The Los Angeles office of the U.S. Immigration and Customs Enforcement agency has leveled an explosive charge at drone-maker DJI, accusing it in a public memo of spying for the Chinese government.
Specifically, the memo alleges “with moderate confidence that Chinese-based company DJI Science and Technology is providing U.S. critical infrastructure and law enforcement data to the Chinese government.” The agency also claims “with high confidence the company is selectively targeting government and privately owned entities within these sectors to expand its ability to collect and exploit sensitive U.S. data.”
They further accuse DJI of using its Go Android and iOS app and SkyPixel cloud service of collecting sensitive information and transferring it to servers that the Chinese government has access to.
In ICE’s words, DJI uses its apps to “automatically tag GPS imagery and locations, register facial recognition data even when the system is off, and access users’ phone data. Additionally, the applications capture user identification, e-mail addresses, full names, phone numbers, images, videos, and computer credentials. Much of the information collected includes proprietary and sensitive critical infrastructure data, such as detailed imagery of power control panels, security measures for critical infrastructure sites, or materials used in bridge construction. According to the source of information (SOI), DJI automatically uploads this information into cloud storage systems located in Taiwan, China, and Hong Kong, to which the Chinese government most likely has access. SIP Los Angeles assesses with high confidence a foreign government with access to this information could easily coordinate physical or cyber attacks against critical sites.”
In the memo, ICE says it obtained this information on DJI from “open source reporting and a reliable source within the unmanned aerial systems industry with first and secondhand access.”
DJI has vigorously protested the charge, raising the prospect that ICE’s source was a competitor attempting to damage the company’s reputation.
A U.S. spokesperson told Fast Company that ICE’s accusations were “insane” and also factually incorrect.
DJI has released a statement calling the allegations “so profoundly wrong” that ICE should consider withdrawing its memo.
“Many of the allegations in the ICE report are obviously false,” DJI wrote. “The claims that DJI systems can register facial recognition data even while powered off, that Parrot and Yuneec have stopped manufacturing competitive products, and that DJI products have substantial price differentials between the U.S. and China can be easily disproven with a basic knowledge of technology and the drone industry, or even a simple internet search. Other allegations in the report are similarly unsupported by facts or technical analysis. For example, DJI does not access its customers’ flight logs, photos or videos unless customers actively upload and share them with us. Further, DJI’s new Local Data Mode stops all internet traffic to and from the DJI Pilot flight control app to provide enhanced data privacy assurance for customers flying sensitive missions.”
A DJI spokesperson told us further that even if a U.S. customer syncs their flight logs with DJI, they’re stored on Amazon servers in the U.S., not China.
We have reached out to the L.A. ICE division for more clarification.
Both China and the U.S. are believed to use domestic tech companies to smuggle spyware and other surveillance tools into each other’s countries.