Consumer Electronics Daily was a Warren News publication.
'Huawei on Wings'

Add Drone Maker DJI to List of Insecure Providers: Carr

October 20, 2021 by Howard Buskirk|Top News

Commissioner Brendan Carr urged the FCC Tuesday to “immediately start the process” of adding China-based DJI, which has more than half the U.S. drone market, to the agency’s covered list. “The need for quick FCC action on this is very clear,” he told a virtual program sponsored by China Tech Threat. “What we’re seeing … is the potential for Huawei on wings.”

DJI drones and the surveillance technology on board these systems are collecting vast amounts of sensitive data, everything from high-resolution images of critical infrastructure to facial recognition technology and remote sensors that can measure an individual’s body temperature and heart rate,” Carr said. “Security researchers have also found that DJI’s software applications collect large quantities of personal information from the operator’s smartphone that could be exploited by Beijing.” Experts say the data is being sent to China, he said.

It’s really troublesome” because a Chinese national security law requires DJI to assist it in espionage, Carr said. The Commerce Department placed DJI on its entity list last year “citing DJI’s role in Communist China’s surveillance and abuse of leaders in the Shenzhen region,” Carr said. “If there’s mitigating evidence that I’m unaware of, we need to get it out there,” he said. “I am very concerned. All of us should be very concerned.”

DJI drones are safe and secure for critical and sensitive operations,” a spokesperson emailed. “Our systems are designed so customers never have to share their photos, videos or flight logs with anyone, including DJI,” he said: “The data security architecture that protects this information has been repeatedly validated by U.S. government agencies as well as respected private cybersecurity analysts.” Adding DJI to the list would prohibit the use of USF dollars from being used to purchase its gear.

We appreciate the Commissioner's ongoing support for our efforts to secure the nation's communications networks,” an FCC spokesperson emailed: “Since January, the FCC has published a first-of-its-kind list of untrusted communications equipment vendors, and next week we will kick off a process to remove insecure communications equipment to the extent it is in our networks today. We’ll definitely take a look at the issues surrounding drone manufacturers and work with our federal partners to do so, as required under the law.” The Chinese Embassy didn’t comment.

The danger with the Chinese companies is “the back channel or the control channel,” and that any information “has a connection to Beijing,” said Roslyn Layton, co-founder of China Tech Threat. With DJI, “you’ve got the data going back to Chinese servers where they’re going to be processed in the same systems that are used for repression and surveillance in China,” she said: “It’s a drop in the bucket to add 330 million people to China’s surveillance state of 2 billion.”

Threats posed by DJI are “well known,” said Martijn Rasser, director of the Technology and National Security Program at the Center for a New American Security. “It’s exactly the kind of action that the U.S. government needs to be taking, not just for DJI,” he said. “There’s other companies that would warrant being added to the covered list.”

The U.S. should focus on areas where it has “leverage” with China like semiconductor manufacturing equipment “where we have a true strategic advantage,” Rasser said: “We need to think more strategically, ultimately, if we want to be able to have long term impact.” Just going after individual companies doesn’t work, he said.

This would be one of the first examples where the FCC would focus on software and “where the software is going,” said Emily Weinstein, research analyst at Georgetown’s Center for Security and Emerging Technology. Under Chinese leader Xi Jinping, she said, “lines between the military and civilian sectors … are very much blurred.”