FAA to obtain the meeting documents of the FAA's Drone Registration Task Force. EPIC's case to establish national privacy regulations, EPIC v. FAA is currently pending before the D.C. Circuit Court of Appeals.
  • EPIC to House: FAA Must Establish Drone Privacy Safeguards » (Jun. 9, 2017)
    EPIC sent a statement to the House Committee on Transportation & Infrastructure ahead of a hearing on FAA Reauthorization. Emphasizing the unique privacy risks of drones, EPIC explained that the FAA has failed to establish necessary safeguards. In 2015, EPIC sued the agency, arguing that it failed to comply with Congressional directives. Following a petition by EPIC, the agency received hundreds of comments in support of privacy rules. EPIC also told Congress that the FAA has excluded privacy experts from the agency task force on drone policy.
  • Court Strikes Down FAA Registration Requirement for Hobbyist Drones » (May. 19, 2017)
    A federal appeals court has struck down the FAA's rule requiring hobbyists to register their drones. The D.C. Circuit ruled that a registration requirement violated the FAA Modernization Act which forbade regulations for "model aircraft," including unmanned drones "flown for hobby or recreational purposes." EPIC is currently challenging the FAA's failure to establish privacy rules for "small, commercial" drones. Congress required a "comprehensive plan" for drone deployment in the United States, and more than 100 experts and organizations petitioned the agency for privacy safeguards. EPIC v. FAA is full briefed and arguments before the D.C. Circuit are anticipated this fall.
  • EPIC: Enhanced Surveillance at Border Will Sweep Up U.S. Citizens » (Apr. 26, 2017)
    A statement from EPIC to the House Oversight Committee for a hearing on border security warns that enhanced surveillance will impact citizens' rights. "The use of drones in border security will place U.S. citizens living on the border under ceaseless surveillance by the government." said EPIC. EPIC noted that Customs and Border Protection is already deploying drones with facial recognition technology on U.S. communities. In 2013, EPIC obtained records under the Freedom of Information Act which revealed that CBP drones could also intercept electronic communications in the United States. State laws in some border states prohibit warrantless aerial surveillance but the United States has failed to enact laws to limit drone surveillance. EPIC has sued the FAA for the agency's failure to create drone privacy safegruards as required by Congress.
  • Congress to Examine Artificial Intelligence » (Nov. 30, 2016)
    Today the Senate Commerce Committee will hold a hearing on "The Dawn of Artificial Intelligence." Experts from industry and academia will provide "a broad overview of the state of artificial intelligence, including policy implications and effects on commerce." In a prepared statement, EPIC urged the Committee to support "Algorithmic Transparency," an essential public policy strategy to make AI accountable. The hearing follows two White House reports -Preparing for the Future of Artificial Intelligence and the National Artificial Intelligence Research and Development Strategic Plan. EPIC is currently litigating several "AI" cases including EPIC v. FAA (drone surveillance), Cahen v. Toyota (autonomous vehicles), EPIC v. CPB (U.S. traveler "risk assessments"), and Secret DNA Forensic Source Code.
  • European Parliament Explores Algorithmic Transparency » (Nov. 7, 2016)
    A hearing today in the European Parliament brought together technologists, ethicists, and policymakers to examine "Algorithmic Accountability and Transparency in the Digital Economy." Recently German Chancellor Angela Merkel spoke against secret algorithms, warning that that there must be more transparency and accountability. EPIC has promoted Algorithmic Transparency for many years and is currently litigating several cases on the front lines of AI, including EPIC v. FAA (drones), Cahen v. Toyota (autonomous vehicles), and algorithms in criminal justice. EPIC has also proposed two amendments to Asimov's Rules of Robotics, requiring autonomous devices to reveal the basis of their decisions and to reveal their actual identity.
  • EPIC FOIA - FAA Defies Congress, Fails to Complete Drone Privacy Report » (Oct. 24, 2016)
    Through an EPIC Freedom of Information Act request, EPIC obtained documents revealing that the FAA never finished a drone privacy report required by Congress. The Appropriations Act of 2014, which provided funding for the agency, required the FAA to inform Congress on "how the FAA can address the impact of widespread use of [drones] on individual privacy." The FAA drone privacy report was to be completed before the end of 2015 and prior to any drone regulations were issued. Now, as the end of 2016 approaches, the FAA has moved forward with regulations lacking privacy safeguards, and the drone privacy report still unfinished. EPIC is currently suing the FAA for the agency's failure to establish drone privacy rules.
  • FTC Hosts Event on Drones and Privacy » (Oct. 13, 2016)
    Today the Federal Trade Commission will host a panel discussion on drones and privacy as part of the agency's Fall Technology Series. The Director of EPIC's Domestic Surveillance Project, Jeramie Scott, will participate in the panel. Mr. Scott previously testified before the Pennsylvania Senate on domestic drone surveillance and submitted a statement for record regarding a Maryland bill to limit drone surveillance. EPIC and leading experts previously urged the FAA to adopt privacy rules for drones, and when the agency refused, EPIC sued. EPIC v. FAA is currently pending before the D.C. Circuit Court of Appeals.
  • White House Releases Reports on Future of Artificial Intelligence » (Oct. 13, 2016)
    The White House has released two new reports on the impact of Artificial Intelligence on the US economy and related policy concerns. Preparing for the Future of Artificial Intelligence surveys the current state of AI, applications, and emerging challenges for society and public policy. The report concludes "practitioners must ensure that AI-enabled systems are governable; that they are open, transparent, and understandable; that they can work effectively with people; and that their operation will remain consistent with human values and aspirations." A companion report National Artificial Intelligence Research and Development Strategic Plan proposes a strategic plan for Federally-funded research and development in AI. President Obama will discuss these issues on October 13 at the White House Frontiers Conference in Pittsburgh. #FutureofAI EPIC has promoted Algorithmic Transparency for many years and is currently litigating several cases on the front lines of AI, including EPIC v. FAA (drones), and Cahen v. Toyota (autonomous vehicles).
  • FAA Drone Advisory Committee to Address Privacy » (Sep. 19, 2016)
    In its inaugural meeting, the FAA's newly assembled Drone Advisory Committee decided to address privacy concerns posed by the increasing deployment of drones in the United States. The FAA Committee, lacking consumer and privacy representatives, was assembled to make recommendations to the FAA on drone policy. According to the National Conference on State Legislatures, at least 38 states have considered drone legislation so far this year. EPIC and leading experts previously urged the FAA to adopt privacy rules for drones, and when the agency refused, EPIC sued. EPIC v. FAA is currently pending before the D.C. Circuit Court of Appeals.
  • EPIC Sues FAA, Challenges Failure to Establish Drone Privacy Safeguards » (Aug. 23, 2016)
    EPIC has filed suit against the Federal Aviation Administration, arguing the agency failed to establish privacy rules for drones as required by Congress. Congress in 2012 ordered the FAA to issue "comprehensive" rules for drone use. EPIC and more than 100 organizations and experts subsequently urged the FAA to establish privacy protections prior to permitting widespread drone deployment. The FAA denied EPIC's petition. EPIC then sued the agency, but a federal appeals court ruled that EPIC's suit was premature because the agency had not yet issued a final rule and might still consider the privacy concerns raised by EPIC and others. The FAA then proceeded to issue final rules for small drones without privacy safeguards. EPIC is now challenging the agency final rule.
  • White House Hosts Drone Workshop, FAA OKs Commercial Use, Ignores Privacy » (Aug. 4, 2016)
    The White House hosted “Drones and the Future of Aviation.” The FAA Administrator announced that the FAA will approve drone operations over people before the end of the year. The FAA also announced an industry-led task force that will promote voluntary privacy best practices.  In EPIC v. FAA, EPIC challenged the FAA's failure to establish drone privacy regulations following a petition endorsed by more than 100 experts and organizations. The FAA has repeatedly acknowledged the privacy risks of drones, but has refused to establish privacy safeguards.
  • FAA Reauthorization Grounds Drone Privacy Safeguards » (Jul. 13, 2016)
    Shortly before adjourning, Congress passed the FAA Extension, Safety and Security Act of 2016 without drone privacy provisions authored by Senator Markey, included in the original legislation. Senator Markey said "Now is the time to prevent these eyes in the skies from becoming spies in the skies." EPIC urged Congress and the FAA to establish limits on drone surveillance. In EPIC v. FAA, EPIC challenged the FAA's failure to establish drone privacy regulations following a petition endorsed by more than 100 experts and organizations. EPIC's proposal to require remote identification of drones was incorporated in the legislation enacted by Congress.
  • FAA Approves Commercial Drones Without Privacy Safeguards » (Jun. 21, 2016)
    The FAA released the final rule on commercial drones today. Despite nearly 180 comments regarding the privacy risks of drones, the FAA failed to address the privacy risks of deploying commercial drones into the national airspace. EPIC previously filed suit against the FAA after more than 100 groups and experts petitioned the agency to conduct a rulemaking on drone privacy. EPIC also recommended the FAA implement a national database detailing the surveillance capabilities of commercial drones. The FAA has repeatedly acknowledged the privacy risks of drone deployment, but has so far refused to adopt any privacy safeguards.
  • Court Rules EPIC Must Wait to Challenge Missing Drone Privacy Rules » (May. 10, 2016)
    The federal appeals court in Washington, DC ruled today that EPIC’s suit against the Federal Aviation Administration must be set aside because the agency has not yet finalized the rules for drone operations in the United States. EPIC previously filed suit against the FAA after more than 100 groups and experts petitioned the agency to conduct a rulemaking on drone privacy. The FAA has repeatedly acknowledged the need to address privacy in drone operations, but has so far refused to adopt any privacy rules. In a related case, EPIC recently uncovered the minutes of a secret FAA drone task force. According to one of the participants, the “Current state of non-regulation negatively affects the public perception of drones. There is no regulatory recourse for anyone who is negatively affected by a small UAV [drones]."
  • EPIC FOIA - Secret Drone Task Force Records Disclosed » (May. 9, 2016)
    In response to EPIC's FOIA lawsuit, the Department of Transportation has released the minutes of a secret meeting  of the FAA drone task force. The task force included industry groups such as GoogleX, Amazon, and DJI, but consumer groups and privacy advocates were excluded from the hastily created advisory committee. The documents shed light on the secret meetings held last November. Several participants warned about privacy risks in drone deployment. The minutes also stated, "Current state of non-regulation negatively affects the public perception of drones. There is no regulatory recourse for anyone who is negatively affected by a small UAV [drones]." EPIC has urged the agency to do more to safeguard the public, and in EPIC v. FAA, challenged the FAA's failure to establish privacy regulations for drones.
  • FAA Announces Drone "Advisory Committee" » (May. 5, 2016)
    Yesterday FAA Administrator Michael Huerta announced that the FAA will establish a Drone Advisory Committee. According to Administrator Huerta, the committee "will help identify and prioritize integration challenges and improvements." Intel CEO Brian Krzanich will chair the committee. The Federal Advisory Committee Act requires federal agencies to ensure that advisory committees are “objective and accessible to the public.” EPIC previously criticized the FAA Drone Registration Task Force, which met in secret and includes no consumer groups. EPIC is currently suing the FAA for the secret meeting records of the Registration Task Force. EPIC previously sued the FAA for failing to establish privacy rules for commercial dronesEPIC v. FAA is pending before the D.C. Circuit Court of Appeals.
  • Drone Privacy Safeguards Move Forward in Senate » (Mar. 16, 2016)
    A Senate committee has adopted several key privacy amendments concerning drone operations in the US. The amendments, sponsored by Senator Markey (D-Mass), limit the scope of drone surveillance and require more accountability for drone operators. Markey stated, "As more and more drones take flight in our skies, the need to protect Americans' privacy is paramount." EPIC urged Congress and the FAA to establish limits on drone surveillance and recommended the FAA establish a database detailing drone surveillance capabilities. EPIC has sued the FAA for its failure to establish commercial drone privacy rules.
  • Senate to Consider FAA Funding but Drone Privacy Safeguards Missing » (Mar. 14, 2016)
    On March 16, 2016 the Senate will consider the FAA Reauthorization bill. Senator John Thune introduced the legislation to fund the operations of the the federal agency responsible for aviation safety. The bill requires drone operators to post privacy policies, but provides no meaningful privacy safeguards that would limit surveillance by drone operators. EPIC has urged Congress and the FAA to establish real limits on surveillance by drones. EPIC also recommended that the FAA to establish a national database detailing the surveillance capabilities of commercial drones. And after the agency failed to establish privacy rules mandated by Congress, EPIC filed a lawsuit, EPIC v. FAA that is now pending before the DC Circuit Court of Appeals.
  • EPIC to Argue before Federal Appeals Court for Drone Privacy Rules » (Feb. 9, 2016)
    EPIC President Marc Rotenberg will argue EPIC v. FAA before the D.C. Circuit Court of Appeals on February 10, 2016. EPIC, joined by more than 100 groups and experts, petitioned the agency to conduct a public rule-making on the privacy impact of increased drone deployment in the United States. The FAA acknowledged the importance of privacy and responded in November 2014 that it would undertake the rulemaking. But in early 2015, the agency reversed course and announced it would not establish privacy safeguards for commercial drones. As of February 5, 2016, the agency has granted more than 3,300 waivers to drone operators who lack certification to demonstrate airworthiness.
  • EPIC Urges FAA to Make Drone Surveillance Capabilities Public » (Jan. 15, 2016)
    In comments to the FAA, EPIC urged the agency to make public the surveillance capabilities of drones operated in the United Staes. EPIC also proposed privacy safeguards for personal information. EPIC stated, "It is not the personal information of the drone registrant that should be readily available to the public, but the technical capabilities of the registered drone." The FAA recently published a rule requiring drone registration, which EPIC supported. EPIC previously sued the FAA for failing to establish privacy rules for commercial drones. EPIC v. FAA is pending before the D.C. Circuit Court of Appeals.
  • DHS Releases Drone Privacy Best Practices » (Jan. 6, 2016)
    The Department of Homeland Security has released a set of drone privacy best practices. The best practices reflect many of the recommendations made by EPIC in testimony to Congress, including limiting data collection, use, dissemination, and retention. The recommendations also propose a redress program so individuals can challenge inappropriate collection. The best practices are only guidelines, but a Presidential Memorandum on drones and privacy requires that all federal agencies to establish and publish drone privacy procedures by February 2016. EPIC has sued the Federal Aviation Administration, EPIC v. FAA to establish privacy rules for commercial drones. Oral arguments are scheduled before the D.C. Circuit Court of Appeals on February 10.
  • EPIC to FAA: Proposed Registration Requirements Fall Short » (Nov. 23, 2015)
    The FAA Drone Task Force Final Report fails to ensure the safe operation of drones in the United States. The committee proposed only that drone operators (1) register online, (2) receive a universal registration number, and (3) mark the number on drones prior to operation. In comments to the agency, EPIC recommended that drones broadcast registration numbers, and that registration include drone surveillance capabilities and contact information for operators, such as phone numbers. The FAA's former top drone official told the Associated Press that drone surveillance capabilities will contribute to safety risks. EPIC previously sued the FAA for failing to establish privacy rules for commercial drones. That case is pending before the D.C. Circuit Court of Appeals.
  • Congress Examines (Lack of) Drone Privacy and Safety » (Nov. 20, 2015)
    This week a House Committee examined "The Fast-Evolving Uses and Economic Impacts of Drones." Chairman Burgess, echoing comments from other committee members, stated, "there are important questions around privacy laws and safety." The FAA Modernization and Reform Act of 2012 required the FAA to develop a "comprehensive plan" to integrate drones into national airspace by September 30, 2015. Despite missing the deadline, the FAA has granted over 2,220 exemptions for commercial drones even as safety and privacy concerns increase. More than 100 privacy experts and organizations petitioned the FAA to establish privacy safeguards prior to the deployment of drones. EPIC has sued the agency, EPIC v. FAA, to establish privacy rules for commercial drones.
  • In Court: EPIC Pursues Drone Privacy Safeguards » (Nov. 19, 2015)
    EPIC has filed an additional brief in EPIC v. FAA. The case follows from an act of Congress requiring a "comprehensive plan" for drone deployment and EPIC's petition, joined by more than 100 hundred experts, that urged the agency to establish drone privacy rules. In the most recent court filing, EPIC challenged the agency's rationale for dismissing the petition. EPIC also argued the FAA improperly ignored privacy concerns in a recent rulemaking on small drones. The FAA conceded that drones, "because of their size and capabilities, may enhance privacy concerns," but still did not propose privacy safeguards. The United States Court of Appeals for the DC Circuit is expected to hear argument in the case early next year.
  • EPIC Supports Drone Registration Proposal » (Nov. 11, 2015)
    In comments to the FAA, EPIC urged the agency to require all drone operators to register in a federal drone registry. An FAA task force, lacking any privacy experts, is developing a plan for a national registry. EPIC said registration is critical for public safety and privacy protection. EPIC recommended that the FAA require drones to broadcast identification information and that the registration database detail a drone's surveillance capabilities. EPIC also urged the agency to provide privacy protections for the personal information of hobbyists. Earlier this year, EPIC sued the FAA for failing to establish privacy rules for commercial drones as mandated by Congress.
  • In EPIC Lawsuit, FAA Concedes Drone Privacy Risks » (Nov. 5, 2015)
    The Federal Aviation Administration has filed a brief in response to EPIC's lawsuit, EPIC v. FAA, charging that the agency failed to establish privacy rules for commercial drones as required by law. EPIC sued the agency after Congress required a "comprehensive plan" for drone deployment and a petition, backed by more than one hundred organizations and privacy experts, called for privacy safeguards. In its response to EPIC, the FAA acknowledged that the comprehensive plan "recognizes the privacy issues that may be heightened" by drone surveillance. The FAA also conceded that drones, "because of their size and capabilities, may enhance privacy concerns," but the agency has still not begun the process of developing regulations to safeguard privacy.
  • FAA To Establish Drone Registration Database, Privacy Safeguards Still Needed » (Oct. 20, 2015)
    The Department of Transportation and FAA announced that drone operators will be required to register with a national drone registration database. A task force will develop recommendations for the registration process by November 20. The registration requirement is aimed at protecting public safety and promoting accountability, but creates new privacy risks. EPIC sued the FAA to develop privacy regulations for commercial drones. In EPIC v. FAA, EPIC recently argued that the agency's failure to establish privacy rules for commercial drones is a violation of law and should be overturned.
  • Congress Holds Hearing on Drone Safety After FAA Misses Deadline on Drone Regs » (Oct. 9, 2015)
    The House Subcommittee on Aviation held a hearing on drone safety after the FAA's failure to meet a Congressional deadline to implement comprehensive drone regulations. The FAA Modernization and Reform Act of 2012 required the agency to develop a "Comprehensive Plan" to integrate drones into the national airspace by September 30, 2015. The agency missed the deadline. However, the FAA has granted over a 1,700 exemptions for drones to operate in the US even as safety and privacy concerns increase. Chairman LaBiondo (R-NJ) said at the hearing, "The real possibility of a mid-air collision must be taken seriously in order to prevent tragic consequences." EPIC recently sued the agency, EPIC v. FAA, to establish privacy rules for commercial drones.
  • FAA Misses Deadline on Drones Regs, Also Ignores Privacy » (Oct. 2, 2015)
    FAA has failed to meet a Congressional deadline to implement comprehensive drone regulations. The FAA Modernization and Reform Act of 2012 required the agency to develop a "Comprehensive Plan" to integrate drones into the national airspace by September 30, 2015. The agency missed the deadline. However, the FAA has granted over a 1,700 exemptions for drones to operate in the US even as safety and privacy concerns increase. EPIC recently sued the agency, EPIC v. FAA, to establish privacy rules for commercial drones.
  • In Court: EPIC Challenges FAA Failure to Establish Drone Privacy Rules » (Sep. 29, 2015)
    EPIC has filed the opening brief in a lawsuit against the Federal Aviation Administration. EPIC charged that the agency’s failure to establish privacy rules for commercial drones is a violation of law and should be overturned. The EPIC lawsuit followed an Act of Congress requiring a “comprehensive plan” for the integration of drones and petition, backed by more than one hundred organizations and privacy experts, calling for privacy safeguards. EPIC stated that “As the agency has determined not to issue rules, contrary to the FAA Modernization Act and EPIC’s Rulemaking Petition, the Court must now order the agency to do so.” The case is EPIC v. FAA, No. 15-1075. The United States Court of Appeals for the DC Circuit is expected to hear oral argument in the case early next year. Press Release - EPIC v. FAA
  • Congress to Examine Commercial Drones, Privacy and Safety Issues Loom Large » (Sep. 9, 2015)
    The House Judiciary Committee will hold a hearing on Unmanned Aerial Vehicles: Commercial Applications and Public Policy Implications. The FAA has granted nearly 1,500 exemptions to commercial drone operators even as public safety risks and privacy concerns increase. EPIC has sued the agency for its failure to establish privacy safeguards prior to the deployment of commercial drones in the United States. The lawsuit, EPIC v. FAA, follows an act of Congress requiring the agency to develop a "comprehensive plan" for the safe integration of drones in domestic airspace, and a petition, organized by EPIC and joined by over 100 experts organizations, calling on the FAA to establish privacy rules. EPIC previously testified in Congress in support of strong privacy legislation.
  • EPIC Challenge to FAA Failure to Establish Privacy Safeguards Moves Forward » (Aug. 13, 2015)
    The federal appeals court in Washington, DC has ordered briefing in EPIC's lawsuit against the Federal Aviation Administration. EPIC filed suit in March after the FAA failed to establish privacy rules for commercial drones as mandated by Congress. The EPIC lawsuit followed an earlier petition to the agency backed by more than a hundred organizations and privacy experts. The FAA had asked the D.C. Circuit to dismiss EPIC's lawsuit. But in today's order, the appellate court directed the parties to prepare merits briefing for a three-judge panel which will consider the case.
  • Justice Department Releases Drone Privacy Guidance » (May. 25, 2015)
    The Justice Department has released extensive "Policy Guidance" for the use of drones by federal agencies. The Guidance bans the use of drones to monitor activities protected by the First Amendment, requires routine logs of drone use, and requires the protection of civil liberties and privacy in all cases. However, the Guidance "does not create any right, benefit, trust, or responsibility" enforceable against the United States. EPIC supports the recommendations. EPIC has also testified before Congress in support of a comprehensive drone privacy law, petitioned the FAA for drone privacy regulations, and sued the FAA when the agency failed to create privacy safeguards.
  • EPIC Demands the FAA to Establish Drone Privacy Rules » (Apr. 25, 2015)
    EPIC has filed extensive comments, urging the Federal Aviation Administration to propose drone privacy safeguards. In 2012, EPIC led a coalition of over 100 experts and organizations in petitioning the FAA to establish privacy protections prior to the deployment of commercial drones in the United States. EPIC stated that, "As a consequence of the FAA’s failure to establish drone privacy rules, millions of Americans now face the possibility of unchecked monitoring and harassment." EPIC has sued the agency for its failure to protect the privacy of Americans.
  • "Eyes Over Washington:" EPIC Obtains Documents about Army Blimps in DC » (Apr. 15, 2015)
    As the result of a Freedom of Information Act lawsuit, EPIC has obtained several thousand pages about the blimps deployed by the Army, just north of the nation's capital. The records document the use of "JLENS," as well as the Army's relationship with the contractor Raytheon, which has proposed a video surveillance capability. The Army has disputed the claim that JLENS has surveillance capability. EPIC has recently filed suit against the FAA for failure to establish privacy rules for commercial drones in the US.
  • EPIC Sues FAA, Challenges Failure to Create Drone Privacy Safeguards » (Mar. 31, 2015)
    Today EPIC filed suit in the federal appeals court in Washington, DC arguing that the Federal Aviation Administration failed to establish privacy rules for commercial drones as mandated by Congress. Congress had required the FAA to develop a "comprehensive plan" for drone deployment. In 2012 EPIC and more than 100 organizations and experts also urged the federal agency to establish privacy protections prior to the deployment of commercial drones in the United States. The FAA denied the EPIC petition, claiming it "did not raise an immediate safety concern." Then last month the FAA announced a rulemaking on commercial drones and purposefully ignored privacy concerns, stating that privacy "issues are beyond the scope of this rule making."
  • FAA Ignores Privacy Concerns in Public Rulemaking on Commercial Drones » (Feb. 19, 2015)
    The Federal Aviation Administration announced a public rulemaking for the integration of small commercial drones into the National airspace. The rules will establish safety procedures but will not address privacy concerns. The agency stated that privacy "issues are beyond the scope of this rule making." EPIC and 100+ organizations, experts, and members of the public petitioned the FAA to conduct a public rulemaking on the privacy impact of domestic drone use. Several members of Congress, including Senator Markey and Senator Paul have urged the establishment of privacy laws before surveillance drones are deployed in the United States.
  • FAA Okays Hollywood Drone Use, But Privacy Safeguards Remain Grounded » (Sep. 26, 2014)
    The Federal Aviation Administration granted six exemptions for the commercial use of drones to companies in the film and television industry this week. The agency found that the proposed operation do not “pose a threat to national airspace users or national security.” Safety requirements include: line of site tracking, restrict flights to the “sterile area” on the set, inspection after each flight, and prohibiting operation at night. The agency is currently considering another 40 requests from various commercial entities. Currently, no privacy protections are in place to address the commercial use of drones. EPIC has testified in Congress in support of a comprehensive drone privacy law—calling for use limitations, data retention limitations, transparency, and public accountability. The Federal Aviation Administration to develop drone privacy guidelines after an EPIC-lead coalition petition. EPIC also urged the agency to mandate minimum privacy standards for drone operators. For more information, see EPIC: Domestic Drones.

Background

The FAA Modernization and Reform Act of 2012 (Public Law 112-95) orders the Transportation Department to conduct a public rulemaking to safely integrate drones into the national airspace. "Drones" or "unmanned aircrafts" are aerial vehicles that operate without a human pilot onboard. The Federal Aviation Administration (FAA), a component of the Department of Transportation, is the agency responsible for licensing domestic drones. Drones are equipped with highly sophisticated surveillance technology that threatens personal privacy. Drones' collection of personal information, including physical location, poses a public safety problem for millions of individuals. And, as stated by Senator Ayotte, Chair of the Subcommittee on Aviation Operations, Safety, and Security, "Unlimited surveillance by government or private actors is not something that our society is ready or willing or should accept. Because [drones] can significantly lower the threshold for observation, the risk of abuse and the risk of abusive surveillance increases."

On March 8, 2012, EPIC, joined by over 100 organizations, experts, and advocates, petitioned the FAA to "conduct a rulemaking to address the threat to privacy and civil liberties that will result from the deployment of aerial drones within the United States." On February 23, 2015, the FAA denied EPIC's petition. On this date, the FAA issued a notice of proposed rulemaking (NPRM) to "adopt specific rules to allow the operation" of drones. The NPRM states, "[t]he FAA also notes that privacy concerns have been raised about [drones]," but privacy issues "are beyond the scope of this rulemaking."

Congress explicitly ordered the Transportation Department to conduct a public rulemaking to safely integrate drones into the national airspace. As EPIC's petition described in detail, drones are equipped with increasingly sophisticated technology that gathers sensitive personal details, including location information and biometric information. A necessary component in the safe integration of drones is ensuring meaningful, effective privacy protections.

The FAA violated the law when it failed to issue and solicit public comments on proposed drone privacy regulations.

EPIC's Petition to the FAA

On March 8, 2012, EPIC, joined by over 100 organizations, experts, and advocates, petitioned the FAA to "conduct a rulemaking to address the threat to privacy and civil liberties that will result from the deployment of aerial drones within the United States." EPIC explained the substantial civil liberties and privacy threats that drones pose. For example "[g]igapixel cameras used to outfit drones are among the highest definition camera available, and can ‘provide real-time video streams at a rate of 10 frames a second.' " EPIC noted that some drones could track "up to 65 different targets across a distance of 65 square miles" and that drones can gather sensitive, personal information through drone infrared cameras, heat sensors, GPS, sensors that detect movement, automated license plate readers, and facial recognition technology. This type of technology presents a unique threat to privacy because of drones' persistent surveillance and, "by virtue of their design, their size, and how high they can fly, [drones] can operate undetected in urban and rural environments." EPIC highlighted examples of contemporary drone uses, including "paparazzi drones," private detectives using drones, Google's use of street-level drones for Google Street View, and criminals using drones to stalk and harass. EPIC petition states, "[w]ith special capabilities and enhanced equipment, drones are able to conduct far more detailed surveillance, obtaining high resolution picture and video, peering inside high level windows, and through solid barriers, such as fences, trees, and even walls."

EPIC urged the FAA to "assess the privacy problems associated with the highly intrusive nature of drone aircraft, and the ability of operators to gain access to private areas and to track individuals over large distances." In light of the substantial privacy threats that the impending deployment of drones in the U.S. poses, EPIC and the coalition petitioned the FAA to:

  1. conduct a notice and comment rulemaking on the impact of privacy and civil liberties related to the use of drones in the United States. In order to adequately address all of the potential threats, the FAA should examine and report on the impact on privacy to individuals within the scope of their comprehensive plan to safely integrate civil drones into the national airspace, required under 322(a) of the FAA Modernization and Reform Act;
  2. conduct a notice and comment rulemaking on the impact of privacy and civil liberties related to the use of drones by government operators pursuant to the agency actions required under § 324(c) of the FAA Modernization and Reform Act; and
  3. take into consideration during the notice and comment rulemaking the use and retention of data acquired by drone operators; the relation between drone operation and property rights; the ability of an individual to obtain a restraining order against a drone vehicle; and use limitations on drone vehicles and requirements for enforcement of those limitations. In relation to the government use of drones, the rulemakings should also consider the application of the Privacy Act of 1974 to the information gathered by drone operators.

FAA's Response

On June 28, 2016, the FAA denied EPIC's petition. On this date, the FAA issued a final rule on the "Operation and Certification of Small" drones. The rule states that "privacy concerns have been raised regarding the integration of [drones] into the NAS," but privacy issues "are beyond the scope of this rulemaking." Instead of a public notice and comment rulemaking, the FAA and Transportation Department will participate in the National Telecommunications and Information Administration (NTIA) "multistakeholder process aimed at developing privacy best practices for the commercial and private use of [drones]." The NTIA "multistakeholder process" will not produce any legal restrictions on the use of domestic drones for aerial surveillance nor establish any legal rights for individuals who are subject to drone surveillance in the United States.

Prior to the NPRM, the FAA wrote a letter to EPIC on November 26, 2014, claiming that the "issue [EPIC has] raised is not an immediate safety concern." The FAA further stated, "the FAA has begun a rulemaking addressing civil operation of small unmanned aircraft systems in the national airspace system. We will consider your comments and arguments as part of that project."

But, as the FAA made clear when the agency issued the NPRM, the agency will not consider EPIC's comments because, according to the agency, privacy issues "are beyond the scope of this rulemaking."

Legal Documents

Resources

News Items

Share this page:

Defend Privacy. Support EPIC.
US Needs a Data Protection Agency
2020 Election Security