Officials with the Port of San Francisco have said they would use drones to help inspect earthquake damage to piers and other property. (Steven Ho/2017 Special to S.F. Examiner)

Port Commission drone policy highlights risk of data breach

A new drone policy set to be adopted by the Port of San Francisco on Tuesday raises concerns about possible government data breaches and sets strict privacy standards to avoid them.

Citing recent “security risks” from China-based drone manufacturer DJI, the proposed policy would require employees and contractors to operate under rules barring storage of flight paths, raw video and other data. The Port Commission is scheduled to vote on the matter at its regular meeting.

The policy highlights heightened security concerns in an era of common data breaches, as the Port prepares to take to the skies. Previously, Port officials have said they would use drones to help inspect earthquake damage to piers and other property, among other uses.

SEE RELATED: Port: New drones could help inspect pier damage in earthquakes

“Recently, potential security risks have been identified with regards to the data collected from DJI drones, the leading manufacturer of camera drones,” Port staff wrote in its report to the commission.

In September 2017, DJI was widely reported to have suffered a data breach when passkeys allowing access to flight log data, government IDs, drivers licenses and passports were posted publicly online. That breach included flight logs of accounts associated with both government and the military, according to technology news outlet Ars Technica.

Drone operators would be required to agree to “privacy risk mitigation standards,” under The Port’s new policy.

Those risk mitigation standards include not uploading flight data, plans or video to DJI company servers, not utilizing a DJI drone “auto function” that “periodically” stores flight data, cutting off outside internet connections while flying drones, handling data “securely” when delivering footage to the Port and not keeping copies of raw or edited footage.

The Port also wrote it would not disclose “raw drone data” to the public and would only be disclosed to the public under “exigent public safety needs or as required by law.”

The Port does not own drones or plan to purchase them in the near future but confirmed to the San Francisco Examiner the policy applies to contractors the Port may hire.

In May 2017, The City created a drone policy for government agencies. Five departments in particular were granted permission to deploy drones but were required to adopt their own drone-use policies and adhere to rules addressing privacy concerns.Transit

If you find our journalism valuable and relevant, please consider joining our Examiner membership program.
Find out more at www.sfexaminer.com/join/

Just Posted

SF officer involved in shooting death of homeless man quit while facing discipline, landed new job in Antioch

An officer who faced discipline for needlessly escalating a confrontation that led… Continue reading

Thousands flood Mission District for youth-led George Floyd protest

As civil unrest over the killing of George Floyd continued Wednesday in… Continue reading

Vallejo police officer kills SF man after mistaking hammer for gun

A Vallejo police officer fatally shot a man suspected of looting who… Continue reading

Breed closes nearly $250M budget deficit in current fiscal year

Cuts include street repaving, firefighting hose tender trucks, childcare subsidies

DA drops charges against man seen in video of officer using knee restraint

Footage leads to calls for SF police to explicity ban move used in death of George Floyd

Most Read