Attorney General Releases Counter-Drone Guidance For Select Federal Security Agencies

On Monday, April 13th, the United States Attorney General released a guidance document governing “counter-drone actions” by seven agencies housed within the Department of Justice (DOJ).  The guidance requires the agencies to coordinate such actions with the Federal Aviation Administration (FAA) and seek approval from the Deputy Attorney General before engaging in counter-drone activities.  The guidance also contains “explicit protections for privacy, civil rights, and civil liberties, including limitations on the retention and use of any data collected during the course of counter-drone operations.”  The guidance represents the latest attempt to balance the innovative promise of unmanned aircraft systems (UAS) with the security concerns of some federal agencies.


On October 5, 2018, President Trump signed the FAA Reauthorization Act of 2018 into law.  The bill incorporated key counter-drone elements of the Preventing Emergency Threats Act of 2018.  One such provision, codified at 6 U.S.C. § 124n, allows the Attorney General—“for [its] respective Departments”—to authorize actions “necessary to mitigate a credible threat . . . that an unmanned aircraft system or unmanned aircraft poses to the safety or security of a covered facility or asset.”  The counter-drone guidance was issued pursuant to this provision.

The guidance applies to the following seven agencies—to which the guidance refers as “authorized Department components”— within DOJ:

  • The Bureau of Alcohol, Tobacco, Firearms, and Explosives;

  • The Drug Enforcement Administration;

  • The Federal Bureau of Investigation;

  • The Federal Bureau of Prisons;

  • The United States Marshals Service;

  • The Justice Management Division; and

  • The Executive Office for United States Attorneys.

Requests To Engage In Counter-Drone Activity

Authorized Department components seeking to deploy counter-drone measures are required to submit requests to “have a facility or asset designated as a covered facility or asset and to deploy protective measures at such facility or asset[.]”  Protective measures are defined as an enumerated list of actions that include: (1) identifying and tracking UAS, (2) warning the operator of a UAS, (3) “[d]isrupting control of” UAS, (4) “[s]eizing or exercising control of” UAS, (5) confiscating UAS, and (6) “[u]sing reasonable force, if necessary, to disable, damage, or destroy the” UAS.

Commensurate with the serious consequences that may result from the components’ exercise of protective measures, the guidance requires thorough and detailed requests from components that plan to employ such measures.  The requests must be directed to the Deputy Attorney General at least 30 days before deploying protective measures.[1]  Requests must include:

  • A description of the facility or asset;

  • A description of the facility or asset’s relationship to the Department’s mission;

  • A description of any existing airspace restrictions or new airspace restrictions that may be needed;

  • A list of the protective measures “that the component seeks authority to use;”

  • Disclosure of whether the use of those protective measures will trigger privacy concerns;

  • The time period during which the protective measures will be used and the area covered by those measures;

  • A list of measures the entity plans to use other than those authorized by the Preventing Emergency Threats Act of 2018;

  • A risk-based assessment that describes, inter alia, “why there are reasonable grounds to believe, based on the totality of the circumstances, that the activities of unmanned aircraft or unmanned aircraft systems in the area or airspace covered by the proposed protective measures represent a credible threat[2] to the safety or security of the facility or asset;”

  • A description in the risk assessment of the potential consequences or impacts of the agency’s proposed protective measures;

  • A description of whether and what other measures are or will be employed by other entities to protect the same mission, facility or asset;

  • An accounting of the agency’s coordination efforts with the FAA, National Telecommunications and Information Administration, or other federal agencies; and

  • A “summary of [the] component counsel’s legal assessment of the request.”

Authorized department components may also submit requests to support state, local, territorial, or tribal law enforcement to ensure protection of people and property at mass gatherings.  Such requests must be “at the request of the chief executive officer of a State or territory” and “consistent with the authorized missions of the Department.”

The Deputy Attorney General may grant requests consistent with the guidance and that further the components’ operational missions.  The Deputy Attorney General may grant only a subset of the requested protective measures or place conditions on measures that it approves.

Coordination With The FAA And Other Entities

The guidance requires components to consult with the FAA prior to deploying protective measures.  Components must work with the FAA to mitigate risks of proposed protective measures where the FAA finds that such measures “pose[] an unacceptable degree of risk to the safety, efficiency, or use of the national airspace system[.]”  Components may also request “categorical determination[s]” from the FAA that certain activities are acceptable.

Components must also comply with other affected entities—both federal and non-federal—where “feasible and appropriate[.]”

Privacy Protections

The guidance requires that components consult with their privacy officers.  It also requires that components comply with the Constitution—in particular, the First and Fourth Amendments—and federal statutes in the course of their monitoring activities.  The guidance allows for dissemination of communications obtained pursuant to the guidance only to (1) prosecute violations of law, (2) support law enforcement or defense functions, or (3) comply with a legal requirement.  Components must also maintain records of “how they access, maintain, use, and disseminate communications intercepted or acquired” pursuant to the guidance.

The guidance imposes specific data retention requirements on components.  In particular, it provides that components may main records intercepted from UAS only for such period as (1) “[i]s necessary to investigate or prosecute a violation of federal law,” (2) “[i]s necessary to directly support an ongoing security operation,” (3) “[i]s required under federal law,” or (4) “[i]s necessary for the purpose of litigation, including litigation that is reasonably foreseeable.”  Records that do not fall under one of these purposes may be maintained “only for as long as necessary, and in no event for more than 180 days.”


While the component requests, coordination obligations, and privacy protections comprise the main substance of the guidance, there are several other important provisions.  In particular, the guidance provides that:

  • Prior to acquiring technology or equipment that will be used to take protective measures, components must consider a number of different risk factors, such as harm to bystanders, effects on airspace safety, interoperability, radio interference, and supply chain vulnerabilities;

  • Components must ensure that their relevant personnel are properly trained to use any technology or equipment used to take protective measures;

  • If components plan to use protective measures that involve the use of force, they must coordinate with the FAA, Department of Homeland Security, and “other appropriate federal departments or agencies to the extent required by law” to update their use of force policies related to UAS;

  • Components adopting any protective measures must issue a policy governing such measures to ensure compliance with the guidance;

  • The DOJ’s UAS Working Group is tasked with DOJ’s internal coordination.


This guidance is the latest federal effort to ensure the safe and widespread integration of UAS technology in the United States.  Moving forward, many security agencies will now have the authority and a well-defined process to acquire and use counter-drone technology.  And while only time will tell how effective it is, the guidance clearly shows that DOJ is taking seriously the risk of privacy intrusions and other potential harms from federal counter-drone efforts.

[1] This requirement may be relaxed in the case of exceptional circumstances.

[2] A “credible threat” is defined as “the reasonable belief, based on the totality of the circumstances, that the activity of an unmanned aircraft or unmanned aircraft system may, if unabated: 1. Cause physical harm to a person; 2. Damage property, assets, facilities, or systems; 3. Interfere with the mission of a covered facility or asset, including its movement, security, or protection; 4. Facilitate or constitute unlawful activity; 5. Interfere with the preparation or execution of an authorized government activity, including the authorized movement of persons; 6. Result in unauthorized surveillance or reconnaissance; or 7. Result in unauthorized access to, or disclosure of, classified, sensitive, or otherwise lawfully protected information.”


Wiley Connect

Sign up for updates

Necessary Cookies

Necessary cookies enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions.

Analytical Cookies

Analytical cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.