How to ensure privacy and safety of citizens. What happens with all the data gathered through drone operations? How standards can help in dealing with illegal drone activity
As the SESAR Very Large Demonstration for Urban Air Mobility (UAM) project called AMU-LED works through the planning and permissions for the demonstration phases in the UK, Netherlands and Spain, the partners will engage with stakeholders and the public to inform on the benefits of Drones.
Privacy and Safety have remained a priority for public concerns relating to unmanned aircraft, particularly small drones. High on people’s minds is the perceived intrusion of personal, public (schools) and critical infrastructure areas by drones operated with high resolution imaging sensors, unprecedented manoeuvrability and low noise levels. Pre-programmed autonomous flight operations allows the drone pilot to remain nearly anonymous, reducing the prospect of locating and holding individuals responsible for bad or illegal behavior. While such advanced capabilities are desirable characteristics for new business opportunities in surveying in agriculture or construction, bridge inspections, fire services and surveillance. Like with any new technologies (Artificial Intelligence, smart doorbells or Social media), the public wants to know that their privacy and safety are protected, with the supporting industry bound by legal limitations. It falls on industry to ensure open technical standards are followed where available and participate in the creation of new consensus standards to bridge any gaps.
Standards alone will not prevent bad behavior, so countries must continue to ensure legal provisions are in place, aimed at providing safety and data protections to the public and businesses. Ideally there is a collaborative effort with conversations between stakeholders that represent standards, technology and policy (laws) with outcomes that continue to foster innovation and commerce without compromising safety and privacy. Privacy laws should consider remaining technology agnostic, focusing on the behavior and not the hardware to avoid stifling innovation. GUTMA is a convenor that is working towards that goal, creating separate task forces to address the nexus of these critical areas.
Today, drone operations are legally bound in Europe by (EU) Implementing regulations 2019/947. The regulation groups drones by size and provides a proportionate approach to safety. In developing the legal framework, there are a number of considerations made:
- Categories of unmanned aircraft (flying objects e.g. paper aeroplanes, frisbees and flying machines ranging from hobby drones to large drones capable of carrying people or cargo).
- Hobby flying and as part of a model flying club.
- Indoor vs outdoor flying.
- Commercial drone operations.
- Drone operations in rural and urban areas.
- Drone operator and flyer registration is required for anyone flying a drone 250g or more on an annual basis.
Today’s rules allow small drones (<25kg) to be operated in Visual Line of Sight (VLOS) with Beyond VLOS (BVLOS) operations requiring a safety risk assessment by the operator and specific approval from the aviation regulator.
The aviation industry has developed UAS Traffic Management (UTM) technology to support drone operations alongside other airspace users, to keep drones and manned aircraft separate and ensure that adequate information is available to all stakeholders.
In principle, these rules apply to all stakeholders (including the aviation regulator) contributing to drone operations where the stakeholders are involved in data collection, processing and storage of electronic data. Not only does electronic data have to be handled appropriately from a customer-client perspective, businesses also have to ensure that they meet cybersecurity requirements applied to the drone and its hardware, the data link to the GCS, the GCS itself and ground-bases systems used by service providers. National Data Protection Agencies are empowered to protect Personally Identifiable Information (PII), to enforce data protection rules requiring mandatory reporting of data breaches and can limit or permanently ban organisations from processing certain data types.
Standards Development Organisations (SDO) are heavily involved in developing new UTM standards. ASTM has been leading the development of UTM standards and recently published the WK63418 – UTM USS interoperability standard. It supports U-space services by providing a basis by which U-space service provider’s (USSP) IT systems can communicate effectively by standardising how data is communicated between stakeholder IT systems, the vocabulary and information to be used and shared between stakeholder IT systems.
In developing this standard, ASTM examined how the data is to be transmitted and the groups of data involved in exchanges. There are both government and open standards for Internet data exchanges and security mechanisms to enable the safe transmission of information. ISO 271001 provides one such widely used standard for securing electronic data exchanges. This involves steps including verifying the identity of the sender, authorising and granting access to a network based on the identity as well as crucially data integrity and confidentiality.
Commercial UTM systems will exchange flight plans, alerts and other messages and it is important to protect both commercial and personal information. ASTM USS interoperability standard protect PII data in several ways
- Operator data such as Name, contact details are held by the USSP with contract with the operator and are not shared.
- The USSP system is the gateway for operator flight plans with each plan referenced with a unique ID generated by the USSP.
The standard does not meet the U-space 2021/554 Article 6 requirement for the UAS operator registration number and where applicable that of the drones to be included in the flight plan exchange.
Unlike large aircraft where a tail number can be used to check the status of an aircraft and its operator, drone registration markings are entirely invisible. Instead ASTM’s F3411-19 Standard Specification for Remote ID and Tracking standard allows governmental and civil identification of UAS for safety, security, and compliance purposes. The intent is for both the general public and law enforcement agencies to be empowered to check or report drone operations. Law enforcement will be able to review more details than the public e.g. the drone and operator registration details implying the transmission of PII data over the network.
Managing drone operations will require more electronic data exchanges between systems and service providers to ensure safe and sustainable operations. More standards are needed in order to deliver both safe exchanges but also the management of personally identifiable information.