Friday, July 20, 2012

Protect privacy from drones at home, lawmakers say

By JOAN LOWY
July 19, 2012

WASHINGTON (AP) — Before thousands of civilian drones begin flying in U.S. skies, Congress should take steps to protect the public's privacy and prevent terrorists from hacking or jamming signals that control the aircraft, lawmakers said Thursday.

House members from both parties said at an oversight hearing that they're worried about potential privacy and security threats as the use of small unmanned aircraft becomes widespread. The Federal Aviation Administration forecasts an estimated 10,000 civilian drones will be in use in the U.S. within five years.

Even Rep. Henry Cuellar, D-Texas, co-chair of bipartisan group of lawmakers promoting greater domestic use of drones, acknowledged that legislation to protect privacy may be necessary.

There is tremendous demand to use drones at home for all kinds of tasks that are too dirty, dull or dangerous for manned aircraft. Drones also are often cheaper than manned aircraft. The biggest market is expected to be state and local police departments.

Industry experts predict the takeoff of a multi-billion dollar market for civilian drones as soon as the FAA completes regulations to make sure they don't pose a safety hazard to other aircraft. But the agency's focus and expertise is safety, not security or privacy.

Rep. Michael McCaul, R-Texas, chairman of a House Homeland Security subcommittee, complained that no federal agency has been willing to tackle the issue of drones and privacy. He said Department of Homeland Security officials refused a request to testify at the hearing, saying regulating civilian use of drones wasn't the department's responsibility.

McCaul said he is considering seeking a subpoena to force officials to testify at a future hearing or asking the White House to issue an executive order requiring the department take responsibility for the matter.

"This is an evolving field and we have thousands of these things that could be deployed in the sky," McCaul said. "I think it's incumbent on the Department of Homeland Security to come up with a policy ... Local law enforcement does need that guidance."

Homeland Security officials didn't immediately reply to a request for comment.

Among the dangers, witnesses said, is that the signals used to guide civilian drones can be hacked or jammed, causing them to crash.

Military drones use encrypted GPS signals for navigation, which protects them from hacking, but the GPS signals used by civilian drones don't have that protection, said Todd Humphreys, an assistant professor of orbital mechanics at the University of Texas-Austin.

In an experiment, Humphreys said he and his students were able to successfully hack the signals of a sophisticated drone, getting it to change altitude or position through "spoofing" — sending the drone incorrect information on its location. He acknowledged that it would be very difficult for an ordinary person to spoof a drone, although it might be within the capability of a terrorist or criminal network.

GPS signal jammers available for sale on the Internet for as little as $50 could also be used to cause a civilian drone to crash, said Gerald Dillingham of the Government Accountability Office.

Michael Toscano, president of the Association for Unmanned Vehicles Systems International, pointed out in written comments submitted to the committee that government and industry officials have long been aware that spoofing is a concern for any technology that relies on GPS for guidance and timing, not just unmanned aircraft.

"That said, the industry takes the potential for spoofing very seriously and is already advancing technologies ... to prevent it," he said.

The GAO recommended in 2008 that the Transportation Security Administration, which is part of the homeland security department, examine the security implications of civilian use of drones. Not only has TSA not done that, but the agency has ignored questions from the GAO about why the recommendations aren't being implemented, Dillingham said.

No comments: