DJI has passed the Cryptographic Module Validation Program (CMVP) in the U.S. and Canada. This is a critical data security measure that strives to protect customer data.
What’s the news?
Jointly established by the United States Department of Commerce and the Canadian Center for Cyber Security, this measure aims to encrypt and protect consumer data.
Significantly, DJI stated that its Core Crypto Engine passed CMVP and was granted Federal Information Processing Standard (FIPS) 140-2 validation by the U.S. and Canadian governments.
What does this mean? It means that DJI’s new hardware meets specific, tested, global security standards.
From now on, all DJI drones containing the Core Crypto Engine will ensure its customers’ data is protected. Customers will be “treated to trusted, authoritative, and globally recognized standards.”
DJI says this is particularly important for its customers in enterprise and government, as both require the specification.
Why it matters
According to the company’s statement, DJI has very strong principles around transparent usage, security, and privacy. “Customer data,” says Senior Director of Corporate Strategy Christina Zhang, “is none of our business.” DJI’s stance also protects against the sale of data, specifically to advertisers.
But why does it matter? The company’s encryption is all about protecting consumer information. This is in large part because government agencies rely on its platforms.
The Core Crypto Engine meets the CMVP. Still, it’s unclear if the hardware will be implemented in all of the company’s drones going forward. The company’s language indicates this may be the case.
The FIPS validation might change the landscape for DJI’s enterprise and government users. The United States government, however, might not care. In 2020, DJI was placed and remains on the Commerce Department’s Entity list — also known as the ‘economic blacklist‘.
DJI’s stance is clear, though. From the company: “We just want you to enjoy the experience of flight and take incredible photos and videos.”