The Federal Aviation Administration (FAA) released rules governing the registration of drones yesterday that left me slack-jawed – first with disbelief, then with fear. The rules show that the FAA is oblivious to either the risks of drones or the technological measures that could mitigate the risks, or both.
The rules are simple and apply to drones that weigh between 0.55 pounds (250 grams) and less than 56 pounds (approximately 25 kilograms) including payloads. Beginning on December 21, drone owners must voluntarily register their drones with the FAA and pay a $5 fee, which will be waived for the first 30 days. Drone owners who fail to register face stiff penalties: a fine of up to $27,500 for civil violations, and a fine of up to $250,000 and up to three years in prison for a criminal violation.
Sure, the FAA wanted to avoid making the rules an obstacle to innovation. But instituting regulations that involved more risk mitigation measures is more important.
The weight of the drones regulated by these rules is significant; 56 pounds is heavy, 3.5-times the weight of a 10-pin bowling ball. A drone this size flown into a jet engine could cause the plane to crash. If it were to fall from the sky and land on a person (which has happened in the recent past), it could kill them. I shudder to think what could happen if a weapon were mounted on a drone or an explosive payload loaded on board. Here is a very demonstrative video of a test showing the power of just 4.5 pounds of C4 explosive.
Each drone should be registered at the point of sale with a unique registration number associated with the owner. The owner’s identity and the registration number should be stored in a publicly accessible database. Drones should be equipped with a radio that broadcasts the registration number so that anyone – private citizens, the FAA, and law enforcement – can identify who owns a drone flying overhead. Drones should also be reregistered when resold.
Each drone should have a unique PKI key pair associated with the registration number. The public key should be kept secret and retained by the FAA. The FAA and law enforcement should have an encrypted radio band over which commands can be sent to a specific drone using the public key. For example, if a drone is interfering with public safety – for illustrative purposes, imagine the drone is hovering too near a firefighter – a command could be sent to the drone to return to the point from which it lifted off. Under more serious threats to public safety, control of the drone could be taken over by the authorities.
If a drone does not broadcast its identity or if it doesn’t respond to the command of authorities, the threat can be contained by capturing the drone by using a larger drone with a net, like the city of Tokyo plans to do, as reported by the Daily Mail. That's one alternative to shooting down a problem drone.
Though stock drones do have distance limitations, this should not provide any comfort. Wi-Fi used for drone command and control has a limited distance, and battery life limits drones’ flight time usually to 5 to 30 minutes. Drones can fly up to 50 miles per hour, or a distance of 25 miles.
It’s not necessarily difficult for many makers or drone enthusiasts to make a modification using open source code that runs on an Arduino board computer enabling the drones navigate independently using GPS. If a really sophisticated guidance system is required, they are available too. I have met developers at the Canonical developers’ conference who design and build such devices. It’s not clear what criteria they apply to deciding to whom they will sell guidance systems, but the know-how is publicly available.
There isn’t a middle ground. Drones must identify themselves and authorities must be able to take control over them in public. Unidentified drones must be detected and intercepted. FAA rule makers need a tour of technology companies to realize that innovative technologies are available to mitigate the risk of drones. Just think of the impact of 20 drones carrying 4.5-pound C4 payloads.