IF YOU WANT to understand why the government freaked out when a $400 remote-controlled quadcopter landed on the White House grounds last week, you need to look four miles away, to a small briefing room in Arlington, Virginia. There, just 10 days earlier, officials from the US military, the Department of Homeland Security, and the FAA gathered for a DHS “summit” on a danger that had been consuming them privately for years: the potential use of hobbyist drones as weapons of terror or assassination.
The conference was open to civilians, but explicitly closed to the press. One attendee described it as an eye-opener. The officials played videos of low-cost drones firing semi-automatic weapons, revealed that Syrian rebels are importing consumer-grade drones to launch attacks, and flashed photos from an exercise that pitted $5,000 worth of drones against a convoy of armored vehicles. (The drones won.) But the most striking visual aid was on an exhibit table outside the auditorium, where a buffet of low-cost drones had been converted into simulated flying bombs. One quadcopter, strapped to 3 pounds of inert explosive, was a DJI Phantom 2, a newer version of the very drone that would land at the White House the next week.
Attendee Daniel Herbert snapped a photo and posted it to his website along with detailed notes from the conference. The day after the White House incident, he says, DHS phoned him and politely asked him to remove the entire post. He complied. “I’m not going to be the one to challenge Homeland Security and cause more contention,” says Herbert, who runs a small drone shop in Delaware called Skygear Solutions.
The White House drone, of course, wasn’t packing an explosive and wasn’t piloted by a terrorist—just a Washingtonian who lost control of the device while playing around in the wee hours. But the gentle censorship directed at Herbert illustrates how serious the issue is to counterterrorism officials.
A Drone Maker Takes Decisive Action
The Phantom line of consumer drones made by China-based DJI figures prominently in the government’s attack scenarios. That’s not because there’s anything sinister about DJI or the Phantom—in fact, just the opposite. The Phantom is the iPod of drones, cheap, easy to use, and as popular with casual and first-time fliers as with experienced radio control enthusiasts.
With all the attention surrounding the White House landing, DJI felt it had to take action. So last Thursday it pushed a “mandatory firmware update” for its Phantom 2 that would prevent the drone from flying in a 15.5 mile radius of the White House. So far it’s the only drone-maker installing what’s known as GPS geofencing
The technique is not new to DJI. The company first added no-fly zones to its firmware in April of last year to deter newbie pilots from zipping into the restricted airspace over airports, where they might interfere with departing and arriving aircraft. If a Phantom 2 pilot flies within five miles of a major airport’s no fly zone, the drone’s maximum altitude begins to taper. At 1.5 miles away, it lands and refuses to take off again. Municipal airports are protected by smaller zones, also programmed into the drones’ firmware.
For DJI, airport no-fly zones were a response to the growing popularity of the Phantom 2 and perhaps a hedge against the constant threat of increased regulation. “We started seeing the community of pilots grow,” says spokesman Michael Perry, and many users have no idea where they can and can’t legally fly the drone. “The guy in the White House incident, I’m pretty sure he didn’t know that flying in downtown DC is illegal.” Rather than put the onus on every user to learn local air traffic zoning rules, DJI translated them into code, and added a little buffer zone of its own for added safety.
The White House geofence is only the second one that isn’t centered on an airport, according to Perry—the first was Tiananmen Square. It won’t be the last. Now that the company has perfected the ability to erect geofences at will, the sky’s the limit—or, more accurately, the skies are limited. DJI is preparing an update that will increase the number of airport no fly zones from 710 to 10,000, and prevent users from flying across some national borders—a reaction to the recent discovery that drug smugglers are trying to use drones to fly small loads of meth from Mexico into the US.
‘I Want to Fly Wherever the Heck I Want’
This geofencing has critics, including hobbyists chagrined to find their favorite flying spot suddenly encompassed by a DJI no-fly zones. “I live just inside a red zone and find it quite offensive that a company would attempt to restrict any potential usage in/around my own house,” one user wrote in response to the first geofencing update last April.
“One could theorize that every zone anywhere could be a restricted zone,” wrote another. “Thank you but no thank you. If I spend thousands of dollars then I want to fly wherever the heck I want as long as it is under 400ft and 500ft away from airports.”
“This is NOT something users want,” another critic added. “I have a good relationship with my local airports and have worked with every local tower or control center. I get clearance to fly and they have been great, but this ‘update’ takes away my control.”
Ryan Calo, a University of Washingtonlaw professor who studies robots and the law, traces the resistance to two sources. “One is a complaint about restricting innovation. The second one says you should own your own stuff, and it’s a liberty issue: corporate verses individual control and autonomy,” Calo says. “When I purchase something I own it, and when someone else controls what I own, it will be serving someone else’s interest, not mine.”
DJI, in other words, has flown into one a core discontent of the Internet age. Technology’s no-fly zones already are everywhere. Lexmark printers and Keurig coffee makershave been programmed to reject third-party ink cartridges and coffee pods. Auto dealers are beginning to install remote-control immobilizers in cars sold to sub-prime borrowers, so they can shut down a driver who’s delinquent with an auto payment (the technology already has resulted in a 100-vehicle automotive hack attack.) In 2009, some Kindle owners discovered Amazon has the power to remotely delete the book they’re reading, after the company purged George Orwell’s 1984 and Animal Farm from e-book readers, an action Jeff Bezos later apologized for .
“The fate of small drone flights over DC may seem like a little thing—a spat worked out among private players,” wrote EFF’s Parker Higgins in a blog post Monday. “But these small battles shape the notion of what it means to own something and illustrate the growing control of manufacturers over user conduct.”
Geofencing Won’t Prevent Terrorism
While alarming to some, DJI’s paternal interference in its customers’ flight plans probably will reduce unintentional incidents like last week’s White House landing. But it certainly won’t prevent the scenario feared by official Washington: an attacker looking to weaponize a drone. For one thing, hardcore drone hobbyists tend to be tinkerers, and sooner or later their rumbling will translate into published firmware hacks and workarounds anyone can use.
“Right now there doesn’t exist any hacks to remove the geofencing or downgrade the firmware,” says Herbert. “I’m sure they’re coming. People will figure it out eventually.”
But, he notes, drone fliers who don’t want geofencing have many options. DJI’s mandatory update only affects the Phantom 2 line—ironically, the older Phantom 1 that landed at the White House isn’t included. And Phantom 2 owners will receive the mandatory update only when they link their drone to their Internet-connected PC or Mac. And if you really want to exercise your own judgment when flying, DJI says you can simply buy from a competitor.
“We do provide different layers of security to make it difficult to hack and get around,” says DJI’s Perry. But for those determined to avoid geofencing, “there’s an easy way to do that, which is to buy another quad-copter.”
That may be true for now, but it’s easy to see lawmakers and regulators jumping on DJI’s mandatory update as an easy cure, and mandating geofencing industrywide. When that happens, you can expect that circumventing drone firmware, for any reason, will become illegal, the same way hacking your car’s programming is illegal. One thing is for certain: Nobody willing to strap a bomb to a toy drone will be deterred.
Dr. Hans C. Mumm