Skip to main content

OnStar, your location, and your privacy

OnStar button press
Image used with permission by copyright holder

Last week, General Motors subsidiary OnStar announced it intends to change its privacy policy later this year and will continue tracking users’ locations even after they discontinue OnStar service—or even if they never activate it in the first place. Now three U.S. Senators (Al Franken of Minnesota, Chris Coons of Delaware, and Charles Schumer of New York—all Democrats) have raised significant objections to OnStar’s planned policy change, characterizing it as an egregious violation of privacy.

Why does OnStar want to track people who aren’t using its service? And what implications could the move have for other vehicles with integrated GPS services?

What is OnStar thinking?

In the message it send to customers earlier this month, OnStar essentially announced two things. The first is that it would be changing its privacy policy to enable it to collect location data about all OnStar-equipped vehicles, even if customers cancel service or never activate service. The second is that OnStar will be reserving the right to sell aggregate data to third parties. Those third parties are likely advertising, insurance, and analytics companies eager to gather as much information about consumers’ driving habits, schedules, favorite destinations, and other travels as possible—although it is possible that OnStar will sell the information to things like traffic services in order to assist with traffic-based routing and even urban planning. The data will supposedly be anonymized to remove personally-identifying information.

OnStar works using a two-way CMDA cellular link between the OnStar onboard equipment in a vehicle and the OnStar service itself—it’s powered by Verizon Wireless in the United States and Bell Mobility in Canada. In addition to GPS-generated location information, information transmitted to Onstar includes a vehicle’s speed and current odometer reading, along with whether the driver is using a seat belt and whether air bags have been deployed.

OnStar does not articulate why it wants to collect the data; however, the company’s apparent hope is to use the information to further refine its own service, along with creating a new revenue stream by offering the aggregate data for sale to advertisers and other interested parties. OnStar says the link could also be used to inform even former customers about emergency conditions.

In a telephone interview with the New York Times, OnStar spokesperson Vijay Iyer says customers who cancel service will also be able to separately indicate they want OnStar to shut down two-way communications with their vehicles. It appears this opt-out will be a wholly separate action from terminating OnStar service—or declining to activate service in the first place. Iyer did indicate that customers who terminated OnStar service prior to the new policy going into effect will not need to separately terminate two-way communication.

Lawmakers’ reactions

Reaction from Democratic lawmakers was swift, with Senators Chris Coons and Al Franken issuing a letter to Onstar last week, requesting the company provide detailed information on how the company will protect consumers’ location data. “OnStar’s actions appear to violate basic principles of privacy and fairness for OnStar’s approximately six million customers—especially for those customers who have already ended their relationships with your company.” In addition to asking whether OnStar has already sold customer location information to third parties, the Senators want to know how OnStar plans to anonymize data it collects. The senators also cite research showing that it is “extraordinarily difficult” to successfully anonymize many items of personally-distinctive data about individuals—including location details.

“We believe that OnStar’s actions underscore the urgent need for prompt congressional action to enact privacy laws that protect private, sensitive information like location,” Coons and Franken wrote.

New York Democratic Senator Charles Schumer joined the fray today, characterizing OnStar’s move as a “brazen invasion of privacy” and calling for the Federal Trade Commission to investigate whether OnStar’s actions constitute an unfair trade practice under Section 5 of the Federal Trade Commission Act. Schumer characterized OnStar’s move as a “brazen, almost unheard-of invasion of the privacy of potentially millions of drivers.”

OnStar is under no obligation to respond to the Senators’ questions or statements, and there’s no word yet on whether FTC chairman Jon Leibowitz will take up Senator Schumer’s call for an investigation. The United States Government owns more than one quarter of OnStar.

What’s at risk for consumers?

OnStar has more than six million customers, and the OnStar system is factory-installed in myriad vehicles from General Motors and other manufacturers through a licensing arrangement: Licensees include Volkswagen, Audi, Acura, Subaru, and Isuzu. The first systems were available in selected 1997 model year vehicles—meaning OnStar systems have been on the market for nearly 15 years. Only systems from about 2003 onward can still be used with the current OnStar service—OnStar setups from 2003 through 2005 can only be used by way of a separately-installed analog adapter for their now-antiquated cellular gear.

OnStar customers may be able to opt out of tracking—if they pay attention to their email and read the fine print. It’s not at all clear how buyers of second-hand OnStar-equipped vehicles—whether used cars, former fleet vehicles, or what-have-you—would have any way of knowing whether data collection was active. Certainly, OnStar would have never acquired those drivers’ consent to tracking and collection of their personal information.

Similarly, OnStar tracking is on a vehicle-by-vehicle basis, not a driver-by-driver basis. Although some parents really like the idea of being able to keep track of their teens, OnStar doesn’t have tracking consent everybody who might use a car, whether that be family members, employees of a particular company, or just a friend lending a hand by moving a vehicle—with permission, of course.

Perhaps more significantly, however, recent research has shown that anonymizing highly personal data—like a user’s habitual routes and locations—can be extraordinarily difficult, if not impossible. Even if OnStar removes information from its data streams like vehicle identification numbers, fuzzes GPS data to within (say) a few hundred meters, and provides only rounded times (say to the nearest hour) rather than precise timestamps, it would still be possible to determine most drivers’ habitual routes—and determine when they varied significantly from those habits. (See Gruteser and Hoh, On the Anonymity of Periodic Location Samples, for example.) Furthermore, recent security breaches and hacking incidents have demonstrated that even if a particular data source is well-anonymized, that data can be correlated with other data sets to get a surprisingly complete picture of many individuals, effectively “de-anonymizing” the data—see Paul Ohms’ The Broken Promises of Privacy (PDF).

OnStar is also subject to U.S. law enforcement. Law enforcement agencies or courts could require OnStar to disclose location information in much the same way courts can require phone companies, mobile operators, and ISPS to turn over communications records.

Basically, unless OnStar is particularly clever—or renders the data near-useless to its likely customers—the information they plan to collect from drivers is likely to be enough to specifically identify many drivers. And—particularly in the case of used vehicles—drivers may have no idea (and no way of knowing) they’re being tracked.

What about other GPS-equipped vehicles?

OnStar is not the only system capable of tracking a vehicle’s location and activities: BMW Assist, Lexus Link, Toyota/Lexus Safety Link, eCall, Chevrolet MyLink, Ford Sync, LoJack, and other systems all offer varying telemetrics, mobile communications, and location tracking capabilities. If OnStar is successful in continuing to collect location and telemetric information about vehicles even after customers have canceled service (and potentially sold their cars to unsuspecting third parties), other system providers will be under pressure to do the same thing in order to remain competitive with OnStar—and, of course, tap in to new revenue from sales of location information. In other words: If OnStar can push this through, expect every other “connected” car system to do the same thing.

Geoff Duncan
Former Digital Trends Contributor
Geoff Duncan writes, programs, edits, plays music, and delights in making software misbehave. He's probably the only member…
Find Ford gifts for everyone on your holiday list, no really
Ford Accessories used while camping for holiday gifts

When you're shopping for holiday gifts, auto and Ford accessories probably don't cross your mind, at least not initially. Unless, of course, you're planning some gift ideas for the car enthusiast you know. But actually, Ford has a lot of different gift options even for those who aren't big into cars and vehicles. I know, it's an odd proposal but hear me out. From electronics and exterior accessories to truck bed augments, interior gear, and even outdoor-friendly gear -- like for camping -- Ford has a ton of options. Just to provide some examples, first aid safety kits, truck bed camping tents, portable fridges, pet-friendly seat mats, even dashcams, keyless entry systems, and beyond.

You never know, you could find the perfect gift in Ford's accessories lineup.
Shop Now

Read more
Costco, Electrify America add EV-charging stations in three states
costco electrify america add 50 ev charging stations in three states ea chargers 1280

Costco, which had abandoned offering EV charging 12 years ago, is getting serious about resuming the service.

Over a month ago, the big-box retailer once again put its brand name on a DC fast-charging station in Ridgefield, Washington, that was made by Electric Era .

Read more
Mini’s infotainment system is very charming, but still needs work
Main screen of the Mini infotainment system

When you think Mini, you probably don’t think of infotainment. Personally, I think of the British flag taillights, the distinct exterior, and the surprising room on the inside. But after driving the Mini John Cooper Works Countryman over the past week, infotainment might well be something I think of more often when it comes to Mini. It’s charming.

It also, however, suffers from all the traps that other legacy automakers fall into when it comes to software design. Mini has something on its hands here — but it still needs some work.
Bringing the charm
The first thing that stood out to me about the system when I got in the car was how fun it was. That all starts with the display. It’s round! No, it’s not curved — the screen is a big, round display sits in at 9.4 inches, and I found it plenty large enough for day-to-day use.

Read more