Remote ID NPRM – Why FAA’s Proposal to Use Session ID’s is a Flawed One

How the Use of Session ID’s will Result in Compliance &
Implementation Issues, Increase Costs, and Raise Privacy Concerns

The NPRM released by the FAA has caused quite a stir in the UAS community as everyone from hobbyists to manufacturers scrutinize to find problems with the proposed rule. The document feels very chopped up, not concise, and just throws so much information at you that it’s a bit like drinking from a fire hose. I have been asked to look more closely into “Session Identification” or Session IDs and what all surrounds that aspect of the proposed rule. I want to apologize ahead of time for all of the acronyms, but this is the government we are dealing with here.

What is a Session ID?

A session ID is an optional item from the network side of Remote ID and would be assigned by the Remote ID service supplier (USS as the NPRM calls them). It would be a one-time use number for a specific flight, and replace the use of the serial number as the main identifier for the UAS. If the FAA needs to match the flight ID to get the serial number, the USS would have that info to be able to tell the FAA the serial number associated with the session ID. One thing I want to be clear about - the session ID replaces the serial number for BOTH the local broadcast and the network side of Remote ID.

What is the Rationale for Using Session ID’s?

The specific reasoning here the FAA uses for session ID’s is to provide an added layer of privacy. Let’s say the police are using a drone to track someone they are doing surveillance on. If the serial number were always being used, a suspect just needs to figure out the first time what the serial number of the drone is (since it is being broadcast) and would easily be able to see a police drone without looking outside as they could just check the serial numbers of drones in their area. Another scenario could be a business who is trying to track a competitors drones, and could easily do so if the serial number was used over and over again. This is a great move by the FAA but it has a few issues.

What are Some of Major Issues with Using Session ID’s?

Session ID’s Will Not Work When Internet is Unavailable

First, the FAA wants Remote ID to be fool proof, including the internet connection for sending info to USS, but they are not very clear on how the internet connection happens. Is it done via a SIM card inside a drone, or through an internet connection on the control station (cell phone)? What if I have Wi-Fi available on my control station, but I don’t connect it? It is my belief that in the end the FAA wants drones to have a direct internet connection via the cell phone network, but is looking for feedback on potential radio frequency issues. Honestly, there is a lot that needs to be answered in regards to the internet connection. Despite the bad info being spread around, a standard remote ID flight can take place if the internet is “unavailable”, but you would no longer be able to get a session ID for that layer of privacy. The drone would have to default to using its serial number. What if you are an official or company who needs that level of privacy, but you are not in an area where the internet is available? No security for you…

Law Enforcement Officials Will Find it Difficult to Locate Criminal Operators Using Session ID’s

Another issue is the correlation of data between the session ID and the owner of the drone. Those items are in completely separate databases. The FAA holds the phone number and name tied to the serial number of a drone. So a law enforcement officer looking into a drone would have to reach out to the USS in order to tie the session ID to the serial number, then reach out to the FAA to tie the serial number to the owner. Police don’t like to walk into situations blind, and using Remote ID to find the operator location and just walking up seems like it could easily lead to drone owners having guns drawn on them, or police unaware that they are about to encounter hostile criminal operators. That might seem far-fetched, but we have not had this situation take place yet as typically drone operators are hard to find while operating. There needs to be an easier way to manage that data and make it more accessible for officials who need it quickly.

Use of Session ID Could Lead to Higher Costs

The final odd piece to the network side of Remote ID that somewhat ties to the sessions is the concept of the USS. These providers are mostly portrayed in the NPRM as being companies that already offer LAANC (Kittyhawk.io, UASidekick, etc). Due to the complexity of the systems needed to do the network side of Remote ID, I think we can except the costs of a USS to be significantly more than the $5 per month that some LAANC providers charge - something I have all but confirmed in discussions with a current LAANC provider who will likely also be a USS.

And Some Serious Implementation Issues…

The FAA gives also examples of corporations being able to set up and act as their own USS provider for their drones or operations. How will the network information be available to the public or to officials when a private company is holding their own data? As well how would officials know who to call to start associating the session ID to the owner of the drone? Then, will there be standard for how to create a session ID that is similar to the standard ANSI serial number system the FAA wants to put in place?

Conclusion

Hopefully this provides a brief, but informative look into sessions IDs. Sadly, it also raises a lot of unanswered questions. I encourage everyone to make sure to take the time to do your own research on the NPRM by reading more articles or the NPRM itself, then taking the time to leave the FAA some well-informed comments.

~Jonathan Elliot
Owner/Head Pilot, MKE Drones

Become a Drone U Member.
Do not forget to subscribe and Listen to Ask Drone U, the #1 drone podcast

Jonathan Elliot is the Owner/Head Pilot for MKE Drones. MKE Drones is the top aerial service provider in Milwaukee, providing drone photos and video that are done in a safe manner that complies with all FAA commercial drone regulations.