Yesterday, Republican FCC Commissioner Brendan Carr called for adding DJI, a Chinese drone company, to the FCC’s Covered List, which would prohibit federal money from being used to purchase its equipment. This list identifies "communications equipment and services ... that are deemed to pose an unacceptable risk to the national security of the United States or the security and safety of United States persons."

Commissioner Carr raised this issue in a China Tech Threat online event on "Unacceptable Risk: Expanding the FCC’s Covered List to Reflect Reality" (the full text of his remarks as they relate to DJI can be found at the end of this piece). In an FCC news release related to his remarks, Carr said that “DJI drones and the surveillance technology on board these systems are collecting vast amounts of sensitive data—everything from high-resolution images of critical infrastructure to facial recognition technology and remote sensors that can measure an individual’s body temperature and heart rate.” In addition, he stated, “[s]ecurity researchers have also found that DJI’s software applications collect large quantities of personal information from the operator’s smartphone that could be exploited by Beijing."

He noted that the Commerce Department placed DJI on its Entity List last year, "citing DJI’s role in Communist China’s surveillance and abuse of Uyghurs in Xinjiang." And he said that "the evidence against DJI has been mounting for years, and various components of the U.S. government have taken a range of independent actions—including grounding fleets of DJI drones based on security concerns." He concluded: "We do not need an airborne version of Huawei."

He also tweeted on this issue as follows:

The full text of his remarks on the DJI issue at the China Tech Threat event were as follows:

I think one of the most important steps that we should take is to immediately start the process of adding DJI, which is a Chinese drone company, to the FCC's covered list. And most people probably don't understand the vast amounts of sensitive data that's being collected today by DJI ... drones in this country. DJI right now has the lion's share of the market for commercial drones in the US. Their market share exceeds 50%, and their drones and the surveillance technology that runs on top of those platforms collect all sorts of data, everything from high res images of critical infrastructure, to use by various state and local law enforcement and public safety agencies, facial recognition technology, and even remote sensors that from a distance can measure an individual's body temperature and heart rate. And on top of all that security research has found that DJI's software applications that run on the smartphone that operate those drones themselves are collecting large quantities of personal information from the operator smartphone that can be exploited by Beijing. Indeed there was one former Pentagon official that said that, quote, we know that a lot of the information is sent back to China, end quote, from these DJI drones.

So when you step back and consider the vast troves of sensitive data that these DJI drones are collecting, it's really troublesome, particularly because there's this China National Security Law that grants the Chinese government the power to compel DJI to assist it in espionage activities. And their willingness to engage in questionable activities in coordination with the Chinese surveillance state is pretty well known. In fact, the Commerce Department placed DJI on the Commerce Department's Entity List last year, citing DJI's a role in communist China surveillance and abuse of Uyghurs in the Xinjiang region. And again, when you add to all of that the widespread use of DJI drones today by law enforcement agencies, including recent reports that the Secret Service and FBI recently acquired DJI drones, the need for quick FCC action on this is very clear.

And the process going forward is one that the FCC needs to commence. We need to coordinate with law enforcement agencies. There's various mechanisms by which you can get added to the FCC's covered list, most of them involve the input of other entities outside the FCC. So I think the FCC needs to start that process, that consultation process, immediately. If there's mitigating evidence I'm unaware of, we need to get it out there, because the evidence that I've seen so far shows that we should very much proceed down this path of putting DJI on the covered list.

And the evidence against DJI has been mounting for years. In fact you can looking at various components of the federal government that, on their own, have taken individual actions with respect to DJI, but yet it's been inconsistent, and there hasn't been a comprehensive plan in place to deal with the real threat from DJI and that's why I think the FCC starting that consultation process is a very good and necessary next step.

And there's the evidence, I have a release that I'll send around that walk through some of this, but in a nutshell all the way back in 2017, there was an intelligence bulletin from a DHS field office that says that DJI is likely providing sensitive US infrastructure and law enforcement data back to the Chinese government. In 2019, in passing the fiscal year 20 NDAA, Congress broadly prohibited the Pentagon, DOD, from purchasing Chinese made drones including DJI, which again is sort of the dominant share of the commercial market in the US, based on national security concerns. Back in January of 2020, the Secretary of the Department of Interior issued an order that largely grounded the department's fleet of drones, most notably DJI drones, based on concerns about cybersecurity in safeguarding sensitive information. One of the DOJ's component groups prohibited the use of their funds from being used to purchase, what they call covered foreign entity drones, including the DJI ones. There's additional evidence, but most recently in July of 21, the DOD stated that it remains convinced that DJI systems, quote, pose potential threats to national security, end quote, that those DJI drones are still barred from use by DOD. So when you look at where we've come, which I think is a long way towards identifying and standing up to the threat posed by communist China to our security of our communication systems, the realization that Huawei poses a very real threat, I think what we're seeing right now with DJI is the potential for Huawei on wings, and we don't need an airborne version of Huawei, and when you look again at just the vast amount of sensitive data, body temperature, heart rate, high res images of critical infrastructure that can be collected, and then couple that with the Chinese National Security Law and the concerns already expressed by components of the federal government about the access to this information by Beijing, there is enough there where I am very concerned, I think all of us should be very concerned. I think the appropriate step is to commence a process of adding them to the FCC's covered list.

...

DJI has taken market share or obtained market share in the US through a lot of the hallmark moves, in terms of pricing moves included, that we had seen before when Huawei was looking to take market share. And when we make decisions about what entities to add to the cover list, or in my case to suggest entities to add to the cover list, there's a wide range of information sources that we use to do that. We've never, for instance, put forward adding an entity to the list simply because it is based in or headquartered in China. There are always a series of plus factors above and beyond that, that we have cited, and ... in this case I think DJI has a significant number of those plus factors. Again you've got multiple components of the federal government either barring the purchase of them, grounding their fleets, Congress expressing concern in the NDAA, the security researchers are identifying potential issues with the mobile application that people are using, so I think there's a sufficient number of additional plus factors that raise concerns.

Again, when we first heard about the threat from Huawei at the federal level in 2017 and 2018, there was a lot of people that looked at that skeptically, it was a bit of an uphill climb to make that case because people weren't really willing to accept the potential threat that it poses. Well obviously flash forward to today, and everyone really understands the serious threat posed by Huawei. I think we're in a very similar position, potentially, when it comes to DJI, which is, you know, I'm not the first person to call this a potential security threat. Obviously these federal agencies have taken action that has been inconsistent, and I think now is the time that we bring together the components to make these final additions because you're right when we say, you know, DOD can't fly a drone but yet, companies can, individuals can, and they can still be accessing just information on people on the street in terms of heart rate, temperature, other biometrics, it's been used in sort of furtherance of COVID lockdowns around the globe, this type of drone based technology, so just give you a sense of the various applications that it's had. So I do think there is a process that we use, and there's a lot of reasons why DJI checks a sufficient number of boxes, that it's time to move forward in a more comprehensive way with them.