FamilyTreeDNA Deputizes Itself, Starts Pitching DNA Matching Services To Law Enforcement
from the FamilyIndictmentDNA dept
One DNA-matching company has decided it's going to corner an under-served market: US law enforcement. FamilyTreeDNA -- last seen here opening up its database to the FBI without informing its users first -- is actively pitching its services to law enforcement.
The television spot, to air in San Diego first, asks anyone who has had a direct-to-consumer DNA test from another company, like 23andMe or Ancestry.com, to upload a copy so that law enforcement can spot any connections to DNA found at crime scenes.
The advertisement features Ed Smart, father of Elizabeth Smart, a Salt Lake City teen who was abducted in 2002 but later found alive. “If you are one of the millions of people who have taken a DNA test, your help can provide the missing link,” he says in the spot.
Welcome to FamilyTreeDNA's cooperating witness program -- one it profits from by selling information customers give it to law enforcement. The tug at the heartstrings is a nice touch. FamilyTreeDNA is finally being upfront with users about its intentions for their DNA samples. This is due to its founder deciding -- without consulting his customers -- that they're all as willing as he is to convert your DNA samples into public goods.
Bennett Greenspan, the firm’s founder, said he had decided he had a moral obligation to help solve old murders and rapes. Now he thinks that customers will agree and make their DNA available specifically to help out.
FamilyTreeDNA sounds like it's finally going to seek consent from its customers, but only after having abused their trust once and under the assumption they're all going to play ball. While some DNA companies like 23andMe are insisting on at least a subpoena before handing over access to DNA database search results, other companies are staying quiet about law enforcement access or specifically targeting law enforcement agencies with ads promising to help them work through their cold case files.
Consent is great, but it's never going to be complete consent, no matter how FamilyTreeDNA shapes the argument. As Elizabeth Joh points out at Slate, there's a whole lot of people involved who will never be asked for their consent once a customer agrees to allow DNA-matching sites to hand over their samples to law enforcement.
[W]hen you volunteer your DNA sample, you’re volunteering your genetic family tree, without having asked your parents, siblings, cousins, and distant cousins if they agree. That upends the usual way we think about providing information to law enforcement. You can’t give the police lawful consent to search your third cousin’s house, even if your third cousin (who you may never have met) is suspected of having been involved in a serious crime. Why are we allowing a distant relative to grant police permission to your DNA?
There's no informed consent happening here. Customers are being treated as data points law enforcement can peruse at its leisure. A customer who agrees to be a good citizen (by clicking OK on a submission box on a private company's website) may learn later their sample was used to lock up a close relative. Some people will be fine with this outcome. Others may regret being the critical piece of evidence used to incarcerate one of their relatives.
Whatever the case is, very few companies are being upfront about the effects of opening up database access to law enforcement. FamilyTreeDNA is using a crime victim's parent and the founder's Team Blue sympathies to hustle its customers towards compliance. Users who don't like this turn of events will likely find it far more difficult to remove their DNA from FamilyTreeDNA's database than simply hold their nose and become an willing part of this partnership.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: dna, law enforcement, privacy
Companies: familytreedna
Reader Comments
Subscribe: RSS
View by: Time | Thread
I think you're being a bit unfair here. I doubt law enforcement would admit this was the key to the case, if there was any chance at all they could engage in evidence laundering ("parallel construction") to make it look like they just happened to find the criminal through lucky police work.
[ link to this | view in chronology ]
Is there any accountability with these DNA databases? Do they have to undergo recurring audits similar to an accounting audit?
[ link to this | view in chronology ]
Not if but when
I was wondering when this would happen and I guess the answer is "now".
[ link to this | view in chronology ]
There site seems to say otherwise
The web site says;
OUR COMMITMENT
We won’t share your DNA
We believe your DNA belongs to YOU and only you . . . period. For that reason, we will never sell your DNA to third parties.
Can the other guys say that?
Didn't read the privacy policy. Is that actionable if they break that?
[ link to this | view in chronology ]
Re: There site seems to say otherwise
My guess is they'll try to explain this away as being they're not giving your DNA to the police; they're merely inviting the police to send them DNA samples to be compared. Technically accurate, but still scummy as hell.
[ link to this | view in chronology ]
Re: Re: There site seems to say otherwise
Except they did give away DNA to the FBI. That's totally giving your DNA to the police.
[ link to this | view in chronology ]
Re: There site seems to say otherwise
Does it have the usual "these terms are subject to change at any time without notice" boilerplate?
[ link to this | view in chronology ]
Re: Re: There site seems to say otherwise
Has there been a mass-market service contract in the last 30-40 years that didn't have that clause?
[ link to this | view in chronology ]
Oh look my impassive shocked face appears again.
We can make money looking at their DNA and telling them stuff... oh hey did you know there is all this other shit we can do with this to make a few bucks.
What would shock me is if someone looked at online tracking, phone tracking, smart tv spying, and the 4 billion other ways our data is collected collated and turned into cash... and had said perhaps giving DNA to a 3rd party might he the dumbest thing ever. Someone will offer them a stupid amount of money to use the data for 'reasons' and they will sell you out in pursuit of a buck.
I got mocked for never having a Facebook... how does your crow taste?
From the earliest times I was on the interwebs I was also focused on hiding myself & controlling who knew what. (Being a closeted gay kid, you have this innate fear of someone finding out your a homo and beating you into the ground.)
People willingly hand out tons of information and are shocked when someone uses it against them... have they not met other humans?
Sometimes being a sociopathic immortal has its benefits, sure makes it hard to market information about me when my birthday is the beginning of the universe.
[ link to this | view in chronology ]
Re:
True, but some of us might have gone to school with you and your brother. Your last name isn't descriptive even if you feel like it is currently.
[ link to this | view in chronology ]
Re: Re:
I have a brother?!
This is very disturbing news to me.
[ link to this | view in chronology ]
Data protection
.. And that's why you need an extremely hard private data protection law. GDPR anyone? ;)
[ link to this | view in chronology ]
Re: Data protection
Wait, you think the GDPR keeps the government OUT of your data?
[ link to this | view in chronology ]
Re: Re: Data protection
It's precious he appears to think that.
[ link to this | view in chronology ]
Re: Data protection
If the EU government is anything like the US government, Every major law along the lines of GDPR is going to have a carve outs for law enforcement.
In the US, it's practically boilerplate language.
[ link to this | view in chronology ]
Privacy is deader than copyright.
[ link to this | view in chronology ]
HIPAA
How the fuck is this not a major HIPAA violation?
[ link to this | view in chronology ]
A major HIPAA violation
The same reason the Boeing 737-8 max was not in violation of the FAA.
The HHC is owned by big med and big pharma, and serves only their interests.
[ link to this | view in chronology ]
Re: A major HIPAA violation
Actually, it's a little simpler. These companies don't fall under HIPAA.
[ link to this | view in chronology ]
Re: HIPAA
Because there's no medical treatment involved. A DNA sample in and of itself is not a medical record and therefore isn't covered by HIPAA.
[ link to this | view in chronology ]
Re: Re: HIPAA
Not to mention that HIPAA also has a clause about cooperating with government investigations.....
[ link to this | view in chronology ]
Re: Re: HIPAA
Actually, the trigger for HIPAA coverage isn't actually medical treatment, it's insurance billing. (Remember, it's the "Health Insurance Portability and Accountability Act".
Covered Entities are generally directly associated with insurance billing, and Business Associates get looped in by providing services to Covered Entities.
There are a limited number of places that offer medical services and are strictly private payer, so they wouldn't come under HIPAA unless they're also working in conjunction with a CE.
23&me, Family Tree DNA, etc, don't bill insurance, so they don't fall under HIPAA as Covered Entities. And since their tests aren't CLIA validated, there's pretty much no chance of their results being used in clinical decision making, so they almost certainly don't have Business Associate Agreements in place with any Covered Entities.
[ link to this | view in chronology ]
Anyone who thinks that this was not THE PLAN from fucking day one (build a big DNA database and whore it out to whomever will pay, LE or not) can buy my collection of vintage bridges for an attractive bundle price.
[ link to this | view in chronology ]
Re:
I could think of no other reason for those "DNA report" companies to exist apart from data collection for law enforcement or other government "reasons". I managed to talk my family into avoiding them despite myself and a couple others spending far too much time tracing genealogy.
But the vast majority of people are too trusting and not too sharp.
[ link to this | view in chronology ]
Consent
As long as the company is now getting the consent of its customers, I see no problem with this.
If you decide to rape and murder, this is just one of the (many) risks you take-- that someone in your extended family may have contributed to a database that can identify you.
Too bad for you, I guess. Maybe don't rape and murder if this worries you.
[ link to this | view in chronology ]
Re: Consent
Have you not read the articles where DNA was used to identify and convict the wrong person?
[ link to this | view in chronology ]
Re: Consent
DNA "matching" has problems identifying an individual absolutely, where DNA matching shines is the ability to absolutely say there is no match.
CSI is just a fictional television show in which technical details are lacking.
[ link to this | view in chronology ]
Re: Re: Consent
Which means you risk getting arrested because of the actions of some distant relative you've never heard of.
[ link to this | view in chronology ]
Re: Re: Consent
Yeah, but NCIS is totally accurate, right? I mean you feed the DNA into a computer, type furiously on the keyboard for about 20 seconds and the computer instantly spits out a 100% accurate match.
That's how it works in the real world, right? Oh and anyone can hack a password in about 30 seconds and the "dark web" is as easy to access as Google.
[ link to this | view in chronology ]
Re: Re: Re: Consent
Yes, NCIS is just as bad.
Zoom, Enhance, Rotate.
[ link to this | view in chronology ]
Re: Re: Re: Consent
Are you unfamiliar with the secret menu Google commands?
darkweb: <keywords> - searches the dark web and decrypts contents in real time. Add "+nicedisplay" as a keyword and it'll give you moving graphics suitable for TV that slowly display your results.
[ link to this | view in chronology ]
Re: Consent
Apparently you've not been paying attention.
Today it's rape and murder, tomorrow it'll be jaywalking.
[ link to this | view in chronology ]
A New take
This puts a whole new spin on sibling rivalry - "how can I screw over my obnoxious big brother by ratting him out to the police?"
Unless you are looking for a missing presumed murdered relative, where's the upside in putting your whole extended family under suspicion? (Except it will miss those "pedigree error" illegitimate relatives that nobody knows are related? They're probably the perp.) And if it's to help search for a missing victim - well, the police probably already have some DNA from relatives as part of their search.
[ link to this | view in chronology ]
A IMmoral obligation to help solve....
Um, then why are you SELLING the data? If you feel it is a moral obligation then you shouldn't be profiting from it.
[ link to this | view in chronology ]
Re: A IMmoral obligation to help solve....
Because they have a duty to shareholders to increase their value...
Its the same thinking that has no problem jacking up the prices of drugs people will die without, because they can & they have this duty to shareholders!!!
With all of the push to allow people to sue online platforms for the actions of others, where is the lawsuit targeting shareholders who directly benefit from policies that kill people??
There is a growing number of people dying or seriously injured b/c the price of insulin has skyrocketed across the board, the execs talk about profits being rolled into research... is that like the research that was ended into viagra showing promise in treating a womens issue but it gave old men boners so they stopped the study?
It costs nothing more to make insulin, it hasn't radically changed, but 300% mark-ups aren't illegal. Perhaps it is time to hold the shareholders responsible for demanding profits at the expense of others.
[ link to this | view in chronology ]
Nothing to do with it
"The advertisement features Ed Smart, father of Elizabeth Smart, a Salt Lake City teen who was abducted in 2002 but later found alive."
Hmm, Elizabeth Smart was not found with the use of DNA. WTF?
[ link to this | view in chronology ]
Re: Nothing to do with it
Just what I was wondering too.
It just shows how flimsy the arguement is to share this data with LE.
[ link to this | view in chronology ]
EULA/other lessons to remember..
1..NUMBER BIG 1..
YOU HAVE THE RIGHT TO TELL THEM TO ERASE YOUR DATA..
I dont care who they are, your DNA is private Data, and I dont think the corp will LIKE going to court to prove other wise..
Who here, Hasnt had a change to your bank EULA/notices/accounts, or to Internet sites, OR the Landlord, or your taxes..
You should KNow the rights you have. but also 1 small bit of contract law. The contract lasts to the POINT they wish to change it. Anything before that time HAS to stay that way. and if they change it retroactive, That is against the law..Unless yu wish it.
[ link to this | view in chronology ]
I GOT YOUR FILTER RIGHT HERE
EU BLOCKED
[ link to this | view in chronology ]
Makes perfect sense
Makes perfect sense. A criminal who has gotten away with heinous crimes, I'm sure their first instinct is to hand their DNA in. It's just the right thing to do.
Wondering if your family has any skeletons in the closet? Do a DNA test and see how many of your family members are hauled in for questioning!
I don't know why anyone would perform one of these services in the first place.
[ link to this | view in chronology ]
Re: Makes perfect sense
Umm
they already found DNA, and used it to find the family...and then narrowed it down to the 1 person guilty.. but they had to get a sample of his DNA..
[ link to this | view in chronology ]
Nope.
A couple of years ago, I got a DNA test as a gift from someone close. I thought carefully about it and decided, nope, I don't think I want a random American company I know nothing about to have all my DNA information. Discreetly, being careful that the gift-giver never caught on, I threw the whole thing in a random rubbish bin in the street near the office.
Since then, I've occasionally considered if I was too paranoid. Usually I concluded, ‘nah, I did the right thing’. But now I finally have proof and need wonder no more.
[ link to this | view in chronology ]
Another Whole New Market Opportunity
Knowing just how wonderful [*sarc] the US health system is, being based on private insurance, and how frequently we hear of people being denied treatment upon the discovery of undeclared pre-existing conditions [such as teenage acne], I'm left wondering why the insurance companies have not been frantically hoovering up this data, looking for susceptibility to certain health risks.
Half a decade ago, some of the DNA genealogy sites were already boasting about their ability to provide predictive health information to their customers...
https://thegeneticgenealogist.com/2013/09/22/what-else-can-i-do-with-my-dna-test-result s/
[ link to this | view in chronology ]