A bulletin issued by an agent of U.S. Immigration and Customs Enforcement was recently leaked online, drawing attention to some of its very wild – and obviously false – claims about DJI and our products. We want to set the record straight about how our products work, how we protect customer data, and what we’re doing to try to correct the record.

The ICE bulletin

The bulletin claims DJI uses its products to obtain information about critical infrastructure in America and send it to the Chinese government. This is false. DJI is the leading drone company because it builds robust, stable and reliable platforms for customers all over the world to see the world in a new way and do their jobs better. Across the globe, professional drone users such as businesses, government agencies, researchers and nonprofits rely on DJI platforms, and DJI protects the privacy of the data they collect.

DJI does not access the flight logs, photos or videos that our customers generate unless they choose to voluntarily share them with us, such as by syncing flight logs with DJI cloud servers or sharing photos and videos on DJI’s SkyPixel website. DJI customers in the United States who upload their flight logs do so to servers located in the United States. For customers who fly sensitive missions and want to ensure the security of the data they generate, DJI created Local Data Mode, which severs all internet connections to the drone and controller.

The ICE memo contains several other claims that are obviously false or easily disproven. For example, it says DJI drones can gather facial recognition data even when turned off. DJI has presented ICE with a detailed rebuttal of the report, and urged ICE to consider correcting its errors or withdrawing it entirely.

More information about the ICE bulletin:

• DJI Statement on ICE Bulletin
• Statement About DJI’s Cyber Security and Privacy Practices

DJI’s Commitment to Data Security

DJI understands that our customers want to be able to keep their flight data private, and we have consistently been the industry’s leading voice for protecting that right. Governments around the world are considering regulations for mandatory registration and tracking of certain drones. DJI has advocated strongly that any such systems should be locally based, allowing authorities to monitor drones in sensitive areas or in response to complaints, but without requiring every drone flight to be tracked in a central government database.

DJI strives to comply with local laws and regulations in each country where our drones operate and to facilitate compliance by our customers. Like all major technology companies, DJI responds to valid requests for information presented by government authorities pursuant to established legal processes, such as a warrant or subpoena. In China, DJI complies with regulations by using each customer’s IP address, GPS location, and MCC ID to determine if a drone is being operated in China. If so, DJI provides the customer with the features necessary to comply with Chinese regulations and policies. Otherwise, DJI provides no information about or data collected by the drone to the Chinese government.

Earlier this year, DJI introduced Local Data Mode in the DJI Pilot app, an option that allows drone pilots to stop receiving or sending data over the internet. This prevents unintentional syncing of photos, videos or flight logs with external servers. Telemetry data on flight logs such as altitude, distance or speed will remain stored on the aircraft even when the feature is activated, but will not be synced externally unless the user manually downloads the data for off-board use.

DJI has also taken other steps to enhance the security of its apps and how they handle customer data, such as reviewing all third-party plugins in the DJI GO and DJI GO 4 apps and removing some that raised concerns about software security and integrity. DJI established the DJI Security Response Center to work with researchers who responsibly report potential security concerns, and has launched an internal educational program for our developers as well as a more rigorous code review and testing process.

More information about DJI’s data protection:

• DJI Proposes Electronic Identification Framework For Small Drones
• DJI Launches Privacy Mode for Drone Operators to Fly Without Internet Data Transfer
• DJI Enhances Software Security in Its Flight Control Apps

DJI takes customer security and privacy very seriously. If you have any questions or concerns, please write to us at datasecurity@dji.com.