Almost. Family Tree DNA almost got it right.
In late January 2019, we learned that FTDNA had quietly changed their Terms of Service at least a month before without notifying their customers. The December ToS allowed any law enforcement agent, anywhere in the world, without a search warrant, into the database for a wide range of criminal investigations. FTDNA quickly apologized while neglecting to mention that they had apparently also contracted with a private forensic testing company for an undisclosed sum. Outrage ensued.
On 12 March, 2019, FTDNA again changed their Terms of Service, this time to allow their customers to opt out of exposure to law enforcement searches. Previously, the only way for a customer to protect their genetic and family data from government intrusion was to hide their DNA kits entirely. In other words, they had to give up the very service they paid for.
The latest change is almost right
The March 2019 Terms of Service show that FTDNA recognizes that exposing their customers to law enforcement searches without telling them was wrong. The opt-out fix is almost right. But almost only counts in horseshoes and hand grenades.
And this isn’t those. This is the privacy and protection of a million or more innocent customers, not to mention consumer trust in the entire industry.
Opt out versus opt in
Why is an opt-out system not good enough? Because only an affirmative statement indicates consent. Not saying ‘no’ is not ‘yes’. A failure to opt out is not consent. And genealogists should never be exposed to any outside uses of our genetic data without our explicit, informed consent.
The principal of informed consent has been well established when it comes to biomedical research. Neither 23andMe nor AncestryDNA nor MyHeritage uses our data for scientific research without an explicit opt-in. This principle applies just as emphatically—perhaps even more so—to law enforcement. After all, a cancer biologist can’t execute you.
FTDNA knows this
FTDNA’s new system automatically opted out their existing customers in the European Union, but nowhere else. The rest of us were opted in. This is the default setting for someone in America:
To be shielded from law enforcement, anyone outside the EU has to (a) be aware that FTDNA’s system has changed, (b) understand the implications of law-enforcement exposure to make an informed choice, and (c) figure out how to alter their settings. Neglecting to do those three things does not equate to informed consent.
Why the difference in treatment? My guess is that FTDNA’s surreptitious change in December violated EU privacy laws, and they are correcting course to avoid lawsuits. However, if they applied the same high standards to everyone, their database would be useless for forensic searches because very few people would opt in.
The real question is why FTDNA wants to help law enforcement so badly. Why are they willing to betray a trust earned over nearly 20 years in business? Do they or their parent company have a financial interest in forensic searches? If so, why hide it? If not, why place the interests of law enforcement above those of their customers?
FTDNA can still make this right
It’s easy: they can automatically opt out every single customer—existing and future—from law enforcement searches unless that person explicitly opts in. The infrastructure is already there; after all, FTDNA has applied it to Europeans.
Will they do the right thing?