25 February 2024

By Vic Moss 

Let’s play a game and assume all of the people in Washington D.C.—as well as an increasing number of state legislators—are right, and the Chinese Communist Party has full access to all of the servers that store DJI customer data.

Technically, the CCP can request this, and DJI would have to comply.

So, it is possible. Let’s say it happens. What does the CCP get from DJI and its customers?

Not much.

First off, pretty much all anyone ever uploads are flight records—and, possibly, thumbnail imagery to coincide with flight records. And by the way, unless you actually opt-in to allow DJI software to do that, it doesn’t happen.

So the worst case scenario—assuming every DJI customer agrees to upload every drone flight ever taken by every DJI drone they own—all the CCP would know is where we flew.

It’s that simple.

Second, many in D.C (and state legislations) claim DJI can also access, according to Craig Singleton (China Program Senior Director) during the Senate Communications and Technology Subcommittee Hearing on February 15, 2024,  “vast amounts of sensitive data, everything from high resolution images of critical infrastructure to facial recognition technology and remote sensors that can measure even an individuals’s heart rate…” 

Let’s talk about this for a bit.

First of all, the idea that facial recognition technology and remote sensors can measure an individuals’s heart rate is so far out in left field, it’s not even worth the amount of energy it takes to display the pixels to debunk it.

(More on the Singleton testimony here: https://www.linkedin.com/feed/update/urn:li:activity:7164274043045572608/.)

Let’s talk about the "high resolution images of critical infrastructure" Singleton mentioned. Suppose he’s right—he’s not, but let’s continue to play their game anyway.

When is DJI supposed to be getting ahold of this imagery? Remember, Singleton said "high resolution." That means BIG files. As a commercial photographer and videographer who collects vast amounts of data, and then uploads that imagery and data to clients, I know how long it takes to upload high-resolution imagery.

The typical firmware update from DJI takes about five to ten minutes to download to a controller and drone. The typical high-resolution set of images or data that gets sent to my clients takes hours to upload—not minutes—and that’s not even counting the difference between typical upload and download speeds. (P.S.—I can’t wait for Google Fiber to come to my neighborhood). 

So, I ask you Mr. Singleton, how does DJI get high resolution imagery?

If DJI—or even the CCP—have developed a file-compression algorithm capable of that level of compression, they could be making a ton more money licensing that technology. 

One more note: Customers can update their DJI drones using an SD card—no Internet access required—and revise their gear independent of an Internet connection. Sure, DJI (or the CCP) could theoretically plant a Trojan Horse to upload imagery the next time the drone is connected to the Internet, but I believe previous paragraphs have debunked the effectiveness of that.

In summation, DJI is NOT getting high resolution images of critical infrastructure. It's simply beyond stupid to believe otherwise.

But Perhaps I'm Full of It...

Okay, let’s agree with the fearmongers and paranoids for a minute, and accept that DJI and other Chinese drones are actually a legitimate national security issue.

What do we do about it?

Are Country of Origin bans the answer? Is adding DJI to the FCC list—effectively grounding every DJI in the country—the answer?

No. They are bandaids at best, and a false sense of security at worst.

As we all know, anything connected to the Internet can be hacked—no matter the country of origin, or whether or not it’s on some FCC list.

If this truly is a national security issue—and not simply a political ploy by U.S. drone manufacturers, as well as jingoistic lawmakers and bureaucrats—LET'S FIX IT.

Let's identify the actual threat, develop and implement a strict set of cybersecurity protocols, and require all drones (regardless of country of origin) that fly in secure and sensitive areas to comply with those protocols.

If Congress did that, and quit playing the political game of choosing winners and losers, this “threat” would be non-existent. Or, at least as non-existent as we can make things these days.

And while we’re at it, federal alphabet agencies need to quit squabbling over what will actually be included on the Critical Infrastructure list as required under Public Law 114-190, Section 2209. Which, by the way was signed into law on July 15, 2016.

Section 2209 even gave a timeline to get this done. Congress told theses agencies to have Section 2209 ready, “not later than 180 days after the date of enactment of this Act…”.

By my math, that means they are more than seven years late in actually doing what Congress dictated they do.

It’s time to get your "poop in group," folks, and help Secretary Buttigieg do his job.

Learn More • Do More

If you’d like to follow the progress of this and many other anti-China UAS legislative issues—at both the federal and state level—please use the Drone Advocacy Alliance “Take Action” page. If you’d like to take it one step further, you can join us as an industry partner. Go here for more information: https://droneadvocacyalliance.com/become-a-partner/