Do you recall when researchers from the University of Texas hijacked a drone via GPS spoofing? Congress does and held a House Homeland Security Oversight Subcommittee hearing called Using Unmanned Aerial Systems Within the Homeland: Security Game Changer.
Professor Todd Humphreys testified [PDF] about how he and his team "repeatedly took control" of a civilian drone from a remote hilltop at White Sands Missile Range in New Mexico in front of Homeland Security and FAA officials. He had previously expressed concerns that spoofing GPS on a drone "is just another way of hijacking a plane" and crashing the hacked drone into another plane or into a building. At the hearing, Humphreys said, "Constructing from scratch a sophisticated GPS spoofer like the one developed by the University of Texas is not easy. It is not within the capability of the average person on the street, or even the average Anonymous hacker. But the emerging tools of software-defined radio and the availability of GPS signal simulators are putting spoofers within reach of ordinary malefactors."
In fact, Humphreys is not only worried about UAVs being vulnerable to GPS spoofing. He added, "Civil GPS spoofing also presents a danger to manned aircraft, maritime craft, communications systems, banking and finance institutions, and the national power grid."
Besides the potential to hack civilian drones, there are concerns about government and law enforcement drones being used to help build a surveillance society. EPIC also testified about the potential dangers of UAVs and drones. EPIC's Amie Stepanovich testified [PDF] in regard to how drones can be used to conduct surveillance and how increased privacy protections need to be added. "DHS has not sought public comment on or published any specific rules or guidelines that restrict the surveillance practices of its drone program." Stepanovich testified:
The ability to link facial recognition capabilities on drones operated by the Department of Homeland Security ("DHS") to the Federal Bureau of Investigation's Next Generation Identification database or DHS' IDENT database, two of the largest collections of biometric data in the world, exacerbates the privacy risks. Drones could be deployed to monitor individuals in a way that was not possible previously.
The EFF just testified at a hearing about the dangers of facial recognition in regards to privacy and civil liberties. "Face recognition is here to stay, and, though many Americans may not realize it, they are already in a face recognition database." EFF Staff Attorney Jennifer Lynch said, "Face recognition allows for covert, remote and mass capture and identification of images -- and the photos that may end up in a database include not just a person's face but also how she is dressed and possibly whom she is with."
You add facial recognition to domestic drones that may dump all that info into a database and innocent Americans could potentially be earmarked as suspicious. All of this comes at a time when the "deadline looms for the FAA to devise regulations and licensing that incorporate unmanned aerial vehicles (UAVs) into the national airspace."
The EFF recently released 125 drone certificates and other documents received in response to a FOIA. The information is "about drone flights in the United States, including extensive details about the specific drone models some entities are flying, where they fly, how frequently they fly, and how long they stay in the air." Despite that release about drones, EPIC said that "the FAA's process for the application and approval of a drone license are still mostly opaque, preventing any transparency or accountability for operators."
We the People need a lot more answers about securing drones and the future of drone surveillance. We need a lot more privacy protections put into place before hundreds of drones are buzzing overhead. As we've seen too often, technology that is supposed to be used for one thing, ends up being used and abused for others.
Like this? Here's more posts:
- EFF: Americans may not realize it, but many are in a face recognition database now
- HOPE 9: Whistleblower Binney says the NSA has dossiers on nearly every US citizen
- NSA Whistleblower Drake: You're automatically suspicious until proven otherwise
- Mobile Phone Surveillance Out of Control: Cops Collected 1.3 Million Customer Records
- High tech car theft: 3 minutes to steal keyless BMWs
- TSA lawlessly snubs federal court ruling for 1 year! Interview with Jim Harper
- Hacker claims to have breached & backdoored antivirus software firm Trend Micro
- The Future of Drone Surveillance: Swarms of Cyborg Insect Drones
- NSA claims it would violate Americans' privacy to say how many of us it spied on
- Independence Day: Ghosts of SCOTUS on the fundamental right to privacy
- Windows 8 technology shift: The coming end of Win32 apps
- Going Dark in the Golden Age of Cyber-Surveillance?
- Exploiting Windows: Upcoming Black Hat Briefings
Follow me on Twitter @PrivacyFanatic
Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues. Smith has a diverse background in information technology, programming, web development, IT consulting, and information security. She focuses on the unique challenges of maintaining privacy and security, both for individuals and enterprises. She has worked as a journalist and has also penned many technical papers and guides covering various technologies. Smith is herself a self-described privacy and security freak.
Smith is an independent contractor and is not affiliated with any vendor that makes or sells information technology.
Policy on comments: Respectful discussion is welcomed! However comments that use inappropriate language, consist of name calling or personal attacks, or include accusations of wrongdoing are not appropriate. Those comments will be deleted or edited