Privadome: A System for Citizen Privacy in the Delivery Drone Era

Abstract

E-commerce companies are actively considering the use of delivery drones for customer fulfillment, leading to growing concerns around citizen privacy. Drones are equipped with cameras, and the video feed from these cameras is often required as part of routine navigation, be it for semi-autonomous or fully-autonomous drones. Footage of ground-based citizens captured in these videos may lead to privacy concerns.

This paper presents \pd, a system that implements the vision of a virtual privacy dome centered around the citizen. \pd\ is designed to be integrated with city-scale regulatory authorities that oversee delivery drone operations and realizes this vision through two components, \pdmpc\ and \pdros. \pdmpc\ allows citizens equipped with a mobile device to identify drones that have captured their footage. It uses secure two-party computation to achieve this goal without compromising the privacy of the citizen's location. \pdros\ allows the citizen to communicate with such drones and obtain an audit trail showing how the drone uses their footage and determine if privacy-preserving steps are taken to sanitize the footage. An experimental evaluation of \pd\ shows that the system scales to near-term city-scale delivery drone deployments (hundreds of drones). We show that with \pdmpc\ the mobile data usage on the citizen's mobile device is comparable to that of routine activities on the device, such as streaming videos. We also show that the workflow of \pdros\ consumes a modest amount of additional CPU resources and power on our experimental platform.