The FAA indicates that it plans to carry out privacy tests of drone technology as part of a “test site” program mandated by Congress, the agency revealed in a response to two lawmakers seeking information about drone privacy. Reps. Edward J. Markey (D, Mass.) and Joe Barton (R, Texas) released the FAA document yesterday, which was a response to an April letter from the two lawmakers about the agency’s efforts to address the privacy concerns surrounding domestic drones.

It has always been a question whether the FAA would step up and involve itself in privacy issues. In our report on domestic drones last year, we took the position that,

Just as the FAA regulates drones to ensure that they are safe, so, too, should drones be regulated so they are not used in ways that infringe on privacy. The FAA’s primary purpose is protecting the physical safety of the national airspace, but its mandate also extends to "protecting individuals . . . on the ground," and the courts have suggested that this mandate is a broad one. Therefore, the FAA’s obligation to protect individuals on the ground should include protecting the privacy that Americans have traditionally enjoyed and rightly expect. If the agency refuses to do so, or is found by the courts to have limited powers in that area, then Congress should step in to directly enact any additional protections that are needed to preserve that privacy.

I can imagine a political scientist pointing out that the agency has no experience or “administrative capacity” to deal with privacy issues—but he or she might also predict that, like most bureaucracies, it should be more than happy to expand its powers and domain. In the months since we released that report in December of 2011, there has been little indication that the agency has any interest in looking at privacy. However, pressure has been rising on the agency to do so; there has been continuing bipartisan interest in the privacy issues surrounding drones. Just last month, for example, Rep. Ted Poe (R, Texas) held a House field forum on domestic drones, at which my ACLU colleague Chris Calabrese testified and members of both parties expressed concern over privacy. Barton and Markey’s letter to the FAA has no doubt been an important part of that pressure.

Last week, we got the first sign that the FAA is starting to engage more on privacy issues. In a letter to the chair of the Congressional Unmanned Systems Caucus, the agency stated that it was delaying the announcement of drone test sites, which have been the subject of much anxious jockeying by localities and industry eager to get in on the drone action, and by their politician supporters. The surprising thing about the delay was that the FAA cited privacy concerns as the reason behind it:

Our target was to have the six test sites named by the end of 2012. However, increasing the use of UAS in our airspace also raises privacy issues, and these issues will need to be addressed as unmanned aircraft are safely integrated. We are working to move forward with the proposals for the six test sites as we evaluate options with our interagency partners to appropriately address privacy concerns regarding the expanded use of UAS.

In its response to Reps. Markey and Barton released yesterday, the agency was pretty vague about its plans for oversight of privacy, saying things like,

The FAA recognizes that there are privacy concerns related to UAS operations, and the agency will review these concerns in the context of the ongoing UAS rulemaking activities and integration plans.

However, the FAA also says that its “primary tool for testing all aspects of UAS integration, including addressing privacy concerns, will be the designation and operation of the UAS test sites.” If the agency has added privacy experiments to the testing it wants conducted at the test sites, that is probably causing some reevaluation of the test site designation process, which would explain why the agency last week cited privacy concerns in the delay of that process.

It’s far from clear to me what such tests would look like— that may also be what the agency is trying to figure out. We pretty much know that you can put all kinds of surveillance technology on a drone, and we know what that kind of surveillance technology can do. Our political scientist might suspect that such tests are really a means for the agency to begin birthing some institutional capacity to engage on privacy issues. But who knows, there may be valuable insights that some kind of systematic tests could uncover.

Markey and Barton are rightly critical of the agency over what they call its “blind spot” on privacy issues—and they are also critical of the agency on transparency. In response to questions from the members about the public availability of agency information on domestic drones, the FAA responded repeatedly that the information could be obtained only via cumbersome FOIA requests.

In the end, whether or not the FAA decides it wants to deal with privacy, it may have no choice. Many agencies have found themselves in similar positions and have figured it out. The FAA can do so as well. At the same time, many uncertainties could be swept away by good strong legislation enacted by Congress.