DJI is working on a “local data mode” for its apps that prevents any data from being sent to or received from the internet. The feature will be welcomed by many, but it’s hard not to attribute the timing and urgency of the announcement to the recent ban of DJI gear by the U.S. Army over unspecified “cyber vulnerabilities.”
“We are creating local data mode to address the needs of our enterprise customers, including public and private organizations that are using DJI technology to perform sensitive operations around the world,” said Brendan Schulman, the company’s VP of Policy and Legal Affairs, in a press release. The new feature should arrive before the end of September.
The Army memo, first published at Small UAS News and dated August 2, said that “due to increased awareness of cyber vulnerabilities associated with DJI products, it is directed that the U.S. Army halt use of all DJI products.”
It’s not clear what these vulnerabilities actually are, or whether the mere possibility of sensitive information being transmitted was enough to spook someone at HQ.
DJI’s flight control apps, from which users can launch and control drones, does indeed regularly phone home to make sure it is up to date, using current maps and so on. And if the user chose to, it would back-up flight logs and media to DJI’s servers. But the online functions aren’t necessary for ordinary operation and flight, so local data mode doesn’t affect airworthiness or anything like that.
Although DJI was not made aware of the Army’s concerns ahead of time, the new mode has been in development for several months, according to the press release. So either a little bird told the company this was a possibility, or more likely it’s just a smart option to include when your craft and apps are being put into national security and life-and-death type situations.
A DJI representative told TechCrunch that today’s announcement isn’t in response to the memo. Schulman, however, told The New York Times that “the Army memo caused customers to express renewed concern about data security.”
These statements may seem contradictory, but it’s not hard to imagine that when a major client like the Army raises security concerns, others will join the chorus. So DJI can say the announcement today wasn’t in response to the memo — not directly, anyway. But chances are we wouldn’t be hearing about the feature until later had the memo not been publicized.
“We’re not responding to the Army, which has never explained its concerns to us,” explained Adam Lisberg, DJI’s corporate comms director for North America, in response to my inquiries along these lines. “We’re accelerating the rollout of something we’ve been working on for a while. We announced it today because enterprise customers with serious data security have made clear they need something like this for a while, and the Army memo reinforced that concern for them. So we’re addressing it quickly as part of our commitment to delivering what our enterprise customers need.”
It matters because DJI isn’t a military-specific drone maker, like General Atomics, which makes Predators — though the chances of a Chinese company ever being so are slim, to say the least. It’s also a matter of public image: they’re a company looking out for consumers and the occasional government contract, not a major participator in the military-industrial complex.
Clearly, the company wants to signal that it takes its feature requests not from foreign governments, but from its valued users all over the globe, of which the Army happens to be one.
