The variety of ways in which DJI has dominated headlines across the drone industry is as impressive as it is overwhelming. While headlines around the release of the DJI Mavic Air and Aeroscope have been the exact sort the company envisioned, ones associated with the US Army’s memo to discontinue using DJI drones and their bug bounty program were certainly not. While DJI has been quick to address these negative headlines, their statements often leave something to be desired in terms of both scope and depth.
On episode #61 of the Commercial Drones FM podcast – An Exclusive Conversation With DJI On Drone Data Security –Michael Perry, Managing Director of North America for DJI, addresses all of these controversial issues in a straightforward and comprehensive manner. Host Ian Smith asks Perry outright about DJI data security, whether or not DJI drones are transmitting info to the Chinese government, what happened with the bug bounty program and plenty more.
Perry is as candid as he is informative in this interview, which is part of the reason we wanted to connect with Ian for some further insight about the topics that were discussed. Read through the additional insights before or after listening to the podcast below. You can also listen to the episode on iTunes or GooglePlay.
Jeremiah Karpowicz: Michael talked about thinking about safety more in terms of the number of flight hours, rather than the number of drones out there, which really changes the perspective around the issue. Do you think the industry is going to be better off if everyone starts focusing more on flight hours rather than how many units are out there?
Ian Smith: That’s a very traditional way of thinking about safety and obviously, it makes a ton of sense. Manned aviation operates in terms of the number of flight hours, yes, but there is definitely the opportunity to look at this drone situation in a different light. The difference between manned aviation and drones is that there are going to be orders of magnitude more amount of drone aircraft buzzing about the skies than manned aircraft. Just the inherent fact of the sheer amount of these platforms in the NAS absolutely deserve attention. However, I’m not the best person to ask on the scientific method of measuring this.
What about DJI’s two newest products, AeroScope and FlightHub, do you find to be especially important? Any specific commercial opportunities that you think might be opened up on account of these products?
AeroScope is interesting in the way that DJI positions it—purposefully for public safety and local governments. Admittedly, there doesn’t seem to be a large amount of direct user information available on this product but with DJI’s massive footprint and offering some of its own “policing” technology, it should fill a gap in certain organization’s requirements. No word yet on if they’ll allow certain agencies to remotely disable a detected aircraft, though.
FlightHub attracts me because it’s DJI’s first true SaaS enterprise play. Getting into the monthly subscription software game can be very lucrative and DJI is banking on the ubiquity of their systems to gain market share. There are also no shortage of incumbents in this space (Skyward, Kittyhawk, et al). The timing of this release, coinciding with the recent drama and privacy concerns surrounding the company, is definitely the biggest spectacle surrounding it, rather than the technology itself.
As you talked through the news about the US Army issuing a memo asking units to discontinue their use of DJI drones, it seemed to me that the issues there are really about both cyber vulnerability and data security practices, but the two of those things have different problems and solutions. Do you think these are distinct issues, or is it more useful to think of them all in the context of “data”?
In my mind, I’m grouping these two issues together. There have been a handful of seemingly-talented security researchers who’ve taken to Twitter and other social media to try and illustrate that the vulnerabilities in question are actually very real. With that in mind, grouping the vulnerability and security together in the context of personal or proprietary “data” just makes sense. After all, when evaluating drone hardware and software platforms (or any platform, for that matter), any large, public company is going to take a look at “data security” as a whole.
Michael laid out a great rebuttal to ICE claims about DJI data being sent back to the Chinese government. Do you think this kind of report is more about technology or politics though? That is to say, would this have gotten much traction if DJI were not a Chinese company?
Absolutely. The fact that DJI is a Chinese company is a big reason why this is a huge deal. Coupling that with the massive market share they’ve gained, the proliferation of drone technology as a whole (into private and public organizations—not to mention the current political climate), and the airspace security and safety issues that all bubble up to the federal government… boy, you’ve got yourself quite a stew goin’. I’ll venture to state that if DJI were not a Chinese company, this wouldn’t have made as many headlines.
What else do you think DJI can and should be doing in 2018 to do exactly what Michael said was going to be a priority for the company, which is communicate how people’s data is being managed in a better way?
The company seems to be undergoing an independent third-party data security audit, which is a start. With the impending release of FlightHub and other enterprise and commercial products which rely heavily on being networked, they’ve got to make some big headway on recruiting the correct people to manage their image and ensure that their platforms are secure, in every sense of the word. This is a fluid story that I’ll be watching very closely.