A new drone policy set to be adopted by the Port of San Francisco on Tuesday raises concerns about possible government data breaches and sets strict privacy standards to avoid them.
Citing recent “security risks” from China-based drone manufacturer DJI, the proposed policy would require employees and contractors to operate under rules barring storage of flight paths, raw video and other data. The Port Commission is scheduled to vote on the matter at its regular meeting.
The policy highlights heightened security concerns in an era of common data breaches, as the Port prepares to take to the skies. Previously, Port officials have said they would use drones to help inspect earthquake damage to piers and other property, among other uses.
“Recently, potential security risks have been identified with regards to the data collected from DJI drones, the leading manufacturer of camera drones,” Port staff wrote in its report to the commission.
In September 2017, DJI was widely reported to have suffered a data breach when passkeys allowing access to flight log data, government IDs, drivers licenses and passports were posted publicly online. That breach included flight logs of accounts associated with both government and the military, according to technology news outlet Ars Technica.
Drone operators would be required to agree to “privacy risk mitigation standards,” under The Port’s new policy.
Those risk mitigation standards include not uploading flight data, plans or video to DJI company servers, not utilizing a DJI drone “auto function” that “periodically” stores flight data, cutting off outside internet connections while flying drones, handling data “securely” when delivering footage to the Port and not keeping copies of raw or edited footage.
The Port also wrote it would not disclose “raw drone data” to the public and would only be disclosed to the public under “exigent public safety needs or as required by law.”
The Port does not own drones or plan to purchase them in the near future but confirmed to the San Francisco Examiner the policy applies to contractors the Port may hire.
In May 2017, The City created a drone policy for government agencies. Five departments in particular were granted permission to deploy drones but were required to adopt their own drone-use policies and adhere to rules addressing privacy concerns.