Drone Law: An Overview of FAA Regulations and Privacy and

Cybersecurity Considerations

2019 Edition

11161 E State Road 70 #110-213Lakewood Ranch, Florida 34202

www.lawpracticecle.com941-584-9833

LawPracticeCLE is a national continuing legal education company designed to provide education on current, trending issues in the legal world to judges, attorneys, paralegals and other interested business professionals. New to the playing field, LawPracticeCLE is a major contender with its offerings of Live Webinars, On-Demand Videos, and In-person Seminars. LawPracticeCLE believes in quali-ty education, exceptional customer service, long-lasting relationships and networking beyond the classroom. We cater to the needs

of three divisions within the legal realm: Pre-Law and Law Students, Paralegals and other support staff, and Attorneys.

At LawPracticeCLE, we partner with experienced attorneys and legal professionals from all over the country to bring hot topics and current content that are relevant in legal practice. We are always looking to welcome dynamic and accomplished lawyers to share their knowledge!

As a LawPracticeCLE Speaker, you receive a variety of benefits. In addition to CLE teaching credit attorneys earn for presenting, our presenters also receive complimentary tuition on LawPracticeCLE’s entire library of webinars and self-study courses.

LawPracticeCLE also affords expert professors unparalleled exposure on a national stage in addition to being featured in our Speakers catalog with your name, headshot, biography and link back to your personal website. Many of our courses accrue thousands of views, giving our speakers the chance to network with attorneys across the country. We also offer a host of ways for our team of speakers to promote their programs, including highlight clips, emails, and much more!

1. A Course Description2. 3-4 Learning Objectives or Key Topics3. A Detailed Agenda4. A Comprehensive PowerPoint Presentation

LawPracticeCLE The Law in Review

LAWPRACTICECLE UNLIMITED

LawPracticeCLE Unlimited is an elite program allowing Attorneys and Legal Professionals unlimited access to all LawPracticeCLE live and on-demand courses for an entire year.

LawPracticeCLE provides 20 new continuing legal education courses each month that will not only appeal to your liking, but also meet your State Bar Requirements.

Top Attorneys and Judges from all over the country partner with us to provide a wide variety of course topics from basic to advanced. Whether you are a paralegal or an experienced attorney, you can expect to grow from the wealth of knowledge our speakers provide.

A View From The BenchAnimal LawBankruptcy Law Business Law Cannabis Law Construction Law Criminal Law Cybersecurity LawEducation LawEmployment Law Entertainment Law

COURSE CATEGORIES

Estate Planning Ethics, Bias, and Professionalism Family Law Federal Law Food and Beverage Law Gun Law Health Law Immigration LawIntellectual Property LawInsurance Law Nonprofit Law

ACCREDITATION

Paralegal Studies Personal Injury Law Practice Management & Trial Prep Real Estate Law Religious LawSocial Security Law Specialized Topics Tax Law Technology LawTransportation LawTribal Law

More Coming Soon ...

LawPracticeCLE will seek approval of any CLE program where the registering attorney is primarily licensed and a single alternate state. The application is submitted at the time an attorney registers for a course, therefore approval may not be received at the time of broadcasting. In the event a course is denied credit, a full refund or credit for another LawPracticeCLE course will be provided.

LawPracticeCLE does not seek approval in Illinois or Virginia, however the necessary documentation to seek CLE credit in such states will be provided to the registrant upon request.

ADVERTISING WITH LAWPRACTICECLE

At LawPracticeCLE, we not only believe in quality education, but providing as many tools as possible to increase success. LawPracticeCLE has several advertising options to meet your needs. For advertising and co-sponsorship information, please contact the Director of Operations, Jennifer L. Hamm, JLH@lawpracticecle.com.

CHECK US OUT ON SOCIAL MEDIA

� Facebook: https://www.facebook.com/LawPracticeCLE

fin Linkedln: https://www.linkedin.com/company/lawpracticecle

@ lnstagram: https://www.instagram.com/lawpracticecle

0 Twitter: https://twitter.com/LawPracticeCLE

Boston | Hartford | New York | Providence | Stamford | Albany | Los Angeles | Miami | New London | rc.com © 2016 Robinson & Cole LLP

K AT H RY N M . R AT T I G A N , E S Q .

1 8 9 6 4 9 7 6

Drone Law: An Overview of

FAA Regulations and

Privacy and Cybersecurity

Considerations

22

Overview

What is a drone?

Drone Uses

Laws Up in the Air Federal Aviation Administration (FAA)

FAA Modernization and Reform Act of 2012

FAA Part 107 Regulations (Small UAS Rule)

Part 107 Waivers

Proposed Regulations

FAA Drone Zone

LAANC Portal

Penalties for Violations

Drones + Privacy Implications

Vulnerability to Cyber Attacks

Other Considerations

33

Introduction

Drones are becoming increasingly important for businesses of all types and sizes. Many drone applications already exist, but many

more will certainly arise as drone technology continues to evolve and advance.

Unfortunately, this means that the cyber threats will also continue to evolve and

advance, so we must protect the transmission and storage of data collected

through drones.

44

What is a drone?

Unmanned aerial systems (UAS), also known as drones: Four, six, or eight rotary blades

● More blades, more lift

Often connected to Wi-Fi and GPS

Lightweight

Hand-operated/remote-controlled

High-resolution cameras and recording devices

Share information in real-time (better informed decision-making)

Navigate independently via location intelligence services

55

Drone Uses

Drones can collect valuable data and

increase productivity, safety and

efficiency across all industries.

66

Drone Uses (cont’d)

Law Enforcement

Search and Rescue

Traffic Collision Reconstruction

Investigative Active Shooter/Suspect

Crime Scene Analysis

Surveillance

Crowd Monitoring/Safety

Filmmaking and Media/News Outlets

77

Drone Uses (cont’d)

Real Estate/Construction Increase Productivity

● Track progress

● Conduct site surveys on job site

Generate aerial images, maps and 2-D and 3-D models

Provide construction project managers, general contractors and survey managers with up-to-date reporting to:● Track construction progress

● Manage resources

● Reduce downtime

● Keep projects on schedule and under budget

Reach ‘hard-to-get-to’ locations

Monitor the site for trespassers/thieves

Identification of aggregates, materials, equipment, temporary roads and structures

Calculation of stockpile and excavation volumes

General employee conduct monitoring

88

Drone Uses (cont’d)

Healthcare/Medicine

Deliver medication to rural areas

Drop contraceptives over sub-Saharan Africa

Transport blood samples to labs for swifter HIV testing

Get Google Glass (i.e. telemedicine capabilities) to

disaster victims

Deliver AED for a heart attack victim

Get medical supplies and/or medications to disaster

areas, mass casualty scenes and even offshore to ships

with seriously injured passengers or crew

Deliver expensive and rarely used drugs, such as anti-

venom for snake bites

99

Drone Uses (cont’d)

Agriculture

From automated planting to crop management with real-

time monitoring, drones have a vital role to play in the

future of farming.

Precision agriculture is a farming management concept

that uses drones to measure, observe, and respond to

variability found in crops.

Deliver water or fertilizer to large areas

Determine soil quality, size/status of crops

Commercial Package Delivery

1010

Drone Uses (cont’d)

Energy/Environmental

Replace conventional inspection techniques which

involved workers climbing rigs, pylons and cooling towers

etc.

● Assess powerlines/repair powerlines and restore power

Monitor oil rigs

Keep an eye on energy distribution (by looking for “hot

spots”)

Protect wildlife populations through monitoring

Monitor erosion or other changes to land over time

Monitor water supplies and other infrastructure

1111

Drone Uses (cont’d)

Insurance Reduce fraud

Collect valuable data to reduce losses

Identify high-risk areas for customers (e.g., property at greater risk of flood with nearby waterways; volcanic eruptions; forest fire)

Evaluate and monitor risks (that can’t currently be assessed efficiently)

Personalized premiums

● e.g., whether to insure the contents of an unlocked garage against theft; whether to cancel a homeowner’s policy with an undisclosed pool

● e.g., confirm the existence of features that make a property less risky to insure, i.e., storm windows, sloped rooftops or neighborhood gate

Capture details of a location or building

Underwriting assessments

1212

What are the challenges?

Major Challenge –

REGULATORY

COMPLIANCE

1313

Legal Definition of Unmanned Aircraft System

UAS or unmanned aircraft system is the unmanned

aircraft and the equipment necessary for the safe

and efficient operation of that aircraft.

An unmanned aircraft is a component of a UAS.

Aircraft operated without the possibility of direct human intervention from within or on the aircraft (Public Law 112-95, §

331(8))

1414

Commercial Use of UAS

Federal Aviation Administration (FAA) has regulatory

authority over use of drones

Three ways to fly a UAS for commercial purposes:

Follow the requirements of the Small UAS Rule (Part 107)

Follow the rules of your Section 333 grant of exemption

Obtain an airworthiness certificate for the aircraft (over 55 lbs.)

ALL UAS flown for commercial purposes must be

registered by the individual owner ($5 each)—name,

address, e-mail address, make, model and serial

number

1515

Small UAS Rule (Part 107)

Effective since August 29, 2016

1616

Small UAS Rule (Part 107) (cont’d)

OPERATIONAL LIMITATIONS

Weigh 55 lbs. or less

Visual line-of-sight (VLOS) only Must remain within VLOS of the remote pilot in command and the

person manipulating the flight controls of the small UAS

Alternatively, the unmanned aircraft must remain within VLOS of the visual observer

At all times the small unmanned aircraft must remain close enough to the remote pilot in command and the person manipulating the flight controls of the small UAS for those people to be capable of seeing the aircraft with vision unaided by any device other than corrective lenses

May not operate over any persons not directly participating in the operation, not under a covered structure, and not inside a covered stationary vehicle

1717

Small UAS Rule (Part 107) (cont’d)

Daylight-only operations, or civil twilight (30 minutes

before official sunrise to 30 minutes after official

sunset, local time) with appropriate anti-collision

lighting

Must yield right of way to other aircraft

May use visual observer (VO) but not required

Maximum groundspeed of 100 mph (87 knots)

Maximum altitude of 400 feet above ground level or,

if higher than 400 feet AGL, remain within 400 feet of

a structure

1818

Small UAS Rule (Part 107) (cont’d)

Minimum weather visibility of 3 miles from control station

Operations in Class B, C, D, and E airspace are allowed with the required permission

Operations in Class G airspace are allowed without permission

No person may act as a remote pilot in command or VO for more than one unmanned aircraft operation at one time

No operations from a moving aircraft

No operations from a moving vehicle unless the operation is over a sparsely populated area

No careless or reckless operations

No carriage of hazardous materials

1919

Small UAS Rule (Part 107) (cont’d)

Requires preflight inspection by the remote pilot in

command

No operation by person who knows or has reason to

know of any physical or mental condition that would

interfere with the safe operation of a small UAS

External load operations are allowed if the object

being carried by the unmanned aircraft is securely

attached and does not adversely affect the flight

characteristics or controllability of the aircraft

2020

Small UAS Rule (Part 107) (cont’d)

Transportation of property for compensation or hire allowed IF The aircraft, including its attached systems, payload and cargo weigh

less than 55 pounds total;

The flight is conducted within visual line of sight and not from a moving vehicle or aircraft; and

The flight occurs wholly within the bounds of a State and does not involve transport between (1) Hawaii and another place in Hawaii through airspace outside Hawaii; (2) the District of Columbia and another place in the District of Columbia; or (3) a territory or possession of the United States and another place in the same territory or possession.

Most of the restrictions are waivable if the applicant demonstrates that his or her operation can safely be conducted under the terms of a certificate of waiver (Part 107 Waiver)

2121

Small UAS Rule (Part 107) (cont’d)

Remote Pilot in Command Certification and

Responsibilities

Establishes a remote pilot in command position. A

person operating a small UAS must either hold a

remote pilot airman certificate with a small UAS

rating or be under the direct supervision of a person

who does hold a remote pilot certificate (remote pilot

in command).

2222

Small UAS Rule (Part 107) (cont’d)

To qualify for a remote pilot certificate, a person must: Demonstrate aeronautical knowledge by either:

● Passing an initial aeronautical knowledge test at an FAA-approved knowledge testing center; or

● Hold a part 61 pilot certificate other than student pilot, complete a flight review within the previous 24 months, and complete a small UAS online training course provided by the FAA.

Be vetted by the Transportation Security Administration.

Be at least 16 years old.

Temporary Certification within 10 business days (then after vetted by TSA, certification delivered)

2323

Small UAS Rule (Part 107) (cont’d)

A remote pilot in command must: Make available to the FAA, upon request, the small UAS for

inspection or testing, and any associated documents/records required to be kept under the rule.

Report to the FAA within 10 days of any operation that results in at least serious injury, loss of consciousness, or property damage of at least $500.

Conduct a preflight inspection, to include specific aircraft and control station systems checks, to ensure the small UAS is in a condition for safe operation.

Ensure that the small unmanned aircraft complies with the existing registration requirements

A remote pilot in command may deviate from the requirements of this rule in response to an in-flight emergency

2424

Small UAS Rule (Part 107) (cont’d)

Aircraft Requirements

FAA airworthiness certification is not required.

However, the remote pilot in command must conduct

a preflight check of the small UAS to ensure that it is

in a condition for safe operation.

2525

Part 107 Waivers

The waiver application asks how you intend to safely

conduct your operation.

Use of FAA’s DroneZone (note about LAANC)

Completed through FAA’s online portal

As of February 1, 2019, FAA issued 2,382 Part 107

waivers

2626

Part 107 Waivers (cont’d)

The ‘waivable’ sections of Part 107 are: Operations from a moving vehicle or aircraft (§ 107.25);

Daylight operation (§ 107.29)

Visual line of sight aircraft operations (§ 107.31)

Visual observer (§ 107.33)

2727

Part 107 Waivers (cont’d)

Operation of multiple UAS (§ 107.35)

Yielding right of way (§ 107.37);

Operation over people (§ 107.39)

Operation in certain airspace (§ 107.41)

Operating limitations (i.e., visibility) (§ 107.51)

2828

Proposed Regulations

For UAS flights at night, the FAA will require

additional knowledge testing and training of the

operators, and will also require the UAS to be

equipped with an anti-collision light that is visible for

at least three statute miles.

2929

Proposed Regulations (cont’d)

Notice of Proposed Rulemaking for flights over people and at night.

For flights over people, the regulation breaks UAS into three categories:

Category 1: Includes all UAS that weigh 0.55 pounds or less. These UAS will be permitted to fly over people under FAA Part 107 regulations without any additional requirements.

Category 2: This category is not based on weight. Instead, the manufacturer must prove to the FAA that in the event of a collision the UAS will not injure a person more severely than if the person were hit with a rigid object that transferred 11 ft.-lbs. of kinetic energy. UAS that meet this requirement can be flown under Part 107 without additional restrictions.

Category 3: This category is for UAS that will not injure a person any more seriously than if the person were struck with a rigid object that transferred 25 ft.-lbs. of kinetic energy. These UAS would have additional operating limitations –these UAS cannot operate over an open air assembly of people, must be conducted in a restricted access site, and would not be permitted to hover over people directly.

3030

The FAA's DroneZone is a "one-stop shop" for all UAS information and resources. Within the

DroneZone Portal, you can also register a drone, apply for a Part 107 waiver, request a waiver or

authorization, check the status of a waiver/authorization request, or submit

a UAS accident report.

https://www.faa.gov/Dronezone/

3131

LAANC

What is LAANC? The Low Altitude Authorization and Notification Capability

Enables drone pilots access to controlled airspace near airports below approved altitudes through near real-time processing of airspace authorizations in controlled airspace

Drone pilots can use applications developed by approved UAS Service Suppliers to access the LAANC capability

South Central USA — April 30, 2018Western North USA — May 24, 2018Western South USA — June 21, 2018Eastern South USA — July 19, 2018Eastern North USA — August 16, 2018Central North USA — September 13, 2018

If you want to fly in controlled airspace near airports you can either use the manual process to apply for an authorization or use the LAANC system

3232

Penalties for Violation

Failure to register violations Regulatory and criminal penalties

Civil penalties up to $27,500

Criminal penalties up to $250,000 and/or imprisonment for up to 3 years

Operational violations There is no one-size-fits-all enforcement action for violations.

All aspects of a violation will be considered, along with mitigating and aggravating circumstances surrounding the violation. In general, the FAA will attempt to educate operators who fail to comply with registration requirements. However, fines will remain an option when egregious circumstances are present.

3333

FAA Announcements

The FAA announced in January that it seeks public comment on several safety and security issues related to UAS operation:

Stand-Off Distances: Should there be specific stand-off distances from persons and structures? What should those distances be? Will limitations like this affect operations and training?

Performance Limits: Should there be additional performance limitations on UAS –for example, altitude and maximum speed limits?

Unmanned Traffic Management (UTM): How should a UTM system be operated? What types of data should the system require? What flights need to utilize it?

Payload Limits: Should the list of payload prohibitions be expanded?

3434

FAA Announcements (cont’d)

Design Requirements: Should there be design requirements for UAS that conduct complex operations (e.g. beyond visual line of sight)? What should those standards be? Who should set those standards?

Secretary Chao said, “We are not in the business of picking technology winners and losers. Our philosophy is to encourage the

widest possible development of safe new transportation technologies so consumers and communities can choose the mix of

options that suits them best.”

The final version of these notices will be published in the Federal Register as soon as possible. When they are published, there will be a 60-day Notice and Comment period for the public.

3535

Drones and Privacy Implications

Although Part 107 does not specifically deal with

privacy issues, and the FAA does not (and has not

agreed to) regulate how UAS gather data on people

or property, the FAA “strongly encourages all UAS

pilots to check local and state laws before gathering

information through remote sensing technology or

photography.”

3636

Drones and Privacy Implications (cont'd)

Recommended privacy guidelines issued in May

2016

By privacy groups and industry stakeholders that were

participating in the National Telecommunications & Information

Administration (NTIA) Multi-Stakeholder process released a

set of best practices for commercial and private drone use.

Participants included Amazon, AUVSI, Center for Democracy

and Technology, Consumer Technology Association, CTIA,

FPF, Intel, X (formerly Google X), New America’s Open

Technology Institute, PrecisionHawk, SIIA, Small UAV

Coalition, and many media organizations

3737

Drones and Privacy Implications (cont’d)

The best practices:

● Inform others of your use of drones (i.e., where reasonable,

provide prior notice to individuals of the general timeframe and

area where you may anticipate using a drone to collect identifiable

data);

● Show care when operating drones or collecting and storing

personally identifiable data (i.e., retain only information that you

must retain and de-identify information when possible)

● Limit the use and sharing of identifiable data;

● Secure identifiable data; and

● Monitor and comply with evolving federal, state and local drone

laws and regulations.

3838

Drones are now being looked upon as

an emerging security issue –

both as targets for cyber-attack, and

as potential attack vectors

for malicious actors, themselves.

3939

Vulnerability to Cyber Attacks

According to Gartner report, there will be 10 times more commercial drones than manned aircraft by 2020. By 2020, several million commercial drones will be flying

missions worldwide.

Thriving community of ‘drone hackers’ already exists

Susceptibility to Compromise Vulnerable links streaming data to and from a drone via serial

port connections and the ground station interface (whose data could be spoofed, enabling hackers to assume complete control of the vehicle)

Protocols implemented on the ground station applications enabling communications with the drones are unsecure, allowing hackers to install malware on the systems running the ground stations

4040

Vulnerability to Cyber Attacks (cont’d)

Feeds used to monitor drones and facilitate information transfer through wireless transmission are vulnerable to interception, malicious data injection and alteration of pre-set flight paths

Used to stage man-in-the-middle cyber attacks over guest and short-range Wi-Fi, Bluetooth and other wireless connections

Threat to sensitive data collected by drones –e.g. critical infrastructure like electric gird, transmission lines, solar and wind power, oil and gas transmissions

4141

Vulnerability to Cyber-Attacks (cont’d)

Particularly vulnerable to jamming, interception

and manipulation (and equipment for this is

relatively low cost)

GPS vulnerability/spoofing

Software changes during maintenance –could

corrupt programming or introduce malware

4242

Vulnerability to Cyber-Attacks (cont’d)

Threats are evolving rapidly After market models pose threat to security

Current UAS designs have different threats than future designs

No set FAA standards for security FAA recommends using the NIST (National Institute of Standards

and Technology) framework as a primary standard

Also look to RTCA (Radio Technical Commission for Aeronautics) for security standards

NOTE: National Airspace is classified as a national critical infrastructure

Of course, not all drones are subject to cyberattacks –if the drone only has a radio link, and is flown manually, no connection to the cyber world exists; but if the drone is connected to the Internet, then, yes, it is vulnerable

4343

Mitigation Tips

Good software policy

Keep anti-virus protections up-to-date

Train employees

Split network to limit and isolate sensitive data

Communications should be encrypted

Protect the drone against theft

Protect against physical changes to the system

4444

Mitigation Tips (cont’d)

Unfortunately, security usually comes as an afterthought. The drone industry is part of the

aviation industry, which, based on its knowledge, keeps safety as a number one

concern. Part of that safety is having proper protection for your systems, including

security as a fundamental design principle.

4545

Other Considerations

Updating employee agreements/contracting with UAS pilots/operators and/or UAS vendors Review contracts for compliance with FAA regulations

Indemnification

Insurance

UAS privacy + security practices and procedures

Insurance for UAS operations

Part 107 Waivers (e.g. engaging “expert” to help complete submissions)

System for keeping up to speed with local, state and federal laws

4646

Kathryn M. Rattigan

krattigan@rc.com

QUESTIONS?

Subscribe to Robinson + Cole’s privacy and security blog at

www.dataprivacyandsecurityinsider.com

Robinson + Cole

One Financial Plaza

Suite 1430

Providence, RI 02903

401-709-3357