US Federal Communications Commissioner Brendan Carr has issued a stark warning that ‘DJI drones are collecting vast troves of sensitive data on Americans and US critical infrastructure’, and has indicated the FCC has commenced the process of banning government agencies from purchasing DJI equipment.
The Federal Communications Commission (FCC) is an independent agency of the United States federal government that regulates communications by radio, television, wire, satellite, and cable across the United States.
On October 19, Commissioner Carr called for commencement of the process of adding DJI, the Shenzhen-based drone company that accounts for more than 50 percent of the US drone market, to the FCC’s Covered List – covering businesses which pose an unacceptable security risk.
The FCC also is also examining whether to ban DJI, Huawei and several other Chinese companies on the Covered List from selling into the US market entirely.
‘DJI drones and the surveillance technology on board these systems are collecting vast amounts of sensitive data—everything from high-resolution images of critical infrastructure to facial recognition technology and remote sensors that can measure an individual’s body temperature and heart rate,’ Commissioner Carr stated. ‘Security researchers have also found that DJI’s software applications collect large quantities of personal information from the operator’s smartphone that could be exploited by Beijing. Indeed, one former Pentagon official stated that “we know that a lot of the information is sent back to China from” DJI drones.
‘DJI’s collection of vast troves of sensitive data is especially troubling given that China’s National Intelligence Law grants the Chinese government the power to compel DJI to assist it in espionage activities. In fact, the Commerce Department placed DJI on its Entity List last year, citing DJI’s role in Communist China’s surveillance and abuse of Uyghurs in Xinjiang.
‘Add to this information the widespread use of DJI drones by various state and local public safety and law enforcement agencies as well as news reports that the US Secret Service and FBI recently bought DJI drones, and the need for quick action on the potential national security threat is clear.
‘After all, the evidence against DJI has been mounting for years, and various components of the US government have taken a range of independent actions – including grounding fleets of DJI drones based on security concerns. Yet a consistent and comprehensive approach to addressing DJI’s potential threats is not in place. That is why the FCC should take the necessary steps to consider adding DJI to our Covered List. We do not need an airborne version of Huawei. As part of the FCC’s review—and in consultation with national security agencies—we should also consider whether there are additional entities that warrant closer scrutiny by the FCC.”
Commissioner Carr noted that since 2017 US intelligence services have warned that DJI poses a security threat due to the level of sensitive information it collects and the risk of that data being accessed by Chinese state actors. Carr pointed to the following evidence:
– In 2017, an Intelligence Bulletin from a DHS field office stated that DJI is likely providing sensitive US infrastructure and law enforcement data to the Chinse government;
– In 2019, the Department of Homeland Security issued an alert regarding Chinese-made drones, stating that ‘the United States government has strong concerns about any technology product that takes American data into the territory of an authoritarian state that permits its intelligence services to have unfettered access to that data or otherwise abuses that access.’
– In 2019 Congress broadly prohibited the Department of Defense from purchasing Chinese-made drones, including DJI drones, based on national security concerns;
– In January 2020, the Secretary of the US Department of the Interior issued an order that largely grounded the Department’s fleet of drones, most notably DJI drones, based on concerns about cybersecurity and safeguarding access to sensitive data and information;
– In October 2020, DOJ’s Office of Justice Programs barred the use of their funds for drones made by a ‘Covered foreign entity…determined or designated, within the Department of Justice, to be subject to or vulnerable to extrajudicial direction from a foreign government,’ including DJI;
– In December 2020, the Department of Commerce added DJI to its ‘Entity List’, for having ‘enabled wide-scale human rights abuses within China through abusive genetic collection and analysis or high-technology surveillance, and/or facilitated the export of items by China that aid repressive regimes around the world, contrary to US foreign policy interests.’
– In January 2021, President Trump issued an Executive Order detailing the risks of Chinese-made drones, including DJI, and stated the US policy ‘to prevent the use of taxpayer dollars to procure UAS that present unacceptable risks and are manufactured by, or contain software or critical electronic components from, foreign adversaries, and to encourage the use of domestically produced UAS.’
– In July 2021, DOD stated that it remains convinced DJI systems ‘pose potential threats to national security’, and DJI drones are still barred from use by DOD.
DJI obliquely responded in a blog post outlining the lengths it goes to in protecting user’s data. ‘DJI designs and builds our hardware and software so you never have to share your data – not with us, and not with anyone else. We’re not a data company; we just make drones,’ the company said.