Day: October 2, 2011

GM/OnStar “spy car” T&C update: followup 1

Oh, the things I find out by reading.

The thoughts that I were left with when finishing the earlier post about GM/OnStar were along the lines of “people really should not have to disconnect OnStar to preserve their privacy, there has to be something I am missing”. And in addition to being incorrect about being able to disconnect OnStar by just pulling a fuse (sometimes you disconnect more than just OnStar that way, unless you go straight to the OnStar box and disconnect power there), I also had no idea, until today, that Texas law actually forbids some of what GM is doing.

I was looking up something in the Texas Transportation Code researching an unrelated matter, and happened to notice http://www.statutes.legis.state.tx.us/Docs/TN/htm/TN.547.htm#547.615 entited “Recording Devices” which appears to address services such as OnStar. I have reproduced the section in its entirety below:

Sec. 547.615.  RECORDING DEVICES. (a) In this
section:

(1)  "Owner" means a person who:

(A)  has all the incidents of ownership of a motor
vehicle, including legal title, regardless of
whether the person lends, rents, or creates a
security interest in the vehicle;

(B)  is entitled to possession of a motor vehicle
as a purchaser under a security agreement; or

(C)  is entitled to possession of a motor vehicle
as a lessee under a written lease agreement if the
agreement is for a period of not less than three
months.

(2)  "Recording device" means a feature that is
installed by the manufacturer in a motor vehicle
and that does any of the following for the purpose
of retrieving information from the vehicle after
an accident in which the vehicle has been
involved:

(A)  records the speed and direction the vehicle
is traveling;

(B)  records vehicle location data;

(C)  records steering performance;

(D)  records brake performance, including
information on whether brakes were applied before
an accident;

(E)  records the driver's safety belt status; or

(F)  transmits information concerning the accident
to a central communications system when the
accident occurs.

(b)  A manufacturer of a new motor vehicle that is
sold or leased in this state and that is equipped
with a recording device shall disclose that fact
in the owner's manual of the vehicle.

(c)  Information recorded or transmitted by a
recording device may not be retrieved by a person
other than the owner of the motor vehicle in which
the recording device is installed except:

(1)  on court order;

(2)  with the consent of the owner for any
purpose, including for the purpose of diagnosing,
servicing, or repairing the motor vehicle;

(3)  for the purpose of improving motor vehicle
safety, including for medical research on the
human body's reaction to motor vehicle accidents,
if the identity of the owner or driver of the
vehicle is not disclosed in connection with the
retrieved information; or

(4)  for the purpose of determining the need for
or facilitating emergency medical response in the
event of a motor vehicle accident.

(d)  For information recorded or transmitted by a
recording device described by Subsection
(a)(2)(B), a court order may be obtained only
after a showing that:

(1)  retrieval of the information is necessary to
protect the public safety; or

(2)  the information is evidence of an offense or
constitutes evidence that a particular person
committed an offense.

(e)  For the purposes of Subsection (c)(3):

(1)  disclosure of a motor vehicle's vehicle
identification number with the last six digits
deleted or redacted is not disclosure of the
identity of the owner or driver; and

(2)  retrieved information may be disclosed only:

(A)  for the purposes of motor vehicle safety and
medical research communities to advance the
purposes described in Subsection (c)(3); or

(B)  to a data processor solely for the purposes
described in Subsection (c)(3).

(f)  If a recording device is used as part of a
subscription service, the subscription service
agreement must disclose that the device may record
or transmit information as described by Subsection
(a)(2).  Subsection (c) does not apply to a
subscription service under this subsection.

Added by Acts 2005, 79th Leg., Ch. 910, Sec. 1,
eff. September 1, 2006.

So, according to my interpretation of the law, it would appear that GM/OnStar can’t do what they plan to do with non-subscriber info. It is unfortunate that the law, as written, has a loophole in it that’s (pardon the awful pun) big enough to drive a truck through. Subscribers should be protected from undesired privacy invasion such as that which GM/OnStar is effecting with their change in terms and conditions.

I’d like to know what the official GM/OnStar line is regarding Texas Transportation Code section 547.615. Shouldn’t Federal law also prohibit what GM/OnStar is changing the T&C to allow? I think it should, and I doubt I am the only one.

Wireless phone companies tossing customer privacy with long retention periods

A recent story on rawstory.com highlights the rather disturbing and frightening data retention policies of two major phone carriers. Verizon and Virgin Mobile both keep the content of text messages after they are sent; the former for a mere “3 to 5 days”, but Virgin Mobile keeps around text message content for a staggering 90 days (but thankfully requires a search warrant for law enforcement agencies to get copies).

The story links this chart from the Department of Justice obtained by the ACLU. The numbers that texts are sent to and received from is one thing, but those shouldn’t even be kept for longer than is necessary to resolve billing disputes.

Also quite horrifying, is the length of time cell tower information is kept by certain carriers. Perhaps the worst offender here is AT&T, which merely states “from July 2008” and has no upper end on how long they will keep the information such as one year, two years, three years, five years, etc. Ideally, this information should not normally be kept beyond, say, a week up to a month, maybe longer when absolutely necessary for the express purpose of troubleshooting (such as while repairing a tower that drops a statistically significant number of calls higher than average), and securely deleted as soon as it’s no longer needed.

Perhaps the worst part of this story is that each company appears to have one area in which they are keeping certain records way too long, undermining most attempts to preserve privacy by switching companies. AT&T hangs on to store surveillance videos for 2 months, clearly not necessary if T-Mobile only keeps them two weeks (and then there’s Sprint, who doesn’t reassure me at all with their “depends” response, which could mean they’re buying hard drives every year to archive surveillance video indefinitely). Sprint (including Nextel and Virgin Mobile) keep call detail information the longest, and have no upper end on subscriber information retention (scary, as I was once a Sprint customer). Verizon keeps IP session information for a whole year, and IP destination information for 90 days, while Sprint keeps both for 60 days; however, it’s clearly not necessary to keep either if AT&T, T-Mobile, and Virgin Mobile don’t keep that information at all.

In response to receiving this document, ACLU affiliates in 32 states filed requests for information with local law enforcement agencies seeking to uncover exactly how they are using this information to track Americans. Unfortunately, Texas is not one of those states, and I am trying to find out why.

If there are legal minimum requirements for keeping information, that’s one thing. However, companies need to be held accountable when they make record retention decisions that have a potentially deleterious effect on customer privacy. Judging by the diverse range of record retention times, there appear to be no legal minimums for many categories. If anything, in the age where landline use is seen as antiquated, the laws should be revised to protect the privacy of wireless phone subscribers.

I will likely be following up with the most interesting parts of what the ACLU and ACLU affiliates find out regarding their requests for information, as well as what I find out, if anything, regarding Texas. It may not be for several months, though I will endeavor to post incremental followups if I uncover something particularly important or interesting.