NTIA Held its First Multistakeholder Meeting to Craft Unmanned Aircraft Systems Privacy, Transparency, and Accountability Best Practices
On August 3, the National Telecommunications and Information Administration (NTIA) held its first meeting of a multistakeholder process to develop privacy, transparency, and accountability best practices for unmanned aircraft systems (UAS) operations by commercial and private users. NTIA initiated the process in response to President Obama’s direction that NTIA convene private sector stakeholders to develop best practices that would “mitigate consumer concerns while promoting growth and innovation in” the UAS sector.1 Although companies will be free to choose whether they comply with any of the resulting best practices, multistakeholder outcomes could carry important consequences for the development and use of UAS technology in a wide range of industries going forward.
The first meeting brought together a wide range of stakeholders, including industry, civil society, and academia. The meeting was open to the public and was also webcast for all interested parties. Additional meetings are scheduled for September 24, 2015, October 21, 2015, and November 20, 2015, with a goal of “freezing” the work of the group after the November meeting in order to facilitate external review. Stakeholders likely will then reconvene in December 2015 or January 2016 to take account of external feedback and complete their work. As such, there still are opportunities for interested parties to become involved in the work of the multistakeholder group.
A Brief History of NTIA Multistakeholder Processes
The launch of the UAS meetings marks NTIA’s third attempt to develop voluntary privacy standards for an emerging technology through a series of multistakeholder discussions. Multistakeholder processes aim to incorporate the views of all relevant stakeholders, from government, the private sector, civil society, and others, with the goal of generating a consensus on industry best practices or voluntary and legally enforceable codes of conduct. The processes are meant to ensure that the views of all stakeholders are heard and integrated at all stages of the decision-making process through dialogue and consensus-building.
Similar discussions on mobile app privacy and facial recognition privacy, however, have produced mixed results. To illustrate, beginning in June 2012, NTIA convened a series of multistakeholder meetings to develop a code of conduct for mobile app transparency. NTIA launched this process in response to the White House’s call for a Consumer Privacy Bill of Rights in early 2012. The process, which involved consumer groups, privacy advocates, and a wide range of businesses, concluded in July 2013, when stakeholders agreed to begin reviewing, testing, and possibly implementing a voluntary code of conduct for mobile application short notices developed through the multistakeholder process.
Despite the apparent success of the NTIA’s first multistakeholder process to develop privacy standards, more recently, in June 2015, a number of privacy advocates pulled out of a NTIA-convened multistakeholder process intended to develop a voluntary code of conduct for the use of facial recognition technology. Discussions appeared to stall when privacy groups and industry representatives could not reach agreement on the basic question of consumer consent to use facial recognition technology and the right to opt out. After industry representatives proposed tabling the issue in favor of other areas of potential agreement, privacy advocates pulled out of the process entirely. Regardless, NTIA is pressing forward with its multistakeholder effort regarding facial recognition technology, and it remains to be seen if these privacy advocates will rejoin the discussions.
The First Meeting on UAS Privacy, Transparency, and Accountability Best Practices
NTIA’s multistakeholder process to develop privacy, transparency, and accountability best practices for UAS operations by commercial and private users seems to have started off on the right foot. In the first meeting, NTIA sought to (i) briefly review the current regulatory environment for UAS operation; (ii) discuss the range of commercial uses of UAS; (iii) engage stakeholders in a discussion of high-priority substantive issues that stakeholders believe should be addressed by best practices for privacy, transparency, and accountability for UAS operation; and (iv) engage stakeholders in a discussion of logistical issues, including the potential establishment of working groups and identification of concrete goals and stakeholder work between the August and September meetings. Consistent with other NTIA-led multistakeholder processes, NTIA acted as a neutral convener during the meeting, allowing the participating parties to drive the substantive discussion. A brief high-level summary of the meeting is provided below.
Goals of the UAS Multistakeholder Process
Angela Simpson, NTIA Deputy Assistant Secretary for Communications and Information, kicked off the meeting by explaining that the goal of the multistakeholder process is to develop best practices that promote trust, transparency, and accountability for UAS operation. She expressed her hope that stakeholders would, in fact, develop one or more sets of best practices by the conclusion of the process. Ms. Simpson was followed by John B. Morris, NTIA Associate Administrator and Director of Internet Policy, who noted that while prior NTIA multistakeholder processes produced a code of conduct, in the instant UAS process, NTIA is seeking a set of agreed upon best practices. Mr. Morris explained that the Obama Administration believes that best practices are the best approach to UAS operation in light of the nascent nature of the industry. Mr. Morris also noted that while not all UAS operations may raise privacy concerns, most probably raise transparency and accountability issues.
Current Regulatory Environment for UAS Operation and the Range of Commercial Uses
Two attorneys from the U.S. Department of Transportation (DOT) presented on the current legal environment of UAS operations and the different types of UAS uses, including public, commercial, and hobbyist use. Dean E. Griffith, an attorney in the Regulations Division of the Federal Aviation Administration (FAA), and Anne Bechdolt, a senior attorney in the DOT’s Office of the General Counsel, led the discussion. Ms. Bechdolt specifically stated that, because the FAA does not have authority to regulate privacy, the Obama Administration concluded that the NTIA multistakeholder process was the best process to address UAS privacy. Their presentation was followed by Gregory S. McNeal, Associate Professor of Law and Public Policy at Pepperdine University, who described current and near-term examples of commercial and private UAS operations.
High Priority Substantive Issues
Following the presentations by government representatives, stakeholders discussed the top priority issues that they felt should be addressed in the multistakeholder process. The group identified a comprehensive and broad list of issues, including:
- Mechanisms to track and identify the operator of a UAS;
- Distinguishing between public and private areas, where there may be differing expectations of privacy;
- Data retention and image de-identification (e.g., via pixilation);
- Data security;
- Use of geospatial data;
- Applicability of Fair Information Practice Principles;
- Physical versus information privacy;
- Notice to participants and nonparticipants about planned flights;
- Technologies that enable non-UAS operators to express their privacy preference, such as geofencing or
- “no fly” zones;
- Reporting requirements;
- Types of data collected;
- Maintaining a balance between the First Amendment and privacy;
- Distinguishing between whether the UAS operates within visual line-of-sight or beyond line-of-sight;
- Considering the effect of regulation on innovation; and
- Distinguishing between collection of data and use of data.
Despite a lengthy discussion, stakeholders did not come to a consensus on the methods and organization of the multistakeholder process. While some stakeholders thought it would be helpful to create a charter document or a draft statement of goals, along with timelines and empowered chairs who could drive the process forward, others worried that such efforts to create a formal process could delay the substantive work of the group. This latter group of stakeholders also noted that the necessary charter documents already exist in the Presidential Memorandum and previous NTIA documents concerning multistakeholder processes.
In light of the apparent split in opinion, John Verdi, NTIA Director of Privacy Initiatives, asked stakeholders to consider and come prepared to discuss the following logistical issues at the September multistakeholder meeting:
- Timelines: Would having a set timeline for the group’s work product be constructive?
- Goals: Would drafting a clear statement of goals be good for the process?
- Working Groups: Should there be working groups and should they have Chairs to lead the process?
Discussion on other logistical issues, however, appeared to result in greater consensus. Stakeholders agreed, for example, that it was important to identify the “problems” associated with UAS operations prior to attempting to craft best practices for their use. The group discussed, but did not reach consensus on, the scope of UAS operations and uses that the best practices would cover—some argued that best practices should cover only those issues that are truly unique to UAS, that are existing problems, and that are not addressed by existing laws and regulations, while others were concerned that limiting best practices in such a manner could decrease their efficacy. Finally, stakeholders discussed certain definitions relevant to their work. For example, should the group limit its consideration to small UAS (i.e., those that weigh less than 55 lbs.)? To whom should the best practices apply, the manufacturer, the operator, another entity? What constitutes private property – specifically, where does private property end in the airspace? Stakeholders will have to grapple with these definitional questions as they move forward with developing the best practices.
In closing the meeting, Mr. Verdi asked stakeholders to volunteer to work on two tasks in advance of the September meeting. Interested parties can e-mail him to volunteer:
- Best Practices: NTIA provided a list of preliminary resources that included some best practices. Mr. Verdi asked stakeholders to send him any additional best practices the group should consider. He also sought volunteers to review existing best practices, including the FAA test site policies, and to provide a concise read-out of lessons learned and practices from which the group can borrow in advance of the next meeting.
- Use Cases: One stakeholder commented that it would be useful to lay out different use case scenarios, which can provide a set of examples on which to evaluate the best practices. In addition, the group discussed whether it would be useful to separate the discussion of UAS by use, recognizing that different uses will raise different concerns about privacy. For example, a delivery UAS use will raise different issues than will a photography UAS use, and the type of data collected and the use of that data will raise differing concerns. Furthermore, the group discussed, but did not come to consensus on, whether the use case issues should be limited to just those that are specific to UAS, as opposed to, for example, existing issues with filming from helicopters or from concealed cameras. Mr. Verdi requested volunteers to draft a list of use cases and identify for each the issues about which private citizens are concerned with regard to privacy, transparency, and accountability.
The first NTIA meeting to develop best practices for privacy, accountability, and transparency for UAS operations went well, with robust discussion among the stakeholders who attended, both in person as well as on the phone. There no doubt will be disagreements among participants as the process moves forward, as there have been in prior NTIA multistakeholder processes. Thus, active participation in the meetings is crucial to ensuring that each stakeholder’s interests are represented. Furthermore, volunteering to help draft documents for group consideration is a good way to ensure stakeholders’ voices are heard in the process.
NTIA has scheduled its next multistakeholder meeting for September 24, 2015. Further information on the multistakeholder meetings is available here.
1Angela Simpson, Deputy Assistant Secretary for Communications and Information, National Telecommunications and Information Administration, Improving Privacy, Transparency, and Accountability for Unmanned Aircraft Systems, July 13, 2015, http://www.ntia.doc.gov/blog/2015/improving-privacy-transparency-and-accountability-unmanned-aircraft-systems.