GM/OnStar “spy car” T&C update: followup 1

Oh, the things I find out by reading.

The thoughts that I were left with when finishing the earlier post about GM/OnStar were along the lines of “people really should not have to disconnect OnStar to preserve their privacy, there has to be something I am missing”. And in addition to being incorrect about being able to disconnect OnStar by just pulling a fuse (sometimes you disconnect more than just OnStar that way, unless you go straight to the OnStar box and disconnect power there), I also had no idea, until today, that Texas law actually forbids some of what GM is doing.

I was looking up something in the Texas Transportation Code researching an unrelated matter, and happened to notice http://www.statutes.legis.state.tx.us/Docs/TN/htm/TN.547.htm#547.615 entited “Recording Devices” which appears to address services such as OnStar. I have reproduced the section in its entirety below:

Sec. 547.615.  RECORDING DEVICES. (a) In this
section:

(1)  "Owner" means a person who:

(A)  has all the incidents of ownership of a motor
vehicle, including legal title, regardless of
whether the person lends, rents, or creates a
security interest in the vehicle;

(B)  is entitled to possession of a motor vehicle
as a purchaser under a security agreement; or

(C)  is entitled to possession of a motor vehicle
as a lessee under a written lease agreement if the
agreement is for a period of not less than three
months.

(2)  "Recording device" means a feature that is
installed by the manufacturer in a motor vehicle
and that does any of the following for the purpose
of retrieving information from the vehicle after
an accident in which the vehicle has been
involved:

(A)  records the speed and direction the vehicle
is traveling;

(B)  records vehicle location data;

(C)  records steering performance;

(D)  records brake performance, including
information on whether brakes were applied before
an accident;

(E)  records the driver's safety belt status; or

(F)  transmits information concerning the accident
to a central communications system when the
accident occurs.

(b)  A manufacturer of a new motor vehicle that is
sold or leased in this state and that is equipped
with a recording device shall disclose that fact
in the owner's manual of the vehicle.

(c)  Information recorded or transmitted by a
recording device may not be retrieved by a person
other than the owner of the motor vehicle in which
the recording device is installed except:

(1)  on court order;

(2)  with the consent of the owner for any
purpose, including for the purpose of diagnosing,
servicing, or repairing the motor vehicle;

(3)  for the purpose of improving motor vehicle
safety, including for medical research on the
human body's reaction to motor vehicle accidents,
if the identity of the owner or driver of the
vehicle is not disclosed in connection with the
retrieved information; or

(4)  for the purpose of determining the need for
or facilitating emergency medical response in the
event of a motor vehicle accident.

(d)  For information recorded or transmitted by a
recording device described by Subsection
(a)(2)(B), a court order may be obtained only
after a showing that:

(1)  retrieval of the information is necessary to
protect the public safety; or

(2)  the information is evidence of an offense or
constitutes evidence that a particular person
committed an offense.

(e)  For the purposes of Subsection (c)(3):

(1)  disclosure of a motor vehicle's vehicle
identification number with the last six digits
deleted or redacted is not disclosure of the
identity of the owner or driver; and

(2)  retrieved information may be disclosed only:

(A)  for the purposes of motor vehicle safety and
medical research communities to advance the
purposes described in Subsection (c)(3); or

(B)  to a data processor solely for the purposes
described in Subsection (c)(3).

(f)  If a recording device is used as part of a
subscription service, the subscription service
agreement must disclose that the device may record
or transmit information as described by Subsection
(a)(2).  Subsection (c) does not apply to a
subscription service under this subsection.

Added by Acts 2005, 79th Leg., Ch. 910, Sec. 1,
eff. September 1, 2006.

So, according to my interpretation of the law, it would appear that GM/OnStar can’t do what they plan to do with non-subscriber info. It is unfortunate that the law, as written, has a loophole in it that’s (pardon the awful pun) big enough to drive a truck through. Subscribers should be protected from undesired privacy invasion such as that which GM/OnStar is effecting with their change in terms and conditions.

I’d like to know what the official GM/OnStar line is regarding Texas Transportation Code section 547.615. Shouldn’t Federal law also prohibit what GM/OnStar is changing the T&C to allow? I think it should, and I doubt I am the only one.

GM enters the spy car business with OnStar T&C update

In the past I’ve written about some pretty evil things done by large corporations: Google, Apple, Microsoft, AT&T, and a few others. What I read today, though, sets a new low, and from a most unlikely source.

Jonathan Zdziarski recently wrote a piece on GM’s OnStar service and a recent update to its terms and conditions. Jonathan was disturbed, to the point where he immediately canceled his OnStar service. And I don’t blame him; from the looks of it, GM vehicles with OnStar are now spy cars–and I don’t mean the James Bond type, either, I mean the type that spy on you. From the article:

OnStar’s latest T&C has some very unsettling updates to it, which include the ability to sell your personal GPS location information, speed, safety belt usage, and other information to third parties, including law enforcement. To add insult to a slap in the face, the company insists they will continue collecting and selling this personal information even after you cancel your service, unless you specifically shut down the data connection to the vehicle after canceling.
[…]
As you scroll down the list of information collected, you see that once you get past important emergency services (what we pay OnStar for), OnStar now has given themselves the right to also use this information to stuff their pockets. OnStar has granted themselves the right to collect this information “for any purpose, at any time, provided that following collection of such location and speed information identifiable to your Vehicle, it is shared only on an anonymized basis.”

(some emphasis added)

As Jonathan goes on to say, there really is no such thing as anonymized GPS data. It’s a simple matter to find the GPS coordinates where a vehicle is parked at least 12 hours out of the day, and assume that’s probably the owner’s residence. If location is involved at all, the data is not anonymized.

I’m disturbed enough that this data is being shared with law enforcement; if OnStar knows a car regularly exceeds an underposted speed limit by 10 miles per hour or more, and shares that with the cops, that’s problem enough right there. Especially when they know, for example, there are sports car models or high-end luxury vehicle models disregarding the posted limits (i.e. vehicle owners that can definitely afford tickets and are ideal for maximizing revenue). It’d be bad enough if the privacy invasion affected only GM vehicle owners, but the invasion of privacy actually spills over to the rest of us that will never buy another GM vehicle.

Again quoting Jonathan:

This is too shady, especially for a company that you’re supposed to trust your family to. My vehicle’s location is my life, it’s where I go on a daily basis. It’s private. It’s mine. I shouldn’t have to have a company like OnStar steal my personal and private life just to purchase an emergency response service. Taking my private life and selling it to third party advertisers, law enforcement, and God knows who else is morally inept. Shame on you, OnStar. You disgust me.

I couldn’t have said it any better myself.

Particuarly infuriating, is that we, the government, bailed out GM, and they repay our gratitude by doing something that is downright un-American. This country was founded on privacy; see the Fourth and Fifth Amendments to the Constitution (and it’s quite possible other amendments, such as the Ninth and Tenth, apply as well in certain cases). This is a wholesale invasion of our privacy, that has a disastrous effect on all of us, GM customers or not.

I’m horrified. This is inexcusable. Shame on you, GM. I wish you a speedy bankruptcy, this time without a taxpayer bailout.

Action items for my readers:

  • First, be aware of the issue. This affects you if you own, drive, or ride in a GM vehicle with OnStar service, even if the OnStar service is not active, unless the OnStar circuit has been deactivated by pulling the fuse.
  • If you don’t like what GM is doing here, and you own one or more GM vehicles with OnStar capability, cancel the service and remove the OnStar fuse (search in your favorite search engine for “onstar fuse location” followed by the make, model, and model year of your vehicle).
  • If you drive someone else’s GM vehicle with OnStar capability, be aware your privacy basically doesn’t exist if the OnStar circuit is active. Whether or not you pull the OnStar fuse for the time you’re driving the vehicle is your decision; the possible unhappiness of the vehicle’s owner should be weighed against your lack of privacy. Likewise, when you’re done driving that vehicle, put the fuse back in if you took it out (unless the owner instructs you otherwise).
  • Since seat belt information is involved, this technically even affects passengers in a GM vehicle with OnStar capability. Unfortunately, you may not have much choice here, as many state laws now require seat belt usage for all passengers, front seat or otherwise.
  • If you are in the market for a new car, and a GM vehicle was on the list, it’s time to rethink that. It goes without saying I think this is reason enough to disqualify all GM vehicles from consideration.

The creepiest phone company

Recently, I read a Computer World blog entry on Google Voice, which is Google’s entry into the VoIP telephone service arena.

At the surface, it looks pretty innocuous: a free phone number complete with voicemail and free domestic long-distance dialing. Dig a little deeper, and the disturbing part sinks in. Quoting the article:

Google already has a profile about your interests and surfing habits. If you use Gmail, it examines the content of your mail as a way to target ads. With Google Voice, it will know who you’re talking to, and when you’re talking to them — and will have records of your voice mail, and possibly recordings of your actual calls themselves.

The traffic analysis (call records, i.e., who is calling whom, when, and for how long) is scary enough by itself. The “free” transcription of voicemails, offered by a company called Google, is probably the creepiest thing I have come across in my entire time in cyberspace. Quite possibly it exists to serve Google’s self-interest as much as that of Google Voice users.

An anonymous commenter opines:

Am I worried? No. Why? Because we have laws in place to protect us against the misuse of that information. Frankly, I’d much rather have Google know more about my habits. That way when someone does steal my identity and try to use it maliciously (something that is much more likely to happen then a company using my information maliciously) it’ll be a piece of cake to prove that they are not me.

My response to this is simple. We cannot rely entirely on the law to protect us against misuse of information. A company whose entire reason for existence revolves around indexing data and making it available is not a company I will easily trust with my telephone calling habits. It’s scary enough that Google has developed a mobile phone OS and has used the words “open source” enough in the description of that OS while still failing the criteria for free software as it relates to the SDK (software development kit).

There is a huge difference, now more than ever, with free as in freedom, and
free meaning zero monetary cost.

The part I find scariest is that there is no way to tell a Google Voice number apart from a number whose usage is NOGDB (None Of Google’s Damn Business). At least the people that run, say, AT&T know how to maintain the privacy of a telephone network. I feel somewhat comfortable trusting AT&T with my telephone traffic. I don’t think I’ll ever be that comfortable placing that level of trust in Google. Here’s hoping the FCC, DOC, and equivalent agencies worldwide keep a close eye on them.

How creepy can Google get?

An article on Wired.com Epicenter reports on Google’s latest move: behavioral profiling ads. In a nutshell, anything you do on Google sites (including YouTube), combined with the info from DoubleClick (which Google recently acquired), can now be used to target your preferences on any sites using Google’s AdSense banners.

Most telling is this quote from the article:

Google says its mission is to organize the world’s information and make it universally accessible and useful. Google often says that it believes ads are information.

What it doesn’t say, but clearly believes, is that you are information to be indexed, made accessible and useful.

This is why Google fought government regulators who wanted search engines to limit how long they stored personal data on users.

If this wasn’t real, it would make one heck of a great horror movie.

Until recently, I declined all cookies from Google, due mainly to their previous practice of setting a cookie which did not expire until 2038. (Some may even know the quite infamous words of google-watch.org: “Yikes! Too many preservatives.”) Even today, I only accept cookies from Google for the session (thankfully Firefox and its derivatives have this great feature) and when feasible, access Google via Tor and/or use alternative search engines.

It’s one thing for Google to index and archive content available on the Web. It’s another entirely for Google to indefinitely index me or you.

[Edit 2023-07-03: removed now-dead link not available via Wayback Machine]