Introduction 767 I. FAA Modernization Act 769 A. The FAA and the Petition for a Drone Privacy Rulemaking 771 B. The FAA, Drones, and Privacy 772 C. EPIC v. FAA 775 II. Privacy Issues 776 III. Lack of Legal Protections 778 A. Fourth Amendment Law, Drones, and Aerial Surveillance 780 B. The Third Party Doctrine and Drone Surveillance 782 IV. Potential Market for Drone Data Collection 785 V. Importance of Privacy in Public 787 VI. Why the FAA Should Regulate Drones 789 A. Privacy Must be Addressed to Safely Integrate Drones into the National Airspace 789 B. The FAA Modernization Act Requires the FAA to Address Privacy Issues 790 Conclusion 792 INTRODUCTION
Imagine a scenario not too far off in the future where drones in the sky are a regular occurrence over densely populated urban areas. These drones do not need to be in the line of sight of an operator and do not need to be actively operated at all as they fly around autonomously. Some of the drones you can see but more are present then the eye can discern. Some are flying too high to see and are too quiet to hear.
The drones constantly flying overhead are delivering packages, transporting people, monitoring traffic, checking infrastructure, providing building security, and monitoring the environment. You know that the drones carry all sorts of high-tech equipment. But you do not know exactly what technology is on the drone, what the surveillance capabilities are, what information these drones could be collecting about you and anyone else who happens to be in a public space, or how this information could be used or to whom the information could be disclosed. Going into public essentially means giving up your privacy in a way never imagined before with little to no say in the matter. To maintain any semblance of privacy in public requires extraordinary efforts that limit your ability to participate in modern society. You do not carry your smartphone or any other mobile device that connects to the internet, (1) you wear a hood and special tinted glasses to thwart ear, (2) iris, (3) and facial recognition, (4) and you randomize your gait. (5) You also wear gloves to prevent the capture of your fingerprints, (6) avoid driving your own car, (7) and avoid using the new self-driving/flying drone cars (8)--you stick to walking, biking, or mass public transportation.
The description above sounds a lot like the beginning of a dystopian novel, but it is the current track we are on as drones are being integrated into the National Airspace with no privacy protections for public space. In 2012, the Federal Aviation Administration ("FAA") was tasked by Congress with integrating drones into the National Airspace. Five years later, the agency is still working on domestic drone integration but refuses to address privacy as the agency works to establish safety rules for drones despite identifying privacy as an important issue to address as drones are integrated into the National Airspace. (9)
Part I of this Article discusses the FAA Modernization and Reform Act of 2012. The subsections of this Part will discuss some of the relevant details of the Act, the petition of the FAA to address drone privacy after the Act was passed, and the FAA's changing relationship with privacy. Part II highlights the privacy issues created by the integration of drones. Part III will look at the lack of legal protections for privacy in public, and Part IV will provide an example of how these lack of protections provide incentives for companies to amass data on individuals in public for financial gain. Part V will discuss why privacy in public is so important, and Part VI will provide reasons why the FAA needs to address privacy as the agency integrates drones. Finally, the Article provides some concluding thoughts, including the most important action the FAA could force drone companies to do.
FAA MODERNIZATION ACT
On February 14, 2012, the FAA Modernization and Reform Act of 2012 ("FAA Modernization Act" or "the Act") was enacted, requiring the Federal Aviation Administration to establish drone regulations and implement drones into the National Airspace System ("National Airspace"). (10) The Act established a number of requirements and deadlines for the FAA to meet. Section 332 of the Act requires the FAA to develop a "Comprehensive Plan" to integrate drones into the National Airspace. (11) The Comprehensive Plan was to be finished no later than 270 days after the FAA Modernization Act became law. (12) Congress set minimum requirements for the plan, including projections on the required public drone rulemaking with specific recommendations on "how the rulemaking will--"
(i) define the acceptable standards for operation and certification of civil unmanned aircraft systems; (ii) ensure that any civil unmanned aircraft system includes a sense and avoid capability; and (iii) establish standards and requirements for the operator and pilot of a civil unmanned aircraft system, including standards and requirements for registration and licensing... (13) The Comprehensive Plan was due to Congress within one year of the FAA Modernization Act becoming law. (14) At the same time Congress required the submission of the Comprehensive Plan, it also required the FAA to develop a five-year roadmap ("the Roadmap") for the introduction of drones into the National Airspace. (15)
The Act requires the FAA to implement the recommendations of the Comprehensive Plan through a public notice-and-comment rulemaking. (16) The notice for the Comprehensive Plan rulemaking was due within eighteen months after the Comprehensive Plan was due to Congress. (17) The final rule was then to be published within sixteen months after the notice of the Comprehensive Plan rulemaking. (18) Using all the deadlines set by Congress and adding up the months, the final rule was to be published within forty-six months of the enactment of the FAA Modernization Act, which would have been in December 2015. (19)
The FAA has completely failed to adhere to the timeline established by Congress. As of April 2017, over sixty months had passed since the enactment of the FAA Modernization Act, and not even the notice for the rulemaking to implement the Comprehensive Plan has been published. The Comprehensive Plan itself has been published but even that was delivered to Congress nearly nine months later than required. (20)
The FAA and the Petition for a Drone Privacy Rulemaking
Although the FAA has not yet conducted the rulemaking to implement the Comprehensive Plan as required by Congress, the agency has conducted one rulemaking on drone integration related to small commercial drones. (21) That small drone rulemaking seemingly highlighted a reversal by the agency to address privacy in a formal way as it worked to integrate drones into the National Airspace. (22) The notice for the rulemaking stated that privacy was "beyond the scope of this rulemaking" and concluded that the agency had no jurisdiction to regulate drone privacy. (23)
This statement and conclusion in the Notice of Proposed Rulemaking ("NPRM") for the small drone rulemaking seemingly went against the FAA's previous actions and words, as well as congressional intent. To understand why, this Article looks at the agency's history with privacy as it relates to drones.
As previously mentioned, the FAA Modernization Act became law in February 2012. Immediately after the enactment of the Act, the Electronic Privacy Information Center ("EPIC") (24) led a coalition of organizations, legal scholars, and technology experts to petition the FAA to establish drone privacy rules--noting that "[t]he increased use of drones poses an ongoing threat to every person residing within the United States." (25) Specifically, the petition called upon the FAA to conduct a separate rulemaking on the privacy issues raised by drones in the National Airspace. (26)
The FAA, Drones, and Privacy
After the FAA Modernization Act was passed in 2012, the FAA appeared to embrace privacy as the agency went through the process of integrating drones into the National Airspace. Within two months of the Act becoming law, Senator Edward J. Markey (D-MA) and Representative Joe Barton (R-TX) sent a letter to the FAA with several questions focused on privacy and the integration of drones into the National Airspace. (32) The legislators noted that although drones will have their benefits, they also "enable invasive and pervasive surveillance without adequate privacy protections." (33) The legislators wanted to know "how the FAA is addressing" the privacy implications of drones. (34) Markey and Barton noted that the rulemaking process required by the FAA Modernization Act afforded the agency the "opportunity and responsibility to ensure that privacy of individuals is protected and that the public is fully informed about who is using drones in the public airspace and why." (35)
In response to the...