Wing voiced opposition to the FAA UAS Remote ID final rules because of their exclusion of network Remote ID. (Wing)
The highly anticipated unmanned aircraft system (UAS) Remote Identification (Remote ID) final rules have been released; however, they include a major change from the proposed rules: the exclusion of network Remote ID. The Federal Aviation Administration cited security issues, privacy concerns, connectivity issues, and regulatory challenges as reasons for not adopting network Remote ID while companies and organizations who advocated for network Remote ID claim its exclusion creates its own privacy concerns and limits innovation and progress.
“Unfortunately, the final rule, unlike existing international standards, does not allow the use of equally effective network remote ID, and requires all UAS, no matter the use case, to use “broadcast” RID [remote ID],” Wing said in a statement reacting to the rule. “This approach creates barriers to compliance and will have unintended negative privacy impacts for businesses and consumers.”
Advocates for network Remote ID are more focused on the inclusion or more options to comply with the FAA final rules rather than choosing one system over the other.
“The Small UAV Coalition commends the FAA and Department of Transportation in meeting its commitment to publish a final remote ID rule by the end of this year,” the Small UAV Coalition said in a statement. “Unfortunately, however, the FAA missed the opportunity to adopt a flexible, technology-neutral approach to remote ID by allowing both broadcast and network technology. Instead, the FAA is imposing a requirement only to use broadcast technology, which runs counter to an industry synonymous with innovation and progress. The FAA itself acknowledges the limits of the rule, including that progress on establishing an unmanned traffic management (UTM) system – which both FAA and NASA have spent several years pursuing – will not be served by this rule.”
As proposed, network Remote ID would have transmitted through the internet or a third-party service provider, a Remote ID UAS Service Supplier (USS), and then would have been collected by the FAA and disseminated where appropriate, according to the FAA final Remote ID rule. The Remote ID USS would have had to meet technical, performance, and privacy standards as well as requiring prospective Remote ID USS providers to enter no-cost contracts with the FAA.
Among the biggest concerns with the use of network Remote ID is connectivity, according to the FAA. Broadcast Remote ID constantly transmits the UAS location and other required Remote ID information. To do this with network Remote ID there would need to be a Wi-Fi or cellular network connection at all times which is not possible in some rural areas. This requirement could also hamper UAS emergency support response, according to on-demand medical delivery operator Zipline and the Alabama Department of Transportation.
“Zipline and the Alabama Department of Transportation noted that the requirement to connect to a Remote ID USS if the Internet is available would prevent a person from using a UAS to support emergency response operations if the Internet is available but the UAS cannot reliably interface with a Remote ID USS,” Zipline said in a statement.
Juniper Unmanned also commented that some cybersecurity operations may prohibit an internet connection, according to the final rules.
Network Remote ID advocates see the internet requirement as a way to democratize the system. Instead of needing equipment to listen to radio frequencies, network Remote ID would allow UAS operators to use a mobile phone to comply with FAA rules.
“This method of RID leverages the internet – the most ubiquitous technological tool of our time – to share a drone’s location and identity information, like a license plate number, with anyone who has access to a cell phone or web browser,” Wing said in a statement. “This allows a drone to be identified as it flies over without necessarily sharing that drone’s complete flight path or flight history, and that information, which can be more sensitive, is not displayed to the public and only available to law enforcement if they have proper credentials and a reason to need that information.”
According to the FAA, they conducted a Remote ID USS cohort in early 2020 to develop a network solution with the proposed network requirements. It was through this cohort that the FAA found issues with issuing technical specifications for Remote ID USS.
“For example, the cohort raised the challenge of developing and issuing technical specifications to govern remote identification interoperability when producers of UAS have not yet designed UAS with remote identification,” the final rule states.
Opponents have argued that commercial drone companies can meet FAA requirements for network Remote ID technologies.
“The commercial drone industry has successfully demonstrated how “network” technologies meet the required RID elements of the FAA’s rule while protecting sensitive customer information,” Wing said.
Many commenters to the proposed Remote ID rules were also concerned about cybersecurity, safety, and privacy of network Remote ID. The FAA cites commentors’ concerns over nefarious actors performing a Distributed Denial of Service (DDoS) attack on Remote ID USS. There were also concerns about hacking the controls of one or multiple UAS, deliberate interference with command and control (C2) frequencies, cellular high-speed pack access (HSPA), and long-term evolution (LTE) interference with C2 frequencies.
“The American Civil Liberties Union suggested that requiring UAS to connect to the Internet as a condition of takeoff is not justified because there is insufficient benefit relative to the related costs and privacy issues,” the final rule states. “Several commenters suggested ensuring that network remote identification is isolated from C2 frequencies to prevent the hijacking of UAS.”
However, network Remote ID proponents say that the constant broadcast Remote ID also creates security and privacy concerns.
“Unlike traditional aircraft flying between known airports, commercial drones fly closer to communities and between businesses and homes,” Wing said in a statement. “While an observer tracking an airplane can’t infer much about the individuals or cargo onboard, an observer tracking a drone can infer sensitive information about specific users, including where they visit, spend time, and live and where customers receive packages from and when. American communities would not accept this type of surveillance of their deliveries or taxi trips on the road. They should not accept it in the sky.”
In response to the proposed rules, Amazon Prime Air said the FAA could solve privacy problems by encrypting position and velocity data while allowing law enforcement real time access with enhanced privacy, according to the final rules.
The FAA final rules state that the exclusion of network Remote ID was an effort to simplify their approach because broadcast Remote ID fulfills current safety and security needs. While companies and organizations are urging them to reconsider, right now the FAA is sticking to the final rule.
“The FAA received more than 50,000 public comments on the proposed remote-identification rule, which will further the safe integration of drones into the national airspace system,” the FAA told Aviation Today in an emailed statement. “The agency adjudicated all comments. The summary of changes resulting from the comments is in the preamble section of the rule.”