Select Page

Looking at the alternatives

by | Feb 10, 2019 | DNA | 29 comments

DNA companies take a stand on police access

The news that Family Tree DNA (FTDNA) had allowed law enforcement to submit crime scene samples into its testing database to search for the identities of suspects without a court order has rocked the genealogical community.

DNA security

First disclosed by news media at the beginning of this month, the access allows a police agency to submit a sample and thereby gain access to the names, email addresses, profile data, family trees, and matching DNA segment data for all of the other persons in the database who match the sample kit, out to the distant cousin level — potentially thousands and thousands of people.1

The Legal Genealogist won’t belabor the problems inherent in this, but emphasizes:

1. It was begun without specific notice to customers under terms of service language that prohibited law enforcement use of the testing database without “required legal documentation”2 — a phrase that any reasonable customer would have believed meant a court order, especially since the Privacy Statement promises that personal information (defined as much that sort of name, address, profile data etc. info now being disclosed to police) will be disclosed only “if we believe it is reasonably necessary to … comply with a valid legal process (e.g., subpoenas, warrants)…”3

2. Despite a commitment to “notify (customers) via email of any changes or additions”,4 the terms were changed without notice at some still-unspecified time late in 2018 or early 2019 to allow police to submit samples related to any crime “defined in 18 U.S. Code § (924)(e)(2)(B).”5 That statute isn’t limited to rape and murder — the crimes cited by FTDNA — but extends to crimes even if no-one is actually harmed, reaching any crime involving “the use, attempted use, or threatened use of physical force against the person of another … or … conduct that presents a serious potential risk of physical injury to another.”6

3. Everybody who’d already tested at FTDNA when these changes were made was automatically opted in to allowing access — and the only way to opt out is to opt out of matching completely,7 thereby giving up most of the essential benefits of having testing with FTDNA in the first place.

The uproar over the changes caused FTDNA to roll the terms of service back to the May 2018 version,8 but the company to date has not backed off its view that a court order is not required despite the “required legal documentation” language of those terms.

In other words, as of right now, law enforcement may still submit crime scene samples to the testing database without a court order, and there’s no way out for customers except to opt out of matching.

Now the company is currently saying in emails to customers that: “We are listening to our customers and considering additional options.”9 We can hope that, soon, the company will change its system to an opt-in system so that those who want to assist law enforcement can, and those who don’t want their personal information disclosed don’t have to allow it.

But what do we do in the meantime? We as genealogists still want to use DNA as one of the tools in our research. What are the other testing companies saying about law enforcement access to their testing databases? Is any other company allowing the police to submit crime scene samples and search for suspects or suspects’ family members among those who have tested without requiring a court order?

Here’s what each company is saying:

23andMe: “We will not provide information to law enforcement or regulatory authorities unless required by law to comply with a valid court order, subpoena, or search warrant for genetic or Personal Information.”10 “23andMe will never release your individual-level Genetic Information and/or Self-Reported Information to any third party without asking for and receiving your explicit consent to do so, unless required by law.”11 An article in GenomeWeb quoted the company’s chief legal officer as saying “we will not voluntarily work with law enforcement, and use all legal means to safeguard our customers’ data.”12

AncestryDNA: “(W)e do not share your Genetic Information (as defined in the Privacy Statement) with employers, insurance providers, or third-party marketers without your consent, and will not share your Genetic Information with law enforcement unless compelled by valid legal process as described in our Privacy Statement.”13 “If we are compelled to disclose your Personal Information to law enforcement, we will do our best to provide you with advance notice, unless we are prohibited under the law from doing so.”14 Note that personal information is defined to include even a customer’s name and email address.15 The GenomeWeb article quotes an Ancestry spokesperson as saying that “Ancestry … does not voluntarily cooperate with law enforcement.”16

LivingDNA: David Nicholson, co-founder and managing director of LivingDNA, stated in a email exchange that: “we do not allow Law Enforcement to access our database (without a) warrant… we will act in accordance with the law but we do not freely open up our database to any 3rd party.”17

MyHeritageDNA: “(U)sing the DNA Services for law enforcement purposes, forensic examinations, criminal investigations and/or similar purposes, without a court order and without prior explicit written permission from MyHeritage, is strictly prohibited. It is our policy to resist law enforcement inquiries to protect the privacy of our customers.”18 In addition, Gilad Japhet, CEO of MyHeritage, stated in an email exchange: “While we are in favor of doing justice and putting criminals in jail, this is not what MyHeritage was created to do and we will not sacrifice our mission and transform our service into something else for that purpose. We are a consumer platform meant to allow users to discover, preserve and share their family history. We are not a crowdsourced crime-fighting platform. We strongly believe that consumers who purchase DNA kits are not doing so with blind consent for law enforcement use that affects not only them but all their blood relatives, and that consumers should be given a choice and provide informed consent about what is to be done with their DNA data.”19

All of the companies make it clear that they must provide access to information if they are ordered to do so by a court as, for example, with a search warrant. So no company’s testers can ever be 100% guaranteed some of their data won’t end up with the police. However, MyHeritage’s Japhet said, for his company: “Our intention is to resist to the best of our ability. That means that anything that we can legally challenge or contest, we’ll do so to the max until we prevail or are forced by court to comply.”20

So there are alternatives for those who prefer to work with a company that emphasizes their privacy first and foremost over any law enforcement agency. Examining the terms of use and privacy commitments of the companies is the place to start.

And who knows? Maybe one day soon — very soon, we can hope — FTDNA will be back in that fold.

Cite/link to this post: Judy G. Russell, “Looking at the alternatives,” The Legal Genealogist (https://www.legalgenealogist.com/blog : posted 10 Feb 2019).

SOURCES

  1. This is not an exaggeration. One of the kits I manage at FTDNA has more than 18,000 matches. The smallest number of matches to any of my kits is roughly 1400.
  2. May 2018 version, Paragraph 6(B)(xii), “Your Use of the Services: Requirements for Using the Services,” in “Terms of Service,” FamilyTreeDNA (https://www.familytreedna.com/ : accessed 1 Feb 2019).
  3. Paragraph 5D, “How FamilyTreeDNA shares your information: For Legal or Regulatory Process” in “FamilyTreeDNA Privacy Statement”, FamilyTreeDNA (https://www.familytreedna.com/ : accessed 1 Feb 2019).
  4. Paragraph 15,“Terms of Service,” FamilyTreeDNA.
  5. Version in effect as of 1 February 2019, Paragraph 6(B)(xii), “Your Use of the Services: Requirements for Using the Services,” in “Terms of Service,” FamilyTreeDNA (https://www.familytreedna.com/ : accessed 1 Feb 2019).
  6. See 18 U.S.C. §924.
  7. Hapner Hart Media on behalf of Family Tree DNA to Judy G. Russell, email, 1 Feb 2019.
  8. Bennett Greenspan, “A letter to our customers,” posted 3 Feb 2019.
  9. FTDNA to (Name withheld for privacy), email, 8 Feb 2019, copy provided to Judy G. Russell.
  10. Privacy Highlights,” 23andMe.com (https://www.23andme.com/ : accessed 10 Feb 2019).
  11. Paragraph 13, “Terms of Service,” 23andMe.com (https://www.23andme.com/ : accessed 10 Feb 2019).
  12. Justin Perrone, “Genetic Genealogy Firms Reassure Clients About Data Privacy After FTDNA Divulges FBI Partnership,” GenomeWeb, posted 8 Feb 2019. Note that access to this article requires a premium subscription.
  13. Terms of Service,” updated 5 June 2018, Ancestry.com (https://www.ancestry.com/ : accessed 10 Feb 2019).
  14. Your Privacy,” Ancestry.com, updated 30 Apr 2018 (https://www.ancestry.com/ : accessed 10 Feb 2019).
  15. Ibid.
  16. Perrone, “Genetic Genealogy Firms Reassure Clients About Data Privacy After FTDNA Divulges FBI Partnership.”
  17. David Nicholson to Judy G. Russell, “Official LivingDNA statement on police access,” email, 5-6 February 2019.
  18. Terms and Conditions,” MyHeritage (https://www.myheritage.com/dna : accessed 10 Feb 2019).
  19. Gilad Japhet to Judy G. Russell, “A comment for the record,” email, 4 February 2019.
  20. Ibid.
Print Friendly, PDF & Email

29 Comments

  1. Robert W. Whittaker
    Robert W. Whittaker on February 10, 2019 at 12:28 pm

    I have changed my FTDNA profile to NOT sharing. The many test I have done with FTDNA has been of great value and results to my genealogy. I wanted to get careful thought and listen to discussion before deciding on sharing or deleting all my testing.

    Reply
    • Judy G. Russell
      Judy G. Russell on February 10, 2019 at 12:31 pm

      That’s very smart thinking. Deleting the tests isn’t the way to go right now — FTDNA may still reverse course on this, and I for one would hate to have anybody delete a test (or worse ask to have remaining sample destroyed) before the company makes it final decision on what it will and won’t do going forward.

      Reply
  2. Debbie Kennett
    Debbie Kennett on February 10, 2019 at 12:50 pm

    I would hope that even if a court order were required this wouldn’t allow law enforcement agencies to create accounts at FTDNA with the same rights as ordinary customers. As you say, thousands of names and e-mail addresses along with other personal data could potentially be exposed. The number of matches varies considerably. I have some people in my projects who have done the transfer programme who only have a hundred or so matches. At the other extreme I have someone with Jewish ancestry who has over 21,000 matches. If Y-DNA and mtDNA testing is also being used then the number of names and e-mail addresses being revealed is going to go up exponentially. I’ve seen people with over 10,000 12-marker matches. I have a project member with over 25,000 mtDNA matches at the HVR1 level.

    Reply
    • Judy G. Russell
      Judy G. Russell on February 10, 2019 at 12:55 pm

      That would very much depend on the terms of the court order, but I agree with you: there are public databases that police can use (GEDmatch being the big one) to identify a specific customer of a specific company whose contact or other information they’re interested in, and then ask a court for a warrant to allow access to that one customer’s information. Of course, if it’s opt-in, then it doesn’t matter: those customers who opt-in to such a matching system would have given their specific consent to having their information disclosed even to police.

      Reply
      • Judy G. Russell
        Judy G. Russell on February 10, 2019 at 2:00 pm

        Of course it’s possible that a law enforcement agency has risked its entire case by deliberately violating the terms of service, lying to the testing service and sneaking its sample into another company’s database. But there’s a difference between knowing that burglary could occur (and trying to fight it) and inviting the burglars into the living room.

      • Debbie Kennett
        Debbie Kennett on February 10, 2019 at 2:23 pm

        I think it depends on what information is presented in court and whether or not the judge is made fully aware of the extent of sharing when law enforcement are given the ability to create a user account like any other customer. It will be interesting to see what happens when some of the cases do come up for trial. It would be sad indeed if an investigation were compromised because of the way the evidence was obtained. It might be quite hard to detect if a profile has been sneaked into another company’s database.

      • G
        G on February 10, 2019 at 7:00 pm

        I’m sure thst the criminal defense bar is taking note of all this and a lot more of them will be seeking to suppress dna evidence they suspect may have been obtained as the fruit of such investigative practices, including the new partnership between FTDNA and the FBI.

  3. C.R.
    C.R. on February 10, 2019 at 1:32 pm

    These policies by the other companies are all well and good. But, from Bennett Greenspan’s email letter to customers, “Law enforcement has the ability to test DNA samples from crime scenes and upload the results into databases, like any other customer can, and it appears they have been doing it at other companies for the past year.” I have also read that FTDNA only became aware in the latter part of 2018 of these kits uploaded by law enforcement to their database.

    Doesn’t that mean that the other companies may well have kits right now in their databases that have been submitted by law enforcement, whether using some form of the “How to do an AncestryDNA test WITHOUT spit” method, using an outside laboratory to prepare a valid DNA sample, or submitted the raw data file (adapted for the companies who accept transfers)? If so, then those companies are in the same boat that FTDNA was, except that they are not acknowledging the possibility. Their TOSs about law enforcement access in such a case would not protect their customers.

    Reply
    • Jim Beidler
      Jim Beidler on February 10, 2019 at 2:35 pm

      … the question you raise is what came to my mind after using Judy’s column. Judy, is your answer the same as your answer to Debbie’s question … that LE isn’t likely to risk its case by violating TOS? But the way I read your TOS excerpts, only My Heritage really bars law enforcement. I don’t see that in 23andMe or Ancestry …

      Reply
      • Judy G. Russell
        Judy G. Russell on February 10, 2019 at 2:49 pm

        I didn’t include every bit of the TOS — most say that you can ONLY submit a sample if it’s your sample or you’re the legal representative of the person whose sample it is. That in conjunction with the “we don’t share” language is clear, although the MyHeritage language is the most clear.

      • Jim Beidler
        Jim Beidler on February 10, 2019 at 3:09 pm

        Thanks, Judy, that clarifies!

    • G
      G on February 10, 2019 at 7:21 pm

      My recollection (haven’t revisited this particular issue recently) is that AncestryDNA does not permit incoming transfers or uploading of raw data files from tests done with anyone else but Ancestry, which would make it a little bit more difficult, but probably not impossible, for law enforcement to gain surreptitious access to the Ancestry database without being discovered.

      Reply
      • Judy G. Russell
        Judy G. Russell on February 10, 2019 at 9:09 pm

        Right — it’s never impossible, but with the two companies that require spit tests (AncestryDNA and 23andMe), it’s certainly harder.

  4. Robert Kirk
    Robert Kirk on February 10, 2019 at 3:46 pm

    I’m a stalwart “government stay out of my privacy” guy. Would you like to see my “Get a warrant” doormat? But my DNA is publicly posted, so I’m not particularity concerned with the cops entering constructed DNA data and having access to potential matches, including me – as long as I have access to their guy. After all, that is the purpose of these sites: to find unknown relatives. I mostly discount ethnic heritage & health. It’s plausibly useful to me that I might be related to “Unknown Thug” as well as to some innocent Irish farmer. And I think it’s not relevant whether the person looking at my match is a cop or anther genealogist. I’ve publicly posted it hoping that someone WILL match. Yes, the cops will see data from my minor kids and kinda-consenting relatives, and dead ancestors. Just like the “other genealogist” can.

    Are the cops willing to publish their DNA, available to everyone as “Unknown Thug”? If not, I’m sure they’re perfectly willing to lie and provide a false profile so that FTDNA or any other company wouldn’t know it and a court order would be meaningless. Perhaps FTDNA now allows the cops to browse the matches without divulging the thug’s DNA at all. Is that their sin?

    Does opting out mean that I can see your DNA but you can’t see mine? To me that’s the same as the cops browsing anonymously. Does opting out mean you can’t see any matches at all? Then why bother posting at all?

    One potential danger. Possible contamination of the data base. At some point will there be so many “Unknown thugs” that real genealogy is affected?

    Looking at the above, I see my thoughts are confused and I’m open to change them.

    Reply
  5. Chris in CT
    Chris in CT on February 10, 2019 at 5:24 pm

    As I see it, FamilyTree DNA took advantage of its customers by changing Terms Of Service without notice, sharing data with law enforcement when it said it would not, rolled back its TOS language with a pseudo-denial and halfhearted apology, and continues to share data with law enforcement.
    FTDNA says they treat law enforcement like other customers and honors a user’s decision to opt out of data sharing. Opting out largely defeats the purpose of genealogical DNA testing and may not prevent FTDNA from misusing customer’s data. Having broken trust once, I see no reason why FTDNA might not do it again.
    A customer’s only recourse to this type of behavior is to download your data for use elsewhere, contact FTDNA customer service, request that all your data be deleted, and hope they really do it.
    It is time for the genealogy community to unite and boycott FTDNA and any other firms that are not trustworthy conservators of our data.

    Reply
  6. Darlene Hall
    Darlene Hall on February 10, 2019 at 8:57 pm

    Just think how many lives would have been saved if they could have used DNA to catch these serial killers after the first murder. I’m not a criminal, so feel free to use my DNA to save some lives if I have some unknown killer in my family.

    Many of us contact our matches, look at their trees, and find other relatives based on their trees. That’s what law enforcement is doing. The only thing different is that they don’t have permission of the “donor.” They are the ones whose privacy is being violated, not ours. We have already given permission for people to see our results.

    Reply
    • Judy G. Russell
      Judy G. Russell on February 10, 2019 at 9:03 pm

      Just think how many crimes could be prevented if they could rifle through banking and cellphone data and enter people’s homes, too! Law enforcement is different from any other user, and permission for other customers to see data isn’t the same as permission to the police. YOUR decision is honored here — you want to opt in — and that’s all anyone is asking for: let those who want this go ahead and opt in, but don’t force anyone in who doesn’t want to.

      Reply
    • Laurie
      Laurie on February 11, 2019 at 1:33 pm

      Darlene Hall wrote:

      “We have already given permission for people to see our results.”

      No, we have not. When we opted in to matching, we gave our consent for *our DNA matches* to see us NOT “people” as in human beings in general. We have not given our consent for Law Enforcement to have access to see us. At a minimum, FTDNA owes us the choice of opt in or opt out to Law Enforcement access–without any detriment to us if we choose to opt out.

      Reply
  7. Sue Mullane
    Sue Mullane on February 11, 2019 at 8:37 am

    I have been against Family Tree opening up my DNA database to law enforcement. However, when I was discussing the issue with my husband, he said, “If someone we love is murdered, wouldn’t you want law enforcement to use every tool at their disposal to solve the murder?” His statement made me stop and pause and then say yes. And, yes, my husband also tested with Family Tree.

    Reply
    • Judy G. Russell
      Judy G. Russell on February 11, 2019 at 10:43 am

      Those kinds of considerations should go into each individual’s choice, just as each individual has the choice to open the door when a police officer knocks or answer questions when a police officer asks. If the police want to force access from the unwilling, then it should be by court order.

      Reply
  8. Sara Brower
    Sara Brower on February 11, 2019 at 10:41 am

    Why isn’t anyone worried about surveillance capitalism without a search warrant at Google and Facebook? Are Google and Facebook more honourable than FTDNA with disclosures about how they use our data?

    Reply
    • Judy G. Russell
      Judy G. Russell on February 11, 2019 at 10:44 am

      I think people ARE worried about that, and that was one of the major reasons for the European Union’s adoption of its General Data Protection Regulation (GDPR).

      Reply
  9. Ilia Noskoff
    Ilia Noskoff on February 12, 2019 at 1:08 pm

    I have just submitted my DNA sample to see their service. I had tested my core family at MyHeritage (no transfer, real sample submission), Ancestry and LivingDNA.
    FamilyNetworks are in the beta test now at LDNA and I have only one match there (except my core family), but LDNA supports test results’ tranfers for free in the beta phase. They are registered in England, but how the data protection will work after EU-exit is a big question.
    The testes at Ancestry and MyHeritage gave me more distant matches than FTDNA. FTDNA gives more close mathces for testers in EU and Russia, I think. FTDNA has been working more internationally than Ancestry and 23andme. MyHeritage gives me also quite distant matches and a lot of transfers from other users would be required to get the matches I can see now.
    It is sad, but it is probably necessary to test possible relatives at several vendors or probably go for Whole Genome Sequencing and data transfers. I ordered FTDNA kits on Black Friday, but I haven’t decided yet if I would like to use them. On the Valentine Day sale I haven’t bought anything. I haven’t opted out of matchning, but I am thinking about possible switching to another genealogical service. FTDNA’s tests like Y-tests, mtDNA-tests and BigY have been very useful and interesting, but LDNA define Y-haplogroups quite well, better than general predictions at FTDNA. But none has such a good database of Y-haplotypes as FTDNA.
    It is sad, but the customers shouldn’t be loyal to any company. If we switch to another vendor and ask for Y or mtDNA testing, they will get it if they see the demand. Ancestry had it before. WGS test prices are going down and it seems to be a better solution for the future.

    Reply
    • Ilia Noskoff
      Ilia Noskoff on February 12, 2019 at 1:10 pm

      submitted my DNA sample to 23andme

      Reply
  10. Olivia Jewell
    Olivia Jewell on February 13, 2019 at 9:36 am

    I’ve read your references to the article and I still haven’t seen where FT DNA has given consent for law enforcement to use their system without “valid legal process”.
    Where might I find that?

    Reply
    • Judy G. Russell
      Judy G. Russell on February 13, 2019 at 11:01 am

      The letter to customers from FTDNA President Bennett Greenspan makes it clear that, at the moment, FTDNA is only requiring legal process after a crime scene sample is submitted to the testing database, and the law enforcement agency decides it wants more than the information accessible to a match (name, email, profile data, matching segment data, matches in common, and family tree data, just as example).

      Reply
  11. B
    B on February 14, 2019 at 3:25 pm

    Suppose law enforcement matches your DNA to DNA collected at a crime scene. Can they force you to cooperate further? I understand that, in order to track down the person who left the crime scene DNA, law enforcement needs to hire a genealogist and build out a family tree. If you do cooperate, either by choice or not, will law enforcement share the resulting family tree with you? If not, can you refuse to cooperate unless they agree to share the family tree with you?

    Reply
    • Judy G. Russell
      Judy G. Russell on February 15, 2019 at 10:29 am

      Of course they can force you to cooperate. If you don’t voluntarily answer questions, they hit you with a subpoena, put you in front of a grand jury and ask you questions that you have to answer under penalty of going to jail for civil contempt if you don’t. And, no, you can’t force them to cough up the suspect’s family tree.

      Reply
      • B
        B on February 15, 2019 at 9:37 pm

        So by doing nothing more than submitting a DNA sample to FTDNA for genealogical purposes, you could potentially become the subject of a criminal investigation and forced to reveal personal information about yourself and family members. Imagine if Samsung, Apple, and other smartphone makers were to strike a deal with the FBI so that anyone who uses a fingerprint to unlock their smartphone were to discover that their phone, unbeknownst to them, uploaded their fingerprint to the FBI to be used for matching against any fingerprints gathered from a crime scene. Most people would be outraged to discover this and would consider it a breach of privacy. Yet this scenario is less intrusive than what FTDNA is doing, since FTDNA’s actions could result in the FBI forcing, under penalty of contempt, an FTDNA customer to reveal to the FBI not only personal information about themselves, but about their relatives as well.

        Anyone who is concerned about “surveillance capitalism” and the privacy of their personal information should be outraged that FTDNA apparently allows law enforcement to upload and match DNA samples against those of other FTDNA customers, without the express consent of those customers. People who say that they don’t care if their DNA helps the cops to track down and prosecute a “criminal” seem to forget that what constitutes a crime may be as commonplace as possessing marijuana.

Submit a Comment

Your email address will not be published. Required fields are marked *