As it turns out we were right, but we forgot one key spoke of the government’s campaign to collect genetic information from as many individuals as possible: “innocent”, commercial companies, who not only collect DNA from willing clients, but are also paid for it.
FamilyTreeDNA, one of the pioneers of the growing market for “at home”, consumer genetic testing, confirmed a report from BuzzFeed that it has quietly granted the Federal Bureau of Investigation access to its vast trove of nearly 2 million genetic profiles.
While concerns about unrestricted access to genetic information gathered by testing companies had swelled since April, when police used a genealogy website to ensnare a suspect in the decades-old case of the Golden State Killer, that site, GEDmatch, was open-source, meaning police were able to upload crime-scene DNA data to the site without permission. However, the latest arrangement marks the first time a commercial testing company has voluntarily given law enforcement access to user data.
Worse, it did so secretly, without obtaining prior permission from its users.
The move is of significant concern to much more than just privacy-minded FamilyTreeDNA customers. As Bloomberg notes, one person sharing genetic information also exposes those to whom they are closely related. That’s how police caught the alleged Golden State Killer. And here is a stunning statistics – according to a 2018 study, only 2% of the population needs to have done a DNA test for virtually everyone’s genetic information to be represented in that data.
Thanks to its millions of customers, FamilyTreeDNA’s “cooperation” with the FBI more than doubles the amount of genetic data law enforcement already had access to through GEDmatch. According to BuzzFeed, and as confirmed by the company, on a case-by-case basis the company has agreed to test DNA samples for the FBI and upload profiles to its database, allowing law enforcement to see familial matches to crime-scene samples.
There is one caveat: FamilyTreeDNA said law enforcement may not freely browse genetic data but rather has access only to the same information any user might. Which of course, is ridiculous when the FBI has the same access as every single user.
Having been caught abusing client privacy, the company decided to make the best of it and despite the (coming) outrage over privacy abuse, Family Tree officials touted their work with the FBI to BuzzFeed.
“Without realizing it [Family Tree DNA founder and CEO Bennett Greenspan] had inadvertently created a platform that, nearly two decades later, would help law enforcement agencies solve violent crimes faster than ever,” the company said in a statement.
Also without realizing it, the company is advertently about to go bankrupt, because its “justification” sounds frankly ridiculous:
Officials at Family Tree said customers could decide to opt out of any familial matching, which would prevent their profiles from being searchable by the FBI. But by doing so, customers would also be unable to use one of the key features of the service: finding possible relatives through DNA testing.
One wonders how many paying clients would have “opted in” had they known they were also sharing their DNA with the FBI.
* * *
Needless to say, the genealogy community has expressed dismay, and for people who used the service not knowing the FBI had access to it – which would be all of them – the news was concerning.
“All in all, I feel violated, I feel they have violated my trust as a customer,” Leah Larkin, a genetic genealogist based in Livermore, California, told BuzzFeed News. “I’ve got to decide whether I want to opt out of matching or delete my kits.”
Larkin, one of the administrators of a Facebook genealogy group with about 50,000 members, predicted that enthusiasts will be split, from those who will be fine with law enforcement gaining access to their DNA profiles to others who will be outraged by the invasion of privacy. “I think it’s going to cause a lot of uproar,” she said. “We’re going to get the full spectrum.”
He may be right, but the split will be 1 “fine” with giving the FBI access to their DNA, to 999,999 “not fine.”
“We are nearing a de-facto national DNA database,” Natalie Ram, an assistant law professor at the University of Baltimore who specializes in bioethics and criminal justice, told BuzzFeed News. “We don’t choose our genetic relatives, and I cannot sever my genetic relation to them. There’s nothing voluntary about that.”
Others aired similar concerns.
“I would be very against Family Tree DNA allowing law enforcement to have open access to their DNA database,” Debbie Kennett, a British genealogy enthusiast and honorary research associate at University College London said. “I don’t think it’s right for law enforcement to use a database without the informed consent of the consumer.”
Last summer, FamilyTree DNA was among a list of consumer genetic testing companies that agreed to a suite of voluntary privacy guidelines, but as of Friday morning, it had been crossed off the list after it was revealed that the company had been lying all along.
“The deal between FamilyTreeDNA and the FBI is deeply flawed,” said John Verdi, vice president of policy at the Future of Privacy Forum, which maintains the list. “It’s out of line with industry best practices, it’s out of line with what leaders in the space do and it’s out of line with consumer expectations.”
Some in the field have begun arguing that a universal, government-controlled database may be better for privacy than allowing law enforcement to gain access to consumer information: after all what’s the difference if the companies will simply hand over all the information secretly. At least this was the public will know that Uncle Sam – and who knows who else – will have access to one’s genetic code.
FamilyTreeDNA said its lab has received “less than 10 samples” from the FBI. It also said it has worked with state and city police agencies in addition to the FBI to resolve cold cases.
“The genealogy community, their privacy and confidentiality has always been our top priority,” the company said – supposedly with a straight face – in an email response to questions submitted by Bloomberg.
And why would it tell the truth: just like search engines and social networks, where the user is the product, and all the information about the user is carefully collected, isolated and stored, then sold to the highest bidder, or quietly handed over to the government, consumer DNA testing has become a giant business: Ancestry.com and 23andMe Inc. alone have sold more than 15 million DNA kits. Concerns about an industry commitment to privacy could hamper the industry’s rapid growth.
To be sure, there are some fringe benefits – like authorities actually doing what they said they would do – since the arrest of the suspected Golden State Killer, more than a dozen other suspects have been apprehended using GEDmatch. By doubling the amount of data law enforcement have access to, those numbers are likely to rise. But at what cost?
“The real risk is not exposure of info but that an innocent person could be swept up in a criminal investigation because his or her cousin has taken a DNA test,’’ said Debbie Kennett, a British genealogist and author. “On the other hand, the more people in the databases and the closer the matches, the less chance there is that people will make mistakes.’’
And, of course, if every person’s DNA is in one giant genetic database, there would be no mistakes. Now if only the risk of abuse of this information was also nil, then everything would be great. Alas, as Snowden revealed when he exposed the flagrant abuses at the NSA years ago, this will never be the case especially when the “objective and impartial” FBI is involved.
Last June we asked “Millions Trust Ancestry.com With Their Genetic Code: What Could Go Wrong?” Now we know.