It seems that crowdsourcing is not beyond intelligence agencies. At least, according to a leaked memo from U.S. Immigration and Customs Enforcement (ICE). In it, they say that the Special Agent in Charge Intelligence Program (SIP) Los Angeles have “moderate confidence” that DJI is providing critical infrastructure and law enforcement data to China.
They also say that they have “high confidence” that they are “selectively targeting government and privately owned entities within these sectors to expand its ability to collect and exploit sensitive U.S. data”. It all sounds a bit James Bond to me, but this isn’t the first time DJI’s been in the middle of security controversy. Nor even the first time this year.
In August, the US Army ended its relationship with DJI over “cyber vulnerability” concerns. Then there was that whole business about 3rd party apps stealing drone data. And only a couple of weeks ago, a DJI customer who claimed to receive threats for his efforts instead of the offered hacker “bug bounty”.
This latest memo just adds to the pile, although there’s no actual evidence that seems to back up the claim.
SIP Los Angeles assesses with moderate confidence that Chinese-based company DJI Science and Technology is providing U.S. critical infrastructure and law enforcement data to the Chinese government. SIP Los Angeles further assesses with high confidence the company is selectively targeting government and privately owned entities within these sectors to expand its ability to collect and exploit sensitive U.S. data
Since 2015, DJI has targeted a number of U.S. companies in the critical infrastructure and law enforcement sectors to market its UAS. As of July 2017, at least ten large companies and organizations operating in the railroad, utility, media, farming, education, and federal law enforcement sectors have already purchased and begun using DJI UAS. The most frequent uses include mapping land, inspecting infrastructure, conducting surveillance, and monitoring hazardous materials.
These may simply be conclusions drawn from the previous 3rd party app issues. Although, using phrases like “most likely” doesn’t suggest much confidence in their belief.
DJI have released an official statement in response to the leaked memo.
The bulletin is based on clearly false and misleading claims from an unidentified source. Through the law firm of McDermott Will & Emery, DJI provided ICE a detailed rebuttal of the report, explaining why the data behind its conclusions is deeply flawed.
Many of the allegations in the ICE report are obviously false. The claims that DJI systems can register facial recognition data even while powered off, that Parrot and Yuneec have stopped manufacturing competitive products, and that DJI products have substantial price differentials between the U.S. and China can be easily disproven with a basic knowledge of technology and the drone industry, or even a simple internet search.
DJI have publicly stated, and told DIYP directly in the past, that they take customer privacy very seriously. It’s why the 3rd party apps were pulled immediately on discovery. It’s also why the new Local Data Mode stops all Internet traffic to and from the DJI Pilot flight control app.