Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
Drone Law: An Overview of FAA Regulations and Privacy and
Cybersecurity Considerations
2019 Edition
11161 E State Road 70 #110-213Lakewood Ranch, Florida 34202
www.lawpracticecle.com941-584-9833
LawPracticeCLE is a national continuing legal education company designed to provide education on current, trending issues in the legal world to judges, attorneys, paralegals and other interested business professionals. New to the playing field, LawPracticeCLE is a major contender with its offerings of Live Webinars, On-Demand Videos, and In-person Seminars. LawPracticeCLE believes in quali-ty education, exceptional customer service, long-lasting relationships and networking beyond the classroom. We cater to the needs
of three divisions within the legal realm: Pre-Law and Law Students, Paralegals and other support staff, and Attorneys.
At LawPracticeCLE, we partner with experienced attorneys and legal professionals from all over the country to bring hot topics and current content that are relevant in legal practice. We are always looking to welcome dynamic and accomplished lawyers to share their knowledge!
As a LawPracticeCLE Speaker, you receive a variety of benefits. In addition to CLE teaching credit attorneys earn for presenting, our presenters also receive complimentary tuition on LawPracticeCLE’s entire library of webinars and self-study courses.
LawPracticeCLE also affords expert professors unparalleled exposure on a national stage in addition to being featured in our Speakers catalog with your name, headshot, biography and link back to your personal website. Many of our courses accrue thousands of views, giving our speakers the chance to network with attorneys across the country. We also offer a host of ways for our team of speakers to promote their programs, including highlight clips, emails, and much more!
1. A Course Description2. 3-4 Learning Objectives or Key Topics3. A Detailed Agenda4. A Comprehensive PowerPoint Presentation
LawPracticeCLE The Law in Review
LAWPRACTICECLE UNLIMITED
LawPracticeCLE Unlimited is an elite program allowing Attorneys and Legal Professionals unlimited access to all LawPracticeCLE live and on-demand courses for an entire year.
LawPracticeCLE provides 20 new continuing legal education courses each month that will not only appeal to your liking, but also meet your State Bar Requirements.
Top Attorneys and Judges from all over the country partner with us to provide a wide variety of course topics from basic to advanced. Whether you are a paralegal or an experienced attorney, you can expect to grow from the wealth of knowledge our speakers provide.
A View From The BenchAnimal LawBankruptcy Law Business Law Cannabis Law Construction Law Criminal Law Cybersecurity LawEducation LawEmployment Law Entertainment Law
COURSE CATEGORIES
Estate Planning Ethics, Bias, and Professionalism Family Law Federal Law Food and Beverage Law Gun Law Health Law Immigration LawIntellectual Property LawInsurance Law Nonprofit Law
ACCREDITATION
Paralegal Studies Personal Injury Law Practice Management & Trial Prep Real Estate Law Religious LawSocial Security Law Specialized Topics Tax Law Technology LawTransportation LawTribal Law
More Coming Soon ...
LawPracticeCLE will seek approval of any CLE program where the registering attorney is primarily licensed and a single alternate state. The application is submitted at the time an attorney registers for a course, therefore approval may not be received at the time of broadcasting. In the event a course is denied credit, a full refund or credit for another LawPracticeCLE course will be provided.
LawPracticeCLE does not seek approval in Illinois or Virginia, however the necessary documentation to seek CLE credit in such states will be provided to the registrant upon request.
ADVERTISING WITH LAWPRACTICECLE
At LawPracticeCLE, we not only believe in quality education, but providing as many tools as possible to increase success. LawPracticeCLE has several advertising options to meet your needs. For advertising and co-sponsorship information, please contact the Director of Operations, Jennifer L. Hamm, [email protected].
CHECK US OUT ON SOCIAL MEDIA
� Facebook: https://www.facebook.com/LawPracticeCLE
fin Linkedln: https://www.linkedin.com/company/lawpracticecle
@ lnstagram: https://www.instagram.com/lawpracticecle
0 Twitter: https://twitter.com/LawPracticeCLE
Boston | Hartford | New York | Providence | Stamford | Albany | Los Angeles | Miami | New London | rc.com © 2016 Robinson & Cole LLP
K AT H RY N M . R AT T I G A N , E S Q .
1 8 9 6 4 9 7 6
Drone Law: An Overview of
FAA Regulations and
Privacy and Cybersecurity
Considerations
22
Overview
What is a drone?
Drone Uses
Laws Up in the Air Federal Aviation Administration (FAA)
FAA Modernization and Reform Act of 2012
FAA Part 107 Regulations (Small UAS Rule)
Part 107 Waivers
Proposed Regulations
FAA Drone Zone
LAANC Portal
Penalties for Violations
Drones + Privacy Implications
Vulnerability to Cyber Attacks
Other Considerations
33
Introduction
Drones are becoming increasingly important for businesses of all types and sizes. Many drone applications already exist, but many
more will certainly arise as drone technology continues to evolve and advance.
Unfortunately, this means that the cyber threats will also continue to evolve and
advance, so we must protect the transmission and storage of data collected
through drones.
44
What is a drone?
Unmanned aerial systems (UAS), also known as drones: Four, six, or eight rotary blades
● More blades, more lift
Often connected to Wi-Fi and GPS
Lightweight
Hand-operated/remote-controlled
High-resolution cameras and recording devices
Share information in real-time (better informed decision-making)
Navigate independently via location intelligence services
55
Drone Uses
Drones can collect valuable data and
increase productivity, safety and
efficiency across all industries.
66
Drone Uses (cont’d)
Law Enforcement
Search and Rescue
Traffic Collision Reconstruction
Investigative Active Shooter/Suspect
Crime Scene Analysis
Surveillance
Crowd Monitoring/Safety
Filmmaking and Media/News Outlets
77
Drone Uses (cont’d)
Real Estate/Construction Increase Productivity
● Track progress
● Conduct site surveys on job site
Generate aerial images, maps and 2-D and 3-D models
Provide construction project managers, general contractors and survey managers with up-to-date reporting to:● Track construction progress
● Manage resources
● Reduce downtime
● Keep projects on schedule and under budget
Reach ‘hard-to-get-to’ locations
Monitor the site for trespassers/thieves
Identification of aggregates, materials, equipment, temporary roads and structures
Calculation of stockpile and excavation volumes
General employee conduct monitoring
88
Drone Uses (cont’d)
Healthcare/Medicine
Deliver medication to rural areas
Drop contraceptives over sub-Saharan Africa
Transport blood samples to labs for swifter HIV testing
Get Google Glass (i.e. telemedicine capabilities) to
disaster victims
Deliver AED for a heart attack victim
Get medical supplies and/or medications to disaster
areas, mass casualty scenes and even offshore to ships
with seriously injured passengers or crew
Deliver expensive and rarely used drugs, such as anti-
venom for snake bites
99
Drone Uses (cont’d)
Agriculture
From automated planting to crop management with real-
time monitoring, drones have a vital role to play in the
future of farming.
Precision agriculture is a farming management concept
that uses drones to measure, observe, and respond to
variability found in crops.
Deliver water or fertilizer to large areas
Determine soil quality, size/status of crops
Commercial Package Delivery
1010
Drone Uses (cont’d)
Energy/Environmental
Replace conventional inspection techniques which
involved workers climbing rigs, pylons and cooling towers
etc.
● Assess powerlines/repair powerlines and restore power
Monitor oil rigs
Keep an eye on energy distribution (by looking for “hot
spots”)
Protect wildlife populations through monitoring
Monitor erosion or other changes to land over time
Monitor water supplies and other infrastructure
1111
Drone Uses (cont’d)
Insurance Reduce fraud
Collect valuable data to reduce losses
Identify high-risk areas for customers (e.g., property at greater risk of flood with nearby waterways; volcanic eruptions; forest fire)
Evaluate and monitor risks (that can’t currently be assessed efficiently)
Personalized premiums
● e.g., whether to insure the contents of an unlocked garage against theft; whether to cancel a homeowner’s policy with an undisclosed pool
● e.g., confirm the existence of features that make a property less risky to insure, i.e., storm windows, sloped rooftops or neighborhood gate
Capture details of a location or building
Underwriting assessments
1212
What are the challenges?
Major Challenge –
REGULATORY
COMPLIANCE
1313
Legal Definition of Unmanned Aircraft System
UAS or unmanned aircraft system is the unmanned
aircraft and the equipment necessary for the safe
and efficient operation of that aircraft.
An unmanned aircraft is a component of a UAS.
Aircraft operated without the possibility of direct human intervention from within or on the aircraft (Public Law 112-95, §
331(8))
1414
Commercial Use of UAS
Federal Aviation Administration (FAA) has regulatory
authority over use of drones
Three ways to fly a UAS for commercial purposes:
Follow the requirements of the Small UAS Rule (Part 107)
Follow the rules of your Section 333 grant of exemption
Obtain an airworthiness certificate for the aircraft (over 55 lbs.)
ALL UAS flown for commercial purposes must be
registered by the individual owner ($5 each)—name,
address, e-mail address, make, model and serial
number
1515
Small UAS Rule (Part 107)
Effective since August 29, 2016
1616
Small UAS Rule (Part 107) (cont’d)
OPERATIONAL LIMITATIONS
Weigh 55 lbs. or less
Visual line-of-sight (VLOS) only Must remain within VLOS of the remote pilot in command and the
person manipulating the flight controls of the small UAS
Alternatively, the unmanned aircraft must remain within VLOS of the visual observer
At all times the small unmanned aircraft must remain close enough to the remote pilot in command and the person manipulating the flight controls of the small UAS for those people to be capable of seeing the aircraft with vision unaided by any device other than corrective lenses
May not operate over any persons not directly participating in the operation, not under a covered structure, and not inside a covered stationary vehicle
1717
Small UAS Rule (Part 107) (cont’d)
Daylight-only operations, or civil twilight (30 minutes
before official sunrise to 30 minutes after official
sunset, local time) with appropriate anti-collision
lighting
Must yield right of way to other aircraft
May use visual observer (VO) but not required
Maximum groundspeed of 100 mph (87 knots)
Maximum altitude of 400 feet above ground level or,
if higher than 400 feet AGL, remain within 400 feet of
a structure
1818
Small UAS Rule (Part 107) (cont’d)
Minimum weather visibility of 3 miles from control station
Operations in Class B, C, D, and E airspace are allowed with the required permission
Operations in Class G airspace are allowed without permission
No person may act as a remote pilot in command or VO for more than one unmanned aircraft operation at one time
No operations from a moving aircraft
No operations from a moving vehicle unless the operation is over a sparsely populated area
No careless or reckless operations
No carriage of hazardous materials
1919
Small UAS Rule (Part 107) (cont’d)
Requires preflight inspection by the remote pilot in
command
No operation by person who knows or has reason to
know of any physical or mental condition that would
interfere with the safe operation of a small UAS
External load operations are allowed if the object
being carried by the unmanned aircraft is securely
attached and does not adversely affect the flight
characteristics or controllability of the aircraft
2020
Small UAS Rule (Part 107) (cont’d)
Transportation of property for compensation or hire allowed IF The aircraft, including its attached systems, payload and cargo weigh
less than 55 pounds total;
The flight is conducted within visual line of sight and not from a moving vehicle or aircraft; and
The flight occurs wholly within the bounds of a State and does not involve transport between (1) Hawaii and another place in Hawaii through airspace outside Hawaii; (2) the District of Columbia and another place in the District of Columbia; or (3) a territory or possession of the United States and another place in the same territory or possession.
Most of the restrictions are waivable if the applicant demonstrates that his or her operation can safely be conducted under the terms of a certificate of waiver (Part 107 Waiver)
2121
Small UAS Rule (Part 107) (cont’d)
Remote Pilot in Command Certification and
Responsibilities
Establishes a remote pilot in command position. A
person operating a small UAS must either hold a
remote pilot airman certificate with a small UAS
rating or be under the direct supervision of a person
who does hold a remote pilot certificate (remote pilot
in command).
2222
Small UAS Rule (Part 107) (cont’d)
To qualify for a remote pilot certificate, a person must: Demonstrate aeronautical knowledge by either:
● Passing an initial aeronautical knowledge test at an FAA-approved knowledge testing center; or
● Hold a part 61 pilot certificate other than student pilot, complete a flight review within the previous 24 months, and complete a small UAS online training course provided by the FAA.
Be vetted by the Transportation Security Administration.
Be at least 16 years old.
Temporary Certification within 10 business days (then after vetted by TSA, certification delivered)
2323
Small UAS Rule (Part 107) (cont’d)
A remote pilot in command must: Make available to the FAA, upon request, the small UAS for
inspection or testing, and any associated documents/records required to be kept under the rule.
Report to the FAA within 10 days of any operation that results in at least serious injury, loss of consciousness, or property damage of at least $500.
Conduct a preflight inspection, to include specific aircraft and control station systems checks, to ensure the small UAS is in a condition for safe operation.
Ensure that the small unmanned aircraft complies with the existing registration requirements
A remote pilot in command may deviate from the requirements of this rule in response to an in-flight emergency
2424
Small UAS Rule (Part 107) (cont’d)
Aircraft Requirements
FAA airworthiness certification is not required.
However, the remote pilot in command must conduct
a preflight check of the small UAS to ensure that it is
in a condition for safe operation.
2525
Part 107 Waivers
The waiver application asks how you intend to safely
conduct your operation.
Use of FAA’s DroneZone (note about LAANC)
Completed through FAA’s online portal
As of February 1, 2019, FAA issued 2,382 Part 107
waivers
2626
Part 107 Waivers (cont’d)
The ‘waivable’ sections of Part 107 are: Operations from a moving vehicle or aircraft (§ 107.25);
Daylight operation (§ 107.29)
Visual line of sight aircraft operations (§ 107.31)
Visual observer (§ 107.33)
2727
Part 107 Waivers (cont’d)
Operation of multiple UAS (§ 107.35)
Yielding right of way (§ 107.37);
Operation over people (§ 107.39)
Operation in certain airspace (§ 107.41)
Operating limitations (i.e., visibility) (§ 107.51)
2828
Proposed Regulations
For UAS flights at night, the FAA will require
additional knowledge testing and training of the
operators, and will also require the UAS to be
equipped with an anti-collision light that is visible for
at least three statute miles.
2929
Proposed Regulations (cont’d)
Notice of Proposed Rulemaking for flights over people and at night.
For flights over people, the regulation breaks UAS into three categories:
Category 1: Includes all UAS that weigh 0.55 pounds or less. These UAS will be permitted to fly over people under FAA Part 107 regulations without any additional requirements.
Category 2: This category is not based on weight. Instead, the manufacturer must prove to the FAA that in the event of a collision the UAS will not injure a person more severely than if the person were hit with a rigid object that transferred 11 ft.-lbs. of kinetic energy. UAS that meet this requirement can be flown under Part 107 without additional restrictions.
Category 3: This category is for UAS that will not injure a person any more seriously than if the person were struck with a rigid object that transferred 25 ft.-lbs. of kinetic energy. These UAS would have additional operating limitations –these UAS cannot operate over an open air assembly of people, must be conducted in a restricted access site, and would not be permitted to hover over people directly.
3030
The FAA's DroneZone is a "one-stop shop" for all UAS information and resources. Within the
DroneZone Portal, you can also register a drone, apply for a Part 107 waiver, request a waiver or
authorization, check the status of a waiver/authorization request, or submit
a UAS accident report.
https://www.faa.gov/Dronezone/
3131
LAANC
What is LAANC? The Low Altitude Authorization and Notification Capability
Enables drone pilots access to controlled airspace near airports below approved altitudes through near real-time processing of airspace authorizations in controlled airspace
Drone pilots can use applications developed by approved UAS Service Suppliers to access the LAANC capability
South Central USA — April 30, 2018Western North USA — May 24, 2018Western South USA — June 21, 2018Eastern South USA — July 19, 2018Eastern North USA — August 16, 2018Central North USA — September 13, 2018
If you want to fly in controlled airspace near airports you can either use the manual process to apply for an authorization or use the LAANC system
3232
Penalties for Violation
Failure to register violations Regulatory and criminal penalties
Civil penalties up to $27,500
Criminal penalties up to $250,000 and/or imprisonment for up to 3 years
Operational violations There is no one-size-fits-all enforcement action for violations.
All aspects of a violation will be considered, along with mitigating and aggravating circumstances surrounding the violation. In general, the FAA will attempt to educate operators who fail to comply with registration requirements. However, fines will remain an option when egregious circumstances are present.
3333
FAA Announcements
The FAA announced in January that it seeks public comment on several safety and security issues related to UAS operation:
Stand-Off Distances: Should there be specific stand-off distances from persons and structures? What should those distances be? Will limitations like this affect operations and training?
Performance Limits: Should there be additional performance limitations on UAS –for example, altitude and maximum speed limits?
Unmanned Traffic Management (UTM): How should a UTM system be operated? What types of data should the system require? What flights need to utilize it?
Payload Limits: Should the list of payload prohibitions be expanded?
3434
FAA Announcements (cont’d)
Design Requirements: Should there be design requirements for UAS that conduct complex operations (e.g. beyond visual line of sight)? What should those standards be? Who should set those standards?
Secretary Chao said, “We are not in the business of picking technology winners and losers. Our philosophy is to encourage the
widest possible development of safe new transportation technologies so consumers and communities can choose the mix of
options that suits them best.”
The final version of these notices will be published in the Federal Register as soon as possible. When they are published, there will be a 60-day Notice and Comment period for the public.
3535
Drones and Privacy Implications
Although Part 107 does not specifically deal with
privacy issues, and the FAA does not (and has not
agreed to) regulate how UAS gather data on people
or property, the FAA “strongly encourages all UAS
pilots to check local and state laws before gathering
information through remote sensing technology or
photography.”
3636
Drones and Privacy Implications (cont'd)
Recommended privacy guidelines issued in May
2016
By privacy groups and industry stakeholders that were
participating in the National Telecommunications & Information
Administration (NTIA) Multi-Stakeholder process released a
set of best practices for commercial and private drone use.
Participants included Amazon, AUVSI, Center for Democracy
and Technology, Consumer Technology Association, CTIA,
FPF, Intel, X (formerly Google X), New America’s Open
Technology Institute, PrecisionHawk, SIIA, Small UAV
Coalition, and many media organizations
3737
Drones and Privacy Implications (cont’d)
The best practices:
● Inform others of your use of drones (i.e., where reasonable,
provide prior notice to individuals of the general timeframe and
area where you may anticipate using a drone to collect identifiable
data);
● Show care when operating drones or collecting and storing
personally identifiable data (i.e., retain only information that you
must retain and de-identify information when possible)
● Limit the use and sharing of identifiable data;
● Secure identifiable data; and
● Monitor and comply with evolving federal, state and local drone
laws and regulations.
3838
Drones are now being looked upon as
an emerging security issue –
both as targets for cyber-attack, and
as potential attack vectors
for malicious actors, themselves.
3939
Vulnerability to Cyber Attacks
According to Gartner report, there will be 10 times more commercial drones than manned aircraft by 2020. By 2020, several million commercial drones will be flying
missions worldwide.
Thriving community of ‘drone hackers’ already exists
Susceptibility to Compromise Vulnerable links streaming data to and from a drone via serial
port connections and the ground station interface (whose data could be spoofed, enabling hackers to assume complete control of the vehicle)
Protocols implemented on the ground station applications enabling communications with the drones are unsecure, allowing hackers to install malware on the systems running the ground stations
4040
Vulnerability to Cyber Attacks (cont’d)
Feeds used to monitor drones and facilitate information transfer through wireless transmission are vulnerable to interception, malicious data injection and alteration of pre-set flight paths
Used to stage man-in-the-middle cyber attacks over guest and short-range Wi-Fi, Bluetooth and other wireless connections
Threat to sensitive data collected by drones –e.g. critical infrastructure like electric gird, transmission lines, solar and wind power, oil and gas transmissions
4141
Vulnerability to Cyber-Attacks (cont’d)
Particularly vulnerable to jamming, interception
and manipulation (and equipment for this is
relatively low cost)
GPS vulnerability/spoofing
Software changes during maintenance –could
corrupt programming or introduce malware
4242
Vulnerability to Cyber-Attacks (cont’d)
Threats are evolving rapidly After market models pose threat to security
Current UAS designs have different threats than future designs
No set FAA standards for security FAA recommends using the NIST (National Institute of Standards
and Technology) framework as a primary standard
Also look to RTCA (Radio Technical Commission for Aeronautics) for security standards
NOTE: National Airspace is classified as a national critical infrastructure
Of course, not all drones are subject to cyberattacks –if the drone only has a radio link, and is flown manually, no connection to the cyber world exists; but if the drone is connected to the Internet, then, yes, it is vulnerable
4343
Mitigation Tips
Good software policy
Keep anti-virus protections up-to-date
Train employees
Split network to limit and isolate sensitive data
Communications should be encrypted
Protect the drone against theft
Protect against physical changes to the system
4444
Mitigation Tips (cont’d)
Unfortunately, security usually comes as an afterthought. The drone industry is part of the
aviation industry, which, based on its knowledge, keeps safety as a number one
concern. Part of that safety is having proper protection for your systems, including
security as a fundamental design principle.
4545
Other Considerations
Updating employee agreements/contracting with UAS pilots/operators and/or UAS vendors Review contracts for compliance with FAA regulations
Indemnification
Insurance
UAS privacy + security practices and procedures
Insurance for UAS operations
Part 107 Waivers (e.g. engaging “expert” to help complete submissions)
System for keeping up to speed with local, state and federal laws
4646
Kathryn M. Rattigan
QUESTIONS?
Subscribe to Robinson + Cole’s privacy and security blog at
www.dataprivacyandsecurityinsider.com
Robinson + Cole
One Financial Plaza
Suite 1430
Providence, RI 02903
401-709-3357