Our recent launch of the world’s first consumer drone with ADS-B aircraft detection safety technology, Mavic Air 2, reminded me of the original inspiration for undertaking that new safety commitment: a scary collision between one of our drones and a helicopter in New York City.
That incident provided lessons to us about how we could make drone use even safer, but it also gave me my own personal lesson in how DJI respects the data security of its customers. It confirmed that, contrary to incessant politically-driven allegations, DJI does not automatically collect flight log or image data from its customers. This lesson has stayed with me, and last week I discussed it for the first time in an online U.S.-China Series discussion with Kaiser Kuo. Given the interest it generated, I want to expand on it and explain why it’s relevant for discussions about how DJI protects customer data.
On Sept. 21, 2017, a U.S. Army Black Hawk hit something while flying low over New York harbor. No one was injured but the helicopter was damaged. Authorities recovered a small piece of a drone from inside the helicopter and confirmed it was a DJI Phantom 4. You can imagine the alarm bells this set off within DJI.
This was the first time any of our consumer drones had been confirmed to hit a helicopter or airplane. Everyone inside the company wanted to know what had happened, as soon as possible: Was it pilot error, a product malfunction, or something malicious? We were concerned about the potential ramifications this could have on the still-new industry.
DJI gladly became a party to the investigation by the United States National Transportation Safety Board (NTSB) to assist in its safety investigation. The drone component that was recovered was one of four motors and a piece of the motor arm. Our motors are stamped with a serial number to allow us to trace inventory and components used in the final build of each aircraft.
In accordance with our policy for providing customer information, the NTSB served us with a legal subpoena for information, allowing us to use the serial number to identify the name and address of the purchaser of the product. We only had this sales information because this customer chose to buy the product directly from DJI’s e-commerce site.
That information identified the customer and his DJI account information, but did not answer the questions we – and the NTSB – wanted to know: How did this happen? What was the customer doing at the time of the collision? Was this the first time the drone had flown near helicopter traffic? Did the drone take pictures of the imminent collision? Was there other flight information that would reveal the pilot’s intentions?
Despite our extreme interest in knowing as much as possible about how this customer used our product, we had no operational or image data because the user had not chosen to share his data with DJI. Instead, we had to await NTSB’s own interview of the drone pilot, who voluntarily shared the flight logs from his tablet.
The logs showed that the pilot was not operating responsibly, and that he was unaware of the helicopter. The official NTSB accident report makes it clear the investigators obtained their information – including a video replay of the pilot’s screen – from “data logs from the control tablet provided by the pilot.” If he hadn’t turned them over, no one would have ever seen them and no one at DJI would have ever known how our product had been used, no matter how much pressure we were under to find out.
The Black Hawk collision was a wake-up call for drone safety efforts, and the original inspiration for our latest safety initiative on ADS-B. But as someone inside the company, it was also a strong validation of our privacy practices, and bolstered my confidence that accusations about our company are untrue.
This is just a single anecdote, of course, but it succinctly exemplifies the goals of DJI’s security efforts and external validation testing over the past three years. We created a Local Data Mode for our professional flight app, which blocks even unintentional data transfer; we commissioned an independent study that validated DJI’s data security practices; we developed a high-security system for the U.S. Department of the Interior that was validated by the U.S. Department of Homeland Security; and we bolstered the data security measures in our flight control apps. You can learn more about these measures and how to control what data you share at our data security site.
Despite the hyperbolic speculation from some of our critics and even government memoranda – that ironically began around the same time as this fall 2017 crash – we are committed to the privacy of our customers’ data. That means in this case – and many other cases when authorities in the U.S. and elsewhere serve us with legal requests for customer data – we simply don’t have the information investigators want.
The crash proved to me what my company has always said: You control whether and when you share your drone data with us, because your data is not our business.