Domestic drones: security and privacy game changer

Congress had questions about the use of UAVs in America. A recent hearing outlined security issues such as GPS spoofing to hijack drones and privacy issues such as drones using facial recognition capabilities to monitor and build even more databases.

Do you recall when researchers from the University of Texas hijacked a drone via GPS spoofing? Congress does and held a House Homeland Security Oversight Subcommittee hearing called Using Unmanned Aerial Systems Within the Homeland: Security Game Changer.

Professor Todd Humphreys testified [PDF] about how he and his team "repeatedly took control" of a civilian drone from a remote hilltop at White Sands Missile Range in New Mexico in front of Homeland Security and FAA officials. He had previously expressed concerns that spoofing GPS on a drone "is just another way of hijacking a plane" and crashing the hacked drone into another plane or into a building. At the hearing, Humphreys said, "Constructing from scratch a sophisticated GPS spoofer like the one developed by the University of Texas is not easy. It is not within the capability of the average person on the street, or even the average Anonymous hacker. But the emerging tools of software-defined radio and the availability of GPS signal simulators are putting spoofers within reach of ordinary malefactors."

In fact, Humphreys is not only worried about UAVs being vulnerable to GPS spoofing. He added, "Civil GPS spoofing also presents a danger to manned aircraft, maritime craft, communications systems, banking and finance institutions, and the national power grid."

Besides the potential to hack civilian drones, there are concerns about government and law enforcement drones being used to help build a surveillance society. EPIC also testified about the potential dangers of UAVs and drones. EPIC's Amie Stepanovich testified [PDF] in regard to how drones can be used to conduct surveillance and how increased privacy protections need to be added. "DHS has not sought public comment on or published any specific rules or guidelines that restrict the surveillance practices of its drone program." Stepanovich testified:

The ability to link facial recognition capabilities on drones operated by the Department of Homeland Security ("DHS") to the Federal Bureau of Investigation's Next Generation Identification database or DHS' IDENT database, two of the largest collections of biometric data in the world, exacerbates the privacy risks. Drones could be deployed to monitor individuals in a way that was not possible previously.

The EFF just testified at a hearing about the dangers of facial recognition in regards to privacy and civil liberties. "Face recognition is here to stay, and, though many Americans may not realize it, they are already in a face recognition database." EFF Staff Attorney Jennifer Lynch said, "Face recognition allows for covert, remote and mass capture and identification of images -- and the photos that may end up in a database include not just a person's face but also how she is dressed and possibly whom she is with."

You add facial recognition to domestic drones that may dump all that info into a database and innocent Americans could potentially be earmarked as suspicious. All of this comes at a time when the "deadline looms for the FAA to devise regulations and licensing that incorporate unmanned aerial vehicles (UAVs) into the national airspace."

The EFF recently released 125 drone certificates and other documents received in response to a FOIA. The information is "about drone flights in the United States, including extensive details about the specific drone models some entities are flying, where they fly, how frequently they fly, and how long they stay in the air." Despite that release about drones, EPIC said that "the FAA's process for the application and approval of a drone license are still mostly opaque, preventing any transparency or accountability for operators."

We the People need a lot more answers about securing drones and the future of drone surveillance. We need a lot more privacy protections put into place before hundreds of drones are buzzing overhead. As we've seen too often, technology that is supposed to be used for one thing, ends up being used and abused for others.

Like this? Here's more posts:

Follow me on Twitter @PrivacyFanatic

Copyright © 2012 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)