Tag: onstar

Oh, the things I find out by reading.

The thoughts that I were left with when finishing the earlier post about GM/OnStar were along the lines of “people really should not have to disconnect OnStar to preserve their privacy, there has to be something I am missing”. And in addition to being incorrect about being able to disconnect OnStar by just pulling a fuse (sometimes you disconnect more than just OnStar that way, unless you go straight to the OnStar box and disconnect power there), I also had no idea, until today, that Texas law actually forbids some of what GM is doing.

I was looking up something in the Texas Transportation Code researching an unrelated matter, and happened to notice http://www.statutes.legis.state.tx.us/Docs/TN/htm/TN.547.htm#547.615 entited “Recording Devices” which appears to address services such as OnStar. I have reproduced the section in its entirety below:

Sec. 547.615.  RECORDING DEVICES. (a) In this
section:

(1)  "Owner" means a person who:

(A)  has all the incidents of ownership of a motor
vehicle, including legal title, regardless of
whether the person lends, rents, or creates a
security interest in the vehicle;

(B)  is entitled to possession of a motor vehicle
as a purchaser under a security agreement; or

(C)  is entitled to possession of a motor vehicle
as a lessee under a written lease agreement if the
agreement is for a period of not less than three
months.

(2)  "Recording device" means a feature that is
installed by the manufacturer in a motor vehicle
and that does any of the following for the purpose
of retrieving information from the vehicle after
an accident in which the vehicle has been
involved:

(A)  records the speed and direction the vehicle
is traveling;

(B)  records vehicle location data;

(C)  records steering performance;

(D)  records brake performance, including
information on whether brakes were applied before
an accident;

(E)  records the driver's safety belt status; or

(F)  transmits information concerning the accident
to a central communications system when the
accident occurs.

(b)  A manufacturer of a new motor vehicle that is
sold or leased in this state and that is equipped
with a recording device shall disclose that fact
in the owner's manual of the vehicle.

(c)  Information recorded or transmitted by a
recording device may not be retrieved by a person
other than the owner of the motor vehicle in which
the recording device is installed except:

(1)  on court order;

(2)  with the consent of the owner for any
purpose, including for the purpose of diagnosing,
servicing, or repairing the motor vehicle;

(3)  for the purpose of improving motor vehicle
safety, including for medical research on the
human body's reaction to motor vehicle accidents,
if the identity of the owner or driver of the
vehicle is not disclosed in connection with the
retrieved information; or

(4)  for the purpose of determining the need for
or facilitating emergency medical response in the
event of a motor vehicle accident.

(d)  For information recorded or transmitted by a
recording device described by Subsection
(a)(2)(B), a court order may be obtained only
after a showing that:

(1)  retrieval of the information is necessary to
protect the public safety; or

(2)  the information is evidence of an offense or
constitutes evidence that a particular person
committed an offense.

(e)  For the purposes of Subsection (c)(3):

(1)  disclosure of a motor vehicle's vehicle
identification number with the last six digits
deleted or redacted is not disclosure of the
identity of the owner or driver; and

(2)  retrieved information may be disclosed only:

(A)  for the purposes of motor vehicle safety and
medical research communities to advance the
purposes described in Subsection (c)(3); or

(B)  to a data processor solely for the purposes
described in Subsection (c)(3).

(f)  If a recording device is used as part of a
subscription service, the subscription service
agreement must disclose that the device may record
or transmit information as described by Subsection
(a)(2).  Subsection (c) does not apply to a
subscription service under this subsection.

Added by Acts 2005, 79th Leg., Ch. 910, Sec. 1,
eff. September 1, 2006.

So, according to my interpretation of the law, it would appear that GM/OnStar can’t do what they plan to do with non-subscriber info. It is unfortunate that the law, as written, has a loophole in it that’s (pardon the awful pun) big enough to drive a truck through. Subscribers should be protected from undesired privacy invasion such as that which GM/OnStar is effecting with their change in terms and conditions.

I’d like to know what the official GM/OnStar line is regarding Texas Transportation Code section 547.615. Shouldn’t Federal law also prohibit what GM/OnStar is changing the T&C to allow? I think it should, and I doubt I am the only one.

In the past I’ve written about some pretty evil things done by large corporations: Google, Apple, Microsoft, AT&T, and a few others. What I read today, though, sets a new low, and from a most unlikely source.

Jonathan Zdziarski recently wrote a piece on GM’s OnStar service and a recent update to its terms and conditions. Jonathan was disturbed, to the point where he immediately canceled his OnStar service. And I don’t blame him; from the looks of it, GM vehicles with OnStar are now spy cars–and I don’t mean the James Bond type, either, I mean the type that spy on you. From the article:

OnStar’s latest T&C has some very unsettling updates to it, which include the ability to sell your personal GPS location information, speed, safety belt usage, and other information to third parties, including law enforcement. To add insult to a slap in the face, the company insists they will continue collecting and selling this personal information even after you cancel your service, unless you specifically shut down the data connection to the vehicle after canceling.
[…]
As you scroll down the list of information collected, you see that once you get past important emergency services (what we pay OnStar for), OnStar now has given themselves the right to also use this information to stuff their pockets. OnStar has granted themselves the right to collect this information “for any purpose, at any time, provided that following collection of such location and speed information identifiable to your Vehicle, it is shared only on an anonymized basis.”

(some emphasis added)

As Jonathan goes on to say, there really is no such thing as anonymized GPS data. It’s a simple matter to find the GPS coordinates where a vehicle is parked at least 12 hours out of the day, and assume that’s probably the owner’s residence. If location is involved at all, the data is not anonymized.

I’m disturbed enough that this data is being shared with law enforcement; if OnStar knows a car regularly exceeds an underposted speed limit by 10 miles per hour or more, and shares that with the cops, that’s problem enough right there. Especially when they know, for example, there are sports car models or high-end luxury vehicle models disregarding the posted limits (i.e. vehicle owners that can definitely afford tickets and are ideal for maximizing revenue). It’d be bad enough if the privacy invasion affected only GM vehicle owners, but the invasion of privacy actually spills over to the rest of us that will never buy another GM vehicle.

Again quoting Jonathan:

This is too shady, especially for a company that you’re supposed to trust your family to. My vehicle’s location is my life, it’s where I go on a daily basis. It’s private. It’s mine. I shouldn’t have to have a company like OnStar steal my personal and private life just to purchase an emergency response service. Taking my private life and selling it to third party advertisers, law enforcement, and God knows who else is morally inept. Shame on you, OnStar. You disgust me.

I couldn’t have said it any better myself.

Particuarly infuriating, is that we, the government, bailed out GM, and they repay our gratitude by doing something that is downright un-American. This country was founded on privacy; see the Fourth and Fifth Amendments to the Constitution (and it’s quite possible other amendments, such as the Ninth and Tenth, apply as well in certain cases). This is a wholesale invasion of our privacy, that has a disastrous effect on all of us, GM customers or not.

I’m horrified. This is inexcusable. Shame on you, GM. I wish you a speedy bankruptcy, this time without a taxpayer bailout.

Action items for my readers:

• First, be aware of the issue. This affects you if you own, drive, or ride in a GM vehicle with OnStar service, even if the OnStar service is not active, unless the OnStar circuit has been deactivated by pulling the fuse.
• If you don’t like what GM is doing here, and you own one or more GM vehicles with OnStar capability, cancel the service and remove the OnStar fuse (search in your favorite search engine for “onstar fuse location” followed by the make, model, and model year of your vehicle).
• If you drive someone else’s GM vehicle with OnStar capability, be aware your privacy basically doesn’t exist if the OnStar circuit is active. Whether or not you pull the OnStar fuse for the time you’re driving the vehicle is your decision; the possible unhappiness of the vehicle’s owner should be weighed against your lack of privacy. Likewise, when you’re done driving that vehicle, put the fuse back in if you took it out (unless the owner instructs you otherwise).
• Since seat belt information is involved, this technically even affects passengers in a GM vehicle with OnStar capability. Unfortunately, you may not have much choice here, as many state laws now require seat belt usage for all passengers, front seat or otherwise.
• If you are in the market for a new car, and a GM vehicle was on the list, it’s time to rethink that. It goes without saying I think this is reason enough to disqualify all GM vehicles from consideration.