Search SciPol

Brought to you by
What it does 

The Electronic Privacy Information Center (EPIC) petitioned the court to review the following decisions by the Federal Aviation Administration (FAA):

  1. Dismissal of EPIC’s petition urging the agency to consider privacy concerns in its rulemaking process to safely integrate unmanned aircraft systems (UAS) into the national airspace system (NAS); and
  2. Declaration in the Notice of Proposed Rulemaking (NPRM), that privacy considerations were “beyond the scope of [the] rulemaking.”

Both of EPIC’s claims were dismissed on administrative grounds (Citation 821 F.3d 39 (D.C. Cir. 2016)):

  1. EPIC’s petition to the FAA was time-barred. EPIC waited 125 days after the original dismissal, outside of the 60-day deadline set by statute; and
  2. EPIC’s petition was determined pre-emptive. The NPRM was not considered a “final order” capable of challenge and review under 49 U.S.C. § 46110. The court held that to allow the court to review an agency’s intent — as expressed in an NPRM—would be in direct contradiction with court precedent. (In re Murray Energy Corp. held that the court did not have the authority to review proposed agency rules. 788 F.3d 330, 334 (D.C. Cir. 2015)).

Because the case was dismissed on administrative grounds, the court did not reach the merits of the case. The content of EPIC’s petition, and the privacy concerns it urged the FAA to consider were not addressed by the court, leaving the question of whether those concerns were within the scope of the FAA’s rulemaking open for future review.

The facts 

Section 332 of the FAA Modernization and Reform Act of 2012 (Public Law 112-95) ordered the Transportation Department to conduct a public rulemaking to safely integrate UAS into the NAS.

In 2012, EPIC joined with over 100 organizations, experts, and advocates to petition the FAA to establish privacy protections as part of this rulemaking procedure.

The FAA responded to this petition in 2014, stating that UAS privacy implications “did not raise an immediate safety concern[,]” but assured the petitioners that their comments and arguments would be considered in the FAA’s rulemaking addressing the operation of sUAS in the NAS.

On February 23, 2015, the FAA issued a NPRM to “adopt the specific rules to allow the operation” of drones. This NPRM had the effect of denying EPIC’s petition stating, "[t]he FAA also notes that privacy concerns have been raised about [UAS’s]," but privacy issues "are beyond the scope of this rulemaking."

EPIC challenged both the FAA’s dismissal of its petition and the FAA’s omission of privacy provisions from the NPRM. EPIC alleged the FAA had not lived up to the Congressional mandate of the Act, and had violated the law by failing to issue and/or solicit public comments on possible UAS privacy regulations.

Relevant Science 

The FAA defines a “drone,” or “unmanned aircraft,” as an aerial vehicle designed for flight without a human pilot on board; the UAS is controlled by an operator on the ground. The scope of the UAS industry is wide-ranging, but current use-cases primarily serve the civil and public industries. Specific applications in these areas include military operations, law enforcement, wildlife tracking, search and rescue, border patrol, and photography. However, industry actors envision adaption of UAS for commercial purposes.

Where & When 

The United States Court of Appeals, District of Columbia Circuit, delivered its ruling on May 10, 2016.

Relevant Experts 

Diana-Marina Cooper, is the Vice President of Legal and Policy Affairs at PrecisionHawk. She has presented on technology and drone law issues at Stanford University, Columbia University, New York University, NASA, and more.

Alan Butler, is Senior Counsel for the Electronic Privacy Information Center. Mr. Butler has argued on behalf of EPIC in privacy and open government cases. He has authored briefs on behalf of EPIC in significant privacy cases, including an amicus brief in Riley v. California that was cited in the Supreme Court's unanimous opinion upholding Fourth Amendment protections for cell phones. Along with Jeramie D. Scott and EPIC’s director Marc Rotenberg, he is part of the team of Counsel who have worked on this case, and will work on it moving forward.

Mary “Missy” Cummings, PhD, Professor in the Duke University Pratt School of Engineering, Director of the Humans and Autonomy Laboratory and Duke Robotics, Associate Professor in the Department of Electrical and Computer Engineering, Associate of the Duke Initiative for Science & Society, Investigator in the Duke Institute for Brain Sciences.


The development of UAS raises significant concerns, as outlined in EPIC’s original petition:

  • Privacy: UAS can potentially be outfitted with the latest surveillance technologies, including, high definition cameras, heat sensors, GPS, sensors to detect movement, and automated license plate readers. When combined with government identification databases, this level of identification raises questions about Constitutional rights to privacy (i.e., the First and Fourth Amendments).
  • Ongoing surveillance: In addition to this technological threat, by their nature and design, UAS will allow constant, persistent surveillance beyond that of former methods of aerial surveillance. Also, “by virtue of their design, their size, and how high they can fly, [UAS] can operate undetected in urban and rural environments.”
  • Stalking: Companies are developing “paparazzi drones,” private detectives have begun to use UAS to track their targets, and criminals and other private actors could use UAS for the purposes of stalking and harassment.

Although it is in its relative infancy, the UAS industry is one that is predicted to grow significantly over the next few years. Business Insider projects revenues topping $12 billion in 2021, up from $8 billion in 2015, and reports that the military sector leads the market in drone spending. This trend is predicted to continue because of the high cost of military drones. As the regulatory landscape of the UAS sector continues to crystallize, more use-cases in the enterprise and consumer sectors are likely to become available.

The FAA’s Aerospace Forecast for fiscal years 2016 to 2036 projects that the sales of sUAS would increase from 2.5 million in 2016 to 7 million in 2020. Ever-increasing UAS popularity within the civil, public, and commercial sectors has increased regulatory action at the state and federal levels.


After EPIC’s original petition was determined premature by the court, in June, 2016, the FAA enacted its final rule on the operation and certification of sUAS, Operation and Certification of Small Unmanned Aircraft Systems (SciPol brief available; 81 FR 42063).

On August 22, 2016, EPIC filed a Petition for Review of the FAA’s eventual final rule. This second petition alleges that the FAA’s withholding of UAS privacy regulations in their final rule was unlawful.

On February 28, 2017 EPIC filed opening briefs in the United States Court of Appeals, D.C. Circuit, challenging the Final Rule. Once again, the nonprofit asserts that the FAA’s failure to act on the privacy concerns raised by UAS deployment in the NAS “threatens fundamental privacy rights, is arbitrary and capricious, and is contrary to law.” Specifically, EPIC claims:

  1. The FAA’s refusal to consider privacy hazards in the Final Rule is unlawful:
    1. Refusal to address privacy hazards in the Final Rule is contrary to the mandate of the Act.
    2. To the extent that the term “hazard” is ambiguous, the FAA’s refusal to consider privacy risks is based on an impermissibly narrow construction of the term.
    3. The FAA’s refusal to address privacy hazards is arbitrary and capricious:
      1. The FAA failed to explain why they did not evaluate the privacy concerns included in EPIC’s petition.
      2. The FAA failed to consider the importance of privacy to sUAS integration.
      3. Despite previously underscoring its importance, the FAA failed to explain why privacy is now not relevant to UAS issues.
  2. The FAA’s refusal to conduct comprehensive drone rulemaking as required by the Act is unlawful.
    1. The “incremental approach” that the FAA is taking to drone rulemaking is contrary to the Act.
    2. The FAA’s refusal to conduct comprehensive UAS rulemaking is unlawful.

A final court decision has yet to be issued.

Primary Author 
Kyle Levenberg, LL.M.
Cassi Carley, PhD student; Michael Clamann, PhD
Recommended Citation 

Duke SciPol, “Electronic Privacy Information Center v. Federal Aviation Administration”, available at (05/25/2017).

Creative Commons License This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. Please distribute widely but give credit to Duke SciPol and the primary author(s) listed above, linking back to this page if possible.