User-Uploaded DNA Sites Got Even Less Private
Since the police tracked down the alleged Golden State killer using a publicly available DNA database, these sites have become a privacy minefield for people who just want to know more about their genetics. Now a Florida judge has signed a warrant that allows authorities to examine even the DNA of people who have opted out of police searches.
Forensic genealogy has helped law enforcement uncover long-standing cold cases, but law enforcement’s renewed enthusiasm for the technique poses a privacy issue for anyone using an open genetic database like GEDmatch. This is because the people who uploaded their own DNA did not necessarily agree to be used for law enforcement searches – and because their non-member relatives certainly did not agree. But if your cousin’s DNA is in the database somewhere, that means some of yours are there too .
I want to clarify how these search terms work. Several of these DNA databases, including GEDmatch and FamilyTreeDNA, allow users (you and me) to download genetic data. Basically, I can go to one of these sites with a data file and say, “This is my DNA, please let me know if anyone from this service seems to be related to me.” It is a handy tool for people interested in genealogy or looking for long-lost relatives.
Law enforcement agencies may be allowed to do the same depending on the website’s policies. GEDmatch initially allowed anyone to download; they then added a statement to their terms of service recognizing that the site has a police presence and that you should not use it if you don’t like it. They later changed the policy so that law enforcement only has access to the DNA of the people who took part in this search.
(23andme and Ancestry are not user-downloadable databases. To find relatives, you must send a bottle of saliva to the company. They have been good at protecting user privacy from law enforcement until now and declare in transparency reports that they have not shared any genetic data. Here is 23andme ‘s report and Ancestry’s report .)
Innovative in Florida’s warrant is that a judge reportedly authorized law enforcement to search the entire database. (The details of the warrant are not publicly available, but I’m assuming the warrant said they could upload files as a user without disclosing that they are law enforcement officials.)
What does this mean for your privacy? The New York Times spoke to “DNA policy experts” who said they fear more judges will feel the courage to issue similar warrants even for databases that are not currently used by law enforcement.
It’s unclear how this would work at all for a site like 23andme. They might have to create a fake saliva sample from the suspect’s DNA and mail it, or perhaps the idea is for the company to let the police download the data file. While this is all speculation. Personally, I would avoid having DNA in a user-uploaded database and wait and see what happens to the other type. But law enforcement seems to be keen to gain as much access to these databases as possible, and we do not yet know what future laws and policies will allow.