DJI Is Committed to Protecting Its Customers’ Private Information

News2018-01-04

 

DJI Is Committed to Protecting Its Customers’ Private Information

DJI recognizes that users of electronic devices are increasingly concerned about the security of their private data, and many people have asked us how DJI products protect the photos, videos, and other information our customers generate. We are releasing this statement to help answer those questions.

DJI Gives Users Control

DJI is committed to helping our customers protect their data. Wherever possible, we design our products to give customers control over their data, including if, when, and how that information is collected, transmitted, or shared.

By default, DJI drones do not automatically transmit most types of user data without user authorization, including media files (photos and videos) and flight logs (detailed telemetry and location information compiled during the flight). Users can choose whether to share most types of data collected by DJI products within the DJI GO App, available for both Android and iOS. For example, a user must affirmatively choose to share media files or flight logs.

DJI drones are capable of collecting different types of data, together with DJI’s flight control apps, such as DJI GO and DJI GO 4. These flight control apps augment the drone’s physical remote controller to provide users with better control of the drone. Most of DJI’s drone remote controllers do not have a video display, and so the flight control app, running on the customer’s mobile device, provides a live video feed and other advanced controls when paired with the DJI remote controller. The flight control app is the only part of a DJI product that has the ability to connect to the internet. Other software developers have created flight control, photography, and mapping apps for DJI drones, and our customers have the choice to use those as alternatives to DJI’s flight control apps.

Within our flight control apps, users can choose whether to share most types of data collected by DJI products:

  • Photography/Videography Data includes photos and video recorded by the drone’s main camera sensors. This data is stored on board the drone in an SD card. The user may also choose to save lower-resolution versions of the photography/videography data locally within the flight control app on the user’s mobile device. The flight control app does not automatically transmit any photography/videography data to DJI servers. Instead, each time a user wants to share this data, the user must manually turn on the sharing feature.

 

  • Telemetry Data refers to data recorded regarding a drone’s flight, including altitude, speed, distance, location (e.g., GPS coordinates). Telemetry data also includes a log of the user’s control stick operation, which can be used for diagnostic purposes. In the DJI flight control app, this telemetry data is compiled into one log per flight called the “Flight Record.” This data is first generated in the drone and the remote controller, and it is constantly transmitted to the mobile device connected to the remote controller, which communicates with the drone. After receiving this telemetry data, the mobile device stores the data locally as part of the flight control app. The flight control app does not automatically transmit telemetry data to DJI servers. To synchronize this telemetry data to DJI’s servers for backup purposes, the user must manually use the “Sync” button on the DJI GO interface. One purpose of this “Sync” function is to allow DJI’s aftersales service personnel to analyze a user’s flight history in order to determine causes of drone malfunctions or crashes. Another is to provide a backup mechanism for our users who need to maintain flight records, as well as to allow a single user account to be used with a common set of flight logs across multiple mobile devices.

 

  • Obstacle Avoidance Data is recorded by the obstacle avoidance image sensors (e.g., the two “eyes” at the front of Mavic or Phantom 4). This feature helps to protect buildings, people, and animals from drone collisions. This type of imaging data is limited to low resolution video, with no audio. Like telemetry data, DJI sometimes analyzes obstacle avoidance data to determine causes of drone malfunctions or crashes. The flight control app does not automatically transmit obstacle avoidance data to DJI servers. Obstacle avoidance data may only be transmitted in response to manual triggering in the flight control app. The flight control app does not permit automatic transmission of obstacle avoidance data.

 

There are three types of user data that DJI flight control apps do automatically transmit by default when connected to the internet. These transmissions can, of course, be avoided by operating the drone using a mobile device, such as a tablet, that is not connected to the internet. For two of these three data types, the user may also individually deactivate transmission within the DJI GO app settings:

  • App Performance Data is collected and sent to DJI to report bugs or usage statistics. This data is collected to improve the performance of DJI apps, including errors or commonly used features. Major app developers collect and utilize similar data. All app usage data is collected and presented in aggregate—with no ability for DJI to identify individual users or their use patterns. The user may choose to deactivate transmission of this data in the DJI GO app settings.

 

  • User Experience Data refers to more basic information about the drone’s usage, including times of flight, flight duration, flight distance, average number of pictures taken per flight, distribution of flight attitudes, etc. (e.g., just “this Phantom 4 flew 30 minutes over 6km and took 23 photos”). This data is qualitatively different from the Flight Record data because it does not indicate precise GPS coordinates or altitude of each flight, or associate that kind of data with a specific user. The user may choose to deactivate transmission of this data in the flight control app settings.

 

  • Location Check Data is collected by DJI drones and used to determine the location where the drone is operating based on GPS data, IP address, and/or mobile network ID (MCC ID). Historically, the GO app has transmitted Location Check Data to DJI servers for two important purposes that are crucial to the safe and compliant operation of our products:

 

  • To update location-specific geofencing flight limitations and warnings such as in restricted airspace, temporary flight restrictions or no fly zones (NFZs), as may be implemented by governments including the US government. This location data is designed to meet important safety and security needs while also respecting the privacy rights of people and businesses who use our products. Policymakers in Washington, Brussels, and elsewhere have emphasized the safety contributions of geofencing technologies, and we are proud to have the most robust geofencing system on the market. Airspace restrictions and the status of ground facilities change over time, which is why we need to check each drone’s location in order for the user to obtain updated information for the surrounding area prior to flight. We have used this mechanism to provide protection from wayward drones at such events as the Olympic Games in Brazil, the G7 summit in Japan, the Super Bowl in the United States, and the firefighting efforts in California.

 

  • To determine the country in which the drone is operating in order to comply with local laws. Different countries have different radio regulations, such as restrictions on spectrum use (e.g., 2.4GHz versus 5GHz WiFi). DJI’s drone hardware is not customized for each country at the time of manufacturing. Instead, DJI’s software enables each drone to modify or disable features in order to comply with local regulations.

 

DJI has engaged Kivu Consulting, a leading international computer forensics and investigation firm headquartered in San Francisco, to conduct an independent analysis of how our drone products collect, store, and transmit different types of data. Kivu’s analysis is ongoing, but its preliminary conclusions confirm all of the above information, including the core fact that DJI gives users control over data transmissions.

DJI Continues to Innovate New Ways to Promote Data Privacy, Security, and Safety

DJI is continually looking at new ways to protect data and to give its customers more control while also maintaining important safety and usability features in our products. For example, in October 2017, DJI updated our latest flight control app to further enhance the privacy of location check data that DJI uses. In the new version, location check data will only be sent to DJI for the geofencing update service, while the country code check will be performed locally on the user’s device without transmitting any data to DJI. In addition, the drone location coordinates for the geofencing update mechanism will now be randomized to a substitute location within 10km of the actual drone location to make the user’s precise flight location less identifiable, while still retrieving the relevant updated airspace restrictions in the broader flight area. These changes are available with DJI GO v4.1.10 or later. DJI encourages all users to download the update.

In December 2016, DJI began offering a software development kit with a “silent mode” feature to address privacy concerns for certain enterprise customers. More recently, DJI introduced a Local Data Mode for customers who want to disable all communications between the aircraft and remote servers. Of course, any time the user shuts down internet connectivity (e.g., if the device doesn’t have a cellular connection, or if “airplane mode” is activated on the user’s mobile device) then DJI products will still operate without transmitting any information at all. However, in either local data mode or the absence of internet connectivity, the customer will not have the benefit of the latest geofencing data or notices about software updates.

DJI is also innovating new ways to promote safe and responsible operation of drones. In October 2017, DJI introduced the AeroScope remote ID receiver. AeroScope uses the existing onboard radio equipment to provide a reliable way for authorities to identify and monitor airborne DJI drones, especially near sensitive locations or places that may raise safety concerns such as airports. As part of this solution, DJI drones now locally broadcast an identification signal that acts like an “electronic license plate for drones.” This signal, which is detectable within radio range of the drone (up to 5 kilometers) helps to ensure drones remain a safe, secure, and beneficial addition to our airspace. This function works with recent models of DJI drones, which comprise the majority of the market, and can also be developed to work with other manufacturers’ drones without any hardware modifications.

DJI is also cooperating with regulators such as the FAA, who have asked our industry to compile data concerning the usage of drone products. As part of this effort, we are aggregating our User Experience Data in a way that will not be tied to any particular drone or user. We expect this data will show how very safe our products are in regular use by millions of people around the world, and it will also serve to support reasonable and effective regulation to address aviation safety concerns.

*   *   *

For more than a decade, DJI has earned its reputation as a market leader based on our cutting-edge UAVs and camera stabilization systems, which redefine camera motion and placement.  Amazing photos and video, treasured personal memories, and high-end professional imagery are captured every day, in every corner of the world using DJI products.  As we continue to innovate, we remain equally focused on helping our customers protect their sensitive information. In the near future, we expect to share more information about our ongoing efforts to enhance these protections for our customers.