Wednesday, September 21, 2011

GM is now selling your OnStar information

To my utter disgust, it emerges that General Motors has changed its privacy terms and conditions to allow it to sell information derived from its OnStar vehicle location and tracking system. Autoblog reports:

Originally, the terms and conditions stated that OnStar could only collect information on your vehicle's location during a theft recovery or in the midst of sending emergency services your way. That has apparently changed. Now, OnStar says that it has the right to collect and sell personal, yet supposedly anonymous information on your vehicle, including speed, location, seat belt usage and other information.

Who would be interested in that data, you ask? Law enforcement agencies, for starters, as well as insurance companies. Perhaps the most startling news to come out of the latest OnStar terms and conditions is the fact that the company can continue to collect the information even after you disconnect the service. If you want the info to be cut off all together, you'll have to specifically shut down the vehicle's data connection.

There's more at the link. OnStar's new privacy conditions may be found here (link is to an Adobe Acrobat document in .PDF format).

Jonathan Zdziarski points out:

Anonymized GPS data? There’s no such thing! We’ve all seen this before – anonymized searches, for example, that were not-so-quite anonymized. But in this case, it’s impossible to anonymize GPS data! If your vehicle is consistently parked at your home, driving down your driveway, or taking a left or right turn onto your street, its pretty obvious that this is where you live! It’s like trying to say that someone’s Google Map lookup from their home is “anonymized” because it doesn’t have their name on it. It still shows where they live! What’s unique even more-so to OnStar is that the data they claim they sell as part of their business model is useless unless it’s specific; that is, not diluted to the nearest 10 mile radius, etc. This combination of analytics, and their prospective customers (law enforcement, marketers, etc) requires the data be disturbingly precise. Anyone armed with Google can easily do a phone book or public records search to find the name and address that resides at any given GPS coordinate.

. . .

What is more profitable to OnStar that your personal GPS data could be used for? Hmm, well how about the obvious – tracking you and your vehicle. It would be extremely profitable to be able to identify all vehicles within OnStar’s network that frequently speed, and provide law enforcement “traffic services” the ability to trace them back to their homes or businesses, as well as tell them where to set up speed traps. Or perhaps insurance companies who want to check and make sure you’re wearing your seat belt, or automatically give you rate increases if you speed, even if you’re never in an accident? How about identifying all individuals who shop at certain stores, and using that to determine whose back yard to put the next God-awful Wal-Mart store? How about employers who purchase these records from these third parties to see where their employees (or prospective employees) travel to (and how fast), sleaze bag lawyers who want to subpoena these records to use against you if you’re ever sued, government agencies who want to monitor you, marketing firms who want to spam you, and a long list of other not-so-squeaky-clean people who use (and abuse) existing online, credit card, financial, credit, and other analytics to destroy our privacy?

Add to this OnStar’s use policy of your personal information – the stuff that does identify who you are and ties it to your GPS records. While I have no problem using my personal information in events of an emergency, OnStar also uses my information to “allow us, and our affiliates, your Vehicle Maker, and Vehicle dealers, to offer you new or additional products or services; and for other purposes“. So not only is OnStar going to sell my vehicle’s GPS location data to a number of third parties, but they’re also going to use it and my personal information for marketing purposes. Imagine your personal data being sold to any number of their “affiliates”, and a few months later, you start to receive targeted, location-specific advertising based on where you’ve traveled. Go to Weight Watchers every week? Expect an increase in the amount of weight loss advertising phone calls. Go to the bar frequently? Anticipate a number of sleazy liquor ads to show up in your mailbox. Sneak out to Victoria Secret for something special for your lover? You might soon be inundated with adult advertising in your mailbox.

Again, more at the link.

As if the bailout weren't sufficient reason in itself, here's yet another reason not to buy GM vehicles . . .



Radagast said...

It is government motors after all, so they can be expected to implement the surveillance state while adding a profit motive on top.

Unfortunately this seems to be the way many companies are going. IIRC TomTom are doing exactly the same thing.

One of my friends is the disaster recovery guy for the Australian banking system. He doesn't know where the bodies are buried, he knows where the _backups_ are buried.
For obvious reasons he tries to stay 'off the grid' where the internet is concerned. On the subject of Apple & Google data mining his comment was 'they don't want your money, they want to own your soul' followed by a burst of language that Art's Grammaw would not approve of.

skreidle said...

But wait! Don't forget that you can now voluntarily purchase aftermarket OnStar for non-GM vehicles, too, in a replacement-rearview-mirror form factor!

Stretch said...

And that, boys and girls, is why a Chilton's Manual is worth every penny they charge. Knowing what wire/fuse to disconnect is invaluable.
Any bets on when it becomes illegal to disable OnStar?

Flier389 said...

That's some scary stuff. I did not know. I knew about our cell phones. So much for me getting a new Cadillac.

Anonymous said...

Strech, there are several videos on YouTube showing you how to disconnect OnStar. Just a little helpful PSA.