6 Steps to More Privacy and Data Security
Every time you fly a DJI drone, you generate data in the form of a flight log. This file contains important information about your flight, such as the drone’s flight path, altitude, and heading. If you use the aircraft to take photos or videos while in flight, those images are stored on the aircraft’s internal memory or on a removable SD card, similar to a digital camera. Thumbnails of these photos are also stored on your DJI mobile app. This information is important to you, and if you are a business or government agency flying for a confidential purpose, such as to check critical infrastructure or filming a movie, you can (and should) keep this information secure. Determining which apps can collect sensitive data can help you mitigate your risks.
DJI takes the privacy and security of your data seriously, so our drones do not automatically transfer images, videos, or flight log data to DJI or anywhere else. Your data is stored securely on your aircraft and in the DJI mobile app you use to manage it, and you decide whether or not to share it with anyone. If you would like to take additional steps to protect your data, this guide explains additional privacy and data security practices available to you when flying a DJI drone.
Consider whether the data you create needs additional protection
Very few drone options involve privacy. Small commercial drones allow people to capture aerial photography and video outdoors, but the vast majority of these captures do not pose a safety risk. Most aerial views have long been available to everyone thanks to shooting from airplanes, helicopters and photographs taken by other people, as well as from online maps, satellite images and webcams, thanks to services such as Yandex.maps (including panoramic views of cities from land and air) and many others.
For rare missions involving sensitive matters, consider the risk of disclosure. The steps below help reduce this risk when using DJI drones.
1. Keep the drone offline.
Unlike some other devices, the drone does not need a constant Internet connection to do its job because its main purpose is aerial photography, providing aerial view for a specific user. The simplest and most easily achievable way to ensure data privacy and security is to use a DJI product completely offline. This can be done using “airplane mode” on a phone or tablet that you connect to the DJI remote controller, by removing the SIM card if present, or by using it with a phone or tablet that is not connected to the internet.
Surveys show that about one-third of users already do this, either because they are using an unconnected device with their DJI remote control that does not require the use of a smartphone at all, some want to reduce radio frequency radiation from a smartphone / tablet in the shooting area (and this also affects on the quality of communication with the drone), or users simply do not want to be interrupted by calls, text messages and other warnings during the flight.
2. The smartphone or tablet is connected to the network but is in local data mode.
Since 2017, DJI has implemented a feature called “Local data mode” that blocks the transfer of data “to” or “out” of DJI flight applications and the Internet. This is similar to “flight mode” which only applies to the drone’s software. FTI Consulting recently confirmed that “when DJI Local Data Mode is enabled, data generated by the app is not sent anywhere, including to DJI.” Local data mode is available in the DJI Pilot and DJI Fly apps and will be added to other DJI drone control apps in the near future. When using the local data mode, you can turn on map services to get a complete picture while flying. This allows the application to connect to the map service provider while not transferring other data.
3. Use Pilot PE and Flight Hub Enterprise Edition.
For organizations that need the power of our Flight Hub software to manage their fleet and data, DJI offers a combination of the DJI Pilot PE app and Flight Hub Enterprise Edition. Flight Hub Enterprise allows users to host software locally or in a private cloud while maintaining data privacy. The solution provides customized control and data management functions while delivering the full power of connected drones and cloud processing. FTI Consulting confirmed that “Pilot PE, used with FlightHub Enterprise, provides an alternative method of operation that gives consumers additional control over the data they generate as it requires installation on a local or cloud server. With this configuration, FTI found no evidence that data is being requested or passed to external services.”
4. Control DJI drones with software developed by another company.
DJI drones can be controlled using a vast software ecosystem from developers around the world, including innovative US companies such as DroneDeploy, KittyHawk and Precision Hawk. If you want to use the best drones in the world, but prefer the features and configurations of software developed by other companies, you can choose from dozens of options.
Some of these developers have conducted their own security checks, such as KittyHawk, which has passed the SOC2 Type II audit. This allows DJI enterprise customers to take full advantage of connected drones and cloud processing while relying on the security guarantees of these developers. The DJI SDK also provides these developers with the ability to implement the Local Data Mode feature as an additional way to provide drone operators with data management and data security capabilities.
5. Develop your own DJI drone software.
The DJI Software Development Kit (SDK) allows any organization to create their own software to take advantage of a rich set of data management tools and features. Over 20,000 active developers have developed and published over 1,000 SDK applications. Companies such as American Airlines, FedEx, Ford, and Time Warner are some of the industry’s leading companies that have developed their own software solutions for using DJI drones. We now offer five separate SDKs to customize the mobile app, user interface, Windows apps, drone payloads, and onboard computing apps. The DJI SDKs were developed at our R&D center in Palo Alto, California and are maintained by our engineering team based there. For more information on how to become a software developer, visit: https://developer.dji.com/
6. Use DJI’s Government Edition products.
For government agencies that have the highest data security requirements, we have developed the Government Edition upon request and in accordance with the stated specifications of the US Department of the Interior in 2019. The suitability of the Government Edition for safe use on federal agency missions has been validated by NASA and the Idaho National Laboratory on behalf of the US Department of Homeland Security. These products were developed for and provided to the Ministry of the Interior.
The main additional guarantee of these products is that the local data mode is always on, which means that users cannot even voluntarily transfer drone data to DJI or connect to the Internet. These features protect against agency errors and violations of agency protocol. This extra layer of protection is not needed by most organizations using drones, but we are happy to offer it to all federal agencies.
Find out which data protection measures are right for you
Ultimately, you determine the data your drone collects based on where you fly, where you point the drone’s camera, and whether you capture any photos or videos. Anyone can follow the steps listed above, but the reality is that most people using DJI drones don’t need to take emergency action. Check out the data-related features of our software, consider whether you need to sync your flight logs with DJI servers or post aerial photos to our SkyPixel platforms and other social media platforms.
For infrequent missions involving sensitive data, consider the risk of disclosure and whether any of the steps listed above can help mitigate this risk. Some organizations restrict the use of consumer-grade electronic equipment to collect, store, and analyze sensitive information. You must comply with the same safety standards as other electronic devices such as digital cameras, walkie-talkies, surveying equipment, wildlife cameras and environmental sensors. If your use of these types of devices does not require any special cybersecurity measures, then the use of drones probably does not require them either.