DJI Mavic, Air and Mini Drones
Friendly, Helpful & Knowledgeable Community
Join Us Now

Would you support a lawsuit over Remote ID?

Would you support a lawsuit over Remote ID?

  • I would support a lawsuit over remote ID with donations

    Votes: 77 37.4%
  • I support a lawsuit over Remote ID but not enough to give money

    Votes: 41 19.9%
  • I don’t care about this issue

    Votes: 18 8.7%
  • I like the remote ID rule and I am against a lawsuit

    Votes: 70 34.0%

  • Total voters
    206
Yea encrypted and I’d also like some kind of protection against abuse by LE.
What kind of protection?

Check out this animated version of the case I referenced earlier. In this version, the Predator uses special sensors to peer inside building and alert SWAT when suspects put down their weapons. Should that require a warrant?

To view this content we will need your consent to set third party cookies.
For more detailed information, see our cookies page.
 
What kind of protection?

Check out this animated version of the case I referenced earlier. In this version, the Predator uses special sensors to peer inside building and alert SWAT when suspects put down their weapons. Should that require a warrant?

To view this content we will need your consent to set third party cookies.
For more detailed information, see our cookies page.
In this case the fact that they chased LE away with firearms kinda throws everything out the window no?

It would be more interesting if they simply refused entry and LE used the drone to find the cows and used that as a basis to enter the home. In your example the drone was just used tactically to determine when it was safe to enter the house not to actually gather evidence is that correct?

I would like some kind of protection like a warrant or even some kind of probable cause required to use it. I don’t want the app to be used to identify a reason for someone to get in trouble. Instead the crime should be identified and THEN the app used to identify the pilot.
 
The point I was making though is that there is good reason for drone pilots to fear being surreptitiously tracked by public or anyone with a gun and a grudge.

If the FAA encrypted the location information, this problem more or less goes away.

Yes, encryption seems like one good way to mitigate problem. I think Brett said that was all he wanted as have several others who have weighed in on this thread. What is the path to getting encryption and what are chances?
The path to getting encryption has multiple components. Just to be clear, I'm talking about using public-key encryption. The drone encrypts the data with a private key and anyone with the public key can decrypt it. The drone gets the public key from a secure server that only authorized users can access. The app that LE and First Responders would use would be able to access the public keys.

The FAA's complaint with encryption is that it would be a barrier for LE to use. So the way to get encryption is to prove that it's not a real barrier to LE.

You are going to need an app to read Remote ID messages. Your phone isn't going to magically display RID messages. Something needs to be able to recognize them and display them to the user. This doesn't take into account that you will probably need an OS update to pickup RID messages. The networking stacks on Android and iOS will be probably be ignoring message types that they don't know or care about it. But that is a separate issue for the FAA to deal with. This will be clearer once the FAA provides the specifics of the RID messages.

To keep things simple, you don't create private/public keys for each drone. Otherwise, the RID App has to download all of them. So you create a set of 1000 keys with ID for each key. And they are good for three months in case someone leaks the keys. Once a quarter, the LE app needs to have Internet access to pull down the keys. The drone app also needs to connect once a quarter and it will download one of the public/private keys. It will send a data packet with the key id encrypted and the pilot's location encrypted.

When the RID app picks up a RID message, it takes the id key and uses that to figure out with public key is needed to decrypt the data. This would be completely transparent to the end-user. Only authorized users would see the pilot's location. Other users would not have access to that data. If for some reason, the LE user didn't have the latest public keys, the app could store the message and decrypt it when they could download the keys. That would be useful to prove or disprove a pilot was operating legally.

This is not 100% secure, but it provides a reasonable amount of security that would deter most people from getting at the takeoff location. There are other drawbacks to doing this, but it's a simple path to encryption and addresses the concerns that the FAA raised.
 
The path to getting encryption has multiple components. Just to be clear, I'm talking about using public-key encryption. The drone encrypts the data with a private key and anyone with the public key can decrypt it. The drone gets the public key from a secure server that only authorized users can access. The app that LE and First Responders would use would be able to access the public keys.

The FAA's complaint with encryption is that it would be a barrier for LE to use. So the way to get encryption is to prove that it's not a real barrier to LE.

You are going to need an app to read Remote ID messages. Your phone isn't going to magically display RID messages. Something needs to be able to recognize them and display them to the user. This doesn't take into account that you will probably need an OS update to pickup RID messages. The networking stacks on Android and iOS will be probably be ignoring message types that they don't know or care about it. But that is a separate issue for the FAA to deal with. This will be clearer once the FAA provides the specifics of the RID messages.

To keep things simple, you don't create private/public keys for each drone. Otherwise, the RID App has to download all of them. So you create a set of 1000 keys with ID for each key. And they are good for three months in case someone leaks the keys. Once a quarter, the LE app needs to have Internet access to pull down the keys. The drone app also needs to connect once a quarter and it will download one of the public/private keys. It will send a data packet with the key id encrypted and the pilot's location encrypted.

When the RID app picks up a RID message, it takes the id key and uses that to figure out with public key is needed to decrypt the data. This would be completely transparent to the end-user. Only authorized users would see the pilot's location. Other users would not have access to that data. If for some reason, the LE user didn't have the latest public keys, the app could store the message and decrypt it when they could download the keys. That would be useful to prove or disprove a pilot was operating legally.

This is not 100% secure, but it provides a reasonable amount of security that would deter most people from getting at the takeoff location. There are other drawbacks to doing this, but it's a simple path to encryption and addresses the concerns that the FAA raised.
This is just elementary data security. Anybody who tries to tell you this is too complicated is trying to pull as fast one on you.

Here’s another aspect of this. I’ll be shocked if Apple and Google allow an app in their App Store that will allow the phone to receive unauthenticated wi-fi signals with no security. Hackers could potentially use that to infuriate the device. Any incoming connection is a potential threat.
 
This is just elementary data security. Anybody who tries to tell you this is too complicated is trying to pull as fast one on you.
It's pretty poor security, but it's better than no security. I'll take decent protection over no protection.

Here’s another aspect of this. I’ll be shocked if Apple and Google allow an app in their App Store that will allow the phone to receive unauthenticated wi-fi signals with no security.
There is no such restriction for apps submitted to Android or iOS app stores. You already receive unauthenticated Wi-Fi packets now. That's how the SSID's are broadcast. It's also how Bluetooth beacons work. And NFC, for that matter.

Hackers could potentially use that to infuriate the device. Any incoming connection is a potential threat.
The FAA has already defined what data it wants to see in a Remote ID packet. The specifics of how the packet is formatted has not been defined. A properly written application would be able to handle a mal-formed packer transmitted by a hacker.

One thing to remember, there is no connection. The RID messages are being sent out and you just read them or ignore them. It's very much like a BLE beacon message that way.
 
The path to getting encryption has multiple components. Just to be clear, I'm talking about using public-key encryption. The drone encrypts the data with a private key and anyone with the public key can decrypt it. The drone gets the public key from a secure server that only authorized users can access. The app that LE and First Responders would use would be able to access the public keys.

The FAA's complaint with encryption is that it would be a barrier for LE to use. So the way to get encryption is to prove that it's not a real barrier to LE.

You are going to need an app to read Remote ID messages. Your phone isn't going to magically display RID messages. Something needs to be able to recognize them and display them to the user. This doesn't take into account that you will probably need an OS update to pickup RID messages. The networking stacks on Android and iOS will be probably be ignoring message types that they don't know or care about it. But that is a separate issue for the FAA to deal with. This will be clearer once the FAA provides the specifics of the RID messages.

To keep things simple, you don't create private/public keys for each drone. Otherwise, the RID App has to download all of them. So you create a set of 1000 keys with ID for each key. And they are good for three months in case someone leaks the keys. Once a quarter, the LE app needs to have Internet access to pull down the keys. The drone app also needs to connect once a quarter and it will download one of the public/private keys. It will send a data packet with the key id encrypted and the pilot's location encrypted.

When the RID app picks up a RID message, it takes the id key and uses that to figure out with public key is needed to decrypt the data. This would be completely transparent to the end-user. Only authorized users would see the pilot's location. Other users would not have access to that data. If for some reason, the LE user didn't have the latest public keys, the app could store the message and decrypt it when they could download the keys. That would be useful to prove or disprove a pilot was operating legally.

This is not 100% secure, but it provides a reasonable amount of security that would deter most people from getting at the takeoff location. There are other drawbacks to doing this, but it's a simple path to encryption and addresses the concerns that the FAA raised.
Thank you for taking the time to explain that. I think I finally get the gist. What is the perceived barrier to law enforcement? If you have the key, could you not decode the signal real quick?
 
In this case the fact that they chased LE away with firearms kinda throws everything out the window no?
Great question. In the clip I posted, one reporter asked Judge Napolitano whether threatening LEO with pointed gun even on your own property would give probable cause to bring in the Predator? Judge Nap argued the LEO should get an arrest and/or search warrant to avoid any 4th Amendment issue. Especially if they want to bring in the Predator to look inside any building with special sensors.

I think the animation was wrong and the Predator did not peer inside the building but monitored the suspects in open field. At least that is what Judge Nap said.

If law enforcement is concerned over time it takes to decrypt with a key, I wonder how they would feel about getting a search warrant?

Lead Balloon.png
The Lead Balloon. Previously on display at New York Art Museum.
 
It's pretty poor security, but it's better than no security. I'll take decent protection over no protection.
You lost me a little on this. Can you explain further. What is the vulnerability, how easily and by who would the keys or the encryption be compromised?
 
Thank you for taking the time to explain that. I think I finally get the gist. What is the perceived barrier to law enforcement? If you have the key, could you not decode the signal real quick?
The FAA listed the following concerns as the barrier, emphasis mine

FAA Final Rule - Page 114 said:
Further, as some commenters suggested, different situations may necessitate certain emergency responders or other individuals to make contact with a remote pilot. In these situations, a privacy or encryption implementation may prohibit the on-scene individuals from having the critically needed information. In addition, an encryption requirement would present technical challenges leading to increased cost and complexity. For example, encryption key management could require standard remote identification unmanned aircraft, broadcast modules, and authorized receivers to have internet connectivity and specialized software, increasing the cost of this rule and potentially creating cybersecurity vulnerabilities.
What I suggested mitigates both of the concerns. As long as they have the app installed and have connected to the Internet within the last 90 days, they will have the public keys needed to decrypt. With or without encryption, these messages are not going to parsed without an app. There has to be a base assumption that people will already have the app. It just becomes one more thing that gets installed on a mobile device used by LE and/or first responders.

For added cost and complexity, I think the FAA is greatly overestimating how much it costs to implement public-key encryption. Will there be a cost? Adding anything usually adds costs. The added cost to a RID module would be trivial if anything. The FAA would have to have a server running as a public key store, but that can be done on Azure and AWS and the running costs will be low.
 
  • Like
Reactions: Chip
You lost me a little on this. Can you explain further. What is the vulnerability, how easily and by who would the keys or the encryption be compromised?
Two ways to come mind.

First, you could spoof the server that provides the public/private keys. You have a drone and you run the app that communicates with the drone. You then run or redirect to a fake site that hands out a private key to the drone that the FAA doesn't have the public key for. You then fly the drone and it encrypts and no one else can decrypt it. This is called a Man In the Middle attack (MITM). There are ways to mitigate this, but it's the obvious attack vector.

The second vulnerability is that someone leaks the keys or finds a way to access the secure server with the keys. There are multiple ways to mitigate (usage pattern analysis, key expiration, etc), but this would be the other obvious way in.

You really can't make it 100% secure, not if you want to address the FAA's concerns. But it will work better than 99% of the time and the worst thing that happens is that the takeoff location becomes visible. You are not giving out personal or financial information.
 
  • Like
Reactions: Chip
Two ways to come mind.

First, you could spoof the server that provides the public/private keys. You have a drone and you run the app that communicates with the drone. You then run or redirect to a fake site that hands out a private key to the drone that the FAA doesn't have the public key for. You then fly the drone and it encrypts and no one else can decrypt it. This is called a Man In the Middle attack (MITM). There are ways to mitigate this, but it's the obvious attack vector.

The second vulnerability is that someone leaks the keys or finds a way to access the secure server with the keys. There are multiple ways to mitigate (usage pattern analysis, key expiration, etc), but this would be the other obvious way in.

You really can't make it 100% secure, not if you want to address the FAA's concerns. But it will work better than 99% of the time and the worst thing that happens is that the takeoff location becomes visible. You are not giving out personal or financial information.
Yea but for all intents and purposes this solves the problem IF only first responders are allowed to use it.

As it stands the FAA INTENDS to allow anyone and everyone to use it. Encryption or not if the public is allowed access the problem remains.
 
  • Like
Reactions: Chip
Yea but for all intents and purposes this solves the problem IF only first responders are allowed to use it.

As it stands the FAA INTENDS to allow anyone and everyone to use it. Encryption or not if the public is allowed access the problem remains.
That's the point. You would have an app that receives and decodes RID messages. Anyone can use the app. But only authorized users can decrypt the location of the controller.

With all of that being said, I don't think that the FAA is going to change its position on this. I'm not a lawyer, but I have yet to see a single argument posted here that would prevail in a lawsuit against the FAA over the inclusion of the controller location.
Remote ID Final Rule - page 113 said:
The inclusion of the control station location enables the remote identification message to create a direct link between an unmanned aircraft and its operator; promoting the accountability inherent in manned aviation.
 
That's the point. You would have an app that receives and decodes RID messages. Anyone can use the app. But only authorized users can decrypt the location of the controller.

With all of that being said, I don't think that the FAA is going to change its position on this. I'm not a lawyer, but I have yet to see a single argument posted here that would prevail in a lawsuit against the FAA over the inclusion of the controller location.

What do you make of that 8/2020 FCC Advisory that Brett found, linked below? If it is so obvious that the FAA can force Remote ID on the populace, then why would the FCC go to time and trouble to research and publish an advisory pointing out that intercepting remote id signal and tracking pilot may violate federal and state laws?

INTERAGENCY ISSUES ADVISORY ON USE OF TECHNOLOGY TO DETECT AND MITIGATE UNMANNED AIRCRAFT SYSTEMS (New Release)

Advisory on the Application of Federal Laws to the Acquisition and Use of Technology to Detect and Mitigate Unmanned Aircraft Systems:

 
  • Like
Reactions: brett8883
With all of that being said, I don't think that the FAA is going to change its position on this. I'm not a lawyer, but I have yet to see a single argument posted here that would prevail in a lawsuit against the FAA over the inclusion of the controller location.
HOLD THE BUS!

1611713003803.png

Found the legal expert you were looking for. John Rupprecht.

I paid no consultation fee, just read a few articles posted on his website! He has a lot to say about the illegal manner in which the FAA barfed out the remote ID regs. Here is the lead-in with link:

Remote ID Ex Parte Party
It was literally a house ex parte. But this is kinda illegal. The FAA attorneys know that. You’ll see a ton of ex parte going on below between law enforcement, DHS, FBI, and FAA. The FAA also did all sorts of stuff with 8 companies on working with RID. This was all done privately (in violation of) 49 CFR §5.19 Public contacts in informal rulemaking.

Saddle up Brett we got work to do...I am thinking about calling up FCC and asking how serious are we supposed to take their FCC Circular. Is it just water cooler chatter or what? In meantime, check out Rupprecht's site.

 
  • Love
Reactions: brett8883
HOLD THE BUS!

View attachment 122573

Found the legal expert you were looking for. John Rupprecht.

I paid no consultation fee, just read a few articles posted on his website! He has a lot to say about the illegal manner in which the FAA barfed out the remote ID regs. Here is the lead-in with link:

Remote ID Ex Parte Party
It was literally a house ex parte. But this is kinda illegal. The FAA attorneys know that. You’ll see a ton of ex parte going on below between law enforcement, DHS, FBI, and FAA. The FAA also did all sorts of stuff with 8 companies on working with RID. This was all done privately (in violation of) 49 CFR §5.19 Public contacts in informal rulemaking.

Saddle up Brett we got work to do...I am thinking about calling up FCC and asking how serious are we supposed to take their FCC Circular. Is it just water cooler chatter or what? In meantime, check out Rupprecht's site.

Yea he was the guy I was gonna use the donation money to hire.

I’ve been in my saddle waiting this whole time!
6348BA72-3548-46C1-A183-933C09721850.gif
 
  • Like
Reactions: Chip
@Chip we should contact him and give him our angle about the surveillance laws. I initially didn’t want to contact him unless I had the funds to pay him because I wanted to be respectful of that but I see in the thing you sent he’s actively asking for help because it sounds like he is preparing litigation himself!

This is the big break in the case for us! He’s the right guy to lead this charge.
45E1C68C-95B3-480D-8E7A-E683A1167268.png
 

DJI Drone Deals

New Threads

Forum statistics

Threads
135,476
Messages
1,606,651
Members
163,928
Latest member
JaniJani
Want to Remove this Ad? Simply login or create a free account