Federal Reports Focus on GPS Security, Privacy Issues in Unmanned Aerial Systems - Inside GNSS - Global Navigation Satellite Systems Engineering, Policy, and Design

Federal Reports Focus on GPS Security, Privacy Issues in Unmanned Aerial Systems

University of Texas-Austin Radionavigation Lab drone used in GPS spoofing demonstrations. University of Texas photo

A September report on unmanned aircraft systems (UAS) by the U.S. Government Accountability Office (GAO) highlighted the potential risks posed by GPS jamming and spoofing but failed to make any new recommendations on how the issue should be addressed. Associated privacy issues, however, have gotten more attention.

A September report on unmanned aircraft systems (UAS) by the U.S. Government Accountability Office (GAO) highlighted the potential risks posed by GPS jamming and spoofing but failed to make any new recommendations on how the issue should be addressed. Associated privacy issues, however, have gotten more attention.

The report, GAO-12-981 subtitled “Measuring Progress and Addressing Potential Privacy Concerns would Facilitate Integration into the National Airspace System,” was prepared in response to congressional requesters and updated a 2008 GAO report on the subject. Gerald Dillingham, director of the GAO’s physical infrastructure issues, was primary author for the latest report.

It specifically examined issues that could complicate the Federal Aviation Administration (FAA) mandate to facilitate UAS integration by 2015 as outlined in the FAA Modernization and Reform Act of 2012 as well as carry out the transition to the satellite-based next-generation (NextGen) air traffic management system that relies heavily on GPS capabilities.

“Although not new, concerns about national security, privacy issues, and GPS jamming and spoofing related to UAS have not been resolved and may influence the acceptance of routine access for UAS in the current national airspace systems or the forthcoming transition to NextGen,” the recent GAO report stated.

According to the FAA, the agency will issue a draft notice of proposed rule making by the end of this year that would define and govern how small UAS would potential operate in the national air space (NAS). In addition to GPS jamming and spoofing, the GAO report pointed out the need for UAS operations to incorporate “sense and avoid technology” to avoid air collisions could be solved by incorporating automatic dependent surveillance-broadcast (ADS-B) transponders as are being installed on many general aviation and commercial aircraft.

Other nations, particularly member-states of the European Union, have parallel efforts under way to integrating UAS into their respective airspaces — efforts that the GAO report underlined would benefit from being harmonized with U.S. plans.

The subject of GPS spoofing, especially in the aviation domain, served as the basis for the cover feature in the September/October issue of Inside GNSS. Last July, a congressional committee overseeing activities at the Department of Homeland Security (DHS) indicated a desire to push the agency into a more substantive role in overseeing the use of drones in the United States — a move that could force DHS to move more forcefully to protect GPS users from spoofing

Another emerging issue is the operation of model aircraft — those flown for hobby or recreation — which can be indistinguishable from small UAS aircraft but are generally not regulated, operating under community-based voluntary guidelines. The GAO cited a recent incident in which a man pled guilty to plotting to use a large remote-controlled model aircraft filled with plastic explosives to attack the Pentagon and U.S. Capitol.

Last month, Rockwell Collins announced that the company had been selected as the prime contractor for the unmanned air vehicle portion of the High-Assurance Cyber Military Systems (HACMS) program sponsored by the Defense Advanced Research Projects Agency (DARPA). The four-and-half-year contract calls for Rockwell Collins to develop cyber security solutions for unmanned air vehicles, with applicability to other network-enabled military vehicles.

Privacy Concerns and Congress
Meanwhile, a report issued September 6 by the Congressional Research Service (CRS), “Drones in Domestic Surveillance Operations: Fourth Amendment Implications and Legislative Responses,” underlined the growing concern of private citizens, legal experts, and privacy advocates about the purposes for which UAS technology may be used. The CRS works exclusively for the United States Congress, providing policy and legal analysis to committees and members of both the House and Senate, regardless of party affiliation.

In addition to discussion of aerial surveillance, the CRS report cited the concurring opinion by Justice Samuel Alito, joined by three other justices, in the recent U.S. Supreme Court case United States v. Jones, which would have held that “the use of longer term GPS monitoring in investigations of most offenses impinges on expectations of privacy.”

Echoing this theme, the report authored by CRS legislative attorney Richard M. Thompson II, stated, “While individuals can expect substantial protections against warrantless government intrusions into their homes, the Fourth Amendment offers less robust restrictions upon government surveillance occurring in public places and perhaps even less in areas immediately outside the home, such as in driveways or backyards. Concomitantly, as technology advances, the contours of what is reasonable under the Fourth Amendment may adjust as people’s expectations of privacy evolve.”

Current domestic uses of UAS or unmanned aerial vehicles (UAVs), which are currently quite limited due to federal aviation regulations, include law enforcement, forest fire monitoring, border security, weather research, and scientific data collection.

DHS uses them to police the nation’s borders to deter unlawful border crossings and to detect and interdict the smuggling of weapons, drugs, and other contraband. Within DHS, the Customs and Border Protection’s Office of Air and Marine has flown missions to support federal and state agencies such as the FBI, the Department of Defense, Immigration and Customs Enforcement, the U.S. Secret Service, and the Texas Rangers.

The FAA authorizes UAS operations on a case-by-case basis after conducting a safety review and may grant certificates of authorization (COAs) for use of UAVs. Between January 1 and July 13, 2012, 75 groups within federal agencies and departments were granted 227 COAs, according to the GAO. In addition to these, more than 300 local police departments, state and private colleges, and small cities and towns have received COAs for UAV operation, according to the FAA.

A Department of Justice official told the GAO that approximately 100 law enforcement entities have expressed interest in using UAS for some of their missions — for such applications as supporting tactical teams, post-event crime scene analysis, and critical infrastructure photography.
However, local law enforcement “[o]fficials do not anticipate using small UAS for routine patrols or missions that would require flight over extended distances or time periods,” the GAO report said.

Nonetheless, several measures were introduced in the current session of Congress that would restrict the domestic use of drones. Senator Rand Paul and Representative Austin Scott introduced the Preserving Freedom from Unwarranted Surveillance Act of 2012 (S. 3287, H.R. 5925), which would require law enforcement to obtain a warrant before using drones for domestic surveillance, subject to several exceptions. And the “Preserving American Privacy Act of 2012” (H.R. 6199) would permit law enforcement to conduct drone surveillance pursuant to a warrant, but only in investigation of a felony, according to the CRS.

According to the GAO, no single federal agency has been statutorily designated with specific responsibility to regulate privacy matters relating to UAS for the entire federal government.

GAO Highlights TSA Responsibility
The DHS’s Transportation Security Administration (TSA) currently has the authority to regulate security of all modes of transportation, including non-military UAS. In 2008, the GAO recommended that the TSA examine the security implications of non-military UAS. According to a TSA official, the agency recently reviewed its UAS-related advisories and determined that they are still sufficient. “TSA has not provided information on its efforts to mitigate security implications of UAS, and GAO believes TSA should act on this recommendation.”

In 2008, the GAO reported that TSA had not examined the security implications of routine UAS access in the national airspace systems, “an assessment that remains unchanged.”

“Security remains a significant issue that could be exacerbated with an increase in the number of UAS,” the new report states. “TSA’s practices might be sufficient in the current UAS environment of limited operations taking place under closely controlled conditions, but these controlled conditions will change as FAA and others continue to work toward allowing routine UAS operations in the national airspace system.”

Without an assessment of TSA’s current security practices, the GAO argued, TSA is not equipped to know whether any changes to its practices are needed.
“We continue to believe that our 2008 recommendation — that TSA examine the security implications of future, non-military UAS operations in the national airspace system and take any actions deemed appropriate — remains relevant and that TSA should take steps to implement the recommendation.”