Horseshoes and Hand Grenades

Almost.  Family Tree DNA almost got it right.

In late January 2019, we learned that FTDNA had quietly changed their Terms of Service at least a month before without notifying their customers.  The December ToS allowed any law enforcement agent, anywhere in the world, without a search warrant, into the database for a wide range of criminal investigations.  FTDNA quickly apologized while neglecting to mention that they had apparently also contracted with a private forensic testing company for an undisclosed sum.  Outrage ensued.

On 12 March, 2019, FTDNA again changed their Terms of Service, this time to allow their customers to opt out of exposure to law enforcement searches.  Previously, the only way for a customer to protect their genetic and family data from government intrusion was to hide their DNA kits entirely.  In other words, they had to give up the very service they paid for.

 

The latest change is almost right

The March 2019 Terms of Service show that FTDNA recognizes that exposing their customers to law enforcement searches without telling them was wrong.  The opt-out fix is almost right.  But almost only counts in horseshoes and hand grenades.

And this isn’t those.  This is the privacy and protection of a million or more innocent customers, not to mention consumer trust in the entire industry.

 

Opt out versus opt in

Why is an opt-out system not good enough?  Because only an affirmative statement indicates consent.  Not saying ‘no’ is not ‘yes’.  A failure to opt out is not consent.  And genealogists should never be exposed to any outside uses of our genetic data without our explicit, informed consent.

The principal of informed consent has been well established when it comes to biomedical research.  Neither 23andMe nor AncestryDNA nor MyHeritage uses our data for scientific research without an explicit opt-in.  This principle applies just as emphatically—perhaps even more so—to law enforcement.  After all, a cancer biologist can’t execute you.

 

FTDNA knows this

FTDNA’s new system automatically opted out their existing customers in the European Union, but nowhere else.  The rest of us were opted in.  This is the default setting for someone in America:

 

To be shielded from law enforcement, anyone outside the EU has to (a) be aware that FTDNA’s system has changed, (b) understand the implications of law-enforcement exposure to make an informed choice, and (c) figure out how to alter their settings.  Neglecting to do those three things does not equate to informed consent.

Why the difference in treatment?  My guess is that FTDNA’s surreptitious change in December violated EU privacy laws, and they are correcting course to avoid lawsuits.  However, if they applied the same high standards to everyone, their database would be useless for forensic searches because very few people would opt in.

The real question is why FTDNA wants to help law enforcement so badly.  Why are they willing to betray a trust earned over nearly 20 years in business?  Do they or their parent company have a financial interest in forensic searches?  If so, why hide it?  If not, why place the interests of law enforcement above those of their customers?

 

FTDNA can still make this right

It’s easy:  they can automatically opt out every single customer—existing and future—from law enforcement searches unless that person explicitly opts in.  The infrastructure is already there; after all, FTDNA has applied it to Europeans.

Will they do the right thing?

24 thoughts on “Horseshoes and Hand Grenades”

  1. Thank you so much for this information. I just went on FTDNA and changed my husband and my accounts to Opt out for LEM!! We are law abiding citizens and there should never be a problem—BUT as you stated we were not notified and definitely did NOT agree to this. Thank you, thank you, thank you.

  2. It is good to see that FTDNA is trying to get it right, even though they aren’t there yet. In my case it is academic, I had FTDNA delete my kit after the second revelation about them sharing results with a private forensic company without consent.

    1. It’s a shame you had to take that step, although I fully understand. I removed all of mine from matching while waiting to see what they would do.

  3. According to FTDNA’s new law enforcement FAQs they don’t have a partnership with Bode or any other company though presumably they will charge a fee (undisclosed) for all law enforcement uploads.

    This is what the FAQ says:

    Does FamilyTreeDNA have partnerships with other organizations, such as Bode Technology, that are working on behalf of law enforcement?

    FamilyTreeDNA does not have partnerships with other organizations working on behalf of law enforcement. We have a fee for service relationship which is provided on a case-by-case basis. Third-party organizations that are legally authorized to work on behalf of law enforcement agencies may submit an application for the processing of a forensic sample or to upload a genetic file to the FamilyTreeDNA database. These accounts are classified as law enforcement user accounts and are submitted to the same guidelines and requirements we have set for law enforcement agencies. For more information, see our Law Enforcement Guide.

    1. They are parsing words. Whether you call it a “partnership” or something else, Bode appears to be paying FTDNA for access to their customer database. Neither company will deny it.

      1. Partnership to me implies a special arrangement. As far as I can gather, if Bode are allowed to upload kits to the database they are doing so under the same conditions as any other forensic company or law enforcement agency. That presumably implies paying for access.

        1. Any forensic company or LE agency that purchases DNA analysis or uploads to FTDNA has a “special arrangement”. It’s in the TOS.

  4. Thank you very much for your post. It triggered action on my part.

    I manage almost 30 separate accounts for myself and influence many others.
    I forwarded your post with an opt in or opt out option and every person contacted opted out.

    The European standard for privacy should be adopted across the board.

    Another question I have which you didn’t address is the resource allocation of platform and personnel. The slow downs in processing kits, data processing trees and time outs makes me wonder how much of the resources members have paid for are going to support the law enforcement activities at the expense of the members. There is always a competition for processing time. Data platforms have maximum capacities and slow down prioritization capability when those maxima are reached. How does FTDNA prioritize their resources?

    I accepted the four month delay in kit processing the year when they reworked & improved the Countries of Origin algorhithm. I am not happy to accept the current delays and inept rollout of the new BigY if it is because of strained and/or redirected resources due to law enforcement vs genealogist demands.

    https://abcnews.go.com/US/dna-links-navy-classmate-1984-cold-case-murder/
    “The first public arrest through genetic genealogy was the April 2018 identification of the suspected “Golden State Killer.” Since then, genetic genealogy has helped identify more than three dozen suspects in violent crimes, said Moore.”

    There is quite a lot of work to process each case. I suspect there are many more in process and/or unresolved by DNA.

    1. It’s telling that everyone you contacted chose to opt out.

      I can’t speak to how they allocate their resources internally. I can say that their processing times, at least for Family Finder, are currently in line with AncestryDNA’s.

  5. I agree with you–it should be that we are automatically opted-out, until or if we decide to opt-in. I took all of my family finder kits out of matching when I first learned of the changes in terms of service and likely will never opt-in because I no longer trust this company or Gedmatch. Watching some prominent in genetic genealogy doing back flips to justify what has been done to users of Gedmatch and customers of FTDNA is disturbing. Sadly, this hobby I once embraced has come to be so fraught with confusion, deception, and other kinds of landmines that I might be done, no matter the loss of the money spent on DNA testing.

    1. Your reactions, while perfectly valid, are what I’ve feared all along will happen to the hobby. It’s heartbreaking.

  6. Do you think that the opt-out completely removes an individual from law enforcement search results? The skeptic in me says no.

    It is not hard to imagine FTDNA still allowing law enforcement search access to opted out profiles with the results being labeled as private or what not. This would allow law enforcement to then obtain a warrant for the data if they so desire.

    1. A more likely scenario is that LE would upload to the regular database, regardless of the opt-in/out status of FTDNA’s customers.

  7. Has anyone carefully read what Greenspan disclosed in this interview? Seems that dead Americans are automatically opted-in. I don’t believe FTDNA always had the beneficiary agreement to leave control of your account to someone else when you die; so are these orphaned accounts automatically opted-in? Is FTDNA scanning obits to determine which customers have died?

    https://www.forensicmag.com/topics/dna

    1. All Americans—dead or alive—are automatically opted in. Anyone not in the EU is automatically opted in. And even new EU customers will be automatically opted in going forward. Someone who has died can obviously not opt out, so they and their family members will be exposed to FBI searches, regardless of what they might have wanted.

      1. What is disturbing is that the genetic genealogists with these forensic firms keep insisting that they can only access the data of those who have agreed to these searches by law enforcement; when this is just not true. If you have not accessed your accounts on Gedmatch and FTDNA since the new terms of service have been instituted; you have not had the chance to “agree” to anything. I know for a fact that some of my matches on those 2 sites are now deceased, after I reached out to some of their family members. Luckily, none of my now-deceased close family members who tested uploaded their data from 23andMe or AncestryDNA to Gedmatch or FTDNA, despite my incessant urging that they do so. Guess they were the smart ones in all of this

  8. I guess I’m the sole dissenter here. But if law enforcement had not been allowed to use genetic genealogy test results, that rapist and killer in California who killed and raped dozens over two decades (in the 70s and 80s) would still be free. I do think law enforcement has a valid right to use these test results in order to solve cold cases that involve heinous crimes, such as rape, child molestation, murder, kidnapping, and related cold cases, such as missing persons. They should have access to any and all tools available in order to keep the rest of us safe. I think the opt-in option mentioned in this article would be too restrictive, and would make it very difficult to access the critical information they need to find these evil perpetrators, while the opt-out option serves everyone’s needs much better. If you feel strongly about not sharing your test results with law enforcement (which makes no sense to me, unless you’re guilty of a crime), then by all means, opt-out. But let the majority be a help to law enforcement, not a hindrance.

    1. If you believe they should have access to any and all tools, you won’t mind them going through your private emails, text messages, phone logs, bank accounts, and other personal effects whenever they like and without your knowledge or consent. The could solve a lot more crimes a lot faster and a lot cheaper if they had access to that information for all Americans.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.