The market for consumer and commercial drones has been growing at a very rapid pace. According to the latest FAA numbers, there are now 943,535 registrations of drones and drone owners in the U.S. market at least, two-thirds of which are made by DJI.
Is leading drone manufacturer, DJI sending sensitive information captured by these drones of U.S. infrastructure and government installations back to China? This is a question that is being asked by U.S. officials.
DJI Mavic Pro
Why are U.S. officials concerned about sensitive drone data?
The drones capture on photo and video many aspects of day-to-day American life, not only sunsets, but busy roads and highways, and also more sensitive areas such as infrastructure, harbors, and even government installations. With the technological advancements both in hardware components, such as cameras and in the ability of software to analyze the captured data, a very accurate picture can be made of critical parts of the American country and its society.
These concerns grow even more important for commercial drones. Where, aside from companies, government entities use drones to perform inspections on critical infrastructures such as bridges, highways and water reservoirs.
Recently DJI introduced new online software, called DJI FlightHub for enterprise drone applications to help companies or other large organizations manage large fleets of drones and enable the secure management of real-time drone operations, flight data, and pilot teams.
DJI is by far the market leader when it comes to both consumer and commercial drones in the U.S. The question that has now been raised by U.S. officials is what happens with all that information that DJI drones are collecting and where does it go?
Does the Chinese drone manufacturer, officially named Da Jiang Innovations Science and Technology Company, send the collected information back to China? And if so, does that mean that the Chinese government has access to it? Most large Chinese companies have very close ties with the government in China, so these concerns seem valid indeed.
According to the NY Times, DJI admitted last year to handing over drone information captured in Hong Kong and China to the Chinese government.
DJI’s data security concerns surface again
It is not the first time data security concerns have come up. DJI’s data in particular has been a news issue several times over the last few months. First, the US Army decided to stop using DJI’s drones over cybersecurity concerns. Late in August the Los Angeles office of U.S. Immigration and Customs Enforcement (ICE) issued a bulletin in which concerns were expressed about DJI’s drone being able to perform facial recognition even when the system is off and that DJI was selling its products at below market prices to eliminate the competition. The ICE memo listed a number of specific examples of US government agencies using DJI drones. For example, the Department of Homeland Security used DJI drones to assist with the construction layout and security when building a facility to study diseases that threaten American agriculture and public health.
More recently, this story about a breach in DJI’s data security surfaced in which security researcher, Kevin Finisterre explained in detail how he was able to access information stored on DJI’s servers. If Finisterre was able to access personal data such as flight logs, visa, and passports on DJI’s servers, who else may have been privy to that information?
Is DJI’s response sufficient?
In response to these concerns, DJI has taken action and issued various public statements. The company denies that its drones are capable of performing facial recognition. In the same statement, it claims the company did not sell its drones at a loss in the US market to drive out the competition.
DJI also introduced the Local Data Mode for select users to address the concerns the U.S. Army had expressed. The company added in a response to the NY Times, that users can control how much access the company can have to their data and that it shares data only “pursuant to appropriate legal process.”
For DJI’s FlightHub, the enterprise drone fleet management solution, DJI told the NY Times that it was working out the terms of service for the product, and will likely include an option to allow companies to store data to their own servers.
So it seems that DJI is addressing at least some of the concerns expressed by the U.S. officials but it will remain to be seen whether it will be sufficient.
Interestingly enough, similar concerns have emerged in DJI’s motherland, China, where media has shown that the Apple iPhone keeps track off the locations its users most frequently visits. A new cybersecurity law now calls for companies like Apple and Microsoft to store data within the country’s borders. Apple has already indicated that it will build a data center in China to comply with the new requirement.
We will stay on top of DJI’s data security issues and will report to you here on our website. In the meantime, what do you think about these concerns? Do you share them or do you have a different view? We would love to hear from you in the comments below.
Other articles that may interest you: