Arial drones and privacy

The emergence of drone aircraft is redefining boundaries of privacy. Hobbysists have discovered the enjoyment of drones and may participate in lessons and obstacle courses (Fisher, 2016). Emergency responders use drones for surveillance but the surveillance concerns fighting fires and locating victims. Businesses such as power companies use drones to survey and manage power lines. Given the diversity of scenarios where drones may be encountered, the breadth of privacy challenges stem from the various uses of drones, their spatial presence relative to a human, and information capture and storage.  Identifying a central set of privacy principals to govern the balance of drone use versus individual privacy rights is of imminent importance. A starting point to the creation of privacy principals is an examination of issues such as the following issues discussed below. (I would also refer readers to Privacy and Drones: Unmanned Arial Vehicles by Anne Cavoukian, a former Canadian Information and Privacy Commissioner.)

  1. Drones enable pervasive mass monitoring of individuals, but there are possible privacy enhancing technologies that could be used to mask identity. Some legal scholars indicate that aerial photographing of people from above is likely to not cause civil actions for invasion of privacy or trespass (Vacek, 2015). One reason could be the adaption of technologies such as facial blurring technologies that are akin to visual encryption. However, some technological approaches employ mathematical algorithms to move facial recognition capability but not removing facial details (Newton, Sweeney, & Malin, 2005). Other technologies block parts of the face such as eyes but not other facial features.  The lack of a consistent standard for identity protection and use of masking creates identification risk.  Whatever technologies ultimately prevail at masking identity, they need consistent application and context sensitivity since drones can be highly invasive if misused.
  2. There may be a lack of clear definition about the application of Fourth Amendment protections against unlawful search and seizure because protections concern people and not places (Farber, 2016). Drones record information across geospatial areas, and individuals are situated at points within mapped areas. In 1986, the U.S. Supreme Court supported the use of video surveillance to detect marijuana in people’s backyards since airplanes were in public airspace (Cavoukian, 2012). As drone and camera technology becomes better at identification of individuals, a social discussion on the limits of drone surveillance and legal boundary of geospatial privacy become critical in reconciling the concept of people and place. The disconnect between an individual’s spatial reference and a drone’s concept of space have yet to be fully explored with respect to Fourth Amendment boundaries.  This particular topic will be interesting to monitor as drones become more commonplace.
  3. The use of remote sensing and detection technologies may require advancements in statutory and judicial legal doctrine to increase the importance of privacy (Vacek, 2015). When individuals attempt to protect themselves from spying drones, there has been a tendency to place property rights over privacy rights. For example, a Kentucky father shot a drone flying over his property to protect the privacy of his daughter. His use of a gun was reported as resulting in a felony endangerment charge. He could also have been sued in small claims court for reckless destruction of property (Seibler, 2015). Without legal boundaries for permissible use of remote sensing technology, issues such as property rights can easily trump privacy since there is difficulty in defining a concept such as harm for remote viewing.
  4. If U.S. geospatial data associated with people were to be identified as Personally Identifiable Information (PII), then laws and regulations concerning drone’s collection, transmission and storage of data would be potentially regulated by state data breach laws. There are 48 states with data breach laws (NCSL, 2017; Swire & Ahmad, 2012). However, the concept of geospatial privacy and drone use is an evolving concept (Cavoukian, 2012). Current literature cites the need for licensing drones and drone operators. There are also calls for privacy impact assessments. The discussion centered on drones should be transformed to a discussion on privacy boundaries and definitions of geospatial privacy.
  5. Americans have grown acclimated to living in monitored society, and drones are an extension. Ann Cavoukian (2012) indicated that use of drones for surveillance may be an extension of current panoptic surveillance practices. Panoptic is a reference to the panopticon prison design created by English philosopher Jeremy Bentham. In this structure, there is a central structure for outwardly monitoring prisoners. This concept has been used to describe citizens accustomed to living in monitored societies, and the acceptance of widespread CCTV use is an example of accepted monitoring. If CCTVs are accepted, then drones are likely to be accepted for monitoring.

References

Cavoukian, A., PhD. (2012). Privacy and drones: Unmanned ariel vehicles. Information and Privacy Commissioner. Retrieved from http://www.publicsafety.gc.ca/lbrr/archives/cnmcs-plcng/cn29822-eng.pdf

Fisher, J. (2016). Drone Aviation 101. PC Magazine, 25.

Farber, H. B. (2016). Eyes in the sky and privacy concerns on the ground. Human Rights, 41(4), 23.

National Conference of State Legislatures (NCSL). (2017, Apr 12). Security breach notification laws. Retrieved from http://www.ncsl.org/research/telecommunications-and-information-technology/security-breach-notification-laws.aspx

Newton, E. M., Sweeney, L., & Malin, B. (2005). Preserving privacy by de-identifying face images. IEEE transactions on Knowledge and Data Engineering, 17(2), 232-243.

Seibler. (2015, August 11). One dad was arrested for shooting down spying drone. Retrieved from http://dailysignal.com/2015/08/11/should-you-be-able-to-shoot-down-a-drone-spying-on-your-backyard-one-dad-was-arrested/

Vacek, J. J. (2015). Remote sensing of private data by drones is mostly unregulated: Reasonable expectations of privacy are at risk absent comprehensive federal regulation. North Dakota Law Review, 90(3), 463-484.

 

Cognitive Self-securing Networks

Advances in analytical, computing, and wireless network technologies are transforming networks into cognitive networks. These networks provide the opportunity to broadly improve security and protection for network security architecture, but security concerns will play a critical role in the rate of adoption and network security design.   According to Rong et al. (2013), factors such as network resilience, data authentication, access control, and privacy are considered foundational design requirements. These requirements apply to diverse wireless protocols, devices and network designs that are evolving with technologies such as Internet of Things (IoT).

Overview Cognitive Wireless Networks

Intelligent networks (IN) originally evolved to serve network and other communications infrastructure providers (Garrahan, Russo, Kitami, & Kung, 1993).  Over time, specific IN designs such as cognitive radio demonstrated the future of IN. For example, Mitola (2000) outlined an approach that employed software-defined cognitive radio architecture based on data mining, knowledge discovery, and natural language processing. Cognitive radio could be used for many uses such as resource management and network monitoring. Other research extended cognitive radio to cognitive networks that utilized transceivers to monitor communications channels for traffic and switch channels as needed to maintain secure communications (Clancy & Goergen, 2008). Transceivers and other hardware and software agents extend the ability to provide complex and consistent services required to deliver secure and reliable network services (Mitola, 2000). Cognitive networks hold the potential of transforming basic wireless networking security requirements into strong robust network security, but the technologies are still evolving.

Example

A cognitively aware network enhances user tasks and other functions across an information system domain.  A use may perform a single task while traveling and using multiple networks.  The shift in networks does not interrupt work and maintains user services.  With further technological advances, a cognitive network could theoretically anticipate typical user behaviors and suspicious user behaviors. An end-user would enjoy the convenience of airport delay updates or traffic routing to reduce commute-time, but an end-user would expect some control over the communications flow and would desire assurance of secure and authentic communications. Further, an end user would expect issues of privacy such as unwarranted intrusion, unlawful monitoring, or other invasions of privacy to be non-issues.

Cognitive radio---an integrated agent architecture for software defined radio

Figure 1.  Retrieved from “Cognitive Radio—An Integrated Agent Architecture for Software Defined Radio (Dissertation),” by J. Mitola, 2000.

Cognitive radio---an integrated agent architecture for software defined radio

Figure 2. Retrieved from “Cognitive Radio—An Integrated Agent Architecture for Software Defined Radio (Dissertation),” by J. Mitola, 2000.

Unknown Threat Landscape

Cognitive networks introduce a new generation of threats and vulnerabilities, which exist at a diversity of boundaries.  These boundaries include human behaviors, societal norms and beliefs,  as well as technologies (Clancy & Goergen, 2008).  Figure 3 below highlights the intersection of how threats could exist at the intersection of human and technology boundaries.  A sensor component within a cognitive network could have issues discerning its expected role from the diversity of human actions.  Part of these issues would likely stem from lack of applying appropriate context.  The wrong context could enable a threat rather than provide protection.

Security in Cognitive Radio Networks: Threats and Mitigation

Figure 3. Retrieved from “Security in Cognitive Radio Networks: Threats and Mitigation,” by T. Clancy & N. Goergen, 2008, In Cognitive Radio Oriented Wireless Networks and Communications, 3rd International Conference on (pp. 1-8). IEEE.

Figure 4 illustrates an example reasoning architecture where data is collected, mined and applied. This type of architecture could be dangerous if an attacker could manipulate the system. While attacks such as data theft are well-known and a cognitive system could be a high-value target, what is less understood is how an attacker could manipulate reasoning architectures for exploitation. Reasoning architecture refers to the mechanisms and tools associated with data collection, storage, processing, analysis, and utilization (Liao, Chu, P& Hsiao, 2012). Potential exploits could range from fraud to mass deception or other security incidents.

Security in Cognitive Radio Networks: Threats and Mitigation

Figure 4. Retrieved from “Security in Cognitive Radio Networks: Threats and Mitigation,” by T. Clancy & N. Goergen, 2008, In Cognitive Radio Oriented Wireless Networks and Communications, 3rd International Conference on (pp. 1-8). IEEE.

Assumptions Concerning Threats

Clancy and Goergen (2008) outlined the following assumptions concerning threats:

  • Always assume inputs are subject to manipulation
  • Faulty inputs to system could lead to systemic reasoning manipulation
  • Manipulated reasoning could be disseminated through a network
  • Erroneous or malicious actions could be distributed through the network
    • This could also include ill-gotten gain such as freeing up a particular communications channel for use.

Threat Mitigations and Security Considerations

Mitigation for potential attacks against an intelligent system includes use of traditional security measures such as filtering network traffic and monitoring for suspicious activity (Vacca, 2013).  In addition, cognitive networks also require additional measures such as ongoing training with a diversity of sensory input.  Another measure is hardening protocols for the creation, adaption, deployment, and deletion of reasoning rules.  Rules should be highly protected since rules provide the foundation for consistent behavior.  Even if rules have self-adjusting behaviors, there should be thresholds and other protections that prevent inappropriate adjustment such as self-deletion or manipulations.

Sensors in cognitive networks also require security configurations to provide endpoint security such as self-policing to ensure endpoint integrity and data processing integrity and performance.  Further, sensors require use of advanced mathematical models such as particle swarm optimization (PSO) to enable network sensors to adaptively identify security best practices and adapt to a related grid of active and potentially connected sensors (Kulkarni & Venayagamoorthy, 2011).  Security design must be sufficiently advanced to address traditional security risks such as endpoint compromise and protect newer technologies such as grid analytics and responsiveness.

References:

Clancy, T. C., & Goergen, N. (2008, May). Security in cognitive radio networks: Threats and mitigation. In Cognitive Radio Oriented Wireless Networks and Communications, 2008. CrownCom 2008. 3rd International Conference on (pp. 1-8). IEEE.

Fitzek, F. H., & Katz, M. D. (Eds.). (2007). Cognitive wireless networks: concepts, methodologies and visions inspiring the age of enlightenment of wireless communications. Springer Science & Business Media.

Garrahan, J. J., Russo, P. A., Kitami, K., & Kung, R. (1993). Intelligent Network Overview. IEEE Communications Magazine. Retrieved from https://www.researchgate.net/profile/Kenichi_Kitami/publication/3195132_Intelliaent_Network_Overview/links/572b36d408aef5d48d3273c1.pdf

Kulkarni, R. V., & Venayagamoorthy, G. K. (2011). Particle swarm optimization in wireless-sensor networks: A brief survey. IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews)41(2), 262-267.

Liao, S. H., Chu, P. H., & Hsiao, P. Y. (2012). Data mining techniques and applications–A decade review from 2000 to 2011. Expert systems with applications39(12), 11303-11311.

Mitola, J. (2000). Cognitive radio—an integrated agent architecture for software defined radio (Dissertation). Retrieved from https://web.archive.org/web/20120917062752/http://web.it.kth.se/~maguire/jmitola/Mitola_Dissertation8_Integrated.pdf

Rong, C. (2013). Wireless network security. In G. Zhao, L. Yan, E. Cayirice, & H. Cheng (Authors) & J. Vacca (Ed.), Computer and Information Security Handbook (Second Edition) (pp. 285-300). Waltham, MA: Morgan Kaufmann.

Vacca, J. R. (2013). Computer and information security handbook (Second ed.). Amsterdam: Elsevier.