This post has been updated.
The genealogy world is ablaze with the revelation that our beloved GEDmatch was used to track down the Golden State Serial Killer. Despite universal approval of the outcome, some genealogists and ethicists are dismayed that this “off label” use of a nerdy genealogy website by law enforcement might have been a breach of privacy and might have unintended consequences for our field.
To address whether law enforcement could be using databases other than GEDmatch, I looked at the terms of service and privacy policies at each of the main testing companies. Here’s what I found and my (not-a-lawyer) interpretation of that information:
Law enforcement could not submit a crime-scene sample to AncestryDNA without violating the Terms and Conditions: “By using the DNA Services you also agree: …. Any saliva sample you provide is either your own or the saliva of a person for whom you are a parent or legal guardian”.
The Terms of Service at 23andMe explicitly prohibit forensic uses: “you agree not to …. use any information received through the Services to attempt to identify other customers, to contact other customers (other than through features for contacting other users such as DNA Relatives offered pursuant to the Services), or for any forensic use” [emphasis mine].
Likewise, MyHeritage recently updated their Terms and Conditions to say “using the DNA Services for law enforcement purposes, forensic examinations, criminal investigations and/or similar purposes, without a court order and without prior explicit written permission from MyHeritage, is strictly prohibited. It is our policy to resist law enforcement inquiries to protect the privacy of our customers.”
Living DNA does not currently offer relative matching (necessary for the kind of investigation that identified the Golden State Killer), but they plan to add it soon. Per their Terms & Conditions, law enforcement could not use forensic samples in their database: “You undertake, promise and agree as follows: …. That you are an individual, are aged over 18, and that the sample you provide will be your own sample, or the sample of a child in respect of whom you have legal entitlement to take a sample and to submit it for testing.”
Family Tree DNA
As of 25 May 2018, the Terms of Service for Family Tree DNA state “You agree to not use the Services for any law enforcement purposes, forensic examinations, criminal investigations, and/or similar purposes without the required legal documentation and written permission from FamilyTreeDNA” (Section 6.B.xiii).
Under what conditions Family Tree DNA will give “written permission” is unclear.
UPDATE: On 31 January, 2019, Buzzfeed broke a story that Family Tree DNA was working with the FBI. Family Tree DNA subsequently issued a press release to explain their decision. The Terms of Service had been changed in December without notifying customers. A subsequent open letter from the president of FTDNA apologized and announced that the Terms of Service would revert to the version above.
23andMe publishes a Transparency Report, updated quarterly, that says they have never released customer information in response to a government request. AncestryDNA’s Transparency Report states that they have responded to several government requests related to credit card fraud and identity theft; once, in 2014, have they complied with a search warrant to identify a person based on a DNA sample. That person’s DNA profile had been public in a database Ancestry.com had acquired. None of the other companies provide information on whether they have complied with government requests for customer DNA data.
Updates to This Post
- 27 May 2018 — updated to reflect the new Terms of Service at Family Tree DNA
- 1 Feb 2018 — noted that Family Tree DNA had begun working with the FBI and changed their Terms of Service some time prior to the announcement