Senators Franken And Coons Question OnStar Over New Policies
Editor’s note: When I wrote about OnStar’s latest round of privacy concerns, I didn’t realize that the chairman of the Senate Judiciary subcommittee on privacy, technology and the law had voiced his own concerns in a letter published just the day before. Here is the letter, as published at Senator Franken’s website. OnStar has already said it will respond to specifically to the concerns of Senators Franken and Coons.
Ms. Linda Marshall, President
400 Renaissance Center
Detroit, MI 48265
Dear Ms. Marshall:
We are writing to express our serious concern with OnStar’s announcement earlier this week that it would continue to track the GPS locations of its customers’ vehicles even if those customers have affirmatively ended their contractual plans with OnStar. In this email announcement, OnStar informs its current and former subscribers that it reserves the right to track their locations “for any purpose, at any time.” It appears that the only way to stop this tracking is to actually call OnStar and request that the data connection between OnStar and the vehicle be terminated; this service is not available online. OnStar further reserves the right to share or sell location data with “credit card processors,” “data management companies,” OnStar’s “affiliates,” or “any third party” provided that OnStar is satisfied that the data cannot be traced back to individual customers. See OnStar, Privacy Statement: Effective as of December 2011. In a nutshell, OnStar is telling its current and former customers that it can track their location anywhere, anytime—even if they cancel their subscriptions—and then give or sell that information to anyone as long as OnStar deems it safe to do so.
OnStar’s actions appear to violate basic principles of privacy and fairness for OnStar’s approximately six million customers—especially for those customers who have already ended their relationships with your company. OnStar’s assurances that it will protect its customers by “anonymizing” precise GPS records of their location are undermined by a broad body of research showing that it is extraordinarily difficult to successfully anonymize highly personal data like location. See generally Paul Ohm, Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization, 5 UCLA Law Review 1701 (2010) and Marco Gruteser and Baik Hoh, On the Anonymity of Periodic Location Samples, in Second International Conference on Security in Pervasive Computing, Boppard, Germany (2005) at 179-192. If a data set shows the exact location where a car starts every morning, the roads that car travels on its morning commute, the office where it is parked during business hours, and the schools where it stops on its way home, it is unnecessary for that data set to include a name or license plate for it to be connected to an individual and his or her family.
We urge you to reconsider these decisions. We also urge you to better inform your customers of their ramifications. To that end, we request that you provide answers to the following questions:
1. Does OnStar believe that its actions comply with federal law?
2. Will OnStar allow its customers to deactivate their data connections online?
3. If a customer deactivates their data connection, will OnStar delete the existing location information they have gathered for that customer? Or does OnStar reserve the right to store and sell that information regardless of deactivation?
4. Has OnStar ever suffered a breach of its customers’ location data?
5. Has OnStar ever suffered a breach of any of its customers’ private information?
6. How will OnStar protect non-anonymized data on its servers in light of recent breaches at major institutions like Citibank, Sony and the International Monetary Fund?
7. How exactly will OnStar anonymize its location data?
8. Will OnStar seek its customers’ consent before sharing or selling their location data to third parties? Does OnStar believe it is legally required to do so?
9. Will OnStar inform its customers of the entities to whom it sells location data?
10. Has OnStar already disclosed or sold any of its customers’ location data with third parties? Which third parties?
11. Will OnStar agree to stop the tracking, sharing, and sale of location data for customers that have ended their subscriptions to OnStar services?
We believe that OnStar’s actions underscore the urgent need for prompt congressional action to enact privacy laws that protect private, sensitive information like location. In the meantime, we believe that it is the responsibility of corporate citizens like OnStar to take every step possible to safeguard the privacy of their customers.
We appreciate your prompt attention to this matter.
Al Franken Christopher A. Coons
Chairman, Subcommittee on United States Senator
Privacy, Technology and the Law
Latest Car ReviewsRead more
Latest Product ReviewsRead more
- Dartman It was all a scam just to gin up some free publicity. It worked. Tassos go back to sleep; no ones on your lawn. Real ‘murricans prefer hot dogs to gyros.
- ToolGuy I plan to install a sink in the crawl space soon. After that I plan to put washer and dryer hookups on my roof.
- ToolGuy "That power team adds an electric supercharger"YES!
- Cardave5150 UAW is acting all butt-hurt that their employers didn't "share the wealth" when they had massive profits. They conveniently forget that they have a CONTRACT with their employers, which was negotiated in good faith, and which the Remaining 3 are honoring, paying them exactly what they negotiated last time.
- Kwik_Shift That's a shame.