Government bodies have used more than 3,000 devices from drone manufacturer DJI which is on US trade blacklists for its alleged involvement in the surveillance of Uighur Muslims and connection with the Chinese military.
Opposition senator James Paterson has been on a crusade to rid government departments of what he calls “high-risk authoritarian technologies” from Chinese companies like Hikvision, Dahua, and DJI.
He has been querying government departments and agencies about their use of DJI technology and found at least 38 of them had done so – including the Department of Defence, and Australian Border Force.
National science agency CSIRO was by far the biggest single user of DJI technology with more than 1,668 devices in use.
Defence previously told Senate Estimates that the Army was using around 450 DJI products but has since directed personnel to stop using the Chinese-made drones.
“I know that we have looked at where they are and how they were being managed and we've asked everyone to stop using them,” deputy secretary of the Security and Estate Group within Department of Defence, Celia Perkins, said in May.
“Because they are a small consumable device, they can be locally purchased and people have been using them, for instance, in cadet units.”
The Australian Border Force has likewise said it stopped using DJI drones across the organisation following Paterson’s inquiries.
The senator wants to see the government “urgently order a government-wide grounding of all DJI drone fleets”.
“Going forward, the government needs to move beyond its whack-a-mole approach, where it is reliant on an Opposition Senator to sound the alarm on cyber security risks, towards a more systemic, robust and proactive model,” Paterson said.
Home Affairs and Cyber Security Minister Clare O’Neil said the government “will not shy away from making tough decisions” to change security settings in response to threats.
“We are continuing to assess Australia’s technology security policy settings to ensure they remain fit for purpose,” she said.
“The former Coalition government had every chance – over nine years – to put in measures to mitigate these threats.”
DJI denies any claims that the company’s products are compromised, saying it “strictly follows” data protection regulations in Australia and that decisions to stop using its drones are “baseless”.
“We would never harm our customers’ interests, especially when it comes to user data privacy. Allegations to the contrary are unsubstantiated and false,” a DJI spokesperson told Information Age.
“As a manufacturer, DJI is not a data company and our users have full control of their data. We design and build our products so customers can use them without any internet connection, which adds an additional layer of security.”
The drone company said it “strongly opposed” allegations about involvement in Uighur surveillance operations, saying DJI “respects human rights and takes responsibility to protect human rights seriously”.
In December 2021, the US Treasury placed DJI on its list of companies tied to the Chinese military-industrial complex. A year later, the US Department of Defense called out DJI as a company that “supports the modernisation goals of the People’s Liberation Army”.
DJI has long tried to combat claims that its products are compromised and has publicised audits from security companies – including one prepared for the US Department of Homeland Security which found no data leakage from DJI drones.
However, that report also warned that without using drones manufactured on US soil, it was difficult to mitigate the risk and Chinese-made drone fleets would thus need “periodic sampling”.