DNA companies take a stand on police access

The news that Family Tree DNA (FTDNA) had allowed law enforcement to submit crime scene samples into its testing database to search for the identities of suspects without a court order has rocked the genealogical community.

DNA security

First disclosed by news media at the beginning of this month, the access allows a police agency to submit a sample and thereby gain access to the names, email addresses, profile data, family trees, and matching DNA segment data for all of the other persons in the database who match the sample kit, out to the distant cousin level — potentially thousands and thousands of people.1

The Legal Genealogist won’t belabor the problems inherent in this, but emphasizes:

1. It was begun without specific notice to customers under terms of service language that prohibited law enforcement use of the testing database without “required legal documentation”2 — a phrase that any reasonable customer would have believed meant a court order, especially since the Privacy Statement promises that personal information (defined as much that sort of name, address, profile data etc. info now being disclosed to police) will be disclosed only “if we believe it is reasonably necessary to … comply with a valid legal process (e.g., subpoenas, warrants)…”3

2. Despite a commitment to “notify (customers) via email of any changes or additions”,4 the terms were changed without notice at some still-unspecified time late in 2018 or early 2019 to allow police to submit samples related to any crime “defined in 18 U.S. Code § (924)(e)(2)(B).”5 That statute isn’t limited to rape and murder — the crimes cited by FTDNA — but extends to crimes even if no-one is actually harmed, reaching any crime involving “the use, attempted use, or threatened use of physical force against the person of another … or … conduct that presents a serious potential risk of physical injury to another.”6

3. Everybody who’d already tested at FTDNA when these changes were made was automatically opted in to allowing access — and the only way to opt out is to opt out of matching completely,7 thereby giving up most of the essential benefits of having testing with FTDNA in the first place.

The uproar over the changes caused FTDNA to roll the terms of service back to the May 2018 version,8 but the company to date has not backed off its view that a court order is not required despite the “required legal documentation” language of those terms.

In other words, as of right now, law enforcement may still submit crime scene samples to the testing database without a court order, and there’s no way out for customers except to opt out of matching.

Now the company is currently saying in emails to customers that: “We are listening to our customers and considering additional options.”9 We can hope that, soon, the company will change its system to an opt-in system so that those who want to assist law enforcement can, and those who don’t want their personal information disclosed don’t have to allow it.

But what do we do in the meantime? We as genealogists still want to use DNA as one of the tools in our research. What are the other testing companies saying about law enforcement access to their testing databases? Is any other company allowing the police to submit crime scene samples and search for suspects or suspects’ family members among those who have tested without requiring a court order?

Here’s what each company is saying:

23andMe: “We will not provide information to law enforcement or regulatory authorities unless required by law to comply with a valid court order, subpoena, or search warrant for genetic or Personal Information.”10 “23andMe will never release your individual-level Genetic Information and/or Self-Reported Information to any third party without asking for and receiving your explicit consent to do so, unless required by law.”11 An article in GenomeWeb quoted the company’s chief legal officer as saying “we will not voluntarily work with law enforcement, and use all legal means to safeguard our customers’ data.”12

AncestryDNA: “(W)e do not share your Genetic Information (as defined in the Privacy Statement) with employers, insurance providers, or third-party marketers without your consent, and will not share your Genetic Information with law enforcement unless compelled by valid legal process as described in our Privacy Statement.”13 “If we are compelled to disclose your Personal Information to law enforcement, we will do our best to provide you with advance notice, unless we are prohibited under the law from doing so.”14 Note that personal information is defined to include even a customer’s name and email address.15 The GenomeWeb article quotes an Ancestry spokesperson as saying that “Ancestry … does not voluntarily cooperate with law enforcement.”16

LivingDNA: David Nicholson, co-founder and managing director of LivingDNA, stated in a email exchange that: “we do not allow Law Enforcement to access our database (without a) warrant… we will act in accordance with the law but we do not freely open up our database to any 3rd party.”17

MyHeritageDNA: “(U)sing the DNA Services for law enforcement purposes, forensic examinations, criminal investigations and/or similar purposes, without a court order and without prior explicit written permission from MyHeritage, is strictly prohibited. It is our policy to resist law enforcement inquiries to protect the privacy of our customers.”18 In addition, Gilad Japhet, CEO of MyHeritage, stated in an email exchange: “While we are in favor of doing justice and putting criminals in jail, this is not what MyHeritage was created to do and we will not sacrifice our mission and transform our service into something else for that purpose. We are a consumer platform meant to allow users to discover, preserve and share their family history. We are not a crowdsourced crime-fighting platform. We strongly believe that consumers who purchase DNA kits are not doing so with blind consent for law enforcement use that affects not only them but all their blood relatives, and that consumers should be given a choice and provide informed consent about what is to be done with their DNA data.”19

All of the companies make it clear that they must provide access to information if they are ordered to do so by a court as, for example, with a search warrant. So no company’s testers can ever be 100% guaranteed some of their data won’t end up with the police. However, MyHeritage’s Japhet said, for his company: “Our intention is to resist to the best of our ability. That means that anything that we can legally challenge or contest, we’ll do so to the max until we prevail or are forced by court to comply.”20

So there are alternatives for those who prefer to work with a company that emphasizes their privacy first and foremost over any law enforcement agency. Examining the terms of use and privacy commitments of the companies is the place to start.

And who knows? Maybe one day soon — very soon, we can hope — FTDNA will be back in that fold.


Cite/link to this post: Judy G. Russell, “Looking at the alternatives,” The Legal Genealogist (https://www.legalgenealogist.com/blog : posted 10 Feb 2019).

SOURCES

  1. This is not an exaggeration. One of the kits I manage at FTDNA has more than 18,000 matches. The smallest number of matches to any of my kits is roughly 1400.
  2. May 2018 version, Paragraph 6(B)(xii), “Your Use of the Services: Requirements for Using the Services,” in “Terms of Service,” FamilyTreeDNA (https://www.familytreedna.com/ : accessed 1 Feb 2019).
  3. Paragraph 5D, “How FamilyTreeDNA shares your information: For Legal or Regulatory Process” in “FamilyTreeDNA Privacy Statement”, FamilyTreeDNA (https://www.familytreedna.com/ : accessed 1 Feb 2019).
  4. Paragraph 15,“Terms of Service,” FamilyTreeDNA.
  5. Version in effect as of 1 February 2019, Paragraph 6(B)(xii), “Your Use of the Services: Requirements for Using the Services,” in “Terms of Service,” FamilyTreeDNA (https://www.familytreedna.com/ : accessed 1 Feb 2019).
  6. See 18 U.S.C. §924.
  7. Hapner Hart Media on behalf of Family Tree DNA to Judy G. Russell, email, 1 Feb 2019.
  8. Bennett Greenspan, “A letter to our customers,” posted 3 Feb 2019.
  9. FTDNA to (Name withheld for privacy), email, 8 Feb 2019, copy provided to Judy G. Russell.
  10. Privacy Highlights,” 23andMe.com (https://www.23andme.com/ : accessed 10 Feb 2019).
  11. Paragraph 13, “Terms of Service,” 23andMe.com (https://www.23andme.com/ : accessed 10 Feb 2019).
  12. Justin Perrone, “Genetic Genealogy Firms Reassure Clients About Data Privacy After FTDNA Divulges FBI Partnership,” GenomeWeb, posted 8 Feb 2019. Note that access to this article requires a premium subscription.
  13. Terms of Service,” updated 5 June 2018, Ancestry.com (https://www.ancestry.com/ : accessed 10 Feb 2019).
  14. Your Privacy,” Ancestry.com, updated 30 Apr 2018 (https://www.ancestry.com/ : accessed 10 Feb 2019).
  15. Ibid.
  16. Perrone, “Genetic Genealogy Firms Reassure Clients About Data Privacy After FTDNA Divulges FBI Partnership.”
  17. David Nicholson to Judy G. Russell, “Official LivingDNA statement on police access,” email, 5-6 February 2019.
  18. Terms and Conditions,” MyHeritage (https://www.myheritage.com/dna : accessed 10 Feb 2019).
  19. Gilad Japhet to Judy G. Russell, “A comment for the record,” email, 4 February 2019.
  20. Ibid.
Print Friendly, PDF & Email