Your DNA Profile is Private? A Florida Judge Just Said Otherwise
Your DNA Profile is Private? A
Florida Judge Just Said Otherwise
Kashmir Hill
and Heather Murphy November 6, 2019
“That’s
a huge game-changer,” said Erin Murphy, a law professor at New York University.
“The company made a decision to keep law enforcement out, and that’s been
overridden by a court. It’s a signal that no genetic information can be safe.”
DNA
policy experts said the development was likely to encourage other agencies to
request similar search warrants from 23andMe, which has 10 million users, and Ancestry.com,
which has 15 million. If that comes to pass, the Florida judge’s decision will
affect not only the users of these sites but huge
swaths of the population, including those who have never taken a DNA
test. That’s because this emerging forensic technique makes it possible to
identify a DNA profile even through distant family relationships.
Using
public genealogy sites to crack cold cases had its breakthrough moment in April
2018 when the California police used
GEDmatch to identify a man they believe is the Golden State
Killer, Joseph James DeAngelo.
After
his arrest, dozens of law enforcement agencies around the country rushed to apply
the method to their own cases. Investigators have since used genetic
genealogy to identify suspects and victims in more than 70
cases of murder, sexual assault and burglary, ranging from five decades to just
a few months old.
Most
users of genealogy services have uploaded their genetic information in order to
find relatives, learn about ancestors and get insights into their health — not
anticipating that the police might one day search for killers and rapists in
their family trees. After a revolt by
a group of prominent genealogists, GEDmatch changed its policies in May. It
required law enforcement agents to identify themselves when searching its
database, and it gave them access only to the profiles of users who had
explicitly opted in to such queries. (As of last week, according to the
GEDmatch co-founder Curtis Rogers, just 185,000 of the site’s 1.3 million users
had opted in.)
Like many others in law
enforcement, Detective Michael Fields of the Orlando Police
Department was disappointed by GEDmatch’s policy shift. He had used the site
last year to identify a suspect in
the 2001 murder of a 25-year-old woman that he had spent six years trying to
solve. Today, working with a forensic consulting firm, Parabon, Detective
Fields is trying to solve the case of a serial rapist who assaulted a number of
women decades ago.
In
July, he asked a judge in the Ninth Judicial Circuit Court of Florida to
approve a warrant that would let him override the privacy settings of
GEDmatch’s users and search the site’s full database of 1.2 million users.
After Judge Patricia Strowbridge agreed, Detective Fields said in an interview,
the site complied within 24 hours. He said that some leads had emerged, but
that he had yet to make an arrest. He declined to share the warrant or say how
it was worded.
Detective
Fields described his methods at the International Association of Chiefs of
Police conference in Chicago last week. Logan Koepke, a policy analyst at
Upturn, a nonprofit in Washington that studies how technology affects social
issues, was in the audience. After the talk, “multiple other detectives and
officers approached him asking for a copy of the warrant,” Mr. Koepke said.
DNA
policy experts said they would closely watch public response to news of the
warrant, to see if law enforcement agencies will be emboldened to go after the
much larger genetic databases.
“I
have no question in my mind that if the public isn’t outraged by this, they
will go to the mother lode: the 15-million-person Ancestry database,” Professor
Murphy said. “Why play in the peanuts when you can go to the big show?”
Yaniv
Erlich, the chief science officer at MyHeritage, a genealogy database of around
2.5 million people, agreed. “They won’t stop here,” he said.
Because
of the nature of DNA, every criminal is likely to have multiple relatives in
every major genealogy database. Without an outcry, Professor Murphy and others
said, warrants like the one obtained by Detective Fields could become the new
norm, turning all genetic databases into law enforcement databases.
Not
all consumer genetics sites are alike. GEDmatch and FamilyTreeDNA make it
possible for anyone to upload his or her DNA information and start looking for
relatives. Law enforcement agents began conducting genetic genealogy
investigations there not because these sites were the biggest but because they
were the most open.
Ancestry.com
and 23andMe are closed systems. Rather than upload an existing genetic profile,
users send saliva to the companies’ labs, and then receive information about
their ancestry and health. For years, fearful of turning off customers, the
companies have been adamant that they would resist giving law enforcement
access to their databases.
Both
sites publish transparencyreports with
information about subpoenas and search warrants they receive. 23andMe says it
has received seven data requests relating to 10 customers and has not released
any data. Ancestry.com said in its 2018 report that it had received 10 “valid
law enforcement requests” that year and complied with seven, but that all the
cases involved “credit card misuse, fraud and identity theft,” not requests for
genetic information.
Genetic
genealogy experts said that until now, the law enforcement community had been
deliberately cautious about approaching the consumer sites with court orders:
If users get spooked and abandon the sites, they will become much less useful
to investigators. Barbara Rae-Venter, a genetic genealogist who works with law
enforcement, described the situation as “Don’t rock the boat.”
FamilyTreeDNA
permits law
enforcement searches of its database of two million users for
certain types of crimes.
Ancestry.com
did not respond to a request for comment on the Florida search warrant. A
spokesman for 23andMe, Christine Pai, said in an emailed statement, “We never
share customer data with law enforcement unless we receive a legally valid
request such as a search warrant or written court order. Upon receipt of an
inquiry from law enforcement, we use all practical legal measures to challenge
such requests in order to protect our customers’ privacy.”
Detective
Fields said he would welcome access to the Ancestry.com and 23andMe databases.
“You would see hundreds and hundreds of unsolved crimes solved overnight,” he
said. “I hope I get a case where I get to try.”
Why Our DNA should Private? Best Keynote Speakers 2019 Miami | Best Hedge Fund Analyst Florida
ReplyDelete