Senators Franken And Coons Question OnStar Over New Policies

Edward Niedermeyer
by Edward Niedermeyer

Editor’s note: When I wrote about OnStar’s latest round of privacy concerns, I didn’t realize that the chairman of the Senate Judiciary subcommittee on privacy, technology and the law had voiced his own concerns in a letter published just the day before. Here is the letter, as published at Senator Franken’s website. OnStar has already said it will respond to specifically to the concerns of Senators Franken and Coons.

Ms. Linda Marshall, President

OnStar Corporation

400 Renaissance Center

Detroit, MI 48265

Dear Ms. Marshall:

We are writing to express our serious concern with OnStar’s announcement earlier this week that it would continue to track the GPS locations of its customers’ vehicles even if those customers have affirmatively ended their contractual plans with OnStar. In this email announcement, OnStar informs its current and former subscribers that it reserves the right to track their locations “for any purpose, at any time.” It appears that the only way to stop this tracking is to actually call OnStar and request that the data connection between OnStar and the vehicle be terminated; this service is not available online. OnStar further reserves the right to share or sell location data with “credit card processors,” “data management companies,” OnStar’s “affiliates,” or “any third party” provided that OnStar is satisfied that the data cannot be traced back to individual customers. See OnStar, Privacy Statement: Effective as of December 2011. In a nutshell, OnStar is telling its current and former customers that it can track their location anywhere, anytime—even if they cancel their subscriptions—and then give or sell that information to anyone as long as OnStar deems it safe to do so.

OnStar’s actions appear to violate basic principles of privacy and fairness for OnStar’s approximately six million customers—especially for those customers who have already ended their relationships with your company. OnStar’s assurances that it will protect its customers by “anonymizing” precise GPS records of their location are undermined by a broad body of research showing that it is extraordinarily difficult to successfully anonymize highly personal data like location. See generally Paul Ohm, Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization, 5 UCLA Law Review 1701 (2010) and Marco Gruteser and Baik Hoh, On the Anonymity of Periodic Location Samples, in Second International Conference on Security in Pervasive Computing, Boppard, Germany (2005) at 179-192. If a data set shows the exact location where a car starts every morning, the roads that car travels on its morning commute, the office where it is parked during business hours, and the schools where it stops on its way home, it is unnecessary for that data set to include a name or license plate for it to be connected to an individual and his or her family.

We urge you to reconsider these decisions. We also urge you to better inform your customers of their ramifications. To that end, we request that you provide answers to the following questions:

1. Does OnStar believe that its actions comply with federal law?

2. Will OnStar allow its customers to deactivate their data connections online?

3. If a customer deactivates their data connection, will OnStar delete the existing location information they have gathered for that customer? Or does OnStar reserve the right to store and sell that information regardless of deactivation?

4. Has OnStar ever suffered a breach of its customers’ location data?

5. Has OnStar ever suffered a breach of any of its customers’ private information?

6. How will OnStar protect non-anonymized data on its servers in light of recent breaches at major institutions like Citibank, Sony and the International Monetary Fund?

7. How exactly will OnStar anonymize its location data?

8. Will OnStar seek its customers’ consent before sharing or selling their location data to third parties? Does OnStar believe it is legally required to do so?

9. Will OnStar inform its customers of the entities to whom it sells location data?

10. Has OnStar already disclosed or sold any of its customers’ location data with third parties? Which third parties?

11. Will OnStar agree to stop the tracking, sharing, and sale of location data for customers that have ended their subscriptions to OnStar services?

We believe that OnStar’s actions underscore the urgent need for prompt congressional action to enact privacy laws that protect private, sensitive information like location. In the meantime, we believe that it is the responsibility of corporate citizens like OnStar to take every step possible to safeguard the privacy of their customers.

We appreciate your prompt attention to this matter.

Sincerely,

Al Franken Christopher A. Coons

Chairman, Subcommittee on United States Senator

Privacy, Technology and the Law


Edward Niedermeyer
Edward Niedermeyer

More by Edward Niedermeyer

Comments
Join the conversation
2 of 50 comments
  • 30-mile fetch 30-mile fetch on Sep 26, 2011

    Okey dokey, you don't like Al Franken. Most of us care about that as much as the typical Massachusetts resident cares that you won't grace the state with your presence. But how do you feel about Franken's stance on the OnStar issue above?

  • Bunkie Bunkie on Sep 26, 2011

    Personally, I'll take a smart comedian over a dumb newscaster any day. Last year on Celebrity Jeopardy, Wolf Blitzer faced off against Andy Richter. There was no contest. Blitzer blew questions about current affairs and history left and right. Richter, on the other hand, didn't miss a trick, scoring well on those same questions as well as much of the more obscure stuff. Without his cue cards, Blitzer is an empty suit. Franken is a smart comedian. I attended a lecture he gave at Ohio State back in the '90s. I was expecting jokes, but what I got was a thoughtful, well-reasoned analysis of the then-current political situation. He's a very well-educated, smart guy.

  • EBFlex Garbage but for less!
  • FreedMike I actually had a deal in place for a PHEV - a Mazda CX-90 - but it turned out to be too big to fit comfortably in my garage, thus making too difficult to charge, so I passed. But from that, I learned the Truth About PHEVs - they're a VERY niche product, and probably always be, because their use case is rather nebulous. Yes, you can run on EV power for 25-30 miles, plug it in at home on a slow charger, and the next day, you're ready to go again. Great in theory, but in practice, a) you still need a home charger, b) you paid a LOT more for the car than you would have for a standard hybrid, and c) you discover the nasty secret of PHEVs, which is that when they're on battery power, they're absolute pigs to drive. Meanwhile, to maintain its' piglike battery-only performance, it still needs to be charged, so you're running into all the (overstated) challenges that BEV owners have, with none of the performance that BEV owners like. To quote King George in "Hamilton": " Awesome. Wow." In the Mazda's case, the PHEV tech was used as a performance enhancer - which worked VERY nicely - but it's the only performance-oriented PHEV out there that doesn't have a Mercedes-level pricetag. So who's the ideal owner here? Far as I can tell, it's someone who doesn't mind doing his 25 mile daily commute in a car that's slow as f*ck, but also wants to take the car on long road trips that would be inconvenient in a BEV. Meanwhile, the MPG Uber Alles buyers are VERY cost conscious - thus the MPG Uber Alles thing - and won't be enthusiastic about spending thousands more to get similar mileage to a standard hybrid. That's why the Volt failed. The tech is great for a narrow slice of buyers, but I think the real star of the PHEV revival show is the same tax credits that many BEVs get.
  • RHD The speed limit was raised from 62.1 MPH to 68.3 MPH. It's a slight difference which will, more than anything, lower the fines for the guy caught going 140 KPH.
  • Msquare The argument for unlimited autobahns has historically been that lane discipline is a life-or-death thing instead of a suggestion. That and marketing cars designed for autobahn speeds gives German automakers an advantage even in places where you can't hope to reach such speeds. Not just because of enforcement, but because of road conditions. An old Honda commercial voiced by Burgess Meredith had an Accord going 110 mph. Burgess said, "At 110 miles per hour, we have found the Accord to be quiet and comfortable. At half that speed, you may find it to be twice as quiet and comfortable." That has sold Mercedes, BMW's and even Volkswagens for decades. The Green Party has been pushing for decades for a 100 km/h blanket limit for environmental reasons, with zero success.
  • Varezhka The upcoming mild-hybrid version (aka 500 Ibrida) can't come soon enough. Since the new 500e is based on the old Alfa Mito and Opel Adam platform (now renamed STLA City) you'd have thought they've developed the gas version together.
Next