The Department of Homeland Security is warning that commercial drones made by the China-based firm Da Jian Innovations (DJI) may be providing “U.S. critical infrastructure and law enforcement data” to the Chinese government and favored industries in that country, according to a copy of an August, 2017 Intelligence Bulletin (PDF) published by the website Public Intelligence.
The report cites an unnamed “source within the unmanned aerial systems (UAS) industry” saying that DJI is providing U.S. critical infrastructure and law enforcement data to the Chinese government and that the company is “selectively targeting government and privately owned entities within these sectors to expand its ability to collect and exploit sensitive U.S. data.” The data could help the Chinese government “coordinate physical or cyber attacks against critical sites” and appears to have been used to aid Chinese companies looking to invest in the US assets like vineyards, DHS warned.
Targeting U.S. Critical Infrastructure Firms
DJI is one of the largest manufacturers of commercial and consumer drones. In recent years, the company has targeted U.S. companies in the critical infrastructure and law enforcement sectors to market its commercial unmanned aerial systems (UAS). Among the industries targeted are “at least ten large companies and organizations operating in the railroad, utility, media, farming, education, and federal law enforcement,” the DHS bulletin notes. The devices are used for mapping, inspections and surveillance.
DJI’s name has come up in contact with drone controversies before. In January, 2015, for example, a DJI drone crash landed on the lawn of the White House, prompting hand wringing about the dangers the devices posed to national security. In the wake of that incident, the company said it would use a software update to block its drones from flying over the U.S. Capitol according to a statement by the company.
A Wealth of Data Sent Back to China
The DHS report, however, raises questions about whether DJI drones – owned and operated by US-based firms, government agencies and consumers – may be funneling reams of sensitive data to the Chinese government and Chinese military by way of cloud based servers operated by DJI that aggregate data from its millions of deployed UAS devices.
According to the bulletin, DJI drones automatically tag GPS imagery and locations and register facial recognition data even when the system is off, and access users’ phone data. Additionally, the applications capture user information including email addresses, full names, phone numbers and other credentials. And, of course, images and video captured by the drones are also collected and transmitted back to cloud-based servers operated by DJI in Taiwan, China, and Hong Kong. DHS said that the Chinese government “most likely has access” to the data stored on those servers.
[You might also like: “Do Drones Need Digital License Plates?“]
The U.S. Army in August issued an order to stop using DJI drones, citing cyber security concerns. But industry apparently missed the memo. The bulletin describes what appears to be a concerted effort by DJI to monopolize the US UAS market and, simultaneously, to establish a presence within U.S. critical infrastructure firms in industries like railroads, utilities and transportation, the bulletin said.
Dumping Drones, Grabbing Data
Starting in 2015, the company slashed the prices on its Category One (small) drones by up to 70% and dumping them on the market. Drones that previously cost upwards of $3,000 were sold for $900 by DJI, effectively pushing French and US competitors like Parrot and Yuneec of the US out of business. Within a year, DJI drone imports to the US tripled from 2,873 in 2016 to 10,321 in 2017.
Executives in target industries are being aggressively wooed by DJI, including invitations to company sponsored symposia and test facilities in Silicon Valley to push commercial applications of the drone technology. But investing in DJI technology may be a short-term solution with long-term costs. The bulletin related the experience of a large family owned wine producer in California who purchased DJI UAS technology to survey its vineyards and monitor grape production, using a drone-mounted infrared scanner capable of calculating nitrogen levels of plants. “Soon afterwards, Chinese companies began purchasing vineyards in the same
area. According to the SOI, it appeared the companies were able to use DJI data to their own benefit and profit. DHS warns that use of the same technology with cash crops “could allow China the opportunity to influence the cash crop market and futures.” The source of that information was an Immigration and Customs Enforcement (ICE) official.