Is General Motors Working with the NSA to Snoop on Auto Owners?

Mary Barra, the embattled CEO of General Motors, currently embroiled in a recall scandal, is also on the Board of NSA surveillance contractor General Dynamics. Specifically, General Dynamics is the contractor helping the NSA process recorded phone calls going in and out of the Bahamas:

Though it is not the “access provider,” the behemoth NSA contractor General Dynamics is directly involved in both MYSTIC and SOMALGET. According to documents, the firm has an eight-year, $51 million contract to process “all MYSTIC data and data for other NSA accesses” at a facility in  Annapolis Junction, Maryland, down the road from NSA’s  headquarters. NSA logs of SOMALGET collection activity – communications between analysts about issues such as outages and performance problems – contain references to a technician at a “SOMALGET processing facility” who bears the same name as a LinkedIn user listing General Dynamics as his employer. Reached for comment, a General Dynamics spokesperson referred questions to the NSA.

A couple years ago, GM’s remote safety service OnStar got into trouble over privacy concerns for both tracking physical location of vehicles and for collecting/selling consumer data to marketers, all while the federal government was a majority shareholder of the company. Apparently, even if you cancel OnStar, their privacy policy allows GM to continue tracking your vehicle by default:

“What’s changed [is that if] you want to cancel your OnStar service, we are going to maintain a two-way connection to your vehicle unless the customer says otherwise,” Denison said in a telephone interview.

The connection will continue, he said, to make it “easier to re-enroll” in the program, which charges plans from $19 to $29 monthly for help with navigation and emergencies. Canceling customers must opt out of the continued surveillance monitoring program, according to the privacy policy.

GM is also among other car makers looking to provide native 4G wireless capability in new vehicles, complete with touch screens and app stores:

GM says it expects to sell 4G-equipped 2015 Chevrolets and other models starting in June. Many other car makers, including Ford and Toyota, are following suit, both in the U.S. and worldwide, using partnerships with wireless carriers to deliver the connectivity.

By providing apps, car makers see an opportunity for product differentiation and steady revenue streams. They also suggest that connectivity can lead to new safety features, and that using these on board services will be safer than furtively glancing at phones.

GM sent out a release a couple weeks ago about OnStar and its Crisis Assist service. They’re apparently planning to offer every GM owner Crisis Assist service during this year’s hurricane season — by default — regardless of individual subscription plan. In all cases, the sales pitch to consumers is “do this for safety purposes.” But on the back end, the technological changes put more people on more devices in front of NSA’s prying eyes — the same NSA that’s paying a company, where GM’s current CEO is on the Board, millions of dollars to process dragnet-recorded phone calls.

Recall from the Brian Williams exclusive with Snowden:

Former National Security Agency contractor Edward Snowden says the U.S. government has the capability to remotely turn on a targeted cellphone and then secretly activate the device’s camera and microphone.

The NSA, the Russian intelligence service, the Chinese intelligence service, any intelligence service in the world that has significant funding and a real technological research team can own that phone… as soon as you turn it on, it can be theirs,” Snowden said. “They can turn it into a microphone, they can take pictures from it, they can take data off of it.

He did clarify, however, that such surveillance is “typically done on a targeted basis.

When asked by Williams if the government could turn on a phone remotely if it’s off, Snowden said “yes.”

If that’s true, can the NSA turn on or tune into a political dissident’s 4G-powered General Motors car whenever they want, and listen to or record conversations? Here’s what the GAO just put out a in a report on mobile technology in automobiles. From the report summary:

While consumers can benefit from location-based services, their privacy may be at risk when companies collect and share location data. For example, in both reports, GAO found that when consumers are unaware their location data are shared and for what purpose data might be shared,they may be unable to judge whether location data are shared with trustworthy third parties. Furthermore, when location data are amassed over time, they can create a detailed profile of individual behavior, including habits, preferences, and routes traveled–private information that could be exploited. Additionally, consumers could be at higher risk of identity theft or threats to personal safety when companies retain location data for long periods or in a way that links the data to individual consumers. Companies can anonymize location data that they use or share, in part, by removing personally identifying information; however, in its 2013 report, GAO found that in-car navigation providers that GAO examined use different de-identification methods that may lead to varying levels of protection for consumers.

Companies GAO examined in both reports have not consistently implemented practices to protect consumers’ location privacy. The companies have taken some steps that align with recommended practices for better protecting consumers’ privacy. For example, all of the companies examined in both reports used privacy policies or other disclosures to inform consumers about the collection of location data and other information. However, companies did not consistently or clearly disclose to consumers what the companies do with these data or the third parties with which they might share the data, leaving consumers unable to effectively judge whether such uses of their location data might violate their privacy.

A story out in AutoNews reports, too, that Google is rolling out a new dashboard OS for automobiles.

Google’s system, which was known internally as Google Auto Link during development, will be the first product to emerge from the Open Automotive Alliance, a Google-led consortium that also includes Audi AG, General Motors Co., Honda Motor Co., Hyundai Motor Group and chipmaker NVIDIA Corp.

A lot of Silicon Valley companies provide consumers with “transparency reports” about the volume of government requests they get for user data, though Google’s reputation in this area isn’t the best. So here’s a list of questions someone should be asking:

  • Will GM make the similar disclosures to car owners when the government comes knocking for data?
  • Is GM, on its own, or through collaboration with General Dynamics, where its CEO is on the board, collecting data about consumers?
  • If so, what kind of data?
  • What rights do consumers have to examine or request deletion of their data from GM’s databases?
  • Remember that in late 2012, GM announced the insourcing of 10,000 IT jobs. How many were “big data” jobs?

GM is very protective of its new CEO, so they might argue “well, this isn’t Mary Barra’s fault, the 2015 units were developed under the previous CEO.” But guess who was a telecom and finance executive before running General Motors? Yep, former Obama-appointed CEO Dan Akerson who, guess what else, is not only back with Carlyle now, just a few short months after leaving GM because his wife had cancer, he said, but also recently joined the Board of NSA contractor Lockheed Martin?

Kind of makes you wonder to what extent GM was pressured by the federal government to turn cars into rolling cell phones — or if spying on people is just good business for shareholders. How many customers or citizens would be comfortable knowing all this stuff about GM and NSA overlap?


Please let us know if you're having issues with commenting.