Horseshoes and Hand Grenades

Almost.  Family Tree DNA almost got it right.

In late January 2019, we learned that FTDNA had quietly changed their Terms of Service at least a month before without notifying their customers.  The December ToS allowed any law enforcement agent, anywhere in the world, without a search warrant, into the database for a wide range of criminal investigations.  FTDNA quickly apologized while neglecting to mention that they had apparently also contracted with a private forensic testing company for an undisclosed sum.  Outrage ensued.

On 12 March, 2019, FTDNA again changed their Terms of Service, this time to allow their customers to opt out of exposure to law enforcement searches.  Previously, the only way for a customer to protect their genetic and family data from government intrusion was to hide their DNA kits entirely.  In other words, they had to give up the very service they paid for.

 

The latest change is almost right

The March 2019 Terms of Service show that FTDNA recognizes that exposing their customers to law enforcement searches without telling them was wrong.  The opt-out fix is almost right.  But almost only counts in horseshoes and hand grenades.

And this isn’t those.  This is the privacy and protection of a million or more innocent customers, not to mention consumer trust in the entire industry.

 

Opt out versus opt in

Why is an opt-out system not good enough?  Because only an affirmative statement indicates consent.  Not saying ‘no’ is not ‘yes’.  A failure to opt out is not consent.  And genealogists should never be exposed to any outside uses of our genetic data without our explicit, informed consent.

The principal of informed consent has been well established when it comes to biomedical research.  Neither 23andMe nor AncestryDNA nor MyHeritage uses our data for scientific research without an explicit opt-in.  This principle applies just as emphatically—perhaps even more so—to law enforcement.  After all, a cancer biologist can’t execute you.

 

FTDNA knows this

FTDNA’s new system automatically opted out their existing customers in the European Union, but nowhere else.  The rest of us were opted in.  This is the default setting for someone in America:

 

To be shielded from law enforcement, anyone outside the EU has to (a) be aware that FTDNA’s system has changed, (b) understand the implications of law-enforcement exposure to make an informed choice, and (c) figure out how to alter their settings.  Neglecting to do those three things does not equate to informed consent.

Why the difference in treatment?  My guess is that FTDNA’s surreptitious change in December violated EU privacy laws, and they are correcting course to avoid lawsuits.  However, if they applied the same high standards to everyone, their database would be useless for forensic searches because very few people would opt in.

The real question is why FTDNA wants to help law enforcement so badly.  Why are they willing to betray a trust earned over nearly 20 years in business?  Do they or their parent company have a financial interest in forensic searches?  If so, why hide it?  If not, why place the interests of law enforcement above those of their customers?

 

FTDNA can still make this right

It’s easy:  they can automatically opt out every single customer—existing and future—from law enforcement searches unless that person explicitly opts in.  The infrastructure is already there; after all, FTDNA has applied it to Europeans.

Will they do the right thing?

41 thoughts on “Horseshoes and Hand Grenades”

  1. Thank you so much for this information. I just went on FTDNA and changed my husband and my accounts to Opt out for LEM!! We are law abiding citizens and there should never be a problem—BUT as you stated we were not notified and definitely did NOT agree to this. Thank you, thank you, thank you.

  2. It is good to see that FTDNA is trying to get it right, even though they aren’t there yet. In my case it is academic, I had FTDNA delete my kit after the second revelation about them sharing results with a private forensic company without consent.

    1. It’s a shame you had to take that step, although I fully understand. I removed all of mine from matching while waiting to see what they would do.

  3. According to FTDNA’s new law enforcement FAQs they don’t have a partnership with Bode or any other company though presumably they will charge a fee (undisclosed) for all law enforcement uploads.

    This is what the FAQ says:

    Does FamilyTreeDNA have partnerships with other organizations, such as Bode Technology, that are working on behalf of law enforcement?

    FamilyTreeDNA does not have partnerships with other organizations working on behalf of law enforcement. We have a fee for service relationship which is provided on a case-by-case basis. Third-party organizations that are legally authorized to work on behalf of law enforcement agencies may submit an application for the processing of a forensic sample or to upload a genetic file to the FamilyTreeDNA database. These accounts are classified as law enforcement user accounts and are submitted to the same guidelines and requirements we have set for law enforcement agencies. For more information, see our Law Enforcement Guide.

    1. They are parsing words. Whether you call it a “partnership” or something else, Bode appears to be paying FTDNA for access to their customer database. Neither company will deny it.

      1. Partnership to me implies a special arrangement. As far as I can gather, if Bode are allowed to upload kits to the database they are doing so under the same conditions as any other forensic company or law enforcement agency. That presumably implies paying for access.

        1. Any forensic company or LE agency that purchases DNA analysis or uploads to FTDNA has a “special arrangement”. It’s in the TOS.

  4. Thank you very much for your post. It triggered action on my part.

    I manage almost 30 separate accounts for myself and influence many others.
    I forwarded your post with an opt in or opt out option and every person contacted opted out.

    The European standard for privacy should be adopted across the board.

    Another question I have which you didn’t address is the resource allocation of platform and personnel. The slow downs in processing kits, data processing trees and time outs makes me wonder how much of the resources members have paid for are going to support the law enforcement activities at the expense of the members. There is always a competition for processing time. Data platforms have maximum capacities and slow down prioritization capability when those maxima are reached. How does FTDNA prioritize their resources?

    I accepted the four month delay in kit processing the year when they reworked & improved the Countries of Origin algorhithm. I am not happy to accept the current delays and inept rollout of the new BigY if it is because of strained and/or redirected resources due to law enforcement vs genealogist demands.

    https://abcnews.go.com/US/dna-links-navy-classmate-1984-cold-case-murder/
    “The first public arrest through genetic genealogy was the April 2018 identification of the suspected “Golden State Killer.” Since then, genetic genealogy has helped identify more than three dozen suspects in violent crimes, said Moore.”

    There is quite a lot of work to process each case. I suspect there are many more in process and/or unresolved by DNA.

    1. It’s telling that everyone you contacted chose to opt out.

      I can’t speak to how they allocate their resources internally. I can say that their processing times, at least for Family Finder, are currently in line with AncestryDNA’s.

    2. I will definitely OPT ON.
      Why?
      The little value anyone will find in my DNA is worth the possibility of catching a criminal. A friend said his brother is in prison for murder and he would be happy to supply DNA if it meant convicting a relative who did & might continue to hurt others

      1. That’s entirely your right. Everyone deserves the objective information they need to make a decision that works for them. NO ONE should be opted in to any use of their DNA without their full, informed consent.

  5. I agree with you–it should be that we are automatically opted-out, until or if we decide to opt-in. I took all of my family finder kits out of matching when I first learned of the changes in terms of service and likely will never opt-in because I no longer trust this company or Gedmatch. Watching some prominent in genetic genealogy doing back flips to justify what has been done to users of Gedmatch and customers of FTDNA is disturbing. Sadly, this hobby I once embraced has come to be so fraught with confusion, deception, and other kinds of landmines that I might be done, no matter the loss of the money spent on DNA testing.

    1. Your reactions, while perfectly valid, are what I’ve feared all along will happen to the hobby. It’s heartbreaking.

      1. I am perfectly happy to allow my DNA date to be used for law enforcement; in my opinion it is one of the best uses for DNA.

        I’ve been an Ancestry.com subscriber for nearly 10 years. Long ago I read their T’s & C’s, and you could NOT opt out of what I believe was far more egregious – selling your data to companies engaging in generally-worded “research”. Can you say “designer babies”? (I thought you could!)

        I recently read Ancestry’s T’s&C’s, and see that one now can opt out (don’t recall, it may be default) but to the best of my knowledge Ancestry never publicly announced it was changing its policies. Shameful past?

        To trust any company is to be naïve.

        1. If you’re happy to have your DNA used in criminal investigations, I support your choice. I also support anyone who chooses otherwise. Each of us should have the information we need to make the decision that’s right for us, and we should never be opted into uses to which we have not given informed consent.

    1. My guess is that there’s a financial incentive for them to make the LE database as large as possible.

  6. Do you think that the opt-out completely removes an individual from law enforcement search results? The skeptic in me says no.

    It is not hard to imagine FTDNA still allowing law enforcement search access to opted out profiles with the results being labeled as private or what not. This would allow law enforcement to then obtain a warrant for the data if they so desire.

    1. A more likely scenario is that LE would upload to the regular database, regardless of the opt-in/out status of FTDNA’s customers.

  7. Has anyone carefully read what Greenspan disclosed in this interview? Seems that dead Americans are automatically opted-in. I don’t believe FTDNA always had the beneficiary agreement to leave control of your account to someone else when you die; so are these orphaned accounts automatically opted-in? Is FTDNA scanning obits to determine which customers have died?

    https://www.forensicmag.com/topics/dna

    1. All Americans—dead or alive—are automatically opted in. Anyone not in the EU is automatically opted in. And even new EU customers will be automatically opted in going forward. Someone who has died can obviously not opt out, so they and their family members will be exposed to FBI searches, regardless of what they might have wanted.

      1. What is disturbing is that the genetic genealogists with these forensic firms keep insisting that they can only access the data of those who have agreed to these searches by law enforcement; when this is just not true. If you have not accessed your accounts on Gedmatch and FTDNA since the new terms of service have been instituted; you have not had the chance to “agree” to anything. I know for a fact that some of my matches on those 2 sites are now deceased, after I reached out to some of their family members. Luckily, none of my now-deceased close family members who tested uploaded their data from 23andMe or AncestryDNA to Gedmatch or FTDNA, despite my incessant urging that they do so. Guess they were the smart ones in all of this

  8. I guess I’m the sole dissenter here. But if law enforcement had not been allowed to use genetic genealogy test results, that rapist and killer in California who killed and raped dozens over two decades (in the 70s and 80s) would still be free. I do think law enforcement has a valid right to use these test results in order to solve cold cases that involve heinous crimes, such as rape, child molestation, murder, kidnapping, and related cold cases, such as missing persons. They should have access to any and all tools available in order to keep the rest of us safe. I think the opt-in option mentioned in this article would be too restrictive, and would make it very difficult to access the critical information they need to find these evil perpetrators, while the opt-out option serves everyone’s needs much better. If you feel strongly about not sharing your test results with law enforcement (which makes no sense to me, unless you’re guilty of a crime), then by all means, opt-out. But let the majority be a help to law enforcement, not a hindrance.

    1. If you believe they should have access to any and all tools, you won’t mind them going through your private emails, text messages, phone logs, bank accounts, and other personal effects whenever they like and without your knowledge or consent. The could solve a lot more crimes a lot faster and a lot cheaper if they had access to that information for all Americans.

      1. As the old story goes. If you can’t do the time, don’t do the crime. You’re comment tells me that thednageek is got something hide.

  9. I think people should have to opt in… and I have opted in everywhere possible. I hope my DNA profile helps law enforcement solve as many cold cases as possible – which so far have been mostly sexual assault-murders of women, girls and boys. I wonder if some people who protest loudest against this technology may be worried about being caught by it themselves.

    1. Wow.

      Forcing people to share their DNA with the government is something dictatorships do, not democracies.

      And suggesting that genealogists who want transparency when companies sell access to their data are murderers and rapists is beyond the pale.

  10. Opt in? Opt out?

    I prefer to be automatically opted out, but not because I have nothing to hide. [People who assert automatic guilt should be ashamed of themselves!] I voluntarily opted in because I prefer to help capture offenders.

    Nonetheless, I am more than a little offended that a judge had the authority to steal what I might have chosen not to provide. It’s no surprise that ‘law enforcement’ would resort to such means since it increases their control and sense of authority, accustomed as they often are to demand obeisance.

    I expect that ftDNA has an obligation to ensure my choice, and couldn’t arbitrarily change the TOS willy-nilly. Have they made some kind of back-door agreement, as some assert, to automatically comply with requests for customer information?

    1. To my knowledge, no judge has forced FTDNA to do anything. They willingly worked with the FBI from the very start of the Golden State Killer case, without telling their customers much less getting consent. What’s more, after DeAngelo was arrested, FTDNA’s CEO misled the public by saying he didn’t know when the FBI put GSK’s data into their database when, in fact, his company did the lab work! When they introduced the opt-out system in March 2019, they opted in everyone by default (except their EU customers, who were protected by law from such privacy violations), and they now default all new customers into LE matching. It’s hard to conclude that they feel an obligation to ensure choice.

      1. Saying that requiring customers to opt out means they don’t feel an obligation to ensure choice is extreme. By definition, opt-in/opt-out ensures choice, even if it requires customer action.

        But while they make provision for privacy, they provide (or have provided) work-arounds for LE without their customers’ knowledge.

        Here are a few reports from both sides of the coin. Follow-on discussion includes the notion that the DNA companies publicly said one thing to placate customers over privacy of their data, but in fact made special provisions that they would not attempt to prevent law enforcement from obtaining the data.

        I hope that, in time, the entire community agrees to protect privacy while promoting the societal benefit of agreeing to share. -Fabrice

        1) Your DNA Profile is Private? A Florida Judge Just Said Otherwise

        https://tinyurl.com/3wjrjzp7
        _____________

        2) Law enforcement can plunder DNA profile database, judge rules…

        DNA data is available even if users opt-out in a landmark ruling that could have serious privacy implications.

        https://tinyurl.com/nz8pmw8f

        ___________________

        3) Ancestry says it fought two police requests to search its DNA database

        https://tinyurl.com/yka7pu47

        ___________________

        4) Debating DNA Collection [from those arrested but not convicted]

        https://tinyurl.com/6zv42uut

        1. If FTDNA and GEDmatch respected choice, they would only expose users to LE who gave explicit, informed consent. If you don’t know what that you’re being opted in, you’re not making a choice, same as when you’re encouraged to opt in but aren’t told what you’re opting in to.

          Note that both FTDNA and GEDmatch refuse to comply with the new Maryland law, which requires them to post publicly that they grant (sell, actually) access to law enforcement. If they respected choice, they would have no problem telling their customers what they’re doing. Instead, they hide it.

  11. U.S. Constitution

    Amendment IX

    The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people.

    This amendment was added because the government at every level had started nicking off the corners of our Rights (disparagement) and denying them all together (as is common today)

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.