In short, not only does OnStar currently track your vehicle’s speed and location but, under the policy linked above, they will continue to track this data and sell/give it to third parties even if you cancel your service unless you explicitly opt out (or disable the hardware).
“Big Deal” you say, we all use GPS all the time, we’re always tracked. No, in fact, you are not. Despite what you may think based on what you’ve seen in spy movies, GPS can’t track you. At its core, A GPS unit is a receiver only. It listens for signals constantly being broadcast to anyone listening by satellites in orbit around Earth. The GPS device figures out your latitude, longitude and altitude based on listening to not communicating with these satellites. GPS is a one way radio from satellite to your device.
Nothing about your location needs to be transmitted to anyone for your device to show you where you are. The data sent by each satellite is incredibly simple, basically, it’s a very precise and synchronized clock. Your devices uses the differences between when these clock signals arrive to calculate your location. By detecting relative delay, the GPS device calculates how far it is from each of the satellites it can ‘hear’ and using this math, it locates itself on the earth relative to the satellites. 299,792,458 metres per second is not just a good idea, its the law. Radio takes time to travel from space to your Garmin. A satellite is farther away, it takes longer, if it’s closer, it gets there quicker. If all the clocks are synchronized, the device can calculate your position based on listening to the signals of 4 or more of the 24 to 32 working satellites in orbit and comparing the timing against each other.
With GPS only ways your location are transmitted to anyone are:
• Your GPS device retrieves maps from some online provider in realtime. Google Maps, Yahoo Maps or somebody else and, in requesting these maps, tells the map-server where you are.
• Your device is OnStar or a system like it with features built in to it with the explicit purpose of telling the provider where you are. In OnStar’s case so they can mine the data and make you feel safer that if you crash and are unconscious, police and rescue can be sent because they detected the airbag going off. Now, if you have a cell phone and call 911, your cell phone will tell first responders where you are. (This is done according to this FCC rule) and can be done via cell tower triangulation and, theoretically, your phone broadcasting the GPS-derived location of your phone when you dial 911.
• Somebody has explicitly attached a GPS tracking device to you (or your vehicle) which passively listens to the GPS system and then actively transmits that location data it’s calculated to whomever is ‘bugging you’ with the tracking device.
There are lots of legitimate concerns about how smart phones and tablets and even your computer browser can send location information to the web sites (or ‘app’ back end servers) you connect to but those are unrelated to GPS tracking and OnStar and a topic for another post.
What should concern you about OnStar and other services that may work in a similar way (XM traffic and weather services perhaps?) is that your location at any given time is potentially very dangerous information when in the wrong hands.
Should the son-to-be-ex-spouse-under-restraining order have any possibility of buying this information? Should the police have any possibility of retrieving this information without a warrant? Should the burden of proof in a legal proceeding be shifted to a presumption of guilt if your phone or your car was found to be in a location you may have been nowhere near?