Have you heard the story about a drone that crashed into the White House yard?
Wired has done a follow-up story, drawing from a conference to discuss drone risks.
The conference was open to civilians, but explicitly closed to the press. One attendee described it as an eye-opener.
Laughably Wired seems to quote just one anonymous attendee as payback for lack of access to the event. Who was this attendee? Why was it an eye-opener?
In my conference talks for the past few years I explicitly mentioned attacks on auto-auto (self-driving cars) based on our fiddling with drones. Perhaps we are not getting much attention, despite doing our best to open eyes. Instead of some really scary stuff the Wired perspective looks only at a very limited and tired example.
But the most striking visual aid was on an exhibit table outside the auditorium, where a buffet of low-cost drones had been converted into simulated flying bombs. One quadcopter, strapped to 3 pounds of inert explosive, was a DJI Phantom 2, a newer version of the very drone that would land at the White House the next week.
Ok, surely that’s not the most striking visual aid. I would be happy to give any journalist multiple reasons why a drone with 3 pounds of explosive does not present the most difficult defensive situation. In fact on the scale of things I would want to build defenses against, a bomb drone seems very easily within reach. There are far, far more troubling ones, which is why I have been giving presentations on the risks and what defenders could do to about them (Blackhat, CONFidence).
We also have tweeted about taking over the skyjack drone by manipulating its attack script flaw, essentially a mistake in radio logic. A drone on autopilot using a mapped GPS would be straightforward to defeat, which we also have had some fun discussions about, at least in terms of ships (flying in water, get it?). And then there is Lidar jamming…
Anyway back in April of 2014 I had tweeted about DJI drone controls and no waypoint zones. The drone company was expressing a clear global need to steer clear of airports. Thought I should call attention to our 2014 research and this detail as soon as I saw the White House news so I replied to some tweets.
Nine retweets!? Either I was having a good day or the White House raises people’s attention level. Maybe we can blow off all our talking about this in the past because someone just flew a drone into the wrong yard. It’s a whole new ballgame of awareness. While the White House drone incident could cause a backlash on drone manufacturers for lack of zone controls, the incident also brings a much needed inflection point at the highest and broadest levels, which is long overdue.
Our culture tends to leave the market to harm the average person because let them figure it out. Once a top-dog, a celebrity with everything, is harmed or threatened then things get real. It is like we say “if they can’t defend, no one could” and so the regulatory wheels start to spin.
An incident with zero impact that can raise awareness sounds great to me. As I explained to a FCC Commissioner last year, American regulation is driven by celebrity events. This one was pretty close and may get us some good discussion points. That is why I see this incident finally bringing together at least three phases of drone enthusiast. Fresh and new people will be stepping into the ring to tinker and offer innovative solutions; old military and scientific establishment folks (albeit with some VIP nonsense and closed-door snafus) will come out of the woodwork to ask for a place in the market; and of course those who have been fiddling away for a while without much notice will take a deep-breath, write a blog post and wonder who will read it this time.
Three drone enthusiast profiles
Last year I sauntered into a night-time drone meetup in San Francisco. It was sponsored by a high-powered east-coast pseudo-governance organization. And when I say drone meetup, I am not just talking about the lobbyist drone in fancy clothes who talked about bringing “community” closer to the defense industry “shared-objectives” (“you are getting very sleepy”). I am talking about a room stuffed with people interested in pushing technology boundaries, mostly in the air. Several observations about that meetup I would like to share here. Roughly speaking I found the audience fit into these interest levels:
- Profile 1: The hobbyists seemed easily annoyed by thinking about risks. This is typical in technology meetups that bring developers together. Some people look at the clouds above the picnic, some look at the ants. The new drone meetups almost always are filled with cloud watchers.
Others would ask me “what’s your rig” or “what do you pilot” to talk shop. I would reply “Sorry, not a pilot, I study using ground control to remove drones from the air”. This went over like a lead balloon. You could sense the deflation in mood.
When I was asked “why would anyone want to do that” my response was “I have no idea. There are so many possible reasons.” My area of study is not focused on why. I want to know how. So I told people “When somebody decides why a drone needs to be stopped, I would like us to avoid any panic about how.”
Although the hobbyists had some amazing ideas about drones changing the world for the better, I was doing my duty to ask “why” and “is that safe” at strategic points in the conversation.
- Profile 2: The professionals were swapping stories about success and failures in the ancient past. This crowd was jaded already. As per usual those with field-experience had a veritable gold-mine of lessons not widely shared. A favorite of mine was when a guy who built private gas-leak drones made them “too accurate”. He forced the power company (PG&E) to admit their existing sensors (mostly manual, staff in vehicles) were dangerously out-dated. Better sensor technology was meant to be a sales strategy for this drone professional yet the quality gap he opened between old and new was so large PG&E was angry; fought back instead of buying-in.
Another great story was when a drone had flown throughout mines and laser-mapped them. Software stitching together photos with maps, using a large cloud compute cluster, inexpensively created a 3D world of a hazardous cave to be enhanced with environmental details. New business models were being explored around providing geology maps to FPS gaming companies, or architects planning new construction. Want to see how your new underground restaurant looks at 5:30PM as the sun sets, or with a morning rain-storm? Click, click now you can walk through, just like a drone already has.
Another was pure surveillance, although the story was told as “tourism”. Go to visit a monument, take a few photos. Nice. Now pull out your pocket drone, take a few thousand pictures and have a perfect 3D model you can replicate later. Throw up a drone on a specific route to 3D map anything. Statues, machines, buildings…it comes back with data you download, process and can use to build or model perfectly anything the drone “sees” on its little vacation. Since the processing story was last year I have to also point out this year drones started processing all the data in real-time as they fly.
- Profile 3: The lobbyist was annoyed about risks like the hobbyists, although she blended in hard-lessons from Profile 2. It was bridging reality of risks with promise of new sales.
She was of the opinion that the US military was light-years ahead of hobbyists in drone-building and flying. Been there done that, they had forged a business model and their engineers therefore should rule the technology leadership roost into the next business models. However she came to SF to openly admit the military-industrial-complex has become so used to handouts from government they felt a bit worried about missing the boat on consumer markets.
Someone recognized a strong Profile 2 (seasoned story-telling) had been missing from their lobbyist toolkit for the coming commercial boom. A flood of new talent was scooping up drone kits and toys, quickly threatening to dwarf the proprietary market cap. The lobbyist was talking about synergies and collaborations. Although let’s be honest, she is a lobbyist. She also was testing the water for an exit from big old federal government money into even bigger global commercial money. She just didn’t know yet who she should focus her pleadings on most.
You could smell a three-way collision (at least, maybe more) brewing and bubbling, yet groups still stood far apart at this meetup. Political stakes were increasing: money and ideas starting to flow, old power brokers worried about disruption, combined with seasoned vets sprinkling around guidance on where to go with the technology and new horizons. This is how things have evolved for many years; it just didn’t seem quite yet the time for collaboration.
Bringing Profiles Together
Going way, way back, I remember as a child when my grandfather handed me a drone he had built (mostly ruined, actually, but let’s just pretend he made it better). Having a grandfather who built drones did not seem all that special. Model trains, airplanes, boats…all that I figured to be the purview of old people fascinated with making big technology smaller so they could play with it. Kind of like the bonzai effect, I guess. I fast-forward to today and I realize he might have been a little exceptional. Groups everywhere growing consistently larger and more committed to drones, albeit they seem separate and distinct from each other, not part of everyday life.
As popularity increases, so does the question of how all the pieces and parties should work together better. Roombas aside, my theory is the future looks incredibly bright if people start working together on ethics and politics in the bigger picture, including risks. I wasn’t going to fall for the Profile 3 lobbyist pitch (who was?). However, I was excited by some of the groups and discussions.
Speaking of way back, in 2013 I found my long-time drone interests leading into tweets useful at work. I thought Twitter might help with converging risk discussions into after-hours meetups, like talking about the forward-thinking people in Iowa demanding no-drone zones.
Clearly my humor did not win anyone’s attention. Not a single retweet or favorite. Crickets.
It also may just be that Twitter sucks as a platform and I have no followers. That’s probably why I’m back to blogging again more. Does anyone find Tweets conducive to real conversation? The best Twitter seems to do for me is to shift conversation by allowing me to throw a fact in here or there, like I sit quietly with my remote Twitter control, every so often dropping stones into the Twitter pond.
When a news story broke in 2013 I had to jump in and say “hey, cool Amazon hobbyist (new) story and I think you could be overlooking a FedEx lobbyist (old) story”.
I was poking around some loopholes too, wondering whether the drones over SF could have a get-out-of-jail card if we wanted to take them down.
Kudos to Sina and Jack for the conversation. My tweets were at least reaching two or three people at this point.
And as anti-drone laws were popping up I occasionally would mention my research in public. Alaska wanted a law to make sure hunters could not use drones for unfair advantage.
Such a rule seemed ironic, considering how guns have made killing a “sport” nearly anyone can “play”. A completely unbalanced and technology-laden air/ground/sea attack strategy on nature was common talk, at least when I was in Alaska. Anyway someone thought drones were taking an already automated sport of killing too far.
Illinois took the opposite approach to Alaska. Someone saw drones as potential interference to those out for a killing.
By April of 2014 I had built up a fair amount of detail on no-fly zones and strategies. We ran drones for testing and anti-drone antenna prototypes were being discussed. I gave myself a challenge: get a talk accepted and then publish an anti-drone device, similar to anti-aircraft, for the hobbyist or average home user.
Here’s a good picture of where I was coming from on this idea. One of the top drone manufacturers was telling me their drones were absolutely not going to stray into no-fly zones. What if they did anyway? Ethics were easy in this space. A system to respond seemed most clearly justified.
Haha. “No-way points” get it? No? That’s ok, no one did. Not a single re-tweet or favorite for that map. It wasn’t completely lost on people, however. A little exposure meant I was called in for a short Loopcast episode, called Drone Hacking, which I suppose a few people might have heard. The counter says 162,000 plays so far, which seems impossible. Maybe drones are listening.
Anyway my big plan to release our research at a conference was knocked down when the Infiltrate voting system denied us a spot. We were going to show how we immediately, and I mean immediately, found a way to take-over the Skyjack drones. We wanted to talk about command and control, redirection and all kinds of fun stuff. Denied.
I resubmitted the same ideas to CanSecWest and again was denied. This pretty-much shelved my excitement to explain more details and spend time in a formal public space. After all, my focus was more on the larger picture of big data and less on individual sensors. That’s why you’ll see drone information woven into in my big data security talks and writings.
Although at last year’s EMCworld I put a guy on my staff dedicated to drones — running a bunch of cool tests and achieving real pilot skills — it still wasn’t brought out publicly as much as I would have liked. Timing still felt early, as if journalists were apprehensive and various groups too separated to generate a nice broad and general audience story. Our conference was explicitly open to the press yet we were without any major celebrity-level disaster driving attendees. Maybe this year…