Your drone will soon be narcing on you

[ac0j]

629.84.
Any violation of this chapter is punishable by a fine not exceeding two thousand five hundred dollars ($2,500), or by imprisonment in the county jail not exceeding one year, or by imprisonment pursuant to subdivision (h) of Section 1170, or by both that fine and imprisonment.

629.86.
Any person whose wire or electronic communication is intercepted, disclosed, or used in violation of this chapter shall have the following remedies:
(a) Have a civil cause of action against any person who intercepts, discloses, or uses, or procures any other person to intercept, disclose, or use, the communications.
(b) Be entitled to recover, in that action, all of the following:
(1) Actual damages but not less than liquidated damages computed at the rate of one hundred dollars ($100) a day for each day of violation or one thousand dollars ($1,000), whichever is greater.
(2) Punitive damages.
(3) Reasonable attorney’s fees and other litigation costs reasonably incurred.

The way this reads to me is, they cannot Intercept actual electronic communications to and from you. It says nothing about obtaining an email address. This would be similar to obtaining your phone number or street address. That MOST drone users proudly display on the drone (in case it is lost).

 

[Chip]

DJI previously stated that its a retrofit made easily via firmware update. I wonder which update?

 

[Chip]

The way this reads to me is, they cannot Intercept actual electronic communications to and from you. It says nothing about obtaining an email address. This would be similar to obtaining your phone number or street address. That MOST drone users proudly display on the drone (in case it is lost).

You may be right that capturing telemetry data and personal ID in this situation is not "eavesdropping" or "intercepting" under CA's Interception of Wire, Electronic Digital Pager, and Cellular Telephone Communications Act. I'm still unclear whether drone is broadcasting information automatically like a transponder that cannot be turned off with no need to interact with cell phone, tablet, or other connection or if we somehow already gave express consent via the fine print in a firmware update. May have to come back to it. In the meantime, I have another theory to run up the flagpole: Depending on when, where and how it is being used, AeroScope could be deemed a "tracking device" which violates other CA privacy laws such as:
CA Penal Code Sec. 637.7

637.7. (a) No person or entity in this state shall use an electronic tracking device to determine the location or movement of a person.

(b) This section shall not apply when the registered owner, lessor, or lessee of a vehicle has consented to the use of the electronic tracking device with respect to that vehicle.

(c) This section shall not apply to the lawful use of an electronic tracking device by a law enforcement agency.

(d) As used in this section, “electronic tracking device” means any device attached to a vehicle or other movable thing that reveals its location or movement by the transmission of electronic signals.

(e) A violation of this section is a misdemeanor.

(f) A violation of this section by a person, business, firm, company, association, partnership, or corporation licensed under Division 3 (commencing with Section 5000) of the Business and Professions Code shall constitute grounds for revocation of the license issued to that person, business, firm, company, association, partnership, or corporation, pursuant to the provisions that provide for the revocation of the license as set forth in Division 3 (commencing with Section 5000) of the Business and Professions Code.

 

[Ron_Dog]

Gives DJI's sales pitch "7KM or 4.3 Mile range" a new perspective, doesn't it?

 

[Chip]

Gives DJI's sales pitch "7KM or 4.3 Mile range" a new perspective, doesn't it?

Yes, it does. Just about fell out of my chair when I read the drone was 10 miles away when the device beeped and flashed the owner's email address. Its great the reporter took note of these details but I wish she would have asked more questions like:
who authorized Camarillo Airport to use the device?
what are the exact terms of the arrangement with DJI?
is aeroscope a "tracking device" which requires a search warrant?
how does aeroscope get the owner's email address?
where is the flight data ( telemetry ID, pilot location,and email address) stored and who has access to it?

 

[Chip]

DJI NEWS 2017-10-12

DJI Unveils Technology To Identify And Track Airborne Drones

AeroScope Addresses Safety, Security And Privacy Concerns While Protecting Drone Pilots

Drone identification settings will be included in DJI’s initial drone software to allow customers to choose the content of their own drone’s identification broadcast to match local expectations both before and after identification regulations are implemented in different jurisdictions. To protect customers’ privacy, the AeroScope system will not automatically transmit any personally identifiable information until regulations or policies in the pilot's jurisdiction require it.

 

[dewster]

I thought the answer was no, not without future firmware update that would require special notice to consumer. But, the journalist who visited Camarillo airport says she saw the Aeroscope identify an Inspire from 10 miles away a few days ago! Anyone know when the Inspire firmware was last updated?

10 miles. Wow... better not peep your head in the sky. I've hacked my Mavic so that I could fly inside of my home while in a NFZ. I wonder if I'll start getting emails saying that I violated airspace. Lol.

 

[Chip]

I know what you mean. Getting a letter is bad enough but what Im afraid of is home visit by armed belligerents. Call me paranoid I guess but it was DJI who warned me to take a "heightened interest" in my privacy and not to reveal my name, address or flight information so as to avoid home visit by armed belligerents with a gripe.

From the DJI White Paper:

Although UAS do not carry people, and so do not implicate free movement of people, identification information does indicate the location of the person operating the UAS, thus revealing the activities of persons and businesses. The interest in privacy is, unfortunately, arguably heightened compared to manned aircraft considering the occasional violent confrontations that UAS operators have faced over the last few years, including physical assault and gunfire. A system that enables belligerent individuals to look up the name and address of, and then knock on the door of, a local UAS operator, is not acceptable and will detrimentally impact UAS operators who are operating safely and doing nothing wrong. The personal information of the owner (or operator) should be accessible to law enforcement only, who can investigate complaints of unlawful or dangerous conduct. Privacy and personal safety interests compel an identification system that protects operator business interests and discloses personally identifiable information only to law enforcement agencies.


Knock, knock! You the guy flying the drone
ten miles from the airport?

 

[Chip]

The aeroscope has been likened to a license plate reader for drones. Its not a bad analogy but that’s the problem. Automatic license plate readers (ALPRs) have been controversial in several states and local communities. Some states like CA where Camarillo airport is located, have enacted laws which permit law enforcement to use ALPRs in certain circumstances but only under strict rules specially designed to reduce risk of misusing the technology or mishandling personal ID and location data. Here are some of the CA laws on ALPRs:


CA Civil Code Sec. 1798.90.51 Duties of Automated License Plate Reader Operator

An ALPR Operator shall do all of the following:
a) Maintain reasonable security procedures and practices, including operational, administrative, technical, and physical safeguards, to protect ALPR information from unauthorized access, destruction, use, modification, or disclosure.
(b)(1) Implement a usage and privacy policy in order to ensure that the collection, use, maintenance, sharing, and dissemination of ALPR information is consistent with respect for individuals' privacy and civil liberties. The usage and privacy policy shall be available to the public in writing, and, if the ALPR operator has an Internet Web site, the usage and privacy policy shall be posted conspicuously on that Internet Web site.
(2) The usage and privacy policy shall, at a minimum, include all of the following:
(A) The authorized purposes for using the ALPR system and collecting ALPR information.
(B) A description of the job title or other designation of the employees and independent contractors who are authorized to use or access the ALPR system, or to collect ALPR information. The policy shall identify the training requirements necessary for those authorized employees and independent contractors.
(C) A description of how the ALPR system will be monitored to ensure the security of the information and compliance with applicable privacy laws.
(D) The purposes of, process for, and restrictions on, the sale, sharing, or transfer of ALPR information to other persons.
(E) The title of the official custodian, or owner, of the ALPR system responsible for implementing this section.
(F) A description of the reasonable measures that will be used to ensure the accuracy of ALPR information and correct data errors.
(G) The length of time ALPR information will be retained, and the process the ALPR operator will utilize to determine if and when to destroy retained ALPR information.

CA Civil Code Sec. 1798.90.52(a) Record of Access; Use of Information
If an ALPR Operator accesses or provides access to ALPR information the ALRP operator shall do both of the following:
a) Maintain a record of that access. At a minimum, the record shall include all of the following:
(1) The date and time the information is accessed.
(2) The license plate number or other data elements used to query the ALPR system.
(3) The username of the person who accesses the information, and, as applicable, the organization or entity with whom the person is affiliated.
(4) The purpose for accessing the information.
(b) Require that ALPR information only be used for the authorized purposes described in the usage and privacy policy required by subdivision (b) of Section 1798.90.51.

CA Civil Code Sec. 1798.90.53
Duties of ALPR End-User
An ALPR end-user shall do all of the following:
a) Maintain reasonable security procedures and practices, including operational, administrative, technical, and physical safeguards, to protect ALPR information from unauthorized access, destruction, use, modification, or disclosure.
(b)(1) Implement a usage and privacy policy in order to ensure that the access, use, sharing, and dissemination of ALPR information is consistent with respect for individuals' privacy and civil liberties. The usage and privacy policy shall be available to the public in writing, and, if the ALPR end-user has an Internet Web site, the usage and privacy policy shall be posted conspicuously on that Internet Web site.
(2) The usage and privacy policy shall, at a minimum, include all of the following:
(A) The authorized purposes for accessing and using ALPR information.
(B) A description of the job title or other designation of the employees and independent contractors who are authorized to access and use ALPR information. The policy shall identify the training requirements necessary for those authorized employees and independent contractors.
(C) A description of how the ALPR system will be monitored to ensure the security of the information accessed or used, and compliance with all applicable privacy laws and a process for periodic system audits.
(D) The purposes of, process for, and restrictions on, the sale, sharing, or transfer of ALPR information to other persons.
(E) The title of the official custodian, or owner, of the ALPR information responsible for implementing this section.
(F) A description of the reasonable measures that will be used to ensure the accuracy of ALPR information and correct data errors.
(G) The length of time ALPR information will be retained, and the process the ALPR end-user will utilize to determine if and when to destroy retained ALPR information.

CA Civil Code Sec. 1798.90.54
Civil Action
(a) In addition to any other sanctions, penalties, or remedies provided by law, an individual who has been harmed by a violation of this title, including, but not limited to, unauthorized access or use of ALPR information or a breach of security of an ALPR system, may bring a civil action in any court of competent jurisdiction against a person who knowingly caused the harm.
(b) The court may award a combination of any one or more of the following:
(1) Actual damages, but not less than liquidated damages in the amount of two thousand five hundred dollars ($2,500).
(2) Punitive damages upon proof of willful or reckless disregard of the law.
(3) Reasonable attorney s fees and other litigation costs reasonably incurred.
(4) Other preliminary and equitable relief as the court determines to be appropriate.