Skip to content

Illustration by Security Management

Legal Implications of Detecting and Mitigating Security Threats from Drones

Four U.S. government agencies issued a guidance document designed to help public and private entities navigate the legal space of detecting and mitigating security threats posed by drones.

The Advisory on the Application of Federal Laws to the Acquisition and Use of Technology to Detect and Mitigate Unmanned Aircraft Systems, released by the U.S. Department of Justice (DOJ), the U.S. Department of Transportation, the Federal Communications Commission, and the U.S. Department of Homeland Security, examines laws security directors need to consider when deploying such technology.

“The Advisory urges entities to take the advice presented in this Advisory seriously—to consult with counsel and think carefully about the functionality of individual detection or mitigation systems, the way the system operates, and the way the system will be used," the DOJ said in an announcement. "A thorough understanding of how a system functions and the applicable law is necessary to ensure that, if UAS detection and mitigation technologies are employed, they will be used effectively, responsibly, and legally.”

Several U.S. federal agencies and departments, including Defense, Energy, Justice, Homeland Security, and the Federal Aviation Administration, have been given waivers by Congress to ignore some federal statutes in detecting and mitigating unmanned aircraft systems (UAS), aka drones. The advisory points out that other U.S. federal, state, local, and private entities do not enjoy these exemptions.

The following is rundown of some of the statutes cited in the advisory, which is divided into detection and mitigation categories.

Statutes Applicable to Detection

Pen/Trap Statute: Regulates the type of information that can be intercepted in the communications between a drone and its controller. “Use or installation of a pen register or trap and trace devise is prohibited,” the advisory says, “unless conducted pursuant to a court order or when a statutory exception applies.” The types of data covered by prohibition include device serial numbers, cell site information, MAC addresses, and IMEI and IMSI numbers.

Wiretap Act: Prohibits the interception of any electronic communication, and “electronic communication” is broadly defined to include almost any conceivable information. The act carves out exceptions for communication that is “readily accessible to the general public” and for aeronautical communications systems. The advisory notes that how, or if, these exceptions apply to drones is unsettled law.

Statutes Applicable to Mitigation

Computer Fraud and Abuse Act: Prohibits intentionally accessing a protected computer or intentionally damaging a protected computer. The advisory notes that drone control systems may fall under the category of protected computers, thus hacking those systems could violate the act.

Interference with the Operation of a Satellite: Prohibits obstructing or hindering any satellite transmission, which would include GPS transmissions. Jamming or spoofing (replacing or modifying signals) GPS or other satellite information may violate the statute.

Aircraft Sabotage Act: Prohibits damaging, destroying, or disabling aircraft. Earlier in the statute, “aircraft” is defined as “a civil, military, or public contrivance invented, used, or designed to navigate, fly, or travel in the air.” Other statutes also have definitions that would indicate that drones are aircraft, and subject to the Aircraft Sabotage Act.

Aircraft Piracy Act: Prohibits seizing or exercising control of an aircraft with “wrongful intent,” which would involve seizing an aircraft without legal authorization.

In addition to laws that potentially relate directly to detection and mitigation strategies, the advisory examines other legal pitfalls of protecting people and places from drones.

For an indoctrination of drones and security, see the Best of GSX 2018: Drones Impact on Security.