DNA Company Accidentally Exposes Opted Out Users' Data To Law Enforcement

from the apparently-the-software-does-not-approve-of-your-decision dept

A couple of years ago, investigators in California used a DNA matching service to track down the so-called "Golden State Killer." Uploading a sample of the suspected serial murder's DNA, they were able to identify distant relatives of the suspect. Using these sentient clues, investigators eventually worked their way back to the suspected killer, who had eluded authorities for years.

Shortly after this made news, GEDmatch informed users that law enforcement had never approached the company directly to acquire this information. Instead, investigators created an account and uploaded samples, bypassing anything GEDmatch might have had in place to limit use by government agencies. GEDmatch said the only way customers could ensure their DNA info wouldn't be obtained by law enforcement was to not use the service at all.

A month later, it went a step further. It opted all users out of allowing law enforcement to access their DNA data. Users were allowed to opt in if they were comfortable with the government digging through their information. This somewhat solved the problem. But law enforcement has been known to create faux profiles to search DNA data, so opting out isn't guaranteed to stop cops from accessing this info.

Unfortunately, something recently went very wrong with GEDmatch's database.

[U]sers reported Sunday that those settings had changed without their permission, and that their DNA profiles were made available to law enforcement searches.

Users called it a “privacy breach.” But when reached, the company’s owner declined to say if the issue was caused by an error or a security breach, citing an ongoing investigation.

This incident/error opted everyone in to law enforcement access. The company still isn't sure what happened. The statement issued by the CEO says the problem is "resolved" but the company has taken the site offline until it can determine what actually happened.

The site is still down as of the time of writing (July 20th). GEDmatch hasn't offered any further statement on the matter, either. It also has refused to say whether any law enforcement requests to the service were received or responded to while everyone was temporarily opted in.

The larger problem remains, however. GEDmatch's default is opt out, which is best for its users. But it's unclear whether GEDmatch polices its service for bogus accounts possibly be used by… well, police. GEDmatch only requires an email address for registration. It says you must link a "real name" to uploaded DNA data but nothing in its terms of service indicates this name must be verified before the site can be searched for matches. This means opting out is only as good as the law enforcement agencies using the service. If they can't be trusted then GEDmatch probably can't be trusted either.

Filed Under: data, data breach, dna, law enforcement, privacy, surveillance
Companies: gedmatch

Cops Now Using Warrants To Gain Access To DNA Services' Entire Databases

from the one-affidavit-to-rule-them-all dept

Cops have discovered a new source of useful third-party records: DNA databases. Millions of people have voluntarily handed over personal information to a number of services in exchange for info on medical markers or distant family members.

Investigators are submitting DNA samples from cold cases in hopes of tracking down criminals who've managed to evade them for years. It has led to the closing of some cases, which is all agencies need to argue for continued access to DNA samples from millions of users.

Some DNA services are more protective of their customers' privacy than others. Of course, privacy protections in this context generate quite a bit of friction. For DNA databases to be useful, users must allow others to access their DNA info and expect others to do the same thing. Identifying info can be withheld, and definitely should be if users aren't interested in rebuilding a family tree. One company, however, has decided it's an unofficial arm of the law enforcement community and has involuntarily deputized its users.

When cops submit DNA seeking matches, they don't always identify themselves as law enforcement officers. Faux accounts are being used to gather matches with DNA services (and their users) unaware of the government's intrusion. Once investigators have gathered some promising hits, they reveal themselves to issue subpoenas demanding identifying info on the search results.

Things are getting even more troubling in this new Constitutional gray area. Kashmir Hill and Heather Murphy of the New York Times report law enforcement is now using warrants to force DNA services to open up their entire databases for investigators to dig through.

For police officers around the country, the genetic profiles that 20 million people have uploaded to consumer DNA sites represent a tantalizing resource that could be used to solve cases both new and cold. But for years, the vast majority of the data have been off limits to investigators. The two largest sites, Ancestry.com and 23andMe, have long pledged to keep their users’ genetic information private, and a smaller one, GEDmatch, severely restricted police access to its records this year.

Last week, however, a Florida detective announced at a police convention that he had obtained a warrant to penetrate GEDmatch and search its full database of nearly one million users.

Warrants are supposed to be targeted -- seeking evidence from a location or a person clearly defined in the warrant application. When a warrant is used to allow full access to the personal info of one million users, there's clearly no targeting. Investigators may have probable cause to believe they'll find evidence of a crime by searching an entire DNA database, but all the probable cause in the world doesn't allow officers to search a million people until they find the evidence they're looking for. That's what's happening here.

The abuses of warrant power will only get bigger. GEDmatch is small. 23andMe has 10 million users. Ancestry.com has 15 million users. They'll be the next targets of questionable warrants if they haven't already been hit with some.

In response to backlash following the first reports of officers anonymously submitting samples to obtain a list of suspects, DNA/genealogy companies tightened up their rules. Subpoenas now only net personal info of people who've opted into sharing their data with law enforcement. According to this report, only 185,000 of GEDmatch's 1.3 million have made that choice. That didn't sit well with this investigator, who decided he could talk a court into forcing the company to give him what he wanted.

In July, he asked a judge in the Ninth Judicial Circuit Court of Florida to approve a warrant that would let him override the privacy settings of GEDmatch’s users and search the site’s full database of 1.2 million users. After Judge Patricia Strowbridge agreed, Detective [Michael] Fields said in an interview, the site complied within 24 hours. He said that some leads had emerged, but that he had yet to make an arrest. He declined to share the warrant or say how it was worded.

There's a real danger here. If there's no pushback from companies and their users, law enforcement officers will be seeking the same access, effectively turning private DNA databases into law enforcement databases. On the flip side, if this does become the new normal for law enforcement, it runs the risk of burning its own source, so to speak.

Genetic genealogy experts said that until now, the law enforcement community had been deliberately cautious about approaching the consumer sites with court orders: If users get spooked and abandon the sites, they will become much less useful to investigators. Barbara Rae-Venter, a genetic genealogist who works with law enforcement, described the situation as “Don’t rock the boat.”

The boat is already rocking. Detective Fields has shown officers the way to get what they want when private companies decide they're not just going to be field offices for government agencies. Multiple officers and detectives asked for a copy of his warrant following his talk, which means Fields' Fourth Amendment experiment is going to become boilerplate. Customers and users who thought their personal info was shielded from law enforcement probing are now finding out these protections can be undermined by a warrant targeting anyone that matches a certain DNA profile.

Filed Under: 4th amendment, database search, dna, dna databases, police, unsolved crimes, warrant
Companies: 23andme, ancestry.com, gedmatch

Cops Aren't Just Submitting DNA Samples To Genealogy Services; They're Also Obtaining Customer Info

from the buyer-beware-etc. dept

Recently, a genealogy service provided law enforcement with the information they needed to locate a murder suspect they'd been hunting for over forty years. GEDMatch admitted it was the service investigators used to find a familial match to DNA samples it had taken from crime scenes. This revelation led people to question how private their DNA data was when shared with genealogy services. The answer is, of course, not very, what with the purpose of these services being the matching of DNA info from thousands or millions of unrelated individuals.

Police created a fake account to submit the sample they had and received matches that allowed them to narrow down the list of suspects. This was combined with lots of other regular police work -- combing public records and obituaries for living relatives near the locations the crimes occurred -- to gradually hone in on Joseph James DeAngelo, who is believed to have murdered twelve people and committed at least 51 rapes.

But there was more to this than the DNA search at GEDMatch. Investigators had also used a service called FamilyTreeDNA to look for possible matches. The public database maintained by the company apparently helped investigators narrow down the list of suspects. Peter Aldhous of Buzzfeed has more details.

From DNA collected from crime scenes, [investigator Paul] Holes knew 67 genetic markers on the killer’s Y chromosome. Every three months or so, he would check in Ysearch for matches. The subpoena was made when a profile containing just 12 genetic markers — including one that’s unusual among men of Western European ancestry — matched with the killer’s sample.

This subpoena demanded customer information for the person who had submitted matching DNA. Investigators were able to obtain payment info which led them to someone researching their family tree. This led to another sample -- and another dead end. The woman's father had a sample taken by investigators but the test cleared him of suspicion.

That subpoenas can be used to pierce the minimum of privacy given to customers by companies should come as no surprise. These have been used for years to demand subscriber info from service providers in both civil and criminal cases.

That being said, people may now approach DNA services a bit more cautiously. While companies may offer some assurances about personal info being protected, the nature of the business is sharing DNA markers and allowing your personal DNA structure to be matched against submissions by complete strangers… which will also include law enforcement investigators.

Any service that requires payment and personal info will be approached by law enforcement. In most cases, a warrant won't be needed. The Third Party Doctrine lowers protections for customers, making warrants mostly unnecessary. While some companies may push back more than others when law enforcement demands info, in most cases the government will get what it's seeking.

Filed Under: dna, genealogy, golden state killer, joseph deangelo, privacy, subpoenas
Companies: familytreedna, gedmatch

Police Use Genealogy Site To Locate Murder Suspect They'd Been Hunting For More Than 30 Years

from the new-tech,-new-tools dept

DNA isn't the perfect forensic tool, but it's slightly preferable to the body of junk science prosecutors use to lock people up. It's ability to pinpoint individuals is overstated, and the possibility of contamination makes it just as easy to lock up innocent people as garbage theories like bite mark matching.

In terms of process of elimination, it's still a go-to for prosecutors. The rise of affordable DNA testing has provided a wealth of evidence to law enforcement. Investigators are no longer limited to samples they've taken from arrestees. Databases full of DNA info are within reach 24 hours a day -- and all law enforcement needs is an account and a few bucks to start tracking down DNA matches from members of the public who've never been arrested.

Investigators used DNA from crime scenes that had been stored all these years and plugged the genetic profile of the suspected assailant into an online genealogy database. One such service, GEDmatch, said in a statement on Friday that law enforcement officials had used its database to crack the case. Officers found distant relatives of Mr. DeAngelo’s and, despite his years of eluding the authorities, traced their DNA to his front door.

“We found a person that was the right age and lived in this area — and that was Mr. DeAngelo,” said Steve Grippi, the assistant chief in the Sacramento district attorney’s office.

This "search" may possibly close the books on at least ten unsolved murders featuring the same suspect DNA. The process involved, however, raises questions. But customers of companies like GEDmatch and 23andMe probably won't like the answers. Any ethical questions they may have about companies sharing DNA info with law enforcement is likely covered by the terms of service. Customers looking to the Bill of Rights may be disappointed to discover the courts have little positive to say about Fourth Amendment protections for third party records.

Adding your DNA to these databases makes this info publicly-available. If everyone's DNA was siloed off from everyone else's, genealogy services would be completely useless. It's expected your DNA info will be shared with others. If "others" includes law enforcement, the terms of service have that eventuality covered. Even if other uses of your DNA weren't specified, there's nothing illegal about law enforcement agencies creating accounts to submit DNA for matches. If there's a Constitutional challenge, the third party doctrine likely eliminates anything remaining for the court to consider once it gets past the obvious hurdle: DNA-matching services match DNA. Complete strangers are able to "access" DNA info of others without creating privacy issues.

GEDmatch's response to all of this? If you don't want your DNA to end up in the hands of law enforcement, delete your account. This isn't exactly customer-friendly, but it reflects the reality of participating in a service that offers DNA matching. Even if a company refuses to hand over info voluntarily, it probably wouldn't take more than a subpoena to knock it loose. As long as law enforcement is using the system like a customer would -- that is, simply submitting DNA for a match -- the only problems it poses are at the far end of the ethical spectrum. If it's doing anything else -- like asking companies to notify them if certain DNA samples are submitted -- then there are problems. But as long as it's not inserting itself into the supply chain, there's really no privacy invasion occurring.

Filed Under: dna, evidence, garden state killer, joseph deangelo, privacy
Companies: gedmatch