
OnStar Begins Spying On Customers’ GPS Location For Profit - jzdziarski
http://www.zdziarski.com/blog/?p=1270
======
politician
If OnStar is collecting data after you cancel service, I would think that
they've made themselves liable to "duty to rescue" if they observe you getting
into a wreck.

If they aren't doing this -- that is, if they are observing and ignoring
wrecks -- then I hope that someone starts a class action.

<http://en.wikipedia.org/wiki/Duty_to_rescue>

"In the United States, as of 2009 ten states had laws on the books requiring
that people at least notify law enforcement of and/or seek aid for strangers
in peril..."

~~~
slapshot
Be careful with using Wikipedia for law. If you follow to the original
source[1], the "duty to rescue" law exists in most states as a duty to report
rape and murder, not a duty to report car crashes. And the penalty in some
states is as low as $100.

Second, even if the law were as you said it was, a class action would only be
appropriate among people who have actually been in wrecks after the most
recent change in terms and conditions --- people who have not crashed have
suffered no harm from the alleged policy.

The short version is that Wikipedia is notoriously bad about law because it is
largely written by non-lawyers; often it describes the law as Wiki editors
_want_ it to be, rather than how it _is_.

[1] Usefully condensed here: <http://volokh.com/2009/11/03/duty-to-
rescuereport-statutes/>

~~~
politician
Of course, you're right and IANAL. Indeed, the quote I chose to include was
from the "special circumstances" section, it may only apply to 10 states, and
there are special requirements. Also, you are correct that a class would only
include victims of wrecks whose OnStar systems were cancelled but active (and
possibly any other people affected by the wreck -- e.g. the people in the
other car).

Nevertheless, it seems unethical for OnStar to profit off human suffering when
they are in a position to assist -- I suspect their crash statistics are among
the most profitable data they collect.

------
raphman
For context: GPS navigation device manufacturer TomTom sold anonymized traffic
data to the Dutch police this year, police used data for setting up targeted
speed traps.

[http://www.guardian.co.uk/technology/2011/apr/28/tomtom-
satn...](http://www.guardian.co.uk/technology/2011/apr/28/tomtom-satnav-data-
police-speed-traps)

------
yock
I would think this isn't limited to in-vehicle hardware like OnStar, but
rather it seems applicable to smartphones too. That smartphone in your pocket
is moving just as fast as your car and could just as easily be used to gather
such data. Perhaps not as fine grained as the OnStar information (talking
coarse vs fine location) but there's certainly enough data casually collected
by your dormant smartphone to enable much of the same exploitation.

~~~
boredguy8
If you have some time, read "Warrantless location Tracking" 83 N.Y.U.L. Rev.
1324
[http://www.law.nyu.edu/ecm_dlv2/groups/public/@nyu_law_websi...](http://www.law.nyu.edu/ecm_dlv2/groups/public/@nyu_law_website__journals__law_review/documents/web_copytext/ecm_pro_059784.pdf)

    
    
      A common step in police investigations today is to secure a court
      order tracking the movements of a suspect or anyone else whose 
      location the police believe useful. The flip side of this 
      powerful tool, though, is how revealing and intrusive it is. Few 
      people would be comfortable being followed by a police officer 
      all day, even if they did nothing illegal or even interesting. 
      Justice Brandeis once invoked the "right to be let alone,"  and 
      undetectable location tracking pressures the alone part: No one 
      is "let alone" if the police may, without notice or probable 
      cause, find out everywhere they go for a day or a month.
    

It's a good, if disturbing, read.

------
jroll
Disclaimer: I work for GM, but do not know much about OnStar, especially
internals. My reply is purely speculative.

I can't speak as to what OnStar actually does with this data, but I CAN tell
you that GM wants to use it as a platform for the best customer service
platform in the business.

Imagine that the "marketing" they do with this data is something like selling
it to dealerships ("affiliates"); the marketing call being something like "Hi
Mr. Smith, we noticed your fuel pump is going bad. You pass by our Main St.
service center daily; would you like to schedule an appointment?"

They could also "sell" that data to GM engineering, to make future (or
current, through controls software updates) products better.

~~~
there
_You pass by our Main St. service center daily; would you like to schedule an
appointment?_

you don't think that would freak most people out?

~~~
jroll
Fair enough; how about "your closest certified service center is on Main
Street"?

~~~
joezydeco
How about just crippling the car in front of the dealership and guaranteeing
the sale?

~~~
dlss
On the one hand, this comment gave me an epiphany (about how some people
think) so thanks for putting this here. One the other hand, I can't wait to
have downvotes for comments like yours.

The epiphany is as follows:

1\. There are a lot of people with very negative views of corporations roaming
around the internet

2\. <http://en.wikipedia.org/wiki/Confirmation_bias> will cause them to view
goodhearted actions in a negative light, and genuinely think they're right

3\. Therefore an important goal of PR is to include falsification ammunition
alongside announcements that are likely to be misunderstood

Less abstract breakdown:

It's pretty clear that most people would prefer a car that instead of just
saying "please find someone to fix my xyz" says "please find someone to fix my
xyz, and fyi Foo Dealership will likely be the most convenient" -- maybe my
friends and I are just lazier than average, but that actually sounds great for
me, and I could see several friends really appreciate not having to spend the
time picking out a repair shop. This is especially true if they handle
figuring out who is certified to do warranty covered repair work.

So GM likely thinks of this sort of application as a small to medium win: GM
cars are somewhat less hassle to own, and maybe last a bit longer on average /
get a higher average resell value because people are getting things repaired
sooner rather than later.

However, because people will think "oh, they're just doing it for the sale"
(which they are in this case, just not the one-shot-sale but instead the
generations long brand building approach), GM should announce both at the same
time, and include a few points that obviously invalidate the fly-by-night
opinion -- Do they recommend places based on Yelp reviews + distance? Do they
even take money from repair shops when recommending? Do they use wait times
and the urgency of the repair as the primary criteria?

Basically if GM included some answers to questions like the above as
ammunition, then when journalists / analysts / online message board readers
get in to arguments about this question, GM is significantly less likely to
come out looking evil.

~~~
joezydeco
Actually, it was just a joke. But glad to see you found some enlightenment in
the idea.

<http://en.wikipedia.org/wiki/Gallows_humor>

~~~
dlss
I understood that your comment was a joke - I was commenting on why you made
that joke / in what contexts jokes like yours occur to people... and reasoning
about steps that companies could take to make such jokes sound flat.

------
icefox
If anyone actually thought OnStar wouldn't be used for that from day 1 they
were just fooling themselves.

~~~
danssig
Now apply that statement to other things we use today that collect a lot of
data on us.

------
greentiger
This is the wave of the future; sharing data. Unfortunately, the way the model
currently works is that our data is collected by others and used by others. We
need to define a framework where can establish sovereignty over our data,
decide how and with whom we wish to share it, and finally, be able to capture
some of the income derived from the use of this data.

I might be OK with OnStar selling my data, if I get a piece of the action.
Otherwise, what's the point? My job is not to further enrich these companies
after I've purchased their product/service; they are making use of what is
currently a free resource, my/yours/our data, and it's high time we started
charging them for this privilege. They are essentially capturing economic
rent, and it's really my income that they are capturing.

~~~
radu_floricica
Well, I'm sure they will gladly pay you the few cents that your contributions
is worth, after substracting expenses, profit, and dividing between all
customers.

It's a free resource only for _them_, because they've already invested what
they've invested. For you to get the same "free" resource, you'd have to
pretty much make the same investment.

I'm not sure what the data retention laws are in US, but what I'd personally
find reasonable would be a mandatory "opt-out" option for all such services.
Not opt-in, mind you - there is a host of innovation waiting to happen once
such data becomes available, and by far most of it will be positive.

------
moab9
I know for a fact that OnStar provides incriminating information about its
users to the police. For example, if you are in a wreck and you sound
intoxicated, they will inform the cops. (I've heard police talking about this
on scanners).

Given their enthusiasm for ratting out costumers to the authorities, I would
be concerned.

------
dlikhten
Anonymized gps data can be troubling. For example:

If I was an insurance company having to pay a claim. I could buy the GPS data,
look at some anonymous GPS device that constantly goes to/fro the house of the
person in the accident, followed by noticing that this person was speeding a
few miles an hr and denying claims or claiming more responsibility, even if it
is not warrented.

The flip side is that it can be a good thing. Funny thing about speed traps
though... Guy gets pulled over for speeding 10mph above limit. Claims that hes
moving with traffic (60mph). Gets ticket. 10 min later gets pulled over for
creating traffic going 50mph, the speed limit, and gets off with a warning
after showing the original ticket.

End of the day, this is very tricky, can be good and bad for society. However
in the end OnStar is profiting so its not intended to help anyone but OnStar.

~~~
ChuckMcM
Interesting case law here [1] where GPS was used to appeal a speeding ticket
conviction.

[1] <http://www.csmonitor.com/USA/2009/0911/p02s01-usgn.html>

~~~
dotBen
I always find these cases strange given that in court you can overturn a
speeding ticket if the police officer can't provide a certificate of
calibration for his speed trap device.

To apply the law equally, the driver can't provide a certificate of
calibration for his GPS device so legally he's unable to prove that his GPS is
giving an accurate speed measurement.

~~~
mikeash
The law is not applied equally in court. By design, defense faces a much lower
bar than prosecution. It is perfectly reasonable to require certified
calibration to determine guilt, but accept data from an uncalibrated consumer
device to overturn a ticket.

(As an aside, I don't think GPS would require any calibration anyway. If I
understand it correctly, it'll pretty much either work or not work, with the
accuracy of the output determined largely by atmospheric conditions and
satellite geometry. The worry here would be deliberate tampering rather than
calibration.)

~~~
archangel_one
There are other factors that can affect the accuracy of GPS; for example,
receivers tend to be significantly less accurate in a CBD with lots of tall
buildings. I've also seen receivers with an error before, eg. one that
consistently reported itself as being 150m south of where it really was.

But I agree that by far the more significant problem would be deliberate
alterations to the data. It doesn't seem like it would be particularly hard to
do so...

~~~
shabble
At which point you're entering the realms of perjury, and probably several
flavours of fraud, contempt, and other things that judges tend to dislike.

You're probably better off just paying the ticket.

~~~
archangel_one
Agreed, I'm not suggesting it's a particularly compelling option to
deliberately falsify data for a court, but it could affect whether or not the
court can consider GPS data to be sufficiently accurate - ie. even if the data
is legitimate, how can the court know that's the case?

------
jen_h
This reminded me of a case back in 2003...the 9th Circuit Court of Appeals
ruled against the FBI in a case where they were tripping "recovery mode" to
surreptitiously monitor drivers under Federal investigation:

[http://news.cnet.com/Court-to-FBI-No-spying-on-in-car-
comput...](http://news.cnet.com/Court-to-FBI-No-spying-on-in-car-
computers/2100-1029_3-5109435.html)

The court ruled against the FBI here, apparently not for anything related to
privacy, but rather due to the fact that such surveillance could constitute an
interruption in emergency services.

Note also that the decision is _only_ binding in states that fall within the
9th Circuit's jurisdiction. (And no clue whether this decision applies also to
local law enforcement; would assume that it does, but IANAL/LLE).

------
gentle
This is really not ok, and means I'll never buy any car that has OnStar.

~~~
marshray
Me either.

------
RexRollman
Does anyone know if it is hard to physically disable an OnStar system? I don't
have a car with OnStar; just curious.

~~~
techsupporter
Yes. In the main electric panel under the hood of my 2007 Chevrolet Silverado,
pulling fuse 47 (I think, it was labeled "Veh Info ACC" or similar) will cut
power to the OnStar module.

------
SoftwareMaven
Apple and Google are nt the companies you need to worry about. The truly scary
ones are companies like Axcion (<http://www.acxiom.com/> ). When a company has
so much private info on you that only the federal government is allowed to see
some of it, and they are gathering this information on every transaction you
make, then i think you have to worry.

Not that Google and Apple [and Facebook] couldn't be on their way. I just
think they both have competing agendas that will limit how awful they are with
the data. People feeling Google and Appke are awful data companies are
suffering badly from Familiarity bias.

------
badragon
That is why I would never consider buying a GM car

~~~
joezydeco
Then let's talk about Toyota and _their_ black boxes that you can't get into:

[http://www.dailyfinance.com/2010/02/16/toyotas-black-box-
cou...](http://www.dailyfinance.com/2010/02/16/toyotas-black-box-could-hold-
accident-clues/)

~~~
superuser2
Why would Toyota be able to get at this data without physical access? Doesn't
look like there's evidence of radio capability, unless I'm missing
something...

------
joelhaasnoot
Sounds like to me they're getting into what TomTom does with their Traffic HD
service (think that's what it's called). Cellular modems report location and
speed, based on which traffic reports are shared with other navigation units.

------
InclinedPlane
First they make you need them, then they make you subservient to them. Has
empire building ever been any different, from the 21st century BC to today?

------
Bud
This situation cries out for Congressional oversight.

~~~
cdh
Careful what you wish for. Once Congress is involved, they might just make it
a mandatory safety feature.

------
dreww
It's true that OnStar's TOS is awful, but the author leaps to several
inflammatory conclusions that, to me, seem unjustified.

The most obvious one is when he mentions the boilerplate about a part of
OnStar being sold, and then theorizes that they are actually planning to sell,
perhaps even to one of those great boogeymen, Apple or Google.

~~~
ChuckMcM
There is a theory that you only build weapons that you intend to use,
otherwise its a waste of funds. It cost money to put the language into the
agreement and someone argued that cost with an offseting revenue. That
suggests to me at least that the information will be packaged up and sold.

Now how nefarious will that sale be? That is fairly subjective. But as others
have pointed out, if you're carrying around a smart phone you may already be
giving more information to folks than you care to. It reads like OnStar wants
in on that gravy train.

~~~
raphman
Companies get sold all the time. Maybe someone at OnStar realized that this is
a realistic possibility in the next couple of years. Maybe OnStar wants to
found a shell corporation.

I have seen such wording in a number of other TOSes so far, e.g. by Google
[1]:

 _If Google becomes involved in a merger, acquisition, or any form of sale of
some or all of its assets, we will ensure the confidentiality of any personal
information involved in such transactions and provide notice before personal
information is transferred and becomes subject to a different privacy policy._

[1] <http://www.google.com/privacy/privacy-policy.html>

~~~
ChuckMcM
I agree they get sold all the time, I've been hearing advertisements that I
can get OnStar on my non-GM car in the SF Bay Area, so I presume they are
expanding their reach.

One of the interesting techniques here is to make this change, get some heat
(as they are) but then saying "Hey, its just boilerplate, we're not selling
this stuff take a chill pill." And then 6 months or a year later, when
everyone has forgotten the ruckus, do start selling the information, except
that now since its pre-authorized by the ToS there is no 'lighthouse event'
that goes up to alert the public to that fact.

A crusader would now start watching for news about OnStar partnering in six to
nine months with someone who could use information about where people are, or
where they go.

------
suking
Pretty scary that they collect data after you cancel unless you unhook it.
What if you buy a used car that had OnStar - how is that legal?

~~~
ams6110
Shutting down the connection is apparently something that they do remotely:
_it was difficult to ensure the data connection was shut down after canceling.
I still have no guarantee OnStar did what they were supposed to_

If it were me, I'd pull the fuse or if necessary cut the wires to the
transmitter.

~~~
crenshaw
I once decided to cut cord to the vanity light in my car (long story why).
Even though the car was off I was able to get quick a scare. Lesson,
electricity in a car is not off when the key is out. I was close to winning
one of those Darwin awards.

~~~
praptak
The voltage in car circuits is usually 12V, not enough to do you real harm.

Yup, the sparks when you short circuit can be spectacular (the car battery can
provide quite a current), but the voltage can't kill you. It would suck if it
could - high voltage cables all around you would make accidents _very_
dangerous. The worst that could happen to you is burns from the wires getting
hot.

~~~
imgabe
Voltage never kills you, current kills you.

~~~
praptak
It's the voltage that generates the current and 12V is not enough to generate
lethal current in human body.

------
ShawnJG
I think the larger issue here, that legislation is not caught up with the
digital world. And I don't suspect it will for some time. There is little
incentive for companies and governmental agencies from restrictions on what
they can or cannot track without a warrant. Law enforcement agencies want easy
access to your entire digital footprint and companies want to continue to
pilfer that information for profit. Unless sweeping legislation is introduced
or broad enough case is brought before the Supreme Court your digital life
will remain an open book to anyone with enough money, technology or know-how.

------
doctoboggan
OP's outrage rests on the fact that OnStar claims they are anonymizing the
data and he says they are not. Why should I believe him over OnStar? He gave
no evidence that they were not anonymizing the data properly, he just assumed
they were not.

EDIT: There are other ways to anonymize data than simply removing the name
associated with data.

~~~
CWuestefeld
His concern is not that OnStar will fail to remove your name from the GPS
location stream. It is that even without a name attached, the subject's
identity can be readily inferred from the data itself.

If one looks at a stream of location data over time, and sees the recurrence
of a particular location in a residential area, particularly at night, then it
can be pretty well surmised that this is your home. And from that, it's a
trivial step to get your identity. And bingo, the anonymized data is now re-
identified.

~~~
thequux
There's a simple solution to that: don't give a stream of location data. Chop
it up into 5-second fragments, and fuzz the data by a meter or so to prevent
re-assembly.

That would still be a very valuable dataset (for me at least), and almost
completely free of PII.

Than again, I'm not an expert in these things; am I missing some way that this
could be deanonymized?

~~~
brown9-2
Adding a meter to the GPS location of where my car starts and stops at the end
of each day still tells you where my house is.

