A leading rights advocacy group this week called on Congress to add civil liberties protections to a recently passed law that opens U.S. airspace to unmanned aerial vehicles .
The Federal Aviation Administration Modernization and Reform Act of 2012, signed into law by President Barack Obama last month, requires the FAA to permit the use of drones by law enforcement agencies , commercial organizations and hobbyists.
The statute will initially let law enforcement authorities and emergency services use drones that weigh less than five pounds and fly at an altitude of less than 400 feet starting in May. The law requires that the FAA have rules in place permitting the use of all varieties of drones by law enforcement and private entities by the end of 2015.
Over the next few years, thousands of drones are likely to be in use for varied applications like fugitive tracking and traffic management by law enforcement agencies, crop monitoring, land management, news reporting and filmmaking.
The Center for Democracy and Technology contends that the legislation provides no privacy or civil liberties protections for ordinary citizens.
The law "says nothing about the privacy implications of filling the sky with thousands of flying robots," said Harley Geiger, senior policy council at the Washington-based think tank.
Geiger said that drones pose an unprecedented privacy challenge -- the devices can can be equipped with facial recognition cameras, license plate readers, thermal-imaging cameras, open WiFi sniffers and other sensors. In addition, drones can be used to conduct continuous and pervasive surveillance over a wide area, he added.
It's one thing to use drones to track down fugitives or to conduct surveillance on a residential property before a SWAT raid. "I don't have a problem with that. What does concern me is the high likelihood that drones will be use for generalized public safety surveillance," Geiger said.
Unlike static surveillance and closed-circuit television cameras that cannot track individuals beyond their fields of vision, "drones can peek into your backyard and track you pervasively," he said.
A drone flying at a height of 400 feet or more from the ground will likely be considered to be operating in a public space. Anything that it observes while it is in a public space has few privacy protections, Geiger said.
"The way the law works right now, law enforcement would need a warrant to peer over your fence, but it won't need one to put a drone over your property and view it as long as they want," so long as it is more than 400 feet above the ground, he added.
With the FAA set to start issuing drone licenses in just a few weeks, the time for Congress to act is now, Geiger said.
For starters, Geiger says the FAA should conduct a Privacy Impact Assessment (PIA) to understand all the potential privacy implications related to drone use.
Also, because PIAs do not carry the weight of law, Congress needs to amend the statute to give the FAA and the U.S. Department of Transportation the authority to enforce privacy protections based on Fair Information Practice Principles (FIPPs), Geiger said in a blog post.
The law should also be amended to prohibit law enforcement agencies from weaponizing drones, and require warrants for extended surveillance in criminal investigations.
Restrictions should also be placed on the use of drone surveillance for public safety purposes, he said.
Those applying for licenses to operate drones should be required to explain clearly how and why they intend to use the vehicle, and to provide details on what, if any, information on individuals the drone will collect.
Law enforcement authorities should be required to minimize the amount of data they collect via the use of drones, Geiger added.
"People expect to have a modicum of privacy," even in public places, he said. "Drones are going to be a big shock to a lot of people."
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan , or subscribe to Jaikumar's RSS feed . His e-mail address is email@example.com .
Read more about security in Computerworld's Security Topic Center.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.