NASCIO calls for state CIOs to guide drone regulation
Editor’s Note: This story was updated at 6 p.m. on May 27 to reflect an additional comment from the Association for Unmanned Vehicle Systems International.
State chief information officers, as the shepherds of new technology adoption in their states, will need to take an authoritative role in shaping regulations guiding public sector unmanned aircraft systems, according to a new report from the National Association of State Chief Information Officers.
The report highlights how quickly drones have moved into the limelight for state officials. In a NASCIO survey released in September 2014, nearly 64 percent of state CIOs said drones were not on their radar. In the new report, released May 27, NASCIO argued state CIOs should, in fact, be concerned about how state governments are using the technology, due to the data collection and management implications that come along with it.
“The new challenges states face in the increasing use of UAS has less to do with flight technology, and everything to do with the vast amount of data that will be created as a result,” the report said. “The increasing use of UAS means big data sensors are airborne, versatile and inexpensive, and states are generating incredible amounts of data in the form of digital video, photos, GPS coordinates and sound.”
The report recommends states develop a standard process for data collection, labeling, storage, retention, usage, sharing and deletion to help improve the flow of new data coming into databases from drone collection. Alongside an influx of new data also comes the question of public record and whether that collected data is subject to the Freedom of Information Act.
An increased amount of data collection also makes way for more privacy concerns — especially due to the small, quiet nature of UAS operation.
“While it can be argued that the data collected from UAS is no different from that collected from manned aircraft, privacy advocates have some concerns,” the report said. “Video or photos of illegal activity may be captured unintentionally.”
While this concern is also true of data collected from the operation of a manned aircraft, states will need to consider the implications of the Fourth Amendment, and develop a comprehensive framework for separating the data that does and does not require a warrant, the report said.
The inadvertent collection of data and how that will be used was the topic of a panel at NASCIO’s midyear conference last month. Michael Cockrill, CIO for Washington state, argued that concerns about drone privacy were just fronts for the general concerns of the public about drones.
But privacy and data collection is not the only concern when it comes to how governments use drones — in the report, NASCIO pointed out the security risks, both physical and cyber, that the devices present.
“States will need to consider the serious consequences if UAS devices and the data they collect are not secure,” the report said. “From a risk management perspective, there are many security dimensions to be considered, including issues of both cybersecurity and information security.”
According to the report, states need to consider the implications of hackers disrupting government owned and operated UAS and what steps must be taken to properly secure the data drones collect. Agencies may also need to consider the radio frequencies that flight operators use, to ensure that third parties cannot interfere with state operations.
All of NASCIO’s concerns lead to an overarching need for governance. In fact, the report recommended states establish a working or advisory group to develop a governance structure as soon as possible.
“The more time that elapses between when UAS are deployed, [when] data is gathered and when state guidance is put in place, the more work must be done to go back and re-organize stored data, deal with privacy challenges, address lawsuits due to safety issues, catch up with infrastructure needs, and manage the consequences of security incidents,” the report said.
Drone-related legislation has been enacted in Virginia, North Carolina, Florida, Tennessee, Indiana, Illinois, Wisconsin, Texas, Montana, Idaho, Utah and Oregon, the report said. In North Carolina, state law requires government entities to get authorization from the state CIO for either the procurement or the operation of UAS.
Through North Carolina State University’s involvement in the Federal Aviation Administration’s Center of Excellence for UAS, the state has already begun working on how to integrate drones into the national airspace.
“Government entities are focusing on emergency response, surveying and mapping, and crop research as areas that can be supported by emerging UAS technology,” state CIO Chris Estes told StateScoop in an email.
As the state investigates these opportunities for drone use, Estes said the state is doing that exploration with a priority on safety, data management and privacy considerations.
NASCIO’s president, Ohio CIO Stu Davis, said in a statement that UAS were already in use nationwide, and if states CIOs haven’t already been asked to take an active role to address the policy issues surrounding the technology, they will likely be asked to do so in the near future.
“We particularly need to address privacy, security, safety and data standardization as soon as possible to avoid a mess down the road,” Davis said.
The Association for Unmanned Vehicle Systems International, which advocates for drone integration worldwide, told StateScoop in an email that it welcomed the NASCIO report that recognized “the societal and economic benefits of unmanned aircraft systems in its report.”
“Whether it is inspecting bridges, searching for lost hikers or filming tourism videos, UAS can help provide unique perspectives and help to do many jobs more safely and efficiently,” AUVSI Senior Government Relations Manager said. “There is broad public support for these uses of the technology. The report also takes a thoughtful approach to addressing privacy, recognizing the robust legal framework in place that protects Americans’ right to privacy and guidelines for UAS use.”
Drone operation by a state or federal entity is currently illegal under the FAA’s regulations. If a state government wanted to fly UAS, it would need to get approval through an FAA-issued certificate of authorization. Earlier this year, the agency did release proposed rules laying out future regulations for small commercial UAS use — a timeline for the final rule has yet to be announced.
