Read it for yourself: https://mailchi.mp/familytreedna/letter-to-customers
Here’s my take:
Family Tree is still allowing law enforcement use of its DNA matching services (which provides access to data on thousands of matching customers’ names, emails, segment data, family trees and more out to the distant cousin level for any crime scene sample submitted) without consent of the other users, and opting out being the only way to prevent it.
But … at least there’s some hope of a change here because there’s at least some recognition that the natives are restless — customers are not uniformly happy about giving up access to any of their information to law enforcement without court orders under appropriate judicial oversight.
I’ve taken advantage of testing with one DNA company then uploading the raw dat to others. I fear news like this will force companies to remove the functionality of uploading raw data. If only they could change the upload feature to only accept legitimate files from other DNA companies. Then again, the FBI could probably replicate any file identifiers.
I’m turning off matching for the three kits I have there. I am angry because I paid a lot of money for yDNA and mtDNA testing for two of them. I’m also angry because I participate in a number of projects, and I’m guessing they won’t be able to access my matches either. I am furious I paid for something I can’t use. I was going to upload my aunt’s recent results, but that’s not gonna happen at this time. Nothing happens until this is resolved as opt-in for law enforcement sharing.
Yeah, I received the email. I already opted out and will keep it that way until the situation becomes more clear. Not a happy customer!
Yes, that is better. I opt for an opt option. I hope they do as well.
Understand that nothing has changed except the language has been rolled back. Law enforcement is still allowed to submit a kit from a crime scene sample for pretty much any felony case and have access to info on thousands of matching customers — their names, emails, segment data, family trees etc. There’s hope, but for the short term nothing substantive has changed.
Yes, I did notice. Matching is opted out for me and the kits I manage right now.
I’m reeling from this and may just take up knitting as my new hobby. My cats would enjoy that.
Bennett Greenspan’s statement changes nothing. The trust is broken with FamilyTreeDNA and we have no TOS or Privacy Statement with the FBI or another other law enforcement entity that has used or will use the website by legal means or by stealth now or in the future. I’m wondering about the rights of all the minors in FamilyTreeDNA’s database from infants to seventeen year-olds. Their rights were usurped by their parents or grandparents on the mere whim of parental curiosity. Their DNA will be swept up into the FBI database if it is shown as a familial match to a suspect and eventually into other law enforcement databases. Who is there to prevent the use of the DNA of minors? Certainly Greenspan has not segregated that DNA from law enforcement inspection.
The 2 questions that I have from the letter are: 1) Does anyone know what “other companies” have been allowing lab generated DNA profiles purported obtained from crime scenes to be loaded into their (genealogy community) databases? We know of GEDmatch. That’s one. Who are the others?
2) It appears that FT DNA is only “committing” to allowing crime scene/lab generated profiles that come from their lab (under genebygene)? I don’t see that they would allow known LE DNA profiles from other labs.
Thinking it’s time for a new hobby, too. It’s way too time consuming to keep track of who protects their customer’s DNA when submitted for “hobby” (or genealogical) purposes to those who welcome accept it for other purposes — however noble they may appear to be.
This attempt at “spin control”, with BG trying to cast the issue as a “communication problem”, IMO is in itself extremely offensive.
PS Your website has a seriously annoying issue, when I neglected to check the checkbox (it’s easy to miss!) it displayed an error message on a new page AND DELETED EVERYTHING I HAD TYPED. Not cool!
I used FTDNA’s contact information to send an email indicating my displeasure. I also suggested an “opt in” option. Perhaps if they receive enough individual messages, something will change for the better.
i have just responded to Mr. Greenspan’s “Open Letter” with a suggestion of what appears to me to be the only adequate remedy that will make his cusromers whole, as follows:
Dear Mr. Greenspan,
Following up my previous message from earlier today….
I have just seen a copy of an “open letter” to FTDNA’s customers dated February 3, 2018 which claims that the following language from your GDPR version of the Terms of Service issued last spring should have been enough to alert your customers that you were voluntarily allowing law enforcement agencies to use the FTDNA matching service more or less on demand:
“You agree to not use the Services for any law enforcement purposes, forensic examinations, criminal investigations, and/or similar purposes WITHOUT THE REQUIRED LEGAL DOCUMENTATION and written permission from FamilyTreeDNA” [emphasis added]
I do not believe most people would interpret “the required legal documentation” to mean the purchase of a kit and submission of basic information to open an account,in a fake name, as you seem to do. I believe most people would have understood the import of those words to mean the presentation of a valid court order or subpoena indicating that the request had been reviewed by a judge and found to be necessary and proper under the circumstances of the particular case. That is certainly what I understood it to be saying, especially in conjunction with the overall thrust of the Terms of Service when taken together with the Privacy Policy and the FTDNA Law Enforcement Guidelines. as they then existed. I certainly did not give informed consent to this new policy and absolutely had an expectation that FTDNA would protect my privacy by requiring the presentation of a valid court order or subpoena before allowing the FBI (or any other law enforcement or government agency) to intrude upon the FTDNA matching system.and gather information about your customers
I would like to know exactly how many samples have been submitted by the FBI (or any other law enforcement or government agency) since this new policy was implemented, and exactly how many times law enforcement agencies have downloaded a set of matches from the system in csv from? FTDNA should immediately disclose detailed information to each customer whose data was viewed or downloaded. In addition, all copies of these matchlists should be surrendered and purged as the results of an illegal search and seizure in violation of the provisions of the US Constitution.
My ancestors put their lives on the line to fight for that right on Bunker Hill, Brooklyn Heights, at Throgs Neck and White Plains, and Trenton and during the political battles surrounding the ratification of the Constitution and Bill of Rights. it is just as precious to me as it was to them.
That was an absolutely wonderful letter. Spot on!
Thank you, Theresa . I’m glad you think my idea makes sense.
I figure that if FTDNA’s database had been hacked or accidentally exposed despite the company’s best efforts to protect it, then the company would have been required to send a detailed disclosure statement to all customers whose data (such as their names and associated email addresses) was potentially at risk. From the perspective of FTDNA’s customers, who were deprived of any opportunity to opt out of the matching system before the new law enforcement program was put into effect, because of the company’s failure to notify them of the change in policy, this situation is the same as an accidental data breach, except for the sole fact that it wasn’t an accident, but a deliberate act on the part of FTDNA that resulted in their personal information being exposed . So there doesn’t seem to be any reason why FTDNA’s customers should not be entitled to the same type of full disclosure after the fact that they would have been entitled to in the event of an accidental data breach.
And since the recipient(s) of the data in this case are known, it is possible to go one step further and retrieve the information that was actually transferred. I would think that in order to avoid tainting any evidence found through the new law enforcement program, the company and the FBI would be wise to do this and might also want to consider suspending the operation of the program briefly while FTDNA conducts a do-over that will properly secure truly informed consent from those customers who wish to particpate in it
Said it before and will say it again, FTDNA is hurting the company’s reputation. Am sure no one will sign up now for the testing services. If they do, they probably do not know what is going on with respect to “big brother” gaining access to THEIR data-its not the Government’s Data!
Having read FTDNA’s Guidelines for Law Enforcement, it appears there are a number of conflicts between the statements and procedures of that guide and the latest statements and changes in terms of service as reported by Mr. Greenspan. It appears to me that the latest changes provide the FBI and any other law enforcement or government agency with a method to obtain information without having to comply with the written guidelines which mention repeatedly the requirement for a subpoena or search warrant from the appropriate authorities for the release of any information. “…we EXPECT the FBI and law enforcement agencies to let us know when they submit something to our database” is weak language. [All Caps added for emphasis.] An expectation is hardly a requirement. The statement “We’ve received an incredible amount of support from those of you who believe this is an opportunity for honest, aw-abiding citizens to help catch bad guys and bring closure to devastated families” is a slap in the face of those who disagree. Mr. Greenspan insinuates that those of us who disagree with the actions taken by FTDNA are not honest and law-abiding citizens. His letter was a disingenuous attempt to justify what was and is a very poor decision. Law enforcement, of all people, should do their jobs within the constraints of U.S. law and the U.S. Constitution.
I’ve got the same letter as an answer to my questions about GDPR compliance. Instead of listening to the ringing bells, they treat their customers as idiots.
The letter from Mr Greenspan doesn’t give so much hope either. It is like – no, no, everything is just a lie and misunderstanding. LE has no free access – they just what you can see! They just must give subpoena if they what to see more!
LE could always upload data to different sites, we knew it and that’s why customer privacy is so important to us. But why do let LE just come in and scream about privacy?
I still see a difference in TOS of May and TOS of December – May TOS implies some paperwork before coming in the database and see matches. I cannot understand the logic behind – we have updated TOS according to GDPR which demands very strict, controlled and protected processing of genetic data. Now, what, you dislike the new TOS, we can revert it, “although nothing changed in the actual handling of such requests.” How GDPR compliant is the actual handling then?
I don’t see any hope for a change in this letter. LE is in, like it or not.
So all of us are unprincipled lawbreakers if we do not take up Mr. Greenspan’s offer of “…an opportunity for honest, law-abiding citizens to help catch bad guys….” A really poor strategy, and choice of words, trying to shame customers into compliance.
I thought I signed off on my DNA being private the moment I handed it over to a DNA testing company. Am I the only one that thought this? I don’t get what the uproar is about between with FTDNA and GEDmatch. I’ve been trying to understand everyone’s perspective but gosh, I must be an idiot.
Nope, you just have a different view of privacy than some others, and that’s fine. You’re allowed to make your own choice. What neither you nor FTDNA can do, however, is make that choice for everybody else. That’s why I’m asking FTDNA to make this opt in (your choice can be honored, no problem) not opt out (my choice can’t be honored with my giving up the entire value of the tests I’ve paid for over the years). It’s all about choice here.
As I see it, FamilyTree DNA took advantage of its customers by changing Terms Of Service without notice, sharing data with law enforcement when it said it would not, rolled back its TOS language with a pseudo-denial and halfhearted apology, and continues to share data with law enforcement.
FTDNA says they treat law enforcement like other customers and honors a user’s decision to opt out of data sharing. Opting out largely defeats the purpose of genealogical DNA testing and may not prevent FTDNA from misusing customer’s data. Having broken trust once, I see no reason why FTDNA might not do so again.
A customer’s only recourse to this type of behavior is to contact FTDNA customer service, request that all your data be deleted, and hope they really do it.
It is time for the genealogy community to unite and boycott FTDNA and all other firms that are not trustworthy conservators of our data.
I wrote a long comment here but could not submit it because it disappeared when I clicked on the “Privacy Policy” link so I could check the required box below. Please tell your website people that is very bad programming! I do not have the time or inclination to re-write the comment.
FWIW – privacy is mostly an illusion these days. All this outrage is unwarranted. Google anyone and you can find out everything about them by paying any of multiple companies a small fee. Law enforcement does not need ftdna to obtain your personal information. Law Enforcement cannot use your ftdna results for anything except possibly asking you a few questions.
Since this is a one-person show, I’ll take your programming comment under advisement. But since “everyone knows” you can get everything from Google, I submit that “everyone knows” a long comment should be written offline and then copy-pasted to prevent just that sort of problem.
What about other government’s law enforcement agencies?
So far, FTDNA has only spoken about cooperating with the FBI, but they process DNA kits for those in Europe, I believe? Will they welcome MI6 with the same open arms? I have reservations about allowing my own people’s cops to peek at my DNA, but I have even greater concerns about allowing a foreign power access to the same.
Would other countries have the same warrantless access to FTDNA’s database? Another commenter on the previous post pointed out the potential tracking of those with Jewish ancestry, and there are nations today that would have compunctions about using such data.
That’s just with the mastery of genetics we currently possess, as science advances there are further challenges. Anyone who’s studied behavioral genetics knows that a predisposition to, say, embrace an authoritarian leadership, is influenced by genetics. A totalitarian country with access to this kind of data set could use it to determine who to let in or out of the country, who to promote to higher office, etc. And that’s not even considering the obvious worst-case scenarios.
I, personally, have no issues with law enforcement using my DNA for catching criminals. But, I come from a law enforcement background and my heart lies with victims and their families. If I hadn’t already tested, I would offer to, if it would assist in catching criminals. I know I’m the rebel here, but that’s how I feel.