DJI’s Rebuttal: Safeguarding Data Privacy and Cybersecurity

Photograph by D Ramey Logan, CC BY 4.0

DJI’s Rebuttal to National Security Concerns Surrounding Chinese Drones

In a recent joint publication, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) expressed concerns about Chinese-manufactured unmanned aircraft systems (UAS) and their potential risks to critical infrastructure and U.S. national security. The guidance underscores the need for caution when procuring and operating such UAS due to data access issues and cybersecurity vulnerabilities associated with Chinese entities.

AUVSI, a drone advocacy group, supported the CISA and FBI guidance, with Chief Advocacy Officer Michael Robbins calling for a shift away from unsecure PRC drones and foreign supply chains. “Organizations collecting sensitive information must shift away from unsecure PRC drones,” stated Robbins.

DJI, the world’s largest drone manufacturer, responded to the allegations with a comprehensive rebuttal, reaffirming its commitment to data privacy and security. DJI’s response included these facts:

FACT #1:  DJI created the market for ready-to-fly civilian and commercial drones almost two decades ago and has invested heavily in robust safety and security protections as well as expanded user data privacy controls for our products.

FACT #2: Customers only share flight logs, images or videos with us if they affirmatively choose to do so. Default collection does not exist with us.

FACT #3: Operators of our consumer and enterprise drones can choose to ‘fly offline’ through Local Data Mode, ensuring that no unauthorized parties can get access to their drone data.

FACT #4: Since 2017, we have regularly submitted our products for third-party security audits and certification. These U.S. and European cybersecurity experts buy our products off the shelf and conduct the review independently. Their findings validate that we provide best-in-class data security and data privacy protections.

The company emphasized certifications obtained for data security, such as the DJI Core Crypto Engine’s NIST FIPS 140-2 certification and DJI FlightHub 2’s ISO 27001 certification.

The CISA publication focused primarily on the laws specific to China allowing the Chinese government to access data held by Chinese companies, stating:

DJI clarified its stance on disclosing information based on local laws and regulations, asserting that any disclosure would adhere to legal requirements within the national jurisdiction of the government agency making the request and pointing out that they could only disclose data that they collected: not data that users chose not to share.

Despite geopolitical challenges and accusations, DJI advocated for the development of a clear technology-based standard for drone security, applicable to all manufacturers regardless of their country of origin. The company urged industry-wide adherence to such standards to enhance overall drone and data security.

While US government concerns persist about Chinese-manufactured UAS, DJI’s detailed response provides insights into its data privacy measures, cybersecurity practices, and its commitment to addressing industry challenges. The ongoing dialogue underscores the need for nuanced discussions surrounding security concerns in the drone industry.

Read more:

Miriam McNabb is the Editor-in-Chief of DRONELIFE and CEO of JobForDrones, a professional drone services marketplace, and a fascinated observer of the emerging drone industry and the regulatory environment for drones. Miriam has penned over 3,000 articles focused on the commercial drone space and is an international speaker and recognized figure in the industry.  Miriam has a degree from the University of Chicago and over 20 years of experience in high tech sales and marketing for new technologies.
For drone industry consulting or writing, Email Miriam.

TWITTER:@spaldingbarker

Subscribe to DroneLife here.