DJI Mavic, Air and Mini Drones
Friendly, Helpful & Knowledgeable Community
Join Us Now

Would you support a lawsuit over Remote ID?

Would you support a lawsuit over Remote ID?

  • I would support a lawsuit over remote ID with donations

    Votes: 77 37.4%

  • I support a lawsuit over Remote ID but not enough to give money

    Votes: 41 19.9%

  • I don’t care about this issue

    Votes: 18 8.7%

  • I like the remote ID rule and I am against a lawsuit

    Votes: 70 34.0%
  • Total voters
    206
brett8883 said:
Yea encrypted and I’d also like some kind of protection against abuse by LE.
Click to expand...
What kind of protection?

Check out this animated version of the case I referenced earlier. In this version, the Predator uses special sensors to peer inside building and alert SWAT when suspects put down their weapons. Should that require a warrant?

 
Chip said:
What kind of protection?

Check out this animated version of the case I referenced earlier. In this version, the Predator uses special sensors to peer inside building and alert SWAT when suspects put down their weapons. Should that require a warrant?

Click to expand...
In this case the fact that they chased LE away with firearms kinda throws everything out the window no?

It would be more interesting if they simply refused entry and LE used the drone to find the cows and used that as a basis to enter the home. In your example the drone was just used tactically to determine when it was safe to enter the house not to actually gather evidence is that correct?

I would like some kind of protection like a warrant or even some kind of probable cause required to use it. I don’t want the app to be used to identify a reason for someone to get in trouble. Instead the crime should be identified and THEN the app used to identify the pilot.
 
Chip said:
The point I was making though is that there is good reason for drone pilots to fear being surreptitiously tracked by public or anyone with a gun and a grudge.

If the FAA encrypted the location information, this problem more or less goes away.

Yes, encryption seems like one good way to mitigate problem. I think Brett said that was all he wanted as have several others who have weighed in on this thread. What is the path to getting encryption and what are chances?
Click to expand...
The path to getting encryption has multiple components. Just to be clear, I'm talking about using public-key encryption. The drone encrypts the data with a private key and anyone with the public key can decrypt it. The drone gets the public key from a secure server that only authorized users can access. The app that LE and First Responders would use would be able to access the public keys.

The FAA's complaint with encryption is that it would be a barrier for LE to use. So the way to get encryption is to prove that it's not a real barrier to LE.

You are going to need an app to read Remote ID messages. Your phone isn't going to magically display RID messages. Something needs to be able to recognize them and display them to the user. This doesn't take into account that you will probably need an OS update to pickup RID messages. The networking stacks on Android and iOS will be probably be ignoring message types that they don't know or care about it. But that is a separate issue for the FAA to deal with. This will be clearer once the FAA provides the specifics of the RID messages.

To keep things simple, you don't create private/public keys for each drone. Otherwise, the RID App has to download all of them. So you create a set of 1000 keys with ID for each key. And they are good for three months in case someone leaks the keys. Once a quarter, the LE app needs to have Internet access to pull down the keys. The drone app also needs to connect once a quarter and it will download one of the public/private keys. It will send a data packet with the key id encrypted and the pilot's location encrypted.

When the RID app picks up a RID message, it takes the id key and uses that to figure out with public key is needed to decrypt the data. This would be completely transparent to the end-user. Only authorized users would see the pilot's location. Other users would not have access to that data. If for some reason, the LE user didn't have the latest public keys, the app could store the message and decrypt it when they could download the keys. That would be useful to prove or disprove a pilot was operating legally.

This is not 100% secure, but it provides a reasonable amount of security that would deter most people from getting at the takeoff location. There are other drawbacks to doing this, but it's a simple path to encryption and addresses the concerns that the FAA raised.
 
anotherlab said:
The path to getting encryption has multiple components. Just to be clear, I'm talking about using public-key encryption. The drone encrypts the data with a private key and anyone with the public key can decrypt it. The drone gets the public key from a secure server that only authorized users can access. The app that LE and First Responders would use would be able to access the public keys.

The FAA's complaint with encryption is that it would be a barrier for LE to use. So the way to get encryption is to prove that it's not a real barrier to LE.

You are going to need an app to read Remote ID messages. Your phone isn't going to magically display RID messages. Something needs to be able to recognize them and display them to the user. This doesn't take into account that you will probably need an OS update to pickup RID messages. The networking stacks on Android and iOS will be probably be ignoring message types that they don't know or care about it. But that is a separate issue for the FAA to deal with. This will be clearer once the FAA provides the specifics of the RID messages.

To keep things simple, you don't create private/public keys for each drone. Otherwise, the RID App has to download all of them. So you create a set of 1000 keys with ID for each key. And they are good for three months in case someone leaks the keys. Once a quarter, the LE app needs to have Internet access to pull down the keys. The drone app also needs to connect once a quarter and it will download one of the public/private keys. It will send a data packet with the key id encrypted and the pilot's location encrypted.

When the RID app picks up a RID message, it takes the id key and uses that to figure out with public key is needed to decrypt the data. This would be completely transparent to the end-user. Only authorized users would see the pilot's location. Other users would not have access to that data. If for some reason, the LE user didn't have the latest public keys, the app could store the message and decrypt it when they could download the keys. That would be useful to prove or disprove a pilot was operating legally.

This is not 100% secure, but it provides a reasonable amount of security that would deter most people from getting at the takeoff location. There are other drawbacks to doing this, but it's a simple path to encryption and addresses the concerns that the FAA raised.
Click to expand...
This is just elementary data security. Anybody who tries to tell you this is too complicated is trying to pull as fast one on you.

Here’s another aspect of this. I’ll be shocked if Apple and Google allow an app in their App Store that will allow the phone to receive unauthenticated wi-fi signals with no security. Hackers could potentially use that to infuriate the device. Any incoming connection is a potential threat.
 
brett8883 said:
This is just elementary data security. Anybody who tries to tell you this is too complicated is trying to pull as fast one on you.
Click to expand...
It's pretty poor security, but it's better than no security. I'll take decent protection over no protection.

brett8883 said:
Here’s another aspect of this. I’ll be shocked if Apple and Google allow an app in their App Store that will allow the phone to receive unauthenticated wi-fi signals with no security.
Click to expand...
There is no such restriction for apps submitted to Android or iOS app stores. You already receive unauthenticated Wi-Fi packets now. That's how the SSID's are broadcast. It's also how Bluetooth beacons work. And NFC, for that matter.

brett8883 said:
Hackers could potentially use that to infuriate the device. Any incoming connection is a potential threat.
Click to expand...
The FAA has already defined what data it wants to see in a Remote ID packet. The specifics of how the packet is formatted has not been defined. A properly written application would be able to handle a mal-formed packer transmitted by a hacker.

One thing to remember, there is no connection. The RID messages are being sent out and you just read them or ignore them. It's very much like a BLE beacon message that way.
 
anotherlab said:
The path to getting encryption has multiple components. Just to be clear, I'm talking about using public-key encryption. The drone encrypts the data with a private key and anyone with the public key can decrypt it. The drone gets the public key from a secure server that only authorized users can access. The app that LE and First Responders would use would be able to access the public keys.

The FAA's complaint with encryption is that it would be a barrier for LE to use. So the way to get encryption is to prove that it's not a real barrier to LE.

You are going to need an app to read Remote ID messages. Your phone isn't going to magically display RID messages. Something needs to be able to recognize them and display them to the user. This doesn't take into account that you will probably need an OS update to pickup RID messages. The networking stacks on Android and iOS will be probably be ignoring message types that they don't know or care about it. But that is a separate issue for the FAA to deal with. This will be clearer once the FAA provides the specifics of the RID messages.

To keep things simple, you don't create private/public keys for each drone. Otherwise, the RID App has to download all of them. So you create a set of 1000 keys with ID for each key. And they are good for three months in case someone leaks the keys. Once a quarter, the LE app needs to have Internet access to pull down the keys. The drone app also needs to connect once a quarter and it will download one of the public/private keys. It will send a data packet with the key id encrypted and the pilot's location encrypted.

When the RID app picks up a RID message, it takes the id key and uses that to figure out with public key is needed to decrypt the data. This would be completely transparent to the end-user. Only authorized users would see the pilot's location. Other users would not have access to that data. If for some reason, the LE user didn't have the latest public keys, the app could store the message and decrypt it when they could download the keys. That would be useful to prove or disprove a pilot was operating legally.

This is not 100% secure, but it provides a reasonable amount of security that would deter most people from getting at the takeoff location. There are other drawbacks to doing this, but it's a simple path to encryption and addresses the concerns that the FAA raised.
Click to expand...
Thank you for taking the time to explain that. I think I finally get the gist. What is the perceived barrier to law enforcement? If you have the key, could you not decode the signal real quick?
 
brett8883 said:
In this case the fact that they chased LE away with firearms kinda throws everything out the window no?
Click to expand...
Great question. In the clip I posted, one reporter asked Judge Napolitano whether threatening LEO with pointed gun even on your own property would give probable cause to bring in the Predator? Judge Nap argued the LEO should get an arrest and/or search warrant to avoid any 4th Amendment issue. Especially if they want to bring in the Predator to look inside any building with special sensors.

I think the animation was wrong and the Predator did not peer inside the building but monitored the suspects in open field. At least that is what Judge Nap said.

If law enforcement is concerned over time it takes to decrypt with a key, I wonder how they would feel about getting a search warrant?

Lead Balloon.png
The Lead Balloon. Previously on display at New York Art Museum.
 
anotherlab said:
It's pretty poor security, but it's better than no security. I'll take decent protection over no protection.
Click to expand...
You lost me a little on this. Can you explain further. What is the vulnerability, how easily and by who would the keys or the encryption be compromised?
 
Chip said:
Thank you for taking the time to explain that. I think I finally get the gist. What is the perceived barrier to law enforcement? If you have the key, could you not decode the signal real quick?
Click to expand...
The FAA listed the following concerns as the barrier, emphasis mine

FAA Final Rule - Page 114 said:
Further, as some commenters suggested, different situations may necessitate certain emergency responders or other individuals to make contact with a remote pilot. In these situations, a privacy or encryption implementation may prohibit the on-scene individuals from having the critically needed information. In addition, an encryption requirement would present technical challenges leading to increased cost and complexity. For example, encryption key management could require standard remote identification unmanned aircraft, broadcast modules, and authorized receivers to have internet connectivity and specialized software, increasing the cost of this rule and potentially creating cybersecurity vulnerabilities.
Click to expand...
What I suggested mitigates both of the concerns. As long as they have the app installed and have connected to the Internet within the last 90 days, they will have the public keys needed to decrypt. With or without encryption, these messages are not going to parsed without an app. There has to be a base assumption that people will already have the app. It just becomes one more thing that gets installed on a mobile device used by LE and/or first responders.

For added cost and complexity, I think the FAA is greatly overestimating how much it costs to implement public-key encryption. Will there be a cost? Adding anything usually adds costs. The added cost to a RID module would be trivial if anything. The FAA would have to have a server running as a public key store, but that can be done on Azure and AWS and the running costs will be low.
 
  • Like
Reactions: Chip
Chip said:
You lost me a little on this. Can you explain further. What is the vulnerability, how easily and by who would the keys or the encryption be compromised?
Click to expand...
Two ways to come mind.

First, you could spoof the server that provides the public/private keys. You have a drone and you run the app that communicates with the drone. You then run or redirect to a fake site that hands out a private key to the drone that the FAA doesn't have the public key for. You then fly the drone and it encrypts and no one else can decrypt it. This is called a Man In the Middle attack (MITM). There are ways to mitigate this, but it's the obvious attack vector.

The second vulnerability is that someone leaks the keys or finds a way to access the secure server with the keys. There are multiple ways to mitigate (usage pattern analysis, key expiration, etc), but this would be the other obvious way in.

You really can't make it 100% secure, not if you want to address the FAA's concerns. But it will work better than 99% of the time and the worst thing that happens is that the takeoff location becomes visible. You are not giving out personal or financial information.
 
  • Like
Reactions: Chip
anotherlab said:
Two ways to come mind.

First, you could spoof the server that provides the public/private keys. You have a drone and you run the app that communicates with the drone. You then run or redirect to a fake site that hands out a private key to the drone that the FAA doesn't have the public key for. You then fly the drone and it encrypts and no one else can decrypt it. This is called a Man In the Middle attack (MITM). There are ways to mitigate this, but it's the obvious attack vector.

The second vulnerability is that someone leaks the keys or finds a way to access the secure server with the keys. There are multiple ways to mitigate (usage pattern analysis, key expiration, etc), but this would be the other obvious way in.

You really can't make it 100% secure, not if you want to address the FAA's concerns. But it will work better than 99% of the time and the worst thing that happens is that the takeoff location becomes visible. You are not giving out personal or financial information.
Click to expand...
Yea but for all intents and purposes this solves the problem IF only first responders are allowed to use it.

As it stands the FAA INTENDS to allow anyone and everyone to use it. Encryption or not if the public is allowed access the problem remains.
 
  • Like
Reactions: Chip
brett8883 said:
Yea but for all intents and purposes this solves the problem IF only first responders are allowed to use it.

As it stands the FAA INTENDS to allow anyone and everyone to use it. Encryption or not if the public is allowed access the problem remains.
Click to expand...
That's the point. You would have an app that receives and decodes RID messages. Anyone can use the app. But only authorized users can decrypt the location of the controller.

With all of that being said, I don't think that the FAA is going to change its position on this. I'm not a lawyer, but I have yet to see a single argument posted here that would prevail in a lawsuit against the FAA over the inclusion of the controller location.
Remote ID Final Rule - page 113 said:
The inclusion of the control station location enables the remote identification message to create a direct link between an unmanned aircraft and its operator; promoting the accountability inherent in manned aviation.
Click to expand...
 
anotherlab said:
That's the point. You would have an app that receives and decodes RID messages. Anyone can use the app. But only authorized users can decrypt the location of the controller.

With all of that being said, I don't think that the FAA is going to change its position on this. I'm not a lawyer, but I have yet to see a single argument posted here that would prevail in a lawsuit against the FAA over the inclusion of the controller location.
Click to expand...

What do you make of that 8/2020 FCC Advisory that Brett found, linked below? If it is so obvious that the FAA can force Remote ID on the populace, then why would the FCC go to time and trouble to research and publish an advisory pointing out that intercepting remote id signal and tracking pilot may violate federal and state laws?

INTERAGENCY ISSUES ADVISORY ON USE OF TECHNOLOGY TO DETECT AND MITIGATE UNMANNED AIRCRAFT SYSTEMS (New Release)

Advisory on the Application of Federal Laws to the Acquisition and Use of Technology to Detect and Mitigate Unmanned Aircraft Systems:

 
  • Like
Reactions: brett8883
anotherlab said:
With all of that being said, I don't think that the FAA is going to change its position on this. I'm not a lawyer, but I have yet to see a single argument posted here that would prevail in a lawsuit against the FAA over the inclusion of the controller location.
Click to expand...
HOLD THE BUS!

1611713003803.png

Found the legal expert you were looking for. John Rupprecht.

I paid no consultation fee, just read a few articles posted on his website! He has a lot to say about the illegal manner in which the FAA barfed out the remote ID regs. Here is the lead-in with link:

Remote ID Ex Parte Party
It was literally a house ex parte. But this is kinda illegal. The FAA attorneys know that. You’ll see a ton of ex parte going on below between law enforcement, DHS, FBI, and FAA. The FAA also did all sorts of stuff with 8 companies on working with RID. This was all done privately (in violation of) 49 CFR §5.19 Public contacts in informal rulemaking.

Saddle up Brett we got work to do...I am thinking about calling up FCC and asking how serious are we supposed to take their FCC Circular. Is it just water cooler chatter or what? In meantime, check out Rupprecht's site.

jrupprechtlaw.com

Total Guide to Part 89 Remote ID (Requirements, Waivers, Lists of Modules & Drones).

What drones or remote identification broadcast modules are compliant? Where is that list? What happens if I cannot comply?
jrupprechtlaw.com jrupprechtlaw.com
 
  • Love
Reactions: brett8883
Chip said:
HOLD THE BUS!

View attachment 122573

Found the legal expert you were looking for. John Rupprecht.

I paid no consultation fee, just read a few articles posted on his website! He has a lot to say about the illegal manner in which the FAA barfed out the remote ID regs. Here is the lead-in with link:

Remote ID Ex Parte Party
It was literally a house ex parte. But this is kinda illegal. The FAA attorneys know that. You’ll see a ton of ex parte going on below between law enforcement, DHS, FBI, and FAA. The FAA also did all sorts of stuff with 8 companies on working with RID. This was all done privately (in violation of) 49 CFR §5.19 Public contacts in informal rulemaking.

Saddle up Brett we got work to do...I am thinking about calling up FCC and asking how serious are we supposed to take their FCC Circular. Is it just water cooler chatter or what? In meantime, check out Rupprecht's site.

jrupprechtlaw.com

Total Guide to Part 89 Remote ID (Requirements, Waivers, Lists of Modules & Drones).

What drones or remote identification broadcast modules are compliant? Where is that list? What happens if I cannot comply?
jrupprechtlaw.com jrupprechtlaw.com
Click to expand...
Yea he was the guy I was gonna use the donation money to hire.

I’ve been in my saddle waiting this whole time!
6348BA72-3548-46C1-A183-933C09721850.gif
 
  • Like
Reactions: Chip
@Chip we should contact him and give him our angle about the surveillance laws. I initially didn’t want to contact him unless I had the funds to pay him because I wanted to be respectful of that but I see in the thing you sent he’s actively asking for help because it sounds like he is preparing litigation himself!

This is the big break in the case for us! He’s the right guy to lead this charge.
45E1C68C-95B3-480D-8E7A-E683A1167268.png
 

Similar threads

GFields
  • Sticky
FAA’s Remote ID Discretionary Enforcement Policy Ends March 16
Replies
8
Views
2K
News
GFields
GFields
pilotinstitute
Is the industry/community ready for Remote ID?
Replies
25
Views
4K
General Discussions
journo
J
rickfmdj
DJI Statement for Remote ID (7/1/2023) It states many will NOT have to buy a module and have a Firmware update FYI
Replies
50
Views
8K
General Discussions
mavic3usa
M
Murph66
My Book A Sample
Replies
0
Views
241
Off Topic
Murph66
Murph66
AtortPhotography
Navy Pier Chicago Illegal to Fly? I got assaulted there for not showing my ID to a security guard there.
Replies
72
Views
7K
sUAV Rules & Regulations
Anthony Ivory
A
Lycus Tech Mavic Air 3 Case

DJI Drone Deals

1. Mini 2
2. Mini 3 Pro
3. Mini 4 Pro
4. Air 2s
5. Air 3
6. Avata 2
7. Mavic 3 Pro
8. Mavic 3 Classic

New Threads

Members online

Total: 932 (members: 17, guests: 915)

Forum statistics

Threads
131,141
Messages
1,560,323
Members
160,112
Latest member
lucian