Just one week ago, we warned that the government — helped by Congress (which adopted legislation allowing police to collect and test DNA immediately following arrests), President Trump (who signed the Rapid DNA Act into law), the courts (which have ruled that police can routinely take DNA samples from people who are arrested but not yet convicted of a crime), and local police agencies (which are chomping at the bit to acquire this new crime-fighting gadget) — was embarking on a diabolical campaign to create a nation of suspects predicated on a massive national DNA database.
As it turns out we were right, but we forgot one key spoke of the government’s campaign to collect genetic information from as many individuals as possible: “innocent”, commercial companies, who not only collect DNA from willing clients, but are also paid for it.
FamilyTreeDNA, one of the pioneers of the growing market for “at home”, consumer genetic testing, confirmed a report from BuzzFeed that it has quietly granted the Federal Bureau of Investigation access to its vast trove of nearly 2 million genetic profiles.
While concerns about unrestricted access to genetic information gathered by testing companies had swelled since April, when police used a genealogy website to ensnare a suspect in the decades-old case of the Golden State Killer, that site, GEDmatch, was open-source, meaning police were able to upload crime-scene DNA data to the site without permission. However, the latest arrangement marks the first time a commercial testing company has voluntarily given law enforcement access to user data.
Worse, it did so secretly, without obtaining prior permission from its users.
The move is of significant concern to much more than just privacy-minded FamilyTreeDNA customers. As Bloomberg notes, one person sharing genetic information also exposes those to whom they are closely related. That’s how police caught the alleged Golden State Killer. And here is a stunning statistics – according to a 2018 study, only 2% of the population needs to have done a DNA test for virtually everyone’s genetic information to be represented in that data.
Thanks to its millions of customers, FamilyTreeDNA’s “cooperation” with the FBI more than doubles the amount of genetic data law enforcement already had access to through GEDmatch. According to BuzzFeed, and as confirmed by the company, on a case-by-case basis the company has agreed to test DNA samples for the FBI and upload profiles to its database, allowing law enforcement to see familial matches to crime-scene samples.
There is one caveat: FamilyTreeDNA said law enforcement may not freely browse genetic data but rather has access only to the same information any user might. Which of course, is ridiculous when the FBI has the same access as every single user.
Needless to say, the genealogy community has expressed dismay.
Last summer, FamilyTree DNA was among a list of consumer genetic testing companies that agreed to a suite of voluntary privacy guidelines, but as of Friday morning, it had been crossed off the list after it was revealed that the company had been lying all along.
“The deal between FamilyTreeDNA and the FBI is deeply flawed,” said John Verdi, vice president of policy at the Future of Privacy Forum, which maintains the list. “It’s out of line with industry best practices, it’s out of line with what leaders in the space do and it’s out of line with consumer expectations.”
Some in the field have begun arguing that a universal, government-controlled database may be better for privacy than allowing law enforcement to gain access to consumer information: after all what’s the difference if the companies will simply hand over all the information secretly. At least this was the public will know that Uncle Sam – and who knows who else – will have access to one’s genetic code.
FamilyTreeDNA said its lab has received “less than 10 samples” from the FBI. It also said it has worked with state and city police agencies in addition to the FBI to resolve cold cases.
“The genealogy community, their privacy and confidentiality has always been our top priority,” the company said – supposedly with a straight face – in an email response to questions submitted by Bloomberg.
And why would it tell the truth: just like search engines and social networks, where the user is the product, and all the information about the user is carefully collected, isolated and stored, then sold to the highest bidder, or quietly handed over to the government, consumer DNA testing has become a giant business: Ancestry.com and 23andMe Inc. alone have sold more than 15 million DNA kits. Concerns about an industry commitment to privacy could hamper the industry’s rapid growth.
To be sure, there are some fringe benefits – like authorities actually doing what they said they would do – since the arrest of the suspected Golden State Killer, more than a dozen other suspects have been apprehended using GEDmatch. By doubling the amount of data law enforcement have access to, those numbers are likely to rise. But at what cost?
“The real risk is not exposure of info but that an innocent person could be swept up in a criminal investigation because his or her cousin has taken a DNA test,’’ said Debbie Kennett, a British genealogist and author. “On the other hand, the more people in the databases and the closer the matches, the less chance there is that people will make mistakes.’’
And, of course, if every person’s DNA is in one giant genetic database, there would be no mistakes. Now if only the risk of abuse of this information was also nil, then everything would be great. Alas, as Snowden revealed when he exposed the flagrant abuses at the NSA years ago, this will never be the case especially when the “objective and impartial” FBI is involved.
Last June we asked “Millions Trust Ancestry.com With Their Genetic Code: What Could Go Wrong?” Now we know.