Editor’s note: When I wrote about OnStar’s latest round of privacy concerns, I didn’t realize that the chairman of the Senate Judiciary subcommittee on privacy, technology and the law had voiced his own concerns in a letter published just the day before. Here is the letter, as published at Senator Franken’s website. OnStar has already said it will respond to specifically to the concerns of Senators Franken and Coons.
Ms. Linda Marshall, President
400 Renaissance Center
Detroit, MI 48265
Dear Ms. Marshall:
We are writing to express our serious concern with OnStar’s announcement earlier this week that it would continue to track the GPS locations of its customers’ vehicles even if those customers have affirmatively ended their contractual plans with OnStar. In this email announcement, OnStar informs its current and former subscribers that it reserves the right to track their locations “for any purpose, at any time.” It appears that the only way to stop this tracking is to actually call OnStar and request that the data connection between OnStar and the vehicle be terminated; this service is not available online. OnStar further reserves the right to share or sell location data with “credit card processors,” “data management companies,” OnStar’s “affiliates,” or “any third party” provided that OnStar is satisfied that the data cannot be traced back to individual customers. See OnStar, Privacy Statement: Effective as of December 2011. In a nutshell, OnStar is telling its current and former customers that it can track their location anywhere, anytime—even if they cancel their subscriptions—and then give or sell that information to anyone as long as OnStar deems it safe to do so.
OnStar’s actions appear to violate basic principles of privacy and fairness for OnStar’s approximately six million customers—especially for those customers who have already ended their relationships with your company. OnStar’s assurances that it will protect its customers by “anonymizing” precise GPS records of their location are undermined by a broad body of research showing that it is extraordinarily difficult to successfully anonymize highly personal data like location. See generally Paul Ohm, Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization, 5 UCLA Law Review 1701 (2010) and Marco Gruteser and Baik Hoh, On the Anonymity of Periodic Location Samples, in Second International Conference on Security in Pervasive Computing, Boppard, Germany (2005) at 179-192. If a data set shows the exact location where a car starts every morning, the roads that car travels on its morning commute, the office where it is parked during business hours, and the schools where it stops on its way home, it is unnecessary for that data set to include a name or license plate for it to be connected to an individual and his or her family.
We urge you to reconsider these decisions. We also urge you to better inform your customers of their ramifications. To that end, we request that you provide answers to the following questions:
1. Does OnStar believe that its actions comply with federal law?
2. Will OnStar allow its customers to deactivate their data connections online?
3. If a customer deactivates their data connection, will OnStar delete the existing location information they have gathered for that customer? Or does OnStar reserve the right to store and sell that information regardless of deactivation?
4. Has OnStar ever suffered a breach of its customers’ location data?
5. Has OnStar ever suffered a breach of any of its customers’ private information?
6. How will OnStar protect non-anonymized data on its servers in light of recent breaches at major institutions like Citibank, Sony and the International Monetary Fund?
7. How exactly will OnStar anonymize its location data?
8. Will OnStar seek its customers’ consent before sharing or selling their location data to third parties? Does OnStar believe it is legally required to do so?
9. Will OnStar inform its customers of the entities to whom it sells location data?
10. Has OnStar already disclosed or sold any of its customers’ location data with third parties? Which third parties?
11. Will OnStar agree to stop the tracking, sharing, and sale of location data for customers that have ended their subscriptions to OnStar services?
We believe that OnStar’s actions underscore the urgent need for prompt congressional action to enact privacy laws that protect private, sensitive information like location. In the meantime, we believe that it is the responsibility of corporate citizens like OnStar to take every step possible to safeguard the privacy of their customers.
We appreciate your prompt attention to this matter.
Al Franken Christopher A. Coons
Chairman, Subcommittee on United States Senator
Privacy, Technology and the Law