This post has been updated.
Today, Buzzfeed broke the story that Family Tree DNA has been allowing FBI agents to use their database for criminal investigations. What’s more, Gene-by-Gene, the parent company of FTDNA, is selling DNA analysis services to the FBI and perhaps other law enforcement agencies, suggesting a possible conflict of interest.
According to Buzzfeed, FTDNA has allowed the FBI to use their database since last fall for a handful of cases. (Here is the press release from FTDNA.)
I checked the Terms of Service at FTDNA, and they have, indeed, changed. The previous version (presumably dated 18 December, 2018, per the URL), said:
“You agree to not use the Services for any law enforcement purposes, forensic examinations, criminal investigations, and/or similar purposes without the required legal documentation and written permission from FamilyTreeDNA”
Now, the Terms of Service say:
“You agree to not use the services for law enforcement purposes unless the DNA Sample submitted or Genetic Information supplied was obtained and authorized by law enforcement to either: (1) identify a perpetrator of a violent crime, as defined in 18 U.S. Code § (924) (e) (2) (B), against another individual, including sexual assault, rape, and homicide; or (2) identify the remains of a deceased individual;”
The terms are now essentially the same as at GEDmatch, which allows:
DNA obtained and authorized by law enforcement to either: (1) identify a perpetrator of a violent crime against another individual; or (2) identify remains of a deceased individual;
FTDNA Versus GEDmatch
We’ve been through this before with GEDmatch and the Golden State Killer investigation. There are some important differences, though.
First, in the GSK case, the FBI perused our data without GEDmatch’s knowledge. FTDNA has chosen to allow criminal investigations in our data and are even selling DNA services to law enforcement agencies.
Second, when they found out, GEDmatch did the right thing: they updated their Terms of Service and ensured that everyone who subsequently logged into their accounts either read and accepted them or removed their DNA data from the matching database. Has FTDNA taken a different tack? They appear to have changed their Terms of Service more than a month ago, without notifying their customers.
Third, at GEDmatch, users who do not grant law enforcement the right to see their data and matches can designate their kits “research”. Such kits are still fully functional but will not show as matches to other users. At FTDNA, the only recourse now is to opt out matching entirely, meaning the service for which customers paid is no longer available.
I Have Questions
- When, exactly, did FTDNA change their Terms of Service to allow law enforcement uses?
- Why weren’t we-their customers-notified immediately, as stipulated in the Terms of Service?
- Why weren’t we notified that the FBI is already using the database?
- How much money does Gene-by-Gene earn by selling DNA services to law enforcement?
- Did a profit motive influence their decision to expose their genealogy customers to criminal investigations?
- Will they offer refunds to customers who paid for genealogy services and who opt out of matching over Fourth Amendment concerns?
I Feel Betrayed
FTDNA made this change knowing that we-their customers-tested for genealogy, not law enforcement purposes. They did this knowing that even convicted criminals are not asked to give up the amount of genetic information in these tests. And they did this knowing that many genealogists and legal scholars view law enforcement rifling through the genetic profiles of innocent people as a potential violation of the Fourth Amendment to the United States Constitution.
And they did it without telling us.
I don’t know about you, but I am livid. How can we trust FTDNA again?
On February 3rd, Bennett Greenspan issued an open letter to his customers acknowledging that the Terms of Service had been changed without proper notification and that the Terms would revert back to the GDPR-compliant version from May 2018, the one that was likely drafted with help from GDPR consultants on hand. Law enforcement can still use the database with written permission of FTDNA. Recent events suggest that such permission will be granted liberally and without regard for customer choice.
- Judy G. Russell, “Opening the DNA floodgates,” The Legal Genealogist, posted 1 Feb 2019 (https://www.legalgenealogist.com/blog : accessed (date)).
- Judy G. Russell, “One little change,” The Legal Genealogist, posted 3 Feb 2019 (https://www.legalgenealogist.com/blog : accessed (date)).
Updates to This Post
- 31 January 2019 – added a link to the press release from FTDNA.
- 3 February 2019 – added Additional Reading and a link to the “open letter” from FTDNA’s president, Bennett Greenspan
78 thoughts on “FTDNA Opens the Door to the Cops”
I say at least they have not done what 23andMe has already, sold out to a big Pharma company to mine their DNA results for who knows what really for!
If you are a criminal, beware on FTDNA and Gedmatch! Your deeds will come to light!
Thank you FTDNA and Gedmatch.
23andMe has not sold any of your data to Big Pharma. They are in a collaborative arrangement through which 23andMe scientists do research that GlaxoSmithKline requests. Your data is *only* used for research if you have given explicit and informed consent.
FTDNA did not ask for consent.
Thanks for stating what is very often misunderstood and used as an argument by uninformed people!
It depends on how the words “collaborative”, “arrangement”, “research” are defined. And it all hinges on what the meaning of “is” is.
Fact Check: is the headline a hypothesis or implemented policy?
Is this blog is another “gotcha” venue or a forum to support research?
If you read the blog post, you will see that FTDNA has acknowledged opening their database to law enforcement (not just the FBI).
The FBI is intimately linked to the CIA, NSA, DNI, DIA, FISC, and other Deep State/Secret Government/Shadow Government agencies. Just saying.
Greed is the reason FTDNA has the smallest data base. They never really advertized or had good sales. Those holiday sales were a joke. I used to tell them when I called that they were losing out. This business of selling our raw dna is really low, especially when you consider all the hoops they have made us go through in the interest of security.
Wrong. During the Black Friday and Christmas season 2018 FTDNA had the lowest prices for atDNA and Y-DNA testing. And FTDNA are not selling our raw data.
Correct: This agreement does not give the FBI our raw data.
FTDNA haS the best accuracy of any DNA test firm—-but so far have not been astute in cashing in using that selling advantage.
I disagree that they are the most accurate. Their matching algorithm is years behind the competition. Only last month did they acknowledge that the tiny segments they used were almost all false positives.
We’ve learned since I wrote this blog post more than 2 years ago that FTDNA was working hand-in-hand with law enforcement from the very beginning of the GSK case (their lab did the DNA analysis), and now they’re cashing in by selling access to their unsuspecting customers to law enforcement.
And what right does the FBI have to the genetic data of non-Americans. What will happen if Canadian law enforcement want a look, or Russian, or North Korean?
Shame on FamilyTreeDNA!
You have good questions. I do not have answers for them.
As FTDNA has already displayed where their
Loyalties Lie, It would be meaningless to
demand that they “Erase” your DNA Data.
Could you really expect a “Change of Course”,
and this request to be handled in an “Honest
and Responsible” Manner???
I would say speculatively, that instead, a request
to Remove your DNA would move it to the “Top
of a List”, to be more thoroughly controlled by
FBI and all interested Law Enforcement Agencies.
Maybe FTDNA could put a “Premium Price” on
the Sale of Your DNA, as being someone harboring
guilt over past crimes.
I have opted out of their matching program, and may ultimately delete my test results, but I do not expect any repercussions.
This is what the linked press release revealed.
“We came to the conclusion,” says Greenspan, “that if law enforcement created accounts, with the same level of access to the database as the standard FamilyTreeDNA user, they would not be violating user privacy and confidentiality. In order for the FBI to obtain any additional information, they would have to provide a valid court-order such as a subpoena or search warrant.”
That seems perfectly reasonable to me.
The FBI is not getting access to any more information that you or I.
It appears that some who are upset don’t understand this detail.
I do agree with the author that if the terms of service excluded certain uses, they need to make it clear when they change.
How many people here actually carefully read the TOS when they clicked accept?
What’s reasonable to you isn’t necessarily reasonable to anyone else. FTDNA should have notified their customers *before* they agreed to work with the FBI so we could make informed choices.
I am trying to understand. Is it only the FBI you are worried about? How about the CIA or the US Military? Or your local police, a private investigator or a lawyer? How about a forensic genealogist or someone trying to identify their birth parents? What is the distinction that troubles you?
Would a law disallowing DNA evidence in a court of law appease you?
The Fourth Amendment applies to all government agents.
Comply with US laws and regulations just like the FBI is doing since the company is in the US.
The issue is one of customer trust. FTDNA has betrayed that.
I personally do not object to my DNA being used for law enforcement or identifying unknown remains. But I understand that others may not feel the same. Therefore, this change to the terms of service is significant and should have been clearly acknowledged.
Privacy rights are complex and the details can get controversial when all the competing issues are considered. Striking the right balance is difficult.
I agree with you: informed consent is key.
Thanks for bringing this up and I hope that FTDNA gets sued for this act of not only not informing their customer about a significant change in their T&C but what seems to be motivated by corporate greed only (I’ve never read that GEDmatch is taking money from the law enforcements other than maybe them subscribing to Tier 1).
The options you highlighted leaves us indeed with a difficult choice or deleting all our kits, opting for no matches or live with it. All three of them are unacceptable in my opinion.
This is indeed a betrayal of their customers trust who submitted their DNA for genealogical purposes only and the following video explains how easily one’s DNA can be used in a forensic case though you never committed that crime: https://youtu.be/xclg8ikPAvI
FYI – we will not allow law enforcements to use our app as ours is solely for the purpose of genealogy (see link below)
If they were to be sued, what would be the damages? I would think the cost of the kit would be the limit. Why not just ask for a refund and have your kit removed? Problem solved. And if you never learned of the change, what would be the harm?
Note that the police are only using the test they purchased for genealogy – the subject is just a criminal, instead of an adoptee. It is the same research question – who is this person’s birth parent’s.
If the FBI entered and searched your home — searching your private papers, intimate possessions, etc. — but you never knew, what would be the harm?
well as an Aussie I would have preferred to be notified first by FTDNA..but heck I can’t find many matches there (that I don’t already know of)..so good luck. If only they would notify me if they find a match , sigh
I have spent much time in the past trying to convince others to test, especially their y-dna, assuring them that law enforcement would not and could not use their results. I could not convince anyone who had reservations to go ahead and test. Guess those who refused were the smart ones after all. This new (free) capability would seem to violate privacy restrictions that, to my understanding, required arrests for them to collect dna to use for comparison purposes. Whole databases now exist that were explicitly collected for genealogy research from volunteers, and that was not to be used for law enforcement. I too am livid and feel violated.
I see no problems with FTDNA cooperating with legitimate law enforcement. I applaud FTDNA for taking this step.
That’s your choice. Others should have the right to choose differently. The decision should not have been forced on FTDNA’s entire customer base, and it should never have been implemented surreptitiously without telling us. That was a betrayal of trust.
I agree, though it is an invasion of privacy.
It’s absolutely your right to consent to this. The issue is that consent can only be given when the customer knows what’s happening.
Thank you for the ” heads up”! I’ve opted out of sharing for all kits connected to my family and wonder if this will be sufficient. I have mtDNA tested along with Family Finder kits and I too am livid and feel betrayed. I have lost respect for these sites mentioned and some prominent in this field because I see this as a stealth attack on fundamental rights . Have become truly disenchanted; and have a spare DNA kit that I just threw be away. Disgusted!!!
“How can we trust FTDNA again?”
We can’t. And now it will be even harder to get other family members to test. FTDNA was first on my list to possibly break a brick wall with Y DNA. If I thought I had trouble getting someone to take the test before, imagine what it will be like now. Kiss that project good bye. And do I want law enforcement studying my relatives? Not particularly. Good job for catching the GSK but what next? Once the slippery slope has become everyday usage you know lots of other reasons will follow for digging around in our living family. Disgusted. Disappointed. Frustrated.
The press release also includes finding the identity of dead bodies. This seems like a reasonable use to me. If I had a missing child, I would appreciate someone identifying the body and letting me know. http://www.dpaa.mil has a project that identifies the remains of WWII MIAs, this seems fine to me. There is also a service that will take old envelopes with postage stamps and tell you who licked it, with the intent of reaching back father to do family history. How about identifying a john doe in a coma?
Are any of these objectionable? Where is the line?
The line is drawn at informed consent.
As a lawyer in Canada, I may have a different perspective.
On application, a Law Enforcement agency could obtain a court order to access genetic data, with or without consent, upon a judge weighing the competing rights and importance of the matter. It is a distinction without a difference as I would hope that Judges would assist Law Enforcement in finding criminals, except in the flimsiest of cases.
The only thing that should have happened is that people should have been notified. That would not necessarily have given anyone the ability to do anything, as “research” profiles would equally be subject to a court order. But, at least people would know that they are unable to do anything.
That being said, it is my understanding that Law Enforcement could easily have the same level of access as any other user of the service, which would be sufficient to conduct the investigations that they perform. If you put your DNA in the public forum, you cannot insist or expect that only a certain sector of the users can actually have acces to it.
In the US, the Fourth Amendment protects us against unreasonable searches. The US courts will have to decide whether the FBI invading genealogy databases without the knowledge of their users was reasonable. I would like to think that FTDNA (or any of the companies) would err on the side of their customers’ privacy and consent. They didn’t. By contrast, when 23andMe partnered with GlaxoSmithKline, they notified all of their customers up front, even though their ToS didn’t change. They went above and beyond to ensure that anyone who wanted to opt out had the information they needed to make that choice.
I was surprised to learn that FTDNA had any restrictions on who could buy a kit. I assumed that law enforcement doesn’t use the kits because they don’t have spit samples from crime scenes. But since FTDNA uses a swab, this might be workable.
I opted into a public database so that people could share and solve mysteries. I did not expect to control who came with what questions.
I am unable to imagine a situation that would cause me to regret my participation. I don’t fully understand the fear. I see it exists, but what would be a rational justification?
There are two main issues here: First is the fact that FTDNA changed their Terms of Service without telling their customers, although their own ToS stipulate that they will notify customers when there’s a change. That was a betrayal of trust. Second is that having government agents investigating the genetic profiles of millions of innocent people without their knowledge or consent raises Fourth Amendment concerns.
Also, as Judy Russell points out in her excellent post on the subject, this change means that ” law enforcement can use the FTDNA database to investigate just about any felony anywhere under any circumstances even if no-one was actually harmed.” (Emphasis hers.) The uses are not limited to murder and rape.
Are the new extra 200 STR’s for the FBI? Should we now call FTDNA..FBiDNA? asking for some friends.
The FBI will primarily be using the autosomal database. yDNA has not proven to be particularly helpful in criminal investigations and has often led to innocent men being accused.
I wasn’t referring to this year when they tried to catch up. It was all the previous years.
I pulled our data from GEDmatch when they changed their terms. I’m uncertain what to do about FTDNA, which has tests that I can’t run other places and that cost sizeable chunks of money. But I’m very afraid that access to our data by government agencies will not be limited to the FBI and violent crimes. Their foot is in the door now. Had I known they were planning to release the database in this way, I wouldn’t have submitted my data in the first place. Solving crimes is important but I don’t trust that is all they will do with my information, and once accessed, I can’t get it back. FTDNA seriously broke trust along with the changes in terms. I’m reassessing all the other places where I have DNA now.
Read Judy Russell’s post on the subject. Access is absolutely not limited to the FBI nor to rape and murder.
Judy Russell’s post is well written and helped me understand the concerns better, but I have always thought of my matches on FTDNA as being public. There is a big difference between FTDNA and GEDMatch – GEDMatch will let me match any two kits, FTDNA only lets me see those that match with me. So I can’t see who you match with unless you are on GEDMatch and I know your ID.
I am not a legal expert, especially on privacy rights. I am hoping to understand the issues better.
I would not compare this to the police barging into my home without a warrant, but rather looking into my open garage from the street. They can only see what everyone else could see.
I feel like I must be missing something that Russell can see and I can’t.
What is even better at FTDNA with your Family Finder matches is, you can have those selected as only viewable by other “Only Matches” (Matches) and not “All FamilyTreeDNA Users” (Public). There is another option now, “Only Me”!
If you want to get more private, Privacy ad Sharing section, “To view your DNA relatives, you must opt in to matching” move the toggle over to the left to NOT opt in to matches.
Unfortunately, giving up the service you paid for (matching) is the only way to protect yourself from government intrusion at FTDNA.
I assume that the “only me” option lets only you see your matches, and your matches can’t see you.
This solves the privacy concerns regarding Law Enforcement uploading kits for crime suspects that end up matching with you – now they can’t see that you match.
Of course, no one else will see that you match, but that is their problem and the price of privacy. If everyone did this, there would be no matches, but lots of privacy.
No telling who those other matching kits might have belonged to – Russian KGB, stalkers, illegitimate children, etc.
I believe that matching kits without a family tree is nearly useless. If no one had trees, it would be very difficult to make any connections. So, you can also unlink your tree.
I do agree that this thwarts people like me trying to link matches together, but my work is eroding their privacy and documenting their genetic relationships.
The “only me” option refers to trees. To opt out of matching, you need to go into account settings, then privacy. Unfortunately, if you do that, you can’t see your own matches, so the purchase of an FTDNA kit was effectively useless.
DNAGeek, you can turn off matching in FTDNA, download the raw data, upload it to GEDMatch as a research kit, and only you can see the matches. This allows you to have complete privacy.
Another option is to only turn on matching in FTDNA to capture your match data with tools like DNAGedCom and then turn it back off while you do your analysis offline.
Turning off matching at FTDNA defeats the purpose of having tested there in the first place. In future, why would anyone pay for a service they won’t be able to use?
Seeing match lists is all-or-nothing.The “Only Me” option pertains to viewing Family Trees. Actually, I don’t know how the “All FamilyTreeDNA users” would gain access to family trees that are not on their match list. Maybe I’ve been overlooking something.
For the record, I am remaining public.
The service paid for was to get your DNA data processed.
Matches was just a plus.
Just like with the Big-Y500. You get a big BAM file that you need to get analysed at YFull in order to make sense of it (only $49.00). FTDNA still does not provide the analysis results that YFull does for us in understanding our BAM, TMRCA and other data packed into that BAM file.
Without the YFull analysis, I would not be able to understand very little of that BAM file. YFull has done a great job for our Chambers Surname Project Genetic Family 1, 9 Big-Y500 tests!
That’s an absolutely ridiculous argument. The company is called “Family Tree DNA”. Matching is their entire reason for being.
FTDNA does not promise you any matches – they only promise to process your DNA.
The first people tested had no matches. If everyone follows your lead, and turns off sharing, or deletes their kits, there will again be no matches.
Family Trees are separate from the DNA – it is like a map that connects them all together. The tree is optional.
It’s not my obligation to ensure that FTDNA’s customers have matches. It’s FTDNA’s obligation to maintain my trust. In this instance, they failed mightily.
There are a few of us that already knew who our Y-DNA matches were and just needed a Y Haplogroup Project to group us together to confirm we shared a common ancestor. Then it was off to YFull for the analysis.
Autosomal is NOT all FTDNA processes.
FTDNA advertises that it has the largest yDNA and mtDNA databases in the world. Database size is only relevant in the context of matching. Arguing that their customers are only paying for labwork — and not matching — is preposterous, regardless of which test you’re talking about.
Letter from FTDNA founder…
Thank you. I’ve added a link to the letter in the post.
I just received a letter in my inbox from Bennett Greenspan, with an explanation and apology for the lack of communication when the ToS changed in December. They have reverted the ToS to the original one everyone was familiar with and/or signed when they joined, and have
They have made it right to my mind, and I doubt a majority would not support them going forward to continue to allow FTDNA-sanctioned and approved access to Law Enforcement when they upload a new kit. I certainly support them in this effort and will be leaving my kits in their database put.
Lets move on.
I have already updated the post to link to Greenspan’s letter.
You are entirely within your rights to keep your kits visible, and I am within my rights to remove mine from matching, because I did not and do not consent to LE access.
That Greenspan made an executive decision of this magnitude on behalf of all of his customers is appalling. That he didn’t tell us until he got caught is a betrayal. And that he would try to spread the blame (“the other companies are doing it” … no, no they’re not) is just sad.
Before cell phones, phones books with names, addresses, and phone numbers were popular. Most people included their names in the listings so that others could find and contact them.
The police could also use phonebooks to find people. If they were looking for my brother, they could look for matching last names and then investigate further. It would be hard to tell the police they don’t have permission to use the phone book. The police could only see the same information anyone else using the phone book could see. And if people learned that the police had solved crimes using the phone book, they may choose to not list their names, or have their names removed.
I don’t see the fundamental difference?
The phone book didn’t change their terms of service without notifying their customers.
Phonebooks didn’t have Terms of Service. They would add your name without your permission, and good luck removing it before the next edition was printed a year later.
Only once have I ever paid any attention to a business’ terms of service and when I did, I used a tool to track for changes. They changed often and I was rarely notified (it was Google Ads which makes over $100M/day).
Here are some tools that you might find useful to track them yourself.
Here is a website that tracks and archives TOS from the major websites – lots of changes daily.
FTDNA’s Terms of Service specify that they will email customers when the Terms of Service change. They didn’t. Why should a prospective customer trust them to do anything else specified in their Terms of Service?
FTDNA allows law enforcement to purchase kits and have them processed the same as anyone else. Is this true for 23andMe? AncestryDNA? MyHeritageDNA? LivingDNA?
Is there a reference that charts the differences in policies?
You do an excellent job of tracking units sold and processing comparisons, this might be another useful resource to create and share (assuming it does not already exist online somewhere else).
Please see this post: https://thednageek.com/are-the-cops-using-our-genealogy-databases/
I was just about to write the same. Thanks to you and some other bloggers at least we know now that they sold our data to law enforcement, without our agreement.
Their algorithms are a worse than 23andMe and Ancestry (on autosomal DNA, they are doing very good on Y-DNA and mtDNA) and their website/technology/database is either being done by amateurs or they don’t want to pay their developers properly and hence they have these huge performance issues and still a UI design that makes every frontend developers hair stand up.
Technically, they didn’t “sell our data” but sold access to our data. You’re absolutely correct that they did it without our agreement. Not only that, they willfully misrepresented (Is “lied about” too strong a word?) their involvement with the FBI until the LA Times found them out.
Comments are closed.