Skip to main content

OnStar, your location, and your privacy

OnStar button press
Image used with permission by copyright holder

Last week, General Motors subsidiary OnStar announced it intends to change its privacy policy later this year and will continue tracking users’ locations even after they discontinue OnStar service—or even if they never activate it in the first place. Now three U.S. Senators (Al Franken of Minnesota, Chris Coons of Delaware, and Charles Schumer of New York—all Democrats) have raised significant objections to OnStar’s planned policy change, characterizing it as an egregious violation of privacy.

Why does OnStar want to track people who aren’t using its service? And what implications could the move have for other vehicles with integrated GPS services?

What is OnStar thinking?

In the message it send to customers earlier this month, OnStar essentially announced two things. The first is that it would be changing its privacy policy to enable it to collect location data about all OnStar-equipped vehicles, even if customers cancel service or never activate service. The second is that OnStar will be reserving the right to sell aggregate data to third parties. Those third parties are likely advertising, insurance, and analytics companies eager to gather as much information about consumers’ driving habits, schedules, favorite destinations, and other travels as possible—although it is possible that OnStar will sell the information to things like traffic services in order to assist with traffic-based routing and even urban planning. The data will supposedly be anonymized to remove personally-identifying information.

OnStar works using a two-way CMDA cellular link between the OnStar onboard equipment in a vehicle and the OnStar service itself—it’s powered by Verizon Wireless in the United States and Bell Mobility in Canada. In addition to GPS-generated location information, information transmitted to Onstar includes a vehicle’s speed and current odometer reading, along with whether the driver is using a seat belt and whether air bags have been deployed.

OnStar does not articulate why it wants to collect the data; however, the company’s apparent hope is to use the information to further refine its own service, along with creating a new revenue stream by offering the aggregate data for sale to advertisers and other interested parties. OnStar says the link could also be used to inform even former customers about emergency conditions.

In a telephone interview with the New York Times, OnStar spokesperson Vijay Iyer says customers who cancel service will also be able to separately indicate they want OnStar to shut down two-way communications with their vehicles. It appears this opt-out will be a wholly separate action from terminating OnStar service—or declining to activate service in the first place. Iyer did indicate that customers who terminated OnStar service prior to the new policy going into effect will not need to separately terminate two-way communication.

Lawmakers’ reactions

Reaction from Democratic lawmakers was swift, with Senators Chris Coons and Al Franken issuing a letter to Onstar last week, requesting the company provide detailed information on how the company will protect consumers’ location data. “OnStar’s actions appear to violate basic principles of privacy and fairness for OnStar’s approximately six million customers—especially for those customers who have already ended their relationships with your company.” In addition to asking whether OnStar has already sold customer location information to third parties, the Senators want to know how OnStar plans to anonymize data it collects. The senators also cite research showing that it is “extraordinarily difficult” to successfully anonymize many items of personally-distinctive data about individuals—including location details.

“We believe that OnStar’s actions underscore the urgent need for prompt congressional action to enact privacy laws that protect private, sensitive information like location,” Coons and Franken wrote.

New York Democratic Senator Charles Schumer joined the fray today, characterizing OnStar’s move as a “brazen invasion of privacy” and calling for the Federal Trade Commission to investigate whether OnStar’s actions constitute an unfair trade practice under Section 5 of the Federal Trade Commission Act. Schumer characterized OnStar’s move as a “brazen, almost unheard-of invasion of the privacy of potentially millions of drivers.”

OnStar is under no obligation to respond to the Senators’ questions or statements, and there’s no word yet on whether FTC chairman Jon Leibowitz will take up Senator Schumer’s call for an investigation. The United States Government owns more than one quarter of OnStar.

What’s at risk for consumers?

OnStar has more than six million customers, and the OnStar system is factory-installed in myriad vehicles from General Motors and other manufacturers through a licensing arrangement: Licensees include Volkswagen, Audi, Acura, Subaru, and Isuzu. The first systems were available in selected 1997 model year vehicles—meaning OnStar systems have been on the market for nearly 15 years. Only systems from about 2003 onward can still be used with the current OnStar service—OnStar setups from 2003 through 2005 can only be used by way of a separately-installed analog adapter for their now-antiquated cellular gear.

OnStar customers may be able to opt out of tracking—if they pay attention to their email and read the fine print. It’s not at all clear how buyers of second-hand OnStar-equipped vehicles—whether used cars, former fleet vehicles, or what-have-you—would have any way of knowing whether data collection was active. Certainly, OnStar would have never acquired those drivers’ consent to tracking and collection of their personal information.

Similarly, OnStar tracking is on a vehicle-by-vehicle basis, not a driver-by-driver basis. Although some parents really like the idea of being able to keep track of their teens, OnStar doesn’t have tracking consent everybody who might use a car, whether that be family members, employees of a particular company, or just a friend lending a hand by moving a vehicle—with permission, of course.

Perhaps more significantly, however, recent research has shown that anonymizing highly personal data—like a user’s habitual routes and locations—can be extraordinarily difficult, if not impossible. Even if OnStar removes information from its data streams like vehicle identification numbers, fuzzes GPS data to within (say) a few hundred meters, and provides only rounded times (say to the nearest hour) rather than precise timestamps, it would still be possible to determine most drivers’ habitual routes—and determine when they varied significantly from those habits. (See Gruteser and Hoh, On the Anonymity of Periodic Location Samples, for example.) Furthermore, recent security breaches and hacking incidents have demonstrated that even if a particular data source is well-anonymized, that data can be correlated with other data sets to get a surprisingly complete picture of many individuals, effectively “de-anonymizing” the data—see Paul Ohms’ The Broken Promises of Privacy (PDF).

OnStar is also subject to U.S. law enforcement. Law enforcement agencies or courts could require OnStar to disclose location information in much the same way courts can require phone companies, mobile operators, and ISPS to turn over communications records.

Basically, unless OnStar is particularly clever—or renders the data near-useless to its likely customers—the information they plan to collect from drivers is likely to be enough to specifically identify many drivers. And—particularly in the case of used vehicles—drivers may have no idea (and no way of knowing) they’re being tracked.

What about other GPS-equipped vehicles?

OnStar is not the only system capable of tracking a vehicle’s location and activities: BMW Assist, Lexus Link, Toyota/Lexus Safety Link, eCall, Chevrolet MyLink, Ford Sync, LoJack, and other systems all offer varying telemetrics, mobile communications, and location tracking capabilities. If OnStar is successful in continuing to collect location and telemetric information about vehicles even after customers have canceled service (and potentially sold their cars to unsuspecting third parties), other system providers will be under pressure to do the same thing in order to remain competitive with OnStar—and, of course, tap in to new revenue from sales of location information. In other words: If OnStar can push this through, expect every other “connected” car system to do the same thing.

Geoff Duncan
Former Digital Trends Contributor
Geoff Duncan writes, programs, edits, plays music, and delights in making software misbehave. He's probably the only member…
EVs may produce more emissions during manufacturing, but they quickly catch up
european cars getting bigger engines emissions car pollution smog

Electric vehicles are here in full force, and while they're still more expensive than their gas-powered counterparts, prices are slowly, but surely coming down. In fact, EVs are likely to be just as affordable as internal combustion engine (ICE) vehicles in the next few years. But like anything, there are pros and cons to buying an EV over an ICE vehicle. For example, on average, it's cheaper to charge an electric vehicle than to fill the gas tank of an ICE vehicle -- not to mention the lower costs of maintenance.

At face value, having a smaller impact on the environment is also a tick in the EV column. But as many have been rightfully pointing out, the impact that EVs have on the environment is a little more complicated than the simple fact that they're not using gasoline and themselves emitting carbon dioxide. For example, what about the emissions involved with manufacturing an electric vehicle compared to a gas-powered vehicle? What about the materials in those huge batteries?

Read more
Used EV prices are falling quicker than those of gas cars, and that’s good
2022 Hyundai Ioniq 5 Limited AWD rear end side profile from driver's side with trees and a metal fence in the back.

Let's face it. Electric vehicles are getting cheaper, but they're still expensive, with so-called "budget" models still costing north of $35,000. That, however, really only accounts for new electric vehicles -- and it turns out that used ones are getting much more affordable. In fact, a new report suggests that the price of used electric vehicles is falling much quicker than that of gas counterparts.

I get it -- the concept can be scary. New EV buyers certainly don't want to find that their shiny electric vehicles are worth so much less after just a few years. But, in the grand scheme of things, this is actually a good thing.
The numbers
The report from iSeeCars notes that while in June 2023, average used EV prices were 25% higher than used gas car prices, by May 2024, used EV prices were 8% lower. That's a pretty dramatic change.

Read more
Bentley Continental GT and GTC Speed get performance boost as plug-in hybrids
Front three quarter view of the new Bentley Continental GT Speed coupe.

A few years ago, Bentley set off on a path to electrification that was paved with plug-in hybrids and added models like the Bentayga Hybrid to its lineup. However, that path was more of a parallel side road, with plug-in hybrids augmenting the lineup rather than replacing traditional gasoline-only models. Now they're heading for the fast lane.

Unveiled Tuesday, the fourth-generation Bentley Continental GT Speed coupe and GTC Speed convertible are the most powerful Bentley road cars ever — and they're plug-in hybrids. These performance models herald a new era for the Continental GT, Bentley's signature vehicle, along with its GTC convertible variant.

Read more