Informed Consent: What It Is, What It Isn’t, and Why It’s Necessary

The genetic genealogy community is in turmoil.  People are angry, accusations are flying, and friendships are sundering.  All over something as seemingly straightforward as whether we have the right to decide whether our DNA data can be used by law enforcement.

 

The Backstory

Last year, the world learned that genetic genealogy had been used to identify a serial rapist and murderer who had terrorized the state of California in the 1970s and 1980s.  The so-called “Golden State Killer” had been dormant for decades and was finally captured thanks to the inspired work of Barbara Rae-Venter.  She knew from her years helping adoptees that he could be identified using DNA left at a crime scene.  She was right:  Joseph James DeAngelo was arrested in April 2018, thanks to her collaboration with the FBI.

Mug shot of Joseph DeAngelo, accused of being the Golden State Killer

 

While the world rejoiced that a vicious killer was finally off the streets, the surreptitious use of GEDmatch—a privately-owned third-party database created by and for genealogy enthusiasts—raised ethical and legal concerns.  After all, the people whose data helped identify the suspect had not consented to that use, and the FBI had not obtained a court order to access the database.  They hadn’t even asked GEDmatch’s owners for permission.

Since then, more than 50 criminal cases and 10 Doe cases (unidentified bodies) have been solved using these methods.  The benefit to society and the solace to the victims’ families cannot be understated.

The privacy concerns, however, must still be addressed.  After all, residents of the US are protected by the Fourth Amendment to the Constitution, which states:

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

Privacy advocates argue that law enforcement violates the Fourth Amendment by searching a privately-owned database containing personal and biomedical genetic information without a warrant or individual consent of the DNA testers.  Notably, those advocates, including myself, don’t want to stop such searches; we want them to be conducted with either judicial oversight or explicit permission.  And since approval by a judge seems unlikely given that a warrant would not be able to describe the “persons or things to be seized” beforehand, explicit permission is key.

 

Uncharted Territory

The genetic genealogy world would have been better off had these questions been resolved before law enforcement entered our databases.  Instead, we’re all playing catch-up on scientific and ethical issues that would be challenging to discuss under the best of circumstances and are all but impossible now that so many are emotionally or even financially invested in one side or another. No aspersions cast here.  This is cutting edge stuff, and the guardrails are being built as the cars careen past, so to speak.

The fact remains that most people uploaded to GEDmatch with no idea at all of what was possible in terms of privacy.  Not just regarding law enforcement, but also family secrets, biomedical information, and who knows what else.

The entire community should take a breather and objectively assess where we want to be in 5 years, else I’m afraid that will be watching this play out on the floor of the US Supreme Court.  It may be too late to avoid judicial and legislative oversight, but implementing an informed consent model now for law enforcement searches seems reasonable.

 

Informed Consent

The term “informed consent” is borrowed from the medical community, which is ethically bound to ensure that patients and research subjects understand the risks and benefits of treatments (i.e., are informed) and that they or their powers-of-attorney agree before treatment is rendered (i.e., give consent).

23andMe offers an excellent example of informed consent in the context of genetic genealogy testing.  Their business model centers on crowd-sourcing genetic and trait information to advance medical knowledge and drug discovery.  To that end, their customers can opt in to research studies that use their DNA.   Their Research Consent Document clearly outlines the risks and rewards:

How will I benefit from this research?

  • By taking surveys you may learn about 23andMe’s research findings, including how your answers compare with those of others and new discoveries made by 23andMe’s research program.
  • Sometime in the future you or your family may benefit indirectly from research discoveries made by 23andMe or its research partners.

What are the risks of taking part in this research?

  • There is a very small chance that someone with access to the research data or results could expose personal information about you. 23andMe has policies and practices in place to minimize the chance of such an event.

Importantly, at no time does 23andMe make the decision for you, even though it’s in their interests for you to opt in.  And nowhere in the Research Consent Document does 23andMe try to influence your decision one way or the other.

That’s a far cry from what’s been happening with regard to law enforcement.  For example, Family Tree DNA unilaterally opted in the majority of their customers (and all of the Americans) to law enforcement matching.  That is not consent, much less informed consent.

And although GEDmatch recently implemented a system that requires an explicit opt-in (as opposed to opting people in without their knowledge), nowhere do they outline the risks.  (Judy Russell also observes that opting out does not make the kit truly invisible to law enforcement.)  What’s more, the owners are openly advocating one choice over another.

 

That’s consent, but not informed consent, and GEDmatch is clearly favoring one choice over another.  Should anything go awry with a criminal investigation in their database, GEDmatch may have exposed itself to liability with that statement.

 

The Risks and Benefits

We, as a community, need to think about the benefits and the risks of using the same databases as law enforcement.  Because no one else is, to my knowledge, addressing these points explicitly, I put forth this preliminary list.  I hope that others will chime in with both pros and cons that can be incorporated (with credit) in updates.  And I hope that both GEDmatch and Family Tree DNA will consider posting this list, or one of their own devising, on their own websites to ensure that their customers are fully informed about the choice they’re being asked to make.

How will I benefit from opting in to law enforcement matching?

  • By participating in law enforcement matching, your DNA data and family tree may help identify and capture a violent criminal, thus preventing further violent crime.*
  • By making your data available to initiatives like the DNA Doe Project, your data may help togive closure to the family of an unidentified deceased person (a John or Jane Doe).
  • A robust database may act as a deterrent to future criminals.*
  • In some cases, the researchers working with law enforcement may be willing to share their genealogy research with you once the investigation is complete.

What are the risks of taking part in law enforcement matching?

  • You may learn that you are related to a violent criminal.
  • Government agents, or their contractors, may discover family secrets about you or your relatives.
  • Your data may be used to arrest someone who will be sentenced to death.*
  • Your data and family tree may misidentify an innocent person as a criminal, putting them through unexpected stress and legal expenses.
  • You may be named in a search warrant or arrest warrant that becomes public, putting you at risk of public harassment or retaliation.  (See the screenshot below for an example.)
  • The Terms of Service at GEDmatch and/or Family Tree DNA may change or be waived to expand investigations beyond violent crimes.
  • And finally, while the vast majority of forensic genealogists are ethical and upstanding citizens, some may turn out to be otherwise.  After all, the Golden State Killer was a cop.

Updates to This Post

  • 23 May 2019:  The description of GEDmatch’s attempt to influence the opt-in choice was rephrased to be more neutral, as advised by Ann Turner.
  • 24 May 2019:  The pros-and-cons list marked with an asterisk (*) were suggested by Maurice Gleeson or edited based on his contributions.  His blog can be found here.
  • 27 May 2019:  Added this screenshot of a search warrant application in the arrest of Jerry Burns from Cedar Rapids, Iowa.

37 thoughts on “Informed Consent: What It Is, What It Isn’t, and Why It’s Necessary”

  1. I would have thought that GedMatch already exposed itself to liability by violating their own Terms of Service in allowing the use of their database to investigating something that was neither sexual assault nor homicide. While I love the idea of the use of DNA to solve crimes like the attack on the organist, I do not love the idea that companies can willy-nilly decide that they are going to change or waive the terms of service.

    And your final point about the Golden State Killer… that’s something no one else has pointed out (that I’ve seen) and a very important point. I *believe* but don’t know that the police are required to get a new DNA sample from the suspect and compare it to the crime scene, which would seem to be a check/balance situation for that.

    1. Yes, they got a fresh sample from DeAngelo (from his trash, as I recall) and matched it to the crime scene data before he was arrested. The vast majority of LE are good, conscientious people who are genuinely working to protect us … as are the genealogists helping them. I wish the community as a whole could have a pause for 3–6 months to really consider where this is all headed.

  2. I tend to be trusting and opt-in for everything reasonable. But I would think twice if it was the Chinese government that was collecting this data. I would be concerned that they could use the information to invade my privacy and restrict my liberties. So this makes me consider if I can blindly trust other groups to “do the right thing” with my data. Unfortunately, DNA matching requires that we trust and share personal information. It is not for someone who wants to be completely private. And since we all share DNA, all those that opt-in expose everyone else a little. And I don’t believe that there is any way to keep your DNA anonymous if you allow matching.

    1. Each company offers a different level of privacy. First, at any company, you can opt out of matching entirely and just use the other tools, like ethnicity estimates. AncestryDNA and Family Tree DNA show you whether you have a shared match with someone, but not how much DNA those other two people share. (If you’re the third person in this comparison, then you may not be comfortable with that information being available to the others.) 23andMe will show you how much DNA they share, but only if you grant that level of access. MyHeritage shows the amount between shared matches across the board. And GEDmatch is at the most permissive end of the spectrum, essentially showing all match and ICW information to anyone who has access to the kit number.

      Put in a less alarmist way, it’s possible to find a level of sharing that you’re comfortable with by selectively deciding where to test/transfer.

  3. Isn’t an international panel of DNA experts, eg Dr Tim Janzen for 1, just organized to explore these questions?? I would rather wait until their results can be publicly discussed that all DNA databases make “automatic opt out” as the default setting for all kits, unless a specific warrant has been issued by a judge BEFOREHAND!! Then if people want to help they can change over to active participation.
    The DNA companies who publicly announce changes in terms of service only when they are caught are their own worst enemies, since they are losing their customers trust & loyalty.
    After all, the SCOTUS has already ruled that police can deliberately lie to suspects or witnesses in investigations without any penalties… i don’t want to live with Big Brother looking over everything!!

    1. I’m not aware of an international panel. FTDNA set up a “Citizen’s Panel” [sic], but they provided feedback directly to FTDNA without discussing amongst themselves. From what I understand, they didn’t even know who else was on the panel at the time.

  4. Your suggestions sound reasonable.
    And you’re right, legislative oversight is coming; as I recently read that U.S. Senator Sherrod Brown is interested in this issue.
    I’ve had experience writing regs based on legislation; and IMHO, the genetic genealogy would have be better off keeping its own house in order rather than having legislators and regulators step in; as then things can go awry in unexpected ways. But it seems you have to enforce ethics upon some, even those who claim to believe in and uphold them; so it goes…

  5. Another good post. After a lot of thought, I set my personal kit to allow LE, but the points raised are very valid and I’m honestly on the fence. Maybe I’m being influenced 🙂
    I am not as trustworthy of LE as many folks and worry about over-reach. However, I do have a ton of empathy for the families looking for closure, so for the moment that is my overpowering motivation. Thanks again for being a vocal advocate for DNA privacy.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.