An opt-out system for police matching
It’s never easy to step back, take a deep breath, and admit you’ve made a mistake.
So The Legal Genealogist will give Family Tree DNA full credit for taking the first big move towards stepping up to the plate and doing just that.
The company announced yesterday that it has revised its terms of service, limited law enforcement access to its DNA matching system to only cases involving efforts to identify the remains of a deceased individual or a perpetrator of a homicide, sexual assault or abduction, and provided an opt-out system for all customers who are uncomfortable with the use of a genealogical database for police searches that doesn’t require them to give up the benefits of having tested.1
The announcement came after weeks of turmoil that followed the disclosure that FTDNA had quietly, without any advance warning to customers and without any notice being sent afterwards to customers, changed its terms of service to allow law enforcement agencies access to customers’ test results via its DNA matching system — and that such access had already taken place.2
The prior version of FTDNA’s terms of use had stated that users were not permitted to use its services “for any law enforcement purposes, forensic examinations, criminal investigations, and/or similar purposes without the required legal documentation and written permission from FamilyTreeDNA.”3 In that context, “required legal documentation” appeared to mean an appropriate court order or subpoena, issued with appropriate judicial oversight, especially when read in conjunction with the FTDNA Privacy Statement’s promise that personal information would be disclosed only “if we believe it is reasonably necessary to … comply with a valid legal process (e.g., subpoenas, warrants)…”4
But without warning or notice, the terms were changed to allow submission of a police crime scene sample if it was “obtained and authorized by law enforcement to either: (1) identify a perpetrator of a violent crime, as defined in 18 U.S. Code § (924) (e) (2) (B), against another individual, including sexual assault, rape, and homicide; or (2) identify the remains of a deceased individual…”5
The upshot was predictable: customers were outraged. Even those who don’t object to the use of their genealogical DNA samples to solve horrible crimes were outraged that they hadn’t been told, and that nobody who objected had an effective option. The only choice given was to opt out of all matching completely — in other words, give up all the benefit of the test folks had paid for.
FTDNA backpedaled after a few days and said it was listening to its critics as it rolled back the change in the terms of service.6
Yesterday, it started down the path to making things right by announcing major changes in its terms of service and privacy statement.7
The big changes are these:
1. The company has clarified that it will only permit law enforcement agencies, or those working on behalf of law enforcement agencies, to submit crime scene samples to the DNA matching system in cases of homicide, sexual assault, or abduction, or to identify the remains of a deceased person.8 That’s a vast improvement over the use of an almost-unlimited federal statute that included crimes that didn’t even require that anyone be harmed.
2. The company has greatly clarified its law enforcement practices, including what information it requires from police agencies before allowing them to submit a sample to the matching system. It has also stated, clearly and candidly, that — despite its best efforts — it can’t prevent law enforcement agencies from lying or trying to sneak a sample into the database without its knowledge. This is a level of candor and clarity that’s been sorely lacking up until now.9
3. The company now allows any user to opt out of law enforcement matching and has barred these test kits from joining Group Projects.10
This last bit is a good start. It’s not good enough, frankly, because — except for European Union users who were all opted out by the company and have to take action to opt in and allow police matching to their kits — for the rest of the world, it’s still opt out and not opt in.
The hitch of course is that informed consent can never be acquired by a “you consent if you don’t take action” system. Informed consent requires a clear affirmative act by the person giving consent — a fact the European Union knows well and has written into its General Data Protection Regulation (GDPR). That’s why FTDNA didn’t force EU users to opt out, but is giving them the right to use an opt in system. Anything else would violate the GDPR.
For the rest of us, we have to take action if we’re uncomfortable with police use of the matching system. And the reality is that huge numbers of FTDNA customers can’t opt out of police matching. Many are no longer alive to opt out. Some may have changed email addresses and won’t get notice they need to opt out. And many many people have their kits managed by cousins who won’t understand or act appropriately on the ethical duty to tell the test taker about the change and let each individual make his or her own decision.
So it’s not what it should be: an opt in for everybody, not just for customers from the EU.
But it’s a lot better than what it was — a take-it-or-leave-it-lose-your-test-benefit choice.
So… if you want to opt out, here’s how to do it:
1. Log in to your FTDNA account. (And yes, if you manage multiple accounts, you’ll have to log into each one individually.)
2. Use the dropdown arrow at the upper right, to the right of your name, to open the menu there and choose Account Settings.
3. On the Account Settings page, open the Privacy & Sharing tab.
4. Cursor down to the Law Enforcement Matching (LEM) section and slide the marker from the right, where it’s blue, to the left, where it will turn grey.
Understand, now, for new customers — from anywhere including the EU — the opt-in or opt-out choice is for matching, period. As of now, anyone who signs up for an account and tests or transfers data in from another testing company will only be asked to opt in to matching, and then has to affirmatively act to opt out of types of matching, with police-generated kits.
So if you opt in to matching at all, you are automatically opting in to law enforcement matching. This is suggested by the consent form presented at sign-up, but really isn’t all that clear.
It’s better if you don’t agree to matching at the outset and have to turn it on, because all matching is greyed out until you turn it on and then law enforcement matching appears — still turned on automatically, but with more visual cues that you may be agreeing to something you don’t want to agree to.
Good first step. Not as good as it could be or as it should be, since informed consent really does require a clear affirmative act, and can’t be done by a system of “we think you consent because you didn’t do anything.”
But so much better than it was.
SOURCES
Cite/link to this post: Judy G. Russell, “A good start by FTDNA,” The Legal Genealogist (https://www.legalgenealogist.com/blog : posted 13 Mar 2019).
- See “Updates to our Terms of Service and Privacy Policy,” FamilyTreeDNA email to customers, 12 Mar 2019. ↩
- See generally Judy G. Russell, “Opening the floodgates,” The Legal Genealogist, posted 1 Feb 2019 (https://www.legalgenealogist.com/blog : accessed 12 Mar 2019). ↩
- December 2018 version, Paragraph 6(B)(xii), “Your Use of the Services: Requirements for Using the Services,” in “Terms of Service,” FamilyTreeDNA (https://www.familytreedna.com/ : accessed 1 Feb 2019). ↩
- Paragraph 5D, “How FamilyTreeDNA shares your information: For Legal or Regulatory Process” in “FamilyTreeDNA Privacy Statement”, FamilyTreeDNA (https://www.familytreedna.com/ : accessed 1 Feb 2019). ↩
- February version, Paragraph 6(B)(xii), “Your Use of the Services: Requirements for Using the Services,” in “Terms of Service,” FamilyTreeDNA (https://www.familytreedna.com/ : accessed 1 Feb 2019). ↩
- “A letter to our customers,” FamilyTreeDNA email to customers, 3 Feb 2019. ↩
- See “Updates to our Terms of Service and Privacy Policy,” FamilyTreeDNA email to customers, 12 Mar 2019. ↩
- See “FamilyTreeDNA Law Enforcement Guide,” FamilyTreeDNA (https://www.familytreedna.com/ : accessed 12 Mar 2019). ↩
- Ibid. ↩
- See Paragraph 5(E), “How FamilyTreeDNA shares your information : Law Enforcement Matching (LEM),” in “FamilyTreeDNA Privacy Statement,” FamilyTreeDNA (https://www.familytreedna.com/ : accessed 12 Mar 2019). ↩
I wonder if there is a technical way to continue to participate in a Y-DNA surname study, while also opting out of law enforcement matching? Do Y group administrators have the ability to add STR data from an external participant who did not get that data through FTDNA? Or making opt-in, opt-out specific to type of test?
You can participate in a Y-DNA surname, geographic, or haplogroup project while opting out of law enforcement matching. You can agree to have your pseudonymized information displayed on the public page while opting out of any matching. The two functions are separate. (I wouldn’t recommend opting out of regular matching while in a project, but you do have that option.) You can also choose not to share your results on the public pages.
It is up to the administrator whether he or she accepts outside tests, though only FTDNA data can be displayed on public pages. Some do and have a separate website. Some do and keep the information themselves. Others don’t accept anything but FTDNA data.
If you have other specific questions about group participation, you can email groups[at]ftdna[.]com and the Group Projects team, which I manage, will be happy to answer your questions. (It may take a day or two right now because we have a backlog, but we’ll answer!)
I’m confused! – does separate matching & LEM settings mean you can continue to get cousin matches but opt out of LEM searches, at least those agencies who go through FTDNA channels?
This provides more options than what I thought originally proposed, which sounded like only 2 choices then: either you got matches (and LEM searches), or proposed opt-out to avoid LEM searches would also remove you from cousin searches?
It is stated that “3. The company now allows any user to opt out of law enforcement matching and has barred these test kits from joining Group Projects.1” What if the kit is already in a private group project?
Judy,
Any thoughts on the FamilyTreeDNA Citizen’s Panel? It looks like at least one individual on the panel has a financial relationship with FamilyTreeDNA, which may have influenced that individual’s public approach to the controversy.
These are all good folks, and as long as any relationship is disclosed I’m not concerned about conflicts.
What types of relationships should require disclosure, in your opinion?
There are general rules on conflicts of interest which generally require disclosure when an individual’s financial or other interests interfere, or appear to interfere, with the individual’s duty to act independently and objectively for some other purpose.
I was very heartened to have gotten the email about the updated policy. However, after such a blunder by FTDNA to begin with, I’m not quite chomping at the bit to jump back into their pool. I’ll be waiting to see how it plays out, but I definitely think it’s a step in the right direction.
I’ve also decided to adopt a “wait and see” approach. After the way FTDNA has behaved (and especially their attempt to strong arm reluctant customers into complying with the company’s wishes by the use of shaming tactics) I am not sure FTDNA can be trusted to listen to the advice of the new citizen advisory council.
I also feel very strongly that LEM should be on an opt-in with informed consent based upon full disclosure required, as with every other research program or group project, rather than opt-out, especially when it comes to deceased customers who are no longer in a position to change the privacy setting that they selected for their accounts under the protection of the privacy policy in effect when they made their decision to opt-in to matching for purposes which excluded forensic matching.
I completely agree that this should be opt-in, but am glad to see even this much of a change as a good start.
Agree totally. I’m glad to see any movement at all that indicates the company is listening to its customers’ concerns and I hope the change of attitude is genuine and will stand the test of time.
It’s a good start — it doesn’t go far enough, because it’s still not ensuring informed consent, but it’s a start.
Interestingly, it looks as if they’ve already adopted an “opt-in” policy for their European customers (who are covered by the EU’s GDPR regulations).
Only for current EU customers. Future customers (from everywhere) will only be asked to opt-in to matching, and then will have to opt out of any kind of matching (such as law enforcement).
I only see that “users flagged as a resident of the EU whose account was created prior to March 12, 2019 are automatically opted out of law enforcement matching…” Every user who creates an account March 12th and later will be automatically opted in to law enforcement matching–doesn’t matter where you live. Is this correct?
Sorry. I see you did address this. And it is correct.
Yep, that it is.
I’m with Theresa and G. The opt-out of law enforcement matching was enough for me to turn matching back on for one kit I manage, because it’s part of a group project where I know the administrator, but with her advice, I left speculative matching off. Matching is still off for the other two kits, to be turned on only when I’m actually on and using the FTDNA site. I will not be uploading any more raw data from other companies, nor purchasing any more kits from this company. They have destroyed my trust in them, and I don’t want to see them profit from me any more than they already have.
What about the other testing companies??
Ate they in the automatic LEM or no matching at all mode?? What about their EU customers??
No LEM matching at all at the other companies although, again, no-one can guarantee that a law enforcement agency will not try to sneak a sample into the database without disclosing it.
Thank you very much, Judy, for alerting us to the legal and constitutional issues involved in forensic genealogy’s use of our DNA tests. It is regretable that FTDNA did not solicit discussion by its users BEFORE changing its policies. Perhaps others will find the following web page with its links useful for illustrating the broad context of the issue (I did.): https://parabon-nanolabs.com/news-events.
Unfortunately, the Parabon page isn’t much of a “broad context.” It shows one side of the issue — and doesn’t even touch on the problems of individuals who were wrongly identified during the investigative process, and they and their families terrified, by a use of their data to which they never consented. (This happened, for example, during the Golden State Killer investigation and is bound to happen with some regularity.)
What would happen if a police agency violates the new FTDNA terms of service and privacy policy by sneaking in a crime scene sample, and that sample matches someone in the FTDNA database? First, can the police agency be held legally liable in any way simply for violating the policy? I assume that FTDNA would have to sue the police agency. If so, what would a likely outcome be? And if there is a match with someone who opted out of Law Enforcement matching, can the police agency still force cooperation with such a person, even though the agency violated the FTDNA policy? Would such a person have legal standing to sue the police agency? Would the only recourse available to such a person involve hiring a lawyer and going to court?
The problem is … we just don’t know. The whole thing has never been tested in court (yet) and we have no idea how this would or could be handled or how a court might resolve it.