When I write the term government, in this case, I mean all governments, both in the United States and Mexico from local all the way up to the federal government. My annoyance has to do with responsibility, specifically the responsibility government has to the citizenry. Obviously, government is supposed to be responsible to the citizenry but as many of you know, the level of responsibility varies from agency to agency and country to country and even from government to government.
As a business owner I have accepted responsibility for many things that most citizens do not realize are responsibilities that business owners take on. The obvious are ensuring employees are treated fairly under the law and that paychecks and withholdings are properly accounted and paid for. There are other responsibilities that force business owners to become what they never intended to be. For example, for the privilege of operating a business on Texas, I must become a tax collector. Yes, a tax collector.
In Texas I must charge my clients sales tax, collect the tax, report the tax and pay the tax to the State of Texas. I can argue that this makes me an extension of the State of Texas because I am acting on the behalf of the state, collecting taxes for it. This is true for many states as well.
As the business owner, the government holds me accountable to make sure I adhere to all of the regulations and requirements. As I have clients in other parts of the world, I also assume the responsibility of adhering to the laws of those jurisdictions as well. One of the responsibilities is to ensure that certain financial and identifying information is properly safeguarded. In my case, not only am I responsible for the data I retain on my clients but I must ensure that I have done all I can from a technical point of view to ensure that my clients’ are also ensuring the security of their own clients’ data.
Protecting identifying information online is extremely complex at the technical level as well as on the legal jurisdictional landscape. European and Mexican data privacy laws are more stringent than their US counterparts in some instances. As the Internet has no international borders, online service providers are always faced with having to ensure their services do not violate any laws in the countries where our clients reside in.
As complex as the jurisdictional issues are, there is one common and undeniable truth, as the business owner I have the liability for all of the complexity whether I want it or not. As the business owner, I do not have the luxury of sovereign immunity or just plain not knowing what the law is. Whether I knew it was a law or not is immaterial, I am still liable for the ramifications of them.
If I get sued, the government will ensure that if I lose the lawsuit I will make the necessary penance to rectify the problem. If I neglect to make a scheduled tax payment to the government, it will ensure that it gets paid.
However, what happens when the government itself is at fault?
I realize that the government can be sued. However, it is an extremely arduous process and even if I have a clear case the end result might be designated under sovereign immunity regardless of how egregious the government’s failure was.
On the day that I was reading the FAA’s decision to force me to register my drone I also received a letter from the federal government telling me that my personal information had been stolen from their databases.
Actually, I almost did not receive the letter because it was in one of those self-wrapping letters that are themselves the envelope as well. You know, the type that marketers are notorious for trying to trick you into opening because they are marked as “official” or “important notice.”
The return address simply stated “OPM Notifications” with an address in Washington DC. Something forced me to unravel the letter and read it. It was from the United States Office of Personnel Management, specifically the Office of Personnel Management (OPM).
The letter told me that my personal information had been stolen by hackers.
As I have never applied to the US government for a job or security clearance I was at a loss as to why they would have my personal information on file. As a foreigner living in the United States, my personal information resides in numerous federal databases but I was surprised to learn that it was also in the Office of Personnel Management.
I thought about this for a few days trying to understand how the personnel office would have my person information. That is until I realized that many years ago I was asked to provide a reference to someone who had applied for a sensitive position in the United States government. It had happened so long ago that it took me sometime to connect the two events together.
Regardless of how OPM entered my personal information into their database the end result is that it was now in the hands of unknown individuals. It is not the first time I have experienced this situation as companies I have done business with or financial institutes that had completed a financial transaction for me have suffered computer intrusions as well.
My annoyance is that unlike private companies that I can choose not to do business with any longer after they incompetently lose my personal information; with government entities I have no such choice. I do not get to tell the FAA, no you cannot have my drone registration because I do not believe I can trust you to keep my data private.
I have never applied to the US government for a job but I am now exposed to identity theft nonetheless because some bureaucrat somewhere thought it was a great idea to put my personal identifying information on a computer system although it had nothing to do with me.
Now the FAA is ordering me to put even more personal information online on a system that was rushed into service as a knee jerk reaction to a problem the registration is unlikely to resolve.
You see, the dirty little secret about the drone registration is that it is not a drone registration but rather an owner registration database. Unlike N numbers on an aircraft that uniquely identifies an aircraft, the registration number issued by the FAA for a drone is issued to an individual who can then use the same number on as many drones as they want.
The most important part is that although the number must be affixed to the drone, it is entirely a voluntary thing that has no one really enforcing it. Think about that for a moment. I get a registration number that I am required to affix to my drone. The idea is that if my drone crashes into an airport or is recovered doing something illegal, it can be traced back to the owner.
That is the idea. But, if the underlining problem is that hobbyists either do not understand that they cannot fly their drones within 5 miles of an airport or that they ignore that requirement – how is a registration number suddenly going to make them more adherent to those rules?
Basically, I am giving the government more of my personal information to lose and the result will be continued examples of people not understanding that flying a drone near an airport is still wrong.