Elec. Privacy Info. Ctr. v. Fed. Aviation Admin.

892 F.3d 1249

• Court: Court of Appeals for the D.C. Circuit
• Decided: June 19, 2018
• Docket: No. 16-1297
• Status: Published

Opinion

Opinion for the Court filed by Senior Circuit Judge Sentelle.

In June 2016, the Federal Aviation Administration ("FAA") published a final order, the Operation and Certification of Small Unmanned Aircraft Systems, 81 Fed. Reg. 42,064 (June 28, 2016). The FAA promulgated the rule under the FAA Modernization and Reform Act of 2012 (the "Modernization Act"), Pub. Law. 112-95, 126 Stat. 11, in which Congress directed the Secretary of Transportation to consider whether certain small unmanned aircraft systems ("drones") could be safely integrated into the national airspace and to establish requirements ensuring their safe operation, § 333, 126 Stat. at 75-76. 81 Fed. Reg. at 42,067 -68. The Electronic Privacy Information Center ("EPIC") now challenges the rule on the grounds that the FAA did not address privacy issues raised by drone operations. EPIC argues that the Modernization Act requires the FAA to consider and protect privacy in regulating drone use.¹ Because EPIC fails to establish standing, however, we dismiss the petition for review and do not reach the merits.

I. Background

The rule at issue creates regulations for certain classes of nonrecreational small drone operations. 81 Fed. Reg. at 42,074. Small drones can never comply with some of FAA's existing manned aircraft regulations, and others would be inappropriately burdensome. See id. at 42,068 -69.

Recognizing the need for regulations specific to drone operations, Congress charged the FAA with planning for and promulgating a new regulatory framework for drones. Congress directed the FAA to provide a comprehensive framework "to safely accelerate the integration of civil unmanned aircraft systems into the national airspace system." Modernization Act § 332(a)(1). Congress further charged the FAA with determining "which types of unmanned aircraft systems, if any, as a *1252result of their size, weight, speed, operational capability, proximity to airports and populated areas, and operation within visual line of sight do not create a hazard to users of the national airspace systems or the public or pose a threat to national security" and so could be integrated into the national airspace earlier rather than awaiting comprehensive drone regulations. Id. § 333(a), (b). The small drone rule at issue was promulgated to meet this accelerated requirement of Modernization Act § 333. 81 Fed. Reg. at 42,067 -68.

The rule was first proposed in 2015. 80 Fed. Reg. 9544 (Feb. 23, 2015). The proposed rulemaking acknowledged privacy concerns arising from unmanned aircraft and noted FAA's involvement in an interagency process to address those concerns, but concluded that privacy was beyond the scope of the proposed rule. 80 Fed. Reg. at 9552. Instead, safety concerns drove the FAA's efforts in crafting the final rule, specifically (1) the ability to "see and avoid" other aircraft without a pilot on board and (2) potential loss of control of the drone due to failure of the link between the drone and its operator. 81 Fed. Reg. at 42,068. To address these concerns, the regulations require the operator to maintain visual line of sight with the drone, to operate during daylight or twilight only, and to limit the speed and altitude of small drone operations, among other requirements. Id. at 42,066 -67. As required under Modernization Act § 333, the FAA determined that operations conducted in compliance with the rule "pose no hazard to the public and the [national airspace system]." 81 Fed. Reg. at 42,180.

EPIC, which describes itself as "an organization established to focus public attention on emerging privacy and civil liberties issues," commented on the proposed rule. EPIC argued that privacy regulations were necessary to ensure drone operation safety and were required under the Modernization Act. In the final rule, the FAA determined that privacy concerns were beyond the scope of the rulemaking and not obviously within its traditional statutory mandate to ensure the safe and efficient use of national airspace. 81 Fed. Reg. at 42,190. Indeed, the FAA had "never extended its administrative reach to regulate the use of cameras and other sensors extraneous to the airworthiness or safe operation of the aircraft in order to protect individual privacy." Id.

The FAA also responded to EPIC's contention that the Modernization Act required the agency to promulgate drone privacy regulations. The agency explained, "None of the [drone]-related provisions of [the Modernization Act] directed the FAA to consider privacy issues." Id. at 42,191. Rather, to read the act as implicitly requiring such regulation "would be a significant expansion beyond the FAA's long-standing statutory authority as a safety agency," and the agency lacked rulemaking authority to regulate privacy interests between third parties. Id. at 42,191 -92. EPIC timely petitioned this court for review.

EPIC now challenges the rule on the following grounds: (1) the FAA's refusal to address privacy hazards is unlawful because (a) it is contrary to the Modernization Act, (b) the FAA's construction of the statutory term "hazard" is impermissibly narrow, and (c) the agency acted arbitrarily and capriciously; and (2) the FAA unlawfully engaged in piecemeal regulation when the Modernization Act requires a comprehensive rulemaking. Before we can address those questions, we must first determine if we have jurisdiction. This inquiry requires that we determine whether EPIC has standing. See Summers v. Earth Island Inst. , 555 U.S. 488, 499, 129 S.Ct. 1142, 173 L.Ed.2d 1 (2009). EPIC does not.

*1253II. Discussion

"[S]tanding is a fundamental prerequisite to any exercise of our jurisdiction," and "requires ... that the litigant has suffered a concrete and particularized injury that is actual or imminent, traceable to the challenged act, and redressable by the court." Abigail All. for Better Access to Developmental Drugs v. Eschenbach , 469 F.3d 129, 132 (D.C. Cir. 2006). EPIC "must support each element of its claim to standing 'by affidavit or other evidence.' " Americans for Safe Access v. DEA , 706 F.3d 438, 443 (D.C. Cir. 2013) ; see also D.C. Cir. R. 28(a)(7).

"An organization like [EPIC] can assert standing on its own behalf, on behalf of its members or both." Equal Rights Ctr. v. Post Props., Inc. , 633 F.3d 1136, 1138 (D.C. Cir. 2011) (citing Abigail All. , 469 F.3d at 132 ). EPIC asserts both associational standing on behalf of its members and its own organizational standing. In reviewing these claims to standing, we bear in mind that because EPIC and its members are "not the objects of the [challenged regulation], standing 'is ordinarily "substantially more difficult" to establish.' " Sierra Club v. EPA , 754 F.3d 995, 999 (D.C. Cir. 2014) (quoting Lujan v. Defs. of Wildlife , 504 U.S. 555, 562, 112 S.Ct. 2130, 119 L.Ed.2d 351 (1992) ). We consider each theory of standing in turn.

A. Associational Standing

We first consider whether EPIC has established associational standing. An association must show that "(1) at least one of [its] members would have standing to sue; (2) the interests [it] seek[s] to protect are germane to the organization['s] purposes; and (3) neither the claim asserted nor the relief requested requires the participation of individual members." Id. (citing Friends of the Earth, Inc. v. Laidlaw Envtl. Servs. (TOC), Inc. , 528 U.S. 167, 181, 120 S.Ct. 693, 145 L.Ed.2d 610 (2000) ). Because EPIC's members fail to establish a concrete and particularized injury caused by the small drone rules, we need examine only that issue.

To establish that its members would have standing, EPIC offers affidavits from two members of its advisory board. The first declares the affiant's knowledge of testing of drone delivery services and other drone testing in the region of Florida in which he lives and travels. The second makes similar declarations concerning testing of delivery and reconnaissance drones in and around Boston, Massachusetts. Both voice a "concern[ ] about an increasing loss of privacy due to the widespread use [of] small drones for deliveries, photography, and other persistent monitoring of public and private spaces." Both declare a further concern "that my freedom to travel free of constant monitoring will be disturbed and my privacy put at risk by the drone operations authorized by the FAA." EPIC argues that these declarations establish that the promulgation of the FAA's small drone regulations "will result in the invasion of privacy and collection of sensitive personal information" that would otherwise have been protected against by the wished-for FAA privacy regulations. The FAA's failure to promulgate such regulations would therefore contribute to and increase the risks drones pose to privacy.

An initial difficulty with EPIC's argument arises from its heavy dependence on the testing of drone delivery services. Such services would appear to be largely excluded from the operations authorized under these rules and cannot provide a basis for Article III standing because the injury claimed is not caused by these rules. The FAA states that "the rule at issue does not authorize such operations" because "air carrier operations" are expressly excluded *1254from the rule. FAA Br. 24 (citing 14 C.F.R. § 107.1(b)(1) ). EPIC responds that the FAA fails to offer a definition of "air carrier operations" or show that the delivery services in question meet any such definition. This response fails to account for EPIC's burden to establish standing. True, the FAA may not have shown that the drone testing in question is not authorized by the rule at issue. But EPIC bears the burden to show that those services are authorized by this rule and cause the alleged injuries, which would be remedied by vacatur. Cf. Sierra Club , 754 F.3d at 1001 (rejecting claims of injury based on the speculative reading of an EPA memorandum, where the memorandum could be interpreted differently and EPA indicated that it did so).

Moreover, the declarations offered by EPIC specifically mention United Parcel Service of America, Inc. ("UPS"), which would seem to qualify as an "air carrier" within the meaning of 14 CFR § 107.1(b)(1). An "air carrier" is anyone who "undertakes ... to engage in air transportation." 14 C.F.R. § 1.1. "Air transportation" includes "interstate ... air transportation," which in turn is defined as "the carriage by aircraft of persons or property as a common carrier for compensation or hire ... [w]hether that commerce moves wholly by aircraft or partly by aircraft and partly by other forms of transportation." Id. EPIC offers no reason why UPS would not fall under these definitions. Further, the FAA considered comments concerning package delivery services in the context of its omission of authorization for air carrier operations. See 81 Fed. Reg. at 42,074 -77.

The FAA does note that some "limited carriage of property" by small drone may be authorized under the rule, but that any such operations would have to be undertaken in compliance with the rule's other restrictions, including the use of a trained remote pilot and line-of-sight operation. See id. at 42,076 -77. Indeed, these restrictions are so great that the FAA does not consider "the limited transport of property for compensation that could occur [under the rule] ... to constitute 'interstate air transportation.' " Id. at 42,077. Finally, EPIC provides no reason to believe that any of the package delivery services mentioned are authorized under this rule rather than through some alternative means established by the FAA, such as a waiver. See id. at 42,065. EPIC's declarations regarding UPS and other package delivery services do not carry its burden.

Similarly, the declarations concerning "autonomous" drones do not establish that those autonomous drones would fall within the strict window for autonomous flight permitted by the small drone rule. See 81 Fed. Reg. at 42,134 -35. In particular, the FAA notes the requirements for line-of-sight operations and for a single remote pilot who can direct the drone. See id. at 42,135. EPIC makes no effort to show that either the " 'HorseFly' autonomous drone delivery system," or the " 'Persistent Aerial Reconnaissance and Communications (PARC)' autonomous drone" are in fact authorized to fly under the small drone regulations challenged rather than various other mechanisms the FAA has used to "accommodate nonrecreational" drone operations. See id. at 42,065. These allegations do not establish an injury caused by the FAA's failure to promulgate privacy regulations as part of this rulemaking.

Outside of these specific statements concerning package delivery and autonomous drones, EPIC offers only generic allegations that in light of the new regulations, more drones will operate in the areas where their members live and travel, leading ineluctably "to invasions of privacy and the collection of sensitive personal information."

*1255This injury rests on too "highly attenuated [a] chain of possibilities" to "satisfy the requirement that threatened injury must be certainly impending." Clapper v. Amnesty Int'l USA , 568 U.S. 398, 410, 133 S.Ct. 1138, 185 L.Ed.2d 264 (2013). This chain of causation includes that drone use will increase in Boston or Tampa because of the new regulation, that the drones will be equipped with cameras or sensors, that any such data captured will be recorded, and that the drones will invade the members' privacy in a way constituting Article III injury. This injury is too speculative to support standing. See Williams v. Lew , 819 F.3d 466, 473 (D.C. Cir. 2016) ("[A]ny future injury that Williams might suffer follows from an extended chain of contingencies."); see also National Ass'n of Home Builders v. U.S. Fish & Wildlife Serv. , 786 F.3d 1050, 1054 (D.C. Cir. 2015) (" '[I]ndependent action of some third party not before the court' is not fairly traceable to challenged actions by the [agency]." (quoting Lujan , 504 U.S. at 560, 112 S.Ct. 2130 ) ).

EPIC argues that it has sufficiently shown an "increase in an existing risk[ ] of injury to the particularized interests of the plaintiff." Our precedents on probabilistic standing require "at least both (i) a substantially increased risk of harm and (ii) a substantial probability of harm with that increase taken into account." Public Citizen, Inc. v. Nat'l Highway Traffic Safety Admin. , 489 F.3d 1279, 1295 (D.C. Cir. 2007) (citing Mountain States Legal Found. v. Glickman , 92 F.3d 1228, 1234-35 (D.C. Cir. 1996) ). "In applying the 'substantial' standard, we are mindful, of course that the constitutional requirement of imminence ... necessarily compels a very strict understanding of what increases in risk and overall risk levels can count as substantial." Id. at 1296.

Assuming risk-based standing can be applied to risks to privacy rather than to public health or the environment, see NRDC v. EPA , 464 F.3d 1, 6 (D.C. Cir. 2006) ; Mountain States , 92 F.3d at 1234-35, the highly attenuated chain of causation presented by EPIC dooms any attempt to establish probabilistic standing. The speculative nature of the injury alleged means that EPIC has failed to show that these rules caused either a substantially increased risk of harm or a substantial probability of harm in light of that increased risk. Accordingly, because EPIC cannot meet its burden to show that at least one of its members suffers the requisite injury for standing, its claim of associational standing fails.

B. Organizational Standing

Having rejected EPIC's claim to associational standing, we turn to its attempt to establish organizational standing based on alleged impediments to its activities as a result of the FAA's refusal to promulgate drone privacy regulations. To establish organizational standing, a party must show that it suffers "a 'concrete and demonstrable injury to [its] activities,' " distinct from "a mere setback to [the organization's] abstract social interests." PETA v. USDA , 797 F.3d 1087, 1093 (D.C. Cir. 2015). Additionally, the organization must show "the presence of a direct conflict between the defendant's conduct and the organization's mission ." National Treasury Emps. Union v. United States , 101 F.3d 1423, 1430 (D.C. Cir. 1996). Impediments to "pure issue-advocacy" cannot establish standing. See PETA , 797 F.3d at 1094 (quoting Center for Law & Educ. v. Dep't of Educ. , 396 F.3d 1152, 1162 (D.C. Cir. 2005) ).

Our inquiry into EPIC's organizational standing is straightforward because EPIC failed to identify record evidence or submit *1256evidence establishing its organizational standing. We reminded EPIC in our briefing order of this requirement. EPIC v. FAA , No. 16-1297 (D.C. Cir. Jan. 4, 2017). Both our precedents and local rules establish that where standing is not clear from the administrative record, a petitioner must submit affidavits or other evidence. D.C. Cir. R. 28(a)(7) ; Americans for Safe Access , 706 F.3d at 443. EPIC submitted no affidavits in support of its standing as an organization. Instead it presented only vague assertions in its brief that sound in pure issue advocacy, as well as a reference to the About page of its website.

EPIC attempts to liken its case to PETA v. USDA , 797 F.3d 1087 (D.C. Cir. 2015). In that case, we held that PETA had standing to sue the USDA for failure to issue regulations implementing the Animal Welfare Act as to birds. See id. at 1094-97. We did so because the USDA's inaction deprived PETA of both Animal Welfare Act information relating to birds (USDA inspection reports) and an avenue for filing USDA complaints against research facilities using birds or exhibitors of birds. Id. at 1094-95. PETA, unlike EPIC, filed declarations supporting its assertions as to its organizational activities. Id. at 1094-96. These included statements concerning its preexisting filing of USDA complaints as to other types of animals under the Animal Welfare Act, attempts to file complaints as to birds, and its increased expenditures in response to USDA's inaction. See id.

The FAA has not impaired or injured EPIC's activities. EPIC identifies neither "denial of access to an avenue for redress" of illegality or "restrict[ion of] the flow of information [EPIC] uses to educate its members." Food & Water Watch, Inc. v. Vilsack , 808 F.3d 905, 920-21 (D.C. Cir. 2015). Accordingly, EPIC fails to establish organizational standing.

III. Conclusion

For the foregoing reasons, we dismiss EPIC's petition for review.

So ordered.

1 This case had been consolidated with Taylor v. FAA , No. 16-1302, a challenge to a different part of the rule dealing with exemptions for model aircraft. Because of the lack of substantive overlap between the challenges brought, we now deconsolidate these cases.