Roger Clarke's Web-Site© Xamax Consultancy Pty Ltd, 1995-2024 |
||||||
HOME | eBusiness |
Information Infrastructure |
Dataveillance & Privacy |
Identity Matters | Other Topics | |
What's New |
Waltzing Matilda | Advanced Site-Search |
Version of 20 December 2015
Published in Computer Law & Security Review 32, 1 (Jan-Feb 2016) 152-155
© Xamax Consultancy Pty Ltd, 2015
Available under an AEShareNet licence or a Creative Commons licence.
This document is at http://www.rogerclarke.com/SOS/Drones-PAR.html
Parliaments and regulators have been very slow to address the public safety and behavioural surveillance threats embodied in drones. On the basis of a pragmatic set of principles for the design of a regulatory scheme, it is proposed that countries apply existing regulatory arrangements, and where necessary amend and extend them.
The last decade has seen rapid developments in the area of remotely-piloted aircraft, commonly referred to as 'drones'. Technological innovation encouraged early adopters, unit costs dropped, prices fell sufficiently that more purchasers were attracted, and the familiar innovation-diffusion spiral occurred.
Drones are inherently dangerous, and action is needed to ensure public safety. Many drones have been designed to carry cameras, and a very common use of drones is to gather visual images and video. This represents a new and substantial threat to behavioural privacy. Unfortunately, regulatory adaptation is far slower than technological and economic change. Although knee-jerk reactions would be harmful and probably ineffective, far more rapid response is needed than parliaments and regulatory agencies have offered to date.
Computer Law & Security Review has featured multiple contributions in relation to drones. For details, see the Reference List. All of the papers to date have been academic, in both the good and bad senses of the word - careful, evidence-based, reasoned and thorough, but not necessarily pithy, to-the-point and likely to stimulate active responses from policy-makers.
This short paper accordingly offers some crisp, constructive suggestions about measures that can and should be taken in order to protect public safety and behavioural privacy. The larger, more sophisticated and more expensive categories of drones attract attention from regulators, and are either already subject to, or can be readily brought within, existing regulatory schemes. The primary focus of this paper is accordingly on small and micro-drones, particularly where their use is of a hobbyist or self-entertainment rather than a commercial nature. The first section proposes some principles. These are then applied in order to identify specific measures that the public can stimulate parliaments, governments and regulators to investigate and implement.
Previous papers have surveyed drone technologies, their uses, their impacts, and existing regulatory mechanisms. See in particular the Special Issue in CLSR 30, 3 (June 2014). The problems may be addressed in a number of different ways, and various approaches are evident in the slow processes that are in train in countries around the world. Some means is needed for selecting among the possibilities, and in particular for achieving balance between complacency on the one hand and undue interventionism on the other.
A comprehensive set of criteria for a regulatory scheme was proposed in Clarke & Bennett Moses (2014) Table 2. The following six Principles are offered as a simpler and more pragmatic basis for filtering the alternatives.
Drones have mass and velocity, have no natural rest state, and control of them is challenging.
So: Drones need to be subject to regulation
The operation of drones requires expertise, skill and focus; and shortfalls against any of those requirements creates risk of harm to the drone, but also to individuals and objects in its vicinity.
So: Drone Operators need to be subject to regulation
Goods may be smuggled into prisons, emergency service operations may be interrupted, drones may be used as weapons, and individuals may be subjected to surveillance and perhaps pursuit.
So: Drone Applications need to be subject to regulation
Commercial uses of moderately sophisticated drones are multiplying, and many members of the public have acquired and flown consumer-level devices.
So: Drones, Drone Operators and Drone Applications need to be subject to regulation now, not later
Proven applications exist of image and video capture for emergency management, geo-physical surveys, and maintenance inspections. Effective tools for search, and for mapping and monitoring of native flora and weed infestations, are rapidly emerging.
Regulators should not intervene in uses of devices, whether for commercial or for hobby and entertainment purposes, except where a reason exists, in particular risk to public safety or behavioural privacy.
So: The regulatory measures need to be justified, proportionate, not excessive and not unduly expensive, but also targeted, effective, efficient and enforceable
The impacts and implications of novel forms of regulation need to be carefully evaluated, whereas those of existing mechanisms are more readily grasped, refined and extrapolated.
So: Advantage needs to be taken of existing regulatory frameworks wherever practicable, and new regulatory frameworks created only where necessary
The Principles proposed in the previous section can be applied in jurisdictions that have a wide variety of characteristics. For example, some countries have highly restrictive regulatory regimes, some have 'light touch' regulatory regimes that are far less prescriptive or constraining, and some have very limited existing law or policy that affects drones and their operation and use.
This section suggests approaches that can be taken in jurisdictions that have at least some existing regulatory frameworks of at least potential relevance to drones. The proposition is that countries need to consider the existing regulatory framework in each of the nine areas discussed below, evaluate those frameworks' applicability to drones, and devise measures that will achieve an appropriate balance between permissiveness of, and control over, drone usage.
The term 'regulatory framework' is used in the manner discussed in Clarke & Bennett Moses (2014) section 3. However, organisational self-regulation and industry self-regulation appear highly unlikely to achieve a satisfactory balance between innovation on the one hand, and negative impacts on safety and behavioural privacy, on the other. The primary emphasis is accordingly on formal regulation and on 'co-regulation' whereby industry or user organisations perform regulatory functions within a framework set by a government agency.
In many jurisdictions, manufacturers, importers and retailers of many kinds of devices are subject to one or more regulatory frameworks relating to safety, including industry standards for such things as controllability, sharp edges, kinetic energy and flammability.
Countries need to ensure that manufacturers, importers and retailers of drones are subject to such frameworks.
This might need to include a legal responsibility to provide customers with documentation, training and information (e.g. about the law, and about contact-points for regulatory, licensing and support organisations), prior to passing possession of the device to the customer.
Particularly for the more dangerous categories of drones and drone applications, this might need to extend as far as a requirement to sight a customer's insurance and/or licence to operate that category of drone, before the organisation can pass possession of the device to the customer.
In most if not all jurisdictions, aircraft, at least above some size threshold (e.g. 100kg), are subject to a substantial regulatory framework, including requirements in relation to matters as diverse as airworthiness, maintenance procedures, financial viability, and insurance.
Countries need to ensure that manufacturers, importers, retailers, purchasers and operators of drones of similar size, or otherwise with a similar potential impact, are subject to such a framework.
In addition, countries need to ensure that manufacturers, importers, retailers, purchasers and operators of medium-sized, small, micro- and nano-drones are subject to appropriate sub-sets and variants of that framework, where their nature, purpose, use, or context of use involves significant risk to public safety and hence they need to have particular features (such as multi-channel communications, and collision-detection / collision-avoidance capabilities).
In most if not all jurisdictions, the controller of anything that enters defined chunks of airspace is subject to a substantial 'air traffic control' regulatory framework.
Countries need to ensure that all sizes of drones, and all drone-operators, are subject to that regulatory framework, that the requirements are clearly communicated to all manufacturers, importers and retailers of drones, and through them to all purchasers and operators of drones, and that the regulations are enforced.
In many jurisdictions, a category of 'model aircraft' is recognised, and is subject to a 'light-touch' regulatory framework. The category may be subject to a size or weight limitation (e.g. 25kg or 50kg). The scheme may feature one or more associations, which provide training, services and insurance to operators of model aircraft. It may limit the locations in which a model aircraft may be flown, e.g. to an area close to an aerodrome operated by the association for that specific purpose. See for example the Australian Civil Aviations Safety Authority Regulations Part 101-3 (CASA 1998b).
In the USA, the FAA Modernization and Reform Act of 2012 s.336 goes much further, exempting drones smaller than 25kg from FAA's purview, where "the aircraft is operated in accordance with a community-based set of safety guidelines and within the programming of a nationwide community-based organization". Empowering such associations may very well be an appropriate approach, but putting them beyond the reach of the regulator is highly inadvisable.
Countries with a model aircraft association scheme that is subject to the purview of the aviation regulator can consider refining it to ensure that it applies to relevant drones and their operators, and hence draws them into an existing club context that provides education and a values-based framework. Countries without such a scheme should evaluate the scope for establishing one.
In some jurisdictions, a specific-to-drones 'light-touch' regulatory scheme exists. This may define requirements in relation to their use, and impose civil penalties for breaches. See for example Australian Civil Aviation Safety Authority Regulations Part 101-1 (CASA 1998a). Typical provisions include:
Countries with such a scheme can consider refining it, ensuring that it applies to all drone operators, or at least to all drone operations in contexts in which significant risks exist, and enforcing it. Countries without such a scheme should evaluate the scope for establishing one.
Virtually all countries have imposed compulsory registration on motor vehicles and mobile plant such as forklifts. In most cases, the design and construction of the vehicle must comply with a set of engineering specifications, particularly relating to safety. Although conventionally referred to as `registration schemes', such mechanisms are more appropriately called `licensing schemes', because conditions apply and registration can be refused. Countries need to give serious consideration to extending the scope of their vehicle registration / licensing schemes to encompass drones, or to establishing similar schemes for drones, at least for categories of drones that give rise to significant risks.
In the case of micro-drones, however, the effectiveness of a registration scheme is likely to be very low. There would be benefits in preventing the manufacture and import of sub-standard equipment, but the primary channels for enforcement of such measures is via manufacturers and importers, not purchasers. Once a micro-drone has been purchased, an interception mechanism is challenging to implement, because, unlike motor vehicles, the movement of drones is not limited to roads, their flights are brief, and their operators are not always easy to identify. Moreover, the fines for administrative misdemeanours are small. For many reasons, the level of respect for micro-drone registration rules is likely to be very low.
The US FAA announced, on 14 December 2015, with one week's notice, what it calls a registration scheme for what it refers to variously as Unmanned Aircraft Systems (UAS) and drones, between 0.55lb / 250gm and 55lb / 25kg in weight (FAA 2015). However, it is actually a registration scheme not for the drones themselves, but for operators of recreational drones. Further, the FAA is precluded by s.336 of the FAA Modernization and Reform Act of 2012 from making rules for drones whose operators are members of a model aircraft association - a membership that is approaching 200,000. Hence, despite this announcement, drone operators actually have the choice of joining a club instead of using the registration scheme (Ruprecht 2015).
Rather than establishing a convenient online registration mechanism with virtually no beneficial effect, FAA could have instead imposed onerous conditions, thereby creating a strong incentive for drone operators to join a club and bring themselves within an environment that makes information available, and brings with it both a sense of responsibility and insurance coverage. At the very least, FAA could have drawn the alternative to public attention. The FAA scheme is not an effective regulatory measure, but merely token compliance with the instructions given to it by Congress.
Virtually all countries have imposed compulsory licensing on drivers of motor vehicles and operators of mobile plant such as forklifts, including requirements that they first demonstrate knowledge of the relevant laws and/or proficiency in the operation of that category of vehicle. These are backed up by civil and criminal sanctions.
Countries need to give serious consideration to extending the scope of their driver licensing schemes to encompass drones, or establishing similar schemes for drone operators, at least for categories of drones, drone uses or contexts of use that give rise to significant risks.
The US FAA scheme announced in December 2015, although it applies to drone operators, is not a licensing scheme with a regulatory effect, but merely a registration scheme of an administrative nature.
Many countries have imposed compulsory third-party insurance on owners of motor vehicles.
Countries need to give serious consideration to extending the scope of their compulsory third-party insurance schemes to encompass drone-owners, at least for categories of drones, drone uses or contexts of use that give rise to significant risks. This could be achieved, for example, by requiring drone operators to join a model aircraft club.
Drones bring with them very substantial increases in the intrusiveness of surveillance generally, and of visual surveillance in particular. For an in-depth analysis, see Clarke (2014c). In a few jurisdictions, there may be a regulatory framework for CCTV, visual and other forms of surveillance, but in most there is at best a patchwork of laws and at worst there are no protections. A review of one country's highly deficient laws is in Clarke (2014d).
Countries need to revise or extend the existing regulatory framework, or establish a coherent, comprehensive and balanced regulatory framework, at least relating to surveillance using drones, but preferably encompassing surveillance generally, including using drones.
This short paper has presented and applied a set of principles in order to identify measures to address the impacts of drones in a sufficient but balanced manner. Deeper analyses of specific issues, and of the slow processes of policy development in the USA, Europe and Australia, are in Clarke & Bennett Moses (2014) and Clarke (2014c).
The measures proposed are pragmatic, intended to assist with the immediate problems that are afflicting many countries. They not intended as a long-term solution to the challenges of advancing technologies. For assessments of such important longer-term issues as drone autonomy, the transparency of decisions made by drones, data communications reliability and security, 'fail-secure' design features, human responsibility for acts by drones, and conditions of use of first-person view (FPV) and instrument-based operations, see Clarke (2014b).
Clarke R. (2014a) 'Understanding the Drone Epidemic' Computer Law & Security Review 30, 3 (June 2014) 230-246, PrePrint at http://www.rogerclarke.com/SOS/Drones-E.html
Finn R.L. & Wright D. (2012) 'Unmanned aircraft systems: Surveillance, ethics and privacy in civil applications' Computer Law & Security Review 28, 2 (April 2012) 184-194
Pagallo U. (2013) 'Robots in the cloud with privacy: A new threat to data protection?' Computer Law & Security Review 29, 5 (October 2013) 501-508
Wright D. (2014) 'Drones: Regulatory challenges to an incipient industry' Guest Editorial, Computer Law & Security Review 30, 3 (June 2014) 226-229
Clarke R. (2014b) 'What Drones Inherit from Their Ancestors' Computer Law & Security Review 30, 3 (June 2014) 247-262, PrePrint at http://www.rogerclarke.com/SOS/Drones-I.html
Clarke R. & Bennett Moses L. (2014) 'The Regulation of Civilian Drones' Impacts on Public Safety' Computer Law & Security Review 30, 3 (June 2014) 263-285, PrePrint at http://www.rogerclarke.com/SOS/Drones-PS.html
Clarke R. (2014c) 'The Regulation of of the Impact of Civilian Drones on Behavioural Privacy' Computer Law & Security Review 30, 3 (June 2014) 286-305, PrePrint at http://www.rogerclarke.com/SOS/Drones-BP.html
Volovelsky U. (2014) 'Civilian uses of unmanned aerial vehicles and the threat to the right to privacy' Computer Law & Security Review 30, 3 (June 2014) 306-320
Custersa B. & Vergouwb B. (2015) 'Promising policing technologies: Experiences, obstacles and police needs regarding law enforcement technologies' Computer Law & Security Review 31, 4 (August 2015) 518-526
CASA (1998a) 'Unmanned Aircraft and Rockets: Unmanned Aerial Vehicle (UAV) Operations, Design Specification, Maintenance and Training of Human Resources' Civil Aviation Safety Regulation (CASR) Part 101-1(0), Civil Aviation Safety Authority, original of 1998, current version of July 2002, at http://www.casa.gov.au/wcmswr/_assets/main/rules/1998casr/101/101c01.pdf
CASA (1998b) 'Unmanned Aircraft and Rockets: Model Aircraft' Civil Aviation Safety Regulation (CASR) Part 101-3(0), Civil Aviation Safety Authority, original of 1998, current version of July 2002, at http://www.casa.gov.au/wcmswr/_assets/main/rules/1998casr/101/101c03.pdf
Clarke R. (2014d) 'The Regulation of Point of View Surveillance: A Review of Australian Law' IEEE Technology & Society 33, 2 (June 2014) 40 - 46, PrePrint at http://www.rogerclarke.com/DV/POVSRA.html
FAA (2015) `Press Release - FAA Announces Small UAS Registration Rule' Press Release, Federal Aviation Administration, December 14, 2015, at http://www.faa.gov/news/press_releases/news_story.cfm?newsId=19856
FAA Modernization and Reform Act of 2012 (Public Law 112 - 95), at https://www.gpo.gov/fdsys/pkg/PLAW-112publ95/pdf/PLAW-112publ95.pdf
Ruprecht J. (2015) 'Analysis of the FAA's Published Drone Registration Requirements' Drone Law Blog, 15 December 2015, at http://jrupprechtlaw.com/myrupprecht-laws-analysis-of-the-faas-published-drone-registration-rule
Roger Clarke is Principal of Xamax Consultancy Pty Ltd, Canberra. He is also a Visiting Professor in Cyberspace Law & Policy at the University of N.S.W., and a Visiting Professor in the Computer Science at the Australian National University.
Personalia |
Photographs Presentations Videos |
Access Statistics |
The content and infrastructure for these community service pages are provided by Roger Clarke through his consultancy company, Xamax. From the site's beginnings in August 1994 until February 2009, the infrastructure was provided by the Australian National University. During that time, the site accumulated close to 30 million hits. It passed 75 million in late 2024. Sponsored by the Gallery, Bunhybee Grasslands, the extended Clarke Family, Knights of the Spatchcock and their drummer |
Xamax Consultancy Pty Ltd ACN: 002 360 456 78 Sidaway St, Chapman ACT 2611 AUSTRALIA Tel: +61 2 6288 6916 |
Created: 18 November 2015 - Last Amended: 20 December 2015 by Roger Clarke - Site Last Verified: 15 February 2009
This document is at www.rogerclarke.com/SOS/Drones-PAR.html
Mail to Webmaster - © Xamax Consultancy Pty Ltd, 1995-2024 - Privacy Policy