Pentagon Official Warns About Chinese Drones Without Explaining Specific Security Risks (Again)

Ellen Lord, Under Secretary of Defense for Acquisition and Sustainment, at the Pentagon on September 9, 2020
Ellen Lord, Under Secretary of Defense for Acquisition and Sustainment, at the Pentagon on September 9, 2020
Photo: DVIDS/Marvin Lynchard

Ellen Lord, the top official at the Pentagon in charge of acquiring new technology, appeared on a virtual panel Thursday to discuss the threat posed to the U.S. by small drones made by Chinese companies like DJI. And while it might seem self-evident to many people within the national security establishment that a geopolitical adversary like China shouldn’t be trusted, Lord didn’t explain why Chinese-made hobby drones are a security threat. At some point, it would be great to start hearing some specifics.

Advertisement

“The problem, as I see it, is that the People’s Republic of China dominates the global market for small UAS,” Lord said during the panel on Thursday, using the acronym for unmanned aerial systems. “Specifically, a single Chinese company, DJI, has maintained a monopoly in UAS manufacturing, with around 77% of the small UAS market share. Intel follows far behind DJI, with only 3.7% of the market.”

“For small UAS technology in the thousand to two thousand dollar price segment, DJI’s market share is even higher at approximately 86%,” Lord continued, adding nothing about security threats.

Advertisement

The virtual panel, video of which was released online by the U.S. Department of Defense, was hosted by Lora Ries, an anti-immigration activist with the Heritage Foundation who previously worked at President Donald Trump’s Department of Homeland Security as Acting Deputy Chief of Staff.

The closest Lord came to talking about the security issues of Chinese drones was saying, “we are extremely concerned about data exfiltration from these Chinese UAS.”

Okay, we get it. China dominates the small drone market and you’re worried about data exfiltration, which just means taking information. But what specifically is the security problem posed by the theft of any data as we’re ramping up the New Cold War? And do we have any proof that China is capable of scooping up data from DJI drones in American airspace any more so than they would be from a drone made in the U.S.?

And what’s the worst-case scenario? Are we worried the Chinese government will somehow take over the drones and fly them into sensitive sites for surveillance or terrorism? Are we worried that China has some master switch to automatically disable drones in the U.S. if they’re all made by DJI? These aren’t just idle questions. They determine how enormous amounts of money get distributed within the Pentagon and the public deserves some detailed answers.

This problem pops up again and again whenever U.S. officials discuss Chinese manufacturing and national security. The Pentagon says Chinese technology is a threat—whether it’s Huawei’s 5G routers, TikTok’s social media platform, or DJI’s drones—but defense officials often refuse to lay out the specific threat model. Time and again, just as Lord did on Thursday, there’s vague talk of security “problems” without actually leveling with the American people about what those problems could be.

Advertisement

The U.S. Department of Interior banned all of its employees from using DJI equipment back in January, citing concerns that photos taken with the drones could be “valuable to foreign entities, organizations, and governments.” But again, there’s no evidence that DJI drones are more susceptible to cyberattacks nor that anyone from the Chinese government would have the ability to get info from a DJI drone.

At the end of the day, everything about the so-called national security rationale for these bans feels like simple economic protectionism that has the potential to bite America in the ass down the line. Every other sentence out of Lord’s mouth was about the economic benefits to U.S. business if Americans dominated the drone market—a role the U.S. military plays but doesn’t often say so explicitly to the American public.

Advertisement

None of this is to say that China is an honest actor on the world stage in any way. The Chinese government currently operates a system of concentration camps for its Muslim-majority ethnic population, the Uyghurs. If the goal of avoiding Chinese tech is really to sanction China for human rights abuses, the U.S. government should say so. Instead, we know through extensive reporting that Trump actually admires authoritarians and has no problem with what President Xi Jinping is doing to the Uyghurs.

“Trump said that Xi should go ahead with building the camps, which Trump thought was exactly the right thing to do,” former National Security Advisor John Bolton wrote in his recent book about a meeting with Xi in 2019.

Advertisement

This is not to say that Chinese technology is safe. But there are many reasons to remain skeptical of the idea that this is all about national security. When the European Commission released a report about global spy agencies on the internet in 2001, it noted that one of the main goals of state-based espionage wasn’t national security, but economic advantage. Several examples are listed in the report where U.S. intelligence hacked the computer systems of other countries to gain an economic advantage, even if it was just for the benefit of a privately held business. The NSA and CIA allegedly sent hacked info from overseas to American companies like General Motors and Raytheon to outbid international rivals and uncover trade secrets.

It’s not inherently a bad idea to have a strong domestic drone manufacturing base. But Americans deserve to know how and why the Pentagon is using public funds to support the growth of that market. And that knowledge will likely be part of a much broader discussion about the use of drones for privacy-sensitive applications like law enforcement and border security.

Advertisement

If there’s one thing you can bet on throughout history, it’s that whatever technology the U.S. military is using abroad will eventually come home to be used on the domestic population. We’ve seen it at the U.S.-Mexico border and we’ve seen it in supercomputers.

The war always comes home, and it’s reasonable to ask if it’s smart to use taxpayer dollars to get Skynet rolling. Ultimately, that’s more or less what we’re talking about when we say the U.S. military needs better drones.

Advertisement

Matt Novak is the editor of Gizmodo's Paleofuture blog

Share This Story

Get our newsletter

DISCUSSION

https://arstechnica.com/information-technology/2020/07/chinese-made-drone-app-in-google-play-spooks-security-researchers/

According to the reports, the suspicious behaviors include:

  • The ability to download and install any application of the developers’ choice through either a self-update feature or a dedicated installer in a software development kit provided by China-based social media platform Weibo. Both features could download code outside of Play, in violation of Google’s terms.A recently removed component that collected a wealth of phone data including IMEI, IMSI, carrier name, SIM serial Number, SD card information, OS language, kernel version, screen size and brightness, wireless network name, address and MAC, and Bluetooth addresses. These details and more were sent to MobTech, maker of a software developer kit used until the most recent release of the app.Automatic restarts whenever a user swiped the app to close it. The restarts cause the app to run in the background and continue to make network requests.Advanced obfuscation techniques that make third-party analysis of the app time-consuming.”
  • The ability to download and install any application of the developers’ choice through either a self-update feature or a dedicated installer in a software development kit provided by China-based social media platform Weibo. Both features could download code outside of Play, in violation of Google’s terms.
  • A recently removed component that collected a wealth of phone data including IMEI, IMSI, carrier name, SIM serial Number, SD card information, OS language, kernel version, screen size and brightness, wireless network name, address and MAC, and Bluetooth addresses. These details and more were sent to MobTech, maker of a software developer kit used until the most recent release of the app.
  • Automatic restarts whenever a user swiped the app to close it. The restarts cause the app to run in the background and continue to make network requests.
  • Advanced obfuscation techniques that make third-party analysis of the app time-consuming.