ARPAS-UK talks to DJI about data security

On June 11th 2019, the Science and Technology Committee were joined by the Defence Committee to continue their Inquiry into Commercial and Recreational Drone Use in the UK. DJI presented oral evidence, along with other key stakeholders in the drone industry, including ARPAS-UK. DJI’s representative, Brendan Schulman, Vice President for Policy & Legal Affairs, was repeatedly asked about DJI’s data security.

Afterwards ARPAS-UK spoke with DJI to reinforce the message that commercial drone operators are being asked by their clients about data security too. In the light of this, the following interview was arranged between Graham Brown, CEO of ARPAS-UK, and Christian Struwe, Head of European Public Policy at DJI, with the aim of establishing the facts.

 

Graham:

Hi Christian, thanks for speaking to us today. We’re hoping to get some further information after DJI’s Vice President for Policy and Legal Affairs, Brendan Schulman, appeared in front of a parliamentary committee last month to answer MPs’ questions about drones. He was asked repeatedly about the data security of DJI drones, and it would be really helpful for our members to also get some further clarification on this topic.

Christian:

Thanks for inviting me. The UK is one of DJI’s most important markets and we see a lot of fantastic drone applications. We recognise that in order for this to continue, users need to be reassured that they can have complete confidence in our products and the security of their data.

 

Graham:

So what actually happens to the data that our drones create? Where does it go and who controls it?

Christian:

DJI drone operators maintain absolute control over their data – at all times. DJI drones do not share flight logs, photos or videos whatsoever unless the drone pilot deliberately chooses to do so. In other words, your data will remain solely on the drone itself and on your mobile device unless you actively choose to share it with DJI, for instance in case of a repair service that a user requires. On top of this, all of our products are protected by embedded passwords and data encryption features.

 

Graham:

And what would you say to those who still remain yet to be convinced about data security of DJI drones, in spite of this?

Christian:

Well, we have independently verified that DJI drones don’t share data unless prompted to by the pilot, through a third party security review of our technology by a renowned US-based cyber forensic firm at the beginning of last year. Since 2017, users of DJI drones have also been able to use Local Data Mode. This feature allows for complete disconnection between the pilot’s app and any internet connection – meaning, for example, that the location of the user can’t be detected by the app at all, let alone shared anywhere.

 

Graham:

Given recent accusations about the technology produced by Chinese companies, like DJI, being used by foreign governments to spy on countries like the UK, do you think that these provisions are watertight enough even for those conducting the most sensitive operations, such as police forces?

Christian:

We have full confidence in the security of our products, but to offer even further reassurance for the most security conscious of our customers, DJI has also made available a FlightHub Enterprise edition and a Government edition, allowing operators to feel totally confident with data backed up to their own personal servers. The Government edition even prevents users from transferring data off of the drone to other parties, whether intentional or accidental, and has restricted hardware pairing to prevent the use of any unsecure hardware or unauthorised third-party applications. The U.S. Department of the Interior has recently independently validated and approved this Government edition, confirming after 15 months of rigorous assessment with expert industry partners like the NASA Kennedy Space Center, that no data whatsoever would be transmitted outside of the system and that it was therefore safe for them to use.

 

Graham:

Finally, how do you keep pace with unprecedented and emerging cybersecurity risks to ensure that your drones don’t become susceptible to new threats?

Christian:

We operate a global Bug Bounty Programme which has internationally renowned security researchers continuously working to identify any potential gaps so that they can be swiftly resolved. DJI’s prioritisation of data security means that the company is constantly working towards further improvement.

 

For more information, DJI data security in the UK 090719