Drone Registration Plan from US Department of Transportation

According to NBC News (October 16, 2015), the U.S. Department of Transportation is about to announce a plan to require every purchaser of a drone to register it with the U.S. government. The plan is apparently driven by concerns about close calls between drones and aircraft nearby airports, though there are many other public safety issues associated with drones as well. NBC reports that under the plan, the government would work with the drone industry to set up a structure for registering the drones.

The utility of such registration plans depends on the details, so it really matters to get the details right. My primary concern is that registration plans for registration-worthy devices often call for the purchaser or user to fill out a registration card with some personal information (e.g., name, address) and mail it to the vendor. Such a registration plan would be virtually useless in preventing the problems that the plan is intended to solve, as it would—at best—facilitate retrospective prosecution of those who ignore rules regarding close encounters with aircraft (and arguably do a bad job of that as well).

So let’s have a registration requirement that could really help. As a strawman proposal/point of departure for discussion, consider drone registration built around the following features:

• Drones would be sold in a “deactivated” state (i.e., an unflyable state), and activated only when the purchaser uploads to the drone an activation code from the manufacturer (e.g., through a USB port on the drone).

• The purchaser would obtain the activation code after going to a manufacturer web site for drone registration and filling out all of the required information. The device used for accessing the web site would then perform the upload.

• Every drone would have a deactivation mode built into it that can be triggered when it receives an authenticated deactivation command.

• Aircraft would be equipped with very short-range transmitters that broadcast authenticated deactivation commands when the separation distances become too close for safety (or even routinely). Vendors of drone deactivating transmitters would be licensed and provided digital credentials to authenticate themselves to drones.

• Deactivation commands would be reversible, but only upon another upload of the activation code, to insure against the possibility that a drone is mistakenly deactivated (e.g., while not in flight).

• An optional aspect of this strawman proposal is for every drone to have a unique machine-readable identifier built into its electronics consisting of two parts—a vendor ID number XXXX and a serial number YYYY provided by the vendor. (In this example, XXXX and YYYY are just numbers of any agreed-upon length.) (For those familiar with MAC addresses, every drone should have a “drone identifier” that is directly analogous to the MAC address on networking hardware.) A drone identifier of this nature would enable fine-grain management specific drones or drones made by negligent vendors, should such management become necessary.

This strawman proposal leaves many questions unanswered. For example, how much and what kind of information should be required for obtaining the drone activation code? How should personal information entered on the registration web site be verified? Should an adult of legal age take responsibility for drone purchases? How does one deal with the problem of home-built drones? How would the cost be of adding a drone-deactivating transmitter to an airplane? How can indiscriminate denial of drone operations be prevented? (My answer—through regulating the sale of drone-deactivating transmitters and limiting their range.)

All of these issues, and more, would eventually have to be addressed, and in the end I have no investment in the particulars of this strawman. But I do want to start a discussion about implementing a drone registration program that support the *technical* capability of reducing the harm that errant drones may do, and not just the prosecution of those responsible for such harm.

Update: Nick Weaver--technologist new to Lawfare--points out some flaws in this scheme. He says (and he’s almost certainly right) that it would be hard to maintain the secrecy of the data needed to transmit authenticated deactivation commands. Once that data were compromised, bad guys trying to hack drones would be able to turn them off because they could use that data as part of a homebuilt transmitter. With directional antennae, they could turn drones off from a large distance too.

I think some of the resulting problems could be mitigated to some extent. Theft of drone-delivered packages—which could be enabled by unauthorized deactivation transmitters—could be defeated in part by exempting drones operated by authorized delivery services; such drones would not be required to deactivate in the manner specified. But in the end, what counts is a risk assessment that compares the problems associated with being able to deactivate drones in the name of public safety with the problems associated allowing them to fly with complete operator-determined freedom and no technical remedy for abuses of that freedom.

Lastly, he says “let’s not do this for small drones,” since planes should be able to withstand impacts from small birds. That’s a quite reasonable point.

The interaction I had with Nick on this strawman scheme has exactly the flavor I'd like to add to some of the discussions on Lawfare. I look forward to many more, even when they show the silliness of any particular idea of mine.