In a fit of anger, William Leslie Arnold murdered his parents in 1958 in Nebraska. He escaped jail in 1967, was never caught, and died a free man in 2010 under the alias John Vincent Damon. His story was only recently uncovered by a US marshal using forensic genetic genealogy (FGG).
How this case was solved is fascinating, because the US marshal did not have a sample of Arnold/Damon’s DNA. Instead, he asked Arnold’s brother, James, to provide a one, apparently driving 5 hours to obtain it himself. Two years later, Arnold/Damon’s son tested for genealogical purposes and matched James Arnold as a nephew.
This seeming success story belies a host of ethical and legal problems, with this case in particular and with FGG more broadly. That’s because (1) this case was not eligible for an FGG investigation, (2) it was apparently solved in a database that forbids forensic cases, and (3) this “back door” into unauthorized databases may be common practice.
This Case Did Not Qualify for Forensic Genetic Genealogy
Unquestionably, FGG has the power to do great good by bringing violent criminals to justice and making us all safer. It also poses serious privacy risks. For that reason, the US Department of Justice published an interim policy in 2019 outlining when and how FGG can be used in the United States.
The document states (pp 4–5; footnotes as in the original):
Investigative agencies may initiate the process of considering the use of FGGS when a case involves an unsolved violent crime15 and the candidate forensic sample16 is from a putative perpetrator,17 or when a case involves what is reasonably believed by investigators to be the unidentified remains of a suspected homicide victim (‘unidentified human remains’). In addition, the prosecutor, as defined in footnote twenty of this interim policy, may authorize the investigative use of FGGS for violent crimes or attempts to commit violent crimes other than homicide or sexual offenses (while observing and complying with all requirements of this interim policy) when the circumstances surrounding the criminal act(s) present a substantial and ongoing threat to public safety or national security. Before an investigative agency may attempt to use FGGS, the forensic profile derived from the candidate forensic sample must have been uploaded to CODIS, and subsequent CODIS searches must have failed to produce a probative and confirmed DNA match.
Let’s parse those requirements.
- The DoJ defines violent crime as “any homicide or sex crime, including a homicide investigation during which FGGS is used in an attempt to identify the remains of a suspected homicide victim” (footnote 15). This was not an unsolved violent crime; the murder was solved in 1958. This was a jailbreak. The DoJ policy does not allow FGG for jailbreaks.
- The same footnote goes on to state that an unsolved violent crime “also includes other serious crimes and criminal offenses designated by a [genetic genealogy] service for which investigative use of its service by law enforcement has been authorized by that service.” The three largest genetic genealogy databases expressly forbid law enforcement using their services. (See below.) Even the databases that permit forensic uses do not allow for non-violent jailbreak investigations.
- This case did not “present a substantial and ongoing threat to public safety or national security.” Arnold escaped more than five decades ago and lived a quiet life afterwards. He’s been dead for more than a decade. He posed no threat.
- The candidate forensic sample in this case was not from the putative perpetrator. It was from his brother, who was innocent.
- The forensic profile from the perpetrator’s sample was not uploaded to CODIS before the attempt to use FGG, because the forensic profile did not exist.
The US Marshals Service is a division within the Department of Justice and thus subject to the FGG policy. The policy was in full effect when the marshal took over the case in 2020. This case should never have used forensic genetic genealogy in the first place.
This Case Apparently Used an Unauthorized Database
The US Marshal Service hasn’t disclosed which genealogy database they used, but it’s clear from context that the database did not permit FGG. Why do I say this?
First, The Guardian writes, “According to CeCe Moore, genetic genealogist at Parabon Nanolabs, the case is unusual in the sense that law enforcement … are not usually able to access large, commercial genealogy services.”
They were not usually able to access the database(s), but apparently they did this time.
The Guardian also writes:
The big three commercial genealogy databases – AncestryDNA, 23andMe and MyHeritage – do not permit law enforcement to put crime scene or unidentified remains DNA into their system under their terms of service. But if a family member – in this case Arnold’s brother – permits it, a search run through the 40m DNA signatures in the commercial database can return a “hit” in hours.”
There is no single genetic genealogy database with 40 million DNA signatures, but when you add up the sizes of the big three (23+ million, 13+ million, and 7+ million, respectively), you get a little more than 40 million. GEDmatch and FamilyTreeDNA, which both collaborate with law enforcement, have fewer than 2 million users each. Again, context suggests the marshal used one or more databases that does not permit FGG.
If I had to guess, I’d say they used all three. AncestryDNA has the largest database by far, with the best tools for identifying unknown family. 23andMe is the second largest and, as a health company, often has matches the other companies don’t. Uploading to MyHeritage is a cost-effective way of finding even more unique matches. Plus, the latter two have some features that AncestryDNA does not. If I were working this case and were willing to skirt the rules, that’s what I would do.
Finally, The Guardian quotes Moore saying “What makes this case unique is they’re using a living person’s DNA to fish for this escapee or his family through shared DNA … There was nothing to stop them using the large databases because the younger brother was willing to put his DNA in the databases and allowing law enforcement to access them.”
Except one thing stopping them was the DoJ policy. As we’ve already seen, this case was not eligible for FGG because it violated multiple stipulations.
Another thing stopping them is the policies of the big three databases.
- Ancestry: “To provide our Users with the greatest protection under the law, we … do not allow law enforcement to use Ancestry’s services to investigate crimes or to identify human remains.”
- 23andMe: “By using the Services or creating an account, you represent, warrant and agree that: …. You will not use the Services for any investigative forensic genealogy uses.”
- MyHeritage: “Using the DNA Services for law enforcement purposes, forensic examinations, criminal investigations, “cold case” investigations, identification of unknown deceased people, location of relatives of deceased people using cadaver DNA, and/or all similar purposes, is strictly prohibited.”
None of these terms have an “unless the younger brother is willing” exception. FGG was not allowed in these databases. Period.
This Is the Tip of the Iceberg
Recently, someone—I’ll call them “Pat”—on Facebook asked about an email they’d received from a genealogist with Othram asking “to share your AncestryDNA matches with me” for a forensic case. The email said, “You might have also been contacted by the previous research teams about this case. You are a distant DNA match on FamilyTree DNA (sic) to an unidentified remains case that I am working on.”
(I am not sharing the screenshot or linking to the original post to protect “Pat’s” privacy. Select quotes are shared here under the fair use doctrine of US copyright law for the purposes of criticism, comment, and reporting.)
Recall that AncestryDNA does “not allow law enforcement to use Ancestry’s services to investigate crimes or to identify human remains.” There is no “unless someone else gives you access” clause.
Asking for access to AncestryDNA match lists appears to be standard practice; the genealogist assumed that colleagues had already contacted “Pat.” We have every reason to believe that Parabon does this, too, as their lead genealogist claims “There was nothing to stop them using the large databases” this way. (See above.)
This, too, violates the DoJ policy, which requires that “Investigative agencies shall identify themselves as law enforcement to [genetic genealogy] services and enter and search FGG profiles only in those [genetic genealogy] services that provide explicit notice to their service users and the public that law enforcement may use their service sites to investigate crimes or to identify unidentified human remains.” (p. 6) Per the DoJ policy, FGG profiles include reference samples (footnote 11), which are samples from known sources (footnote 7). “Pat’s” kit would thus serve as a reference sample.
One could argue that Othram and Parabon are private corporations acting on behalf of law enforcement rather than law enforcement per se and therefore not subject to the DoJ policy or the database terms. What a dangerous precedent to set! By that logic, law enforcement can get around all of the strictures associated with FGG (or anything else, for that matter) by simply subcontracting the dirty work to for-profit companies.
How did Othram’s genealogists know that “Pat” was in AncestryDNA’s database in the first place? Is FamilyTreeDNA telling FGG practitioners where their regular customers originally tested? Or did Othram have access to other kits at AncestryDNA that led them to “Pat?”
We Need to Hear From the Big Three
At the moment, more than 40 million unsuspecting customers in the big three databases are being exposed to forensic investigations without their knowledge or consent. That needs to change. I’ve reached out to all three companies for comment and will post their replies here.
I asked AncestryDNA to confirm whether law enforcement and/or their subcontractors are violating the Terms of Service. Their response was: “Ancestry is not a public DNA database; we do not voluntarily cooperate with law enforcement and are not involved with these cases. We take any allegation of a user’s misconduct on our platform seriously.” That speaks more to the wordsmith skills of their corporate lawyers than transparency. While I applaud the proper use of a semicolon, I would prefer that they answer my question and take action to protect their 23 million users.
23andMe’s response was equally vague. “Regarding law enforcement, respect for customer privacy is paramount at 23andMe. As such, we do not work with law enforcement agencies. More specifically, 23andMe will exercise any available legal measures to object to a law enforcement request. To date, we have not released any individual user data to law enforcement.” They have not responded to a follow-up question about law enforcement using their database without asking.
Updates to This Post
- 24 May 2023 — added response from 23andMe
84 thoughts on “Rules? We Don’t Need No Stinkin’ Rules”
Outstanding article. Informative and understandable for everyone. While I, personally, do not have a problem with my information being used by law enforcement, I do understand that violations of DOJ policy is what it is. Someone’s head should, figuratively, roll. After they swab his /her/their cheeks, of course.
Even though this issue was previously addressed, it appears that law enforcement will stop at nothing to get their answers, even if it violates our civil rights. Since this last incident, what has been done to address it? Will the DoJ prosecute the players for such an egregious violation of policy? Chances are the answer is no.
This leaves me with the question of possibility removing my Family tree & DNA results from the various companies I use; FTADNA, Ancestry, and 23&Me. I have found my name on MyHeritage. I eliminated my profile from GEDMatch. I haven’t removed my DNA results from FTDNA because of a surname DNA project I’m involved in as well as I let my DNA be used for further research, exclusive of law enforcement or FGG involvement. I don’t have a family tree on FTDNA, but I do at Ancestry along with my DNA results.
First, is there a way for me to anonymize myself and my family, keeping only older generations? Is my best bet to eliminate all my DNA samples & family trees from these companies? Im getting more frustrated with each new violation and don’t know what to do.
I agree with you. I don’t know what to do, either, except continue to call out the bad actors and to push for legislation.
Is the problem that law enforcement asked the brother to take the DNA test? If the brother had done it on his own and then later discovered his nephew, would it have been OK for him to tell the authorities that he had discovered a probable son of his brother? The standard advice is that if you are afraid of what you might find, then don’t take a DNA test. Are you implying that if you suspect you might find something bad, you should be legally prohibited from taking a DNA test?
Yes, the problem is that the US marshal solicited the DNA test as part of an official investigation. In so doing, he violated both the DoJ policy and the Terms of Service of one or more databases.
I am not an American and I do not live in the US. MyHeritage is not a US company. I think the US Department of Justice might be over-reaching in its attempt at regulating the world.
The US DoJ is not attempting to regulate the world; they are attempting to regulate US law enforcement agencies.
MyHeritage is at least US-owned, Fransisco Partners acquired the company in 2021
I agree that Ancestry DNA has by far the largest database, but it definitely does not have the best tools for identifying unknown DNA matches. In fact it has no tools at all beyond the very dodgy family trees posted on the website by its clients themselves, which are more often than not absent altogether.
I have a close DNA match (250 cMs) on Ancestry who does not post a family tree nor reply when contacted, and I have no way of knowing where this presumably 2nd cousin fits into my family tree. Ancestry does not show on which Chromosome(s) matches in common triangulate, nor how many cMs matches in common share with each other as well as with yourself, they do not even show any matches in common who share less than 20 cMs with yourself or with each other. Large amounts of such useful information which would be available on other DNA sites is completely missing on Ancestry.
Even Ancestry’s paternal/maternal ethnicity labelling is totally unscientific because it is not based on triangulation but on numbers of matches in common with the tester’s closest DNA matches, having first required the tester to indicate which side of the family these close matches are from. As an example, I have an Irish paternal grandmother with 10 siblings, large numbers of whose multiple descendants have all tested, and a British paternal grandfather who was an only child and has only one other than descendant besides myself who has tested
As a result of my multiple Irish paternal matches, Ancestry informs me that my paternal ethnicity is 45% Irish and only 5% British… Forgive me for being very sceptical.
Apart from Gedmatch, the DNA company with the best matching tools is definitely My Heritage in my opinion, certainly not Ancestry.
This post might help you to understand the science behind SideView.
I do understand the science behind Ancestry’s side-view algorithm, and I do not dispute that Ancestry gets the paternal/maternal labelling of DNA matches correct most of the time.
It is the calculation of the ETHNICITIES inherited from each parent which are very dubious. Ancestry does not elaborate on how it calculates its ethnicity estimates on the individual parental halves after phasing, but in my case it seems quite obvious that it is a just by counting up and sorting the ethnicities of my paternal matches in common, all but one of whom come from the side of Dad’s Irish mother. Unless we are to believe that out of my Dad’s 50% contribution to my DNA, 45% came from his Irish mother and only 5% came from his English father. Is that really likely?
The white paper explains how they estimate ethnicity. I especially encourage you to look at the box plots on page 10. The algorithm is quite accurate for Irish DNA but less so for English. Typically, when the algorithm gets an estimate “wrong”, it assigns the ethnicity to a nearby region.
Such an interesting analysis of this situation, Leah!
Leah, thank you for this rapid, thorough and insightful review. You are raising excellent issues for consideration.
In a few years and/or decades, all of this will be ho-hum; and all of the databases will be open. I do not mind if LE uses my DNA.
Please tell me, when I see a couple of matches at MH that simple identify as DNA Kit, are those ones LE has put there? If not, wonder how those kits are identified, just with a made-up name?
Roughly 40 million people have tested. Fewer than 10% of those have opted into LE matching, so it seems that most people would prefer not to participate.
The “DNA kit” matches at MyHeritage are simply kits for which the user didn’t enter a name.
“Fewer than 10% of those have opted into LE matching, so it seems that most people would prefer not to participate.”
The presumably large number of “casual” testers at Ancestry and 23andme, who wouldn’t be interested in (or even know about) uploading to Gedmatch or FamilyTreeDNA (and then opting in there), have not been asked this question about LE use directly.
Unless polls have been conducted of this group (and maybe there have been), we don’t know what they would do. Just 10% opting in? Sure, that’s possible. A higher percentage? Also possible.
I find it hard to believe that anyone in the US (at least anyone with internet and therefore the ability to do a genealogy test) hasn’t heard of FGG. If they haven’t uploaded to GEDmatch/FTDNA, it’s safe to assume they don’t want to.
An objective poll is a good idea, though. I encourage you to do one! How would you reach your target demographic?
I’ve got one of those unnamed DNA kits at MH. It was a suspected 4C who agreed to test both autosomal and Y-DNA for me at my expense. His sister also has a copy of his kit at MH with his name on it, so I never bothered adding his name. If anyone has a closer match to him, it would be better for queries to go to his sister. He has another sister at MH who never knew he tested, and all of a sudden there was an unnamed kit as a full sibling match. It caused a bit of a stir. The sister who manages his identified result put me in touch with him and knew it was happening, but obviously didn’t tell the other sister.
Thanks for that piece. It was very interesting. This sentence on Page 19 explains the anomaly of my 45% Irish to 5% English allocation of paternal DNA:-
‘Side View cannot phase in places where an individual has no DNA matches’.
I have hardly any matches on my paternal grandfather’s side.
That might explain it.
Suppose that I have lost contact with a relative but have no idea whether that person has committed a crime. I take a DNA test to discover relatives. I find some. Then I subsequently discover that a relative has a criminal history and that one or more of my matches descends from that person. I would feel free enough and brave enough to report that to law enforcement. I’m not American.
If you are not a law enforcement agent, none of these restrictions apply to you.
@Linda, even if they’re your parents, siblings, children? Granted, you don’t KNOW that they committed a crime, but they could also be innocent but be unable to prove it. You’re neither their defense nor prosecution. That sounds like something you should talk to a lawyer about before reporting.
What if you discovered they were looking for you? I can tell you for sure what your lawyer would say in that case.
Interesting and somewhat bewildering that the big 3 databases appear to ignore the practice and allow it to happen without sanction. Exclusion of the researchers from those databases would appear to be the appropriate response.
I would hope evidence gathered that way would not be admissible in court, though many people believe “the means are justified by the end.”
I’m sure it’s very difficult for the Big 3 to detect these bad actors. They don’t exactly advertise what they’re doing. Rumors have circulated for years that unethical FGGs are uploading to MyHeritage and using work-arounds to view opted-out kits at GEDmatch and FTDNA. As long as they don’t admit what they did in the legal filings, no one would ever know.
That said, I agree that the companies need to do more to protect their customers. Ancestry’s response was extremely disappointing.
What action could a company like Ancestry take to protect their customers? No evidence of identity is needed to create an account or submit a DNA specimen. Unless people are required to attend a specimen collection centre, provide ID and use their real name on their account and specimen then I cannot see how the testing company can detect a situation like this.
The same way any group of humans polices itself: set firm boundaries and punish those who violate them.
In that case, the only way to be certain about a person’s identity and prevent them from accessing the database in the first place would result in fewer people testing. We wouldn’t be able to collect specimens from elderly relatives in nursing homes, nor deceased relatives. There would be no taking a bunch of kits to a family reunion either. Some people would not test if they had to formally identify themselves. The cost of maintaining collection centres to be assured of chain of custody would also make testing more expensive. If people are that concerned about privacy, why are they even testing in the first place? I’ve managed to work out who some people are when they don’t use their real name and they don’t have a tree. There must be others out there who manage dozens of kits or who are professional genealogists who have done the same.
Who has advocated for collection centers?
Maybe I have misunderstood or things have changed, but I thought that Ancestry required personal assent to some part of the DNA submission process. This, by definition, excludes anyone not capable of understanding and making that decision, including deceased persons.
I would dearly have loved to submit the DNA of a newly deceased relative (for which I had the permission of all live relatives and heirs), but I went with the letter of Ancestry’s rules, which forbade it.
History shows the DNA companies are unlikely to prosecute a breach of their procedures. It will take a private individual or LE itself, perhaps via a court ruling.
They’re not submitting the DNA of the Doe, rather trying to access the DNA of living relatives to investigate the case.
While I agree with you re FGG, your comment that “Arnold escaped more than five decades ago and lived a quiet life afterwards. He’s been dead for more than a decade. He posed no threat” was not known UNTIL he was identified.
If LE can argue that someone who hasn’t committed a known violent offense since 1958 is “a substantial and ongoing threat to public safety or national security,” they can argue the same about your or me or anyone.
I understand that rules have been broken and trust has been breached, but there’s an angle here that hasn’t been mentioned.
Damon’s son can legitimately test and contact other relatives who legitimately tested. One of them can work out who his father is and then divulge his information to anyone else. As it is, he learned about his father from someone who had all of the facts and his identity has not been revealed. He now has the opportunity to delete his kit before others identify him. I know the original goal of LE was not to protect his privacy, but there could have been a worse outcome for Damon’s son.
Damon’s brother can test on his own. Damon’s son can test on his own. No objections here. But exposing millions of people to a forensic investigation without their consent is unconscionable.
Are millions of people really exposed? LE is only interested in Damon’s descendants. Smaller matches would be ignored.
Yes, the entire database is exposed to an LE investigation without their consent, regardless of who the marshal was focusing on.
Thanks for your work on this. A very slippery slope where the ends are trying to justify the means.
You’re adamant that testing companies can provide better protection of our privacy but when questioned, you were unable to provide a single way it could be done. If you know of some other way of being absolutely certain about a tester’s identity then please share it. I recall having to sign a form to test at FTDNA but I can falsify a name and signature. Prosecuting after the event when the cops admit what they’ve done doesn’t protect the privacy of everyone else in the database, as they have already harvested information.
We as a society can’t be absolutely certain that no one will steal or drive drunk or commit violent crimes. The solution isn’t to control every facet of our lives but to set clear rules and prosecute any offenders after the event. That system has worked fairly well for as long as society has existed. Why would FGG need something different?
FGG is the Wild West right now precisely because there aren’t enough rules and because there is no punishment for breaking the ones that exist. That’s what needs to change.
But who creates the rules and who enforces them? Your article and commentary seem to imply that those that are currently attempting to create an accreditation standard are knee deep in ethical violations and would be rule breaking and have been for years. Are we to trust them to police themselves?
Thus far, the DoJ has created a set of rules for US law enforcement, and each database makes its own rules about what it allows. There have been a number of ethical violations on both fronts.
Personally, I don’t trust FGG practitioners to police themselves.
40 millions of violations of people’s Constitutional rights to privacy are not piddling oopsies. That Marshall & his boss should both be fired & 1/2 that Marshall’s pension should be forfeited to the DOJ victims recompense funds.
Furthermore, this should be a yearly case study on what NOT TO DO, for the next 5 years duration for all employees of DOJ!!
Law enforcers need to set a good example for all citizens, even if it is at their own inconvenience.
It is possible.
I manage 10 kits on Gedmatch, but only my own is opted into LE, because I cannot speak for the others, some of whom are already deceased.
If the others are your relatives, then you are probably opting them in indirectly. “…and this other person over here, Sue’s sister, is the one we’re looking for; we’re not allowed to match her, but we don’t need to.”
In any event, if you’re their legal guardian or executor, you might have the legal right to opt them in to LE.
OK. Don’t be surprised when LE takes the view that the financial penalty is worth it to put a killer behind bars. After one case is prosecuted, they will remain silent about all the cases they solve where the killer is already dead.
Should we stop prosecuting drunk drivers because some of them don’t get caught?
Of course not, but if you’re expecting that prosecution to reverse the damage they cause and bring the people they killed back to life then you’re going to be disappointed. It doesn’t seem to be making much of a difference in the drink-drive stats either.
The only way to protect the privacy of test takers is to prevent LE from getting into those databases in the first place.
Actually, increased enforcement has made a difference in drunk driving stats. https://www.hassonlawoffices.com/drunk-driving-statistics/
What financial penalty? I’m unaware of any prescribed penalty within the DOJ Interim policy on FGGS. Do you mean loss of funding and grants? There doesn’t appear to be any oversight to ensure adherence to the policy. In the absence of consequences, diminished compliance is a likely outcome.
Financial penalty is not the consideration for LE.
In the US, if due process is not followed and any evidence at any stage is not collected lawfully then the whole case can be thrown out.
Replying to thednageek (no “Reply” button on their reply to my comment above): “I find it hard to believe that anyone in the US (at least anyone with internet and therefore the ability to do a genealogy test) hasn’t heard of FGG. If they haven’t uploaded to GEDmatch/FTDNA, it’s safe to assume they don’t want to.”
We must see a very different group of users in our DNA matches, then. On Ancestry, I see many matches with no tree and who haven’t logged in for over a year. On 23andme, very few matches have any genealogical information (locations, surnames, tree links) added at all. It’s this group that I’m referring to as “casual” and therefore “unasked”. I doubt many of these have ever heard of Gedmatch. If they know of FGG at all, they probably assume their tests are being used by LE already.
As for a poll, that’s something that could be done by professional genealogists who offer “Intro to DNA”-style courses. “Would you approve of LE using your DNA for IGG,” explaining pros and cons. It’s not the same population, exactly, but asking those entry-level students might get at this answer better than anyone except the Big 3 doing their own research.
Full disclosure: My DNA is on FamilyTreeDNA and Gedmatch, where I have opted in to LE use.
The casual DNA tester isn’t taking “Intro to GG” classes. They do watch the news, read the paper, and use social media, though, so they should be aware of FGG.
> As for a poll, that’s something that could be done by professional genealogists
Arguably, you ONLY want well-trained pollsters to ask these questions. Why? Because of “Lies, damned lies, and statistics”. Very subtle changes in wording can completely change the results you get with a poll; different words trigger different people. There’s also a big difference between people who aren’t going to submit their data… and those who would if someone asked.
It’s more difficult at Ancestry to test someone without their consent because 1 mL of saliva is needed. As Leah has already pointed out in her article, they appear to have used more than one database. It would be very easy to obtain a swab from someone who does not consent to being tested and then lie when submitting the specimen. I had to sign a form when submitting to FTDNA but my signature was not compared with anything. If I choose to swab an elderly relative without their consent (not that I would, nor am I advocating it) and submit their specimen using a false name, then don’t attach a tree to that test, the chance of that person or the testing company learning about my actions is very small.
I think the person who cracked the Damon case is a dill. He was given that case as a challenge and he couldn’t help himself. He just had to brag that he solved it and we just learned one more strategy they are using to get around the rules.
The only way to keep them from skirting the rules is to keep speaking out about it until enforcement increases and the penalties for breaking the rules outweigh the benefits.
Couldn’t agree more!
This type of case analysis and explanation of missteps and relevant references is so informative and valuable! Well-written! Thank you!
I had assumed that this sort of thing was going on. If a relative is willing to provide a DNA sample to LE, why not submit it to a testing company? I would guess that this has been done hundreds of times (or more). Most just haven’t talked about it. Maybe brother wondered whether the murderer had survived and gone on to have a family. If he had paid for and submitted the test on his own, that wouldn’t have been a crime– even though he was seeking information on a convicted murderer. What if he then got results and decided to share them then with LE, just as he would share a letter or other information that came to him about his brother? That would then be a crime? I see forensic use as taking DNA from a crime scene and massaging it into a sample for a test kit. That is different to me from a sample taken the defined way from a living human who signs a consent form for it to be tested. Lots of us ask people to test, pay for the test and are the contact point for the results. Perhaps there should be a foundation for social justice that those interested in can donate to. This foundation could fund the tests instead of LE. The foundation could employ search angels to analyse the results that would be shared with the testee. The testee could then decide whether to give an anonymous tip to LE. Would this make your D of J happy?
If LE can skirt the rules designed to protect our privacy for FGG cases, why not for everything else, too? Maybe the Constitution is overrated.
I would say so– but it’s not my Constitution. Isn’t that the document that says that “all men are created equal” (as long as they are white) and that women aren’t worth mentioning? And you are talking from a society that still reveres its slave-owning founding fathers.
Genetic genealogy involves invading the privacy of everyone participating. That’s just how it works. And by association everyone related to a participant is affected. Men discover children they never knew that they had fathered. The son of the murderer (and his family) live in Australia. They are the ones affected by this. Perhaps the US Marshal was more sensitive in revealing the truth to them than a DNA match doing it directly would have been.
Genetic genealogy is just one of many new technologies that the world is trying to adapt to. There is life (and DNA) beyond the USA.
Human society is full of competing belief systems and competing rights. It’s not simple.
The mission of Department of Justice is to uphold the law while protecting our civil rights. They limited themselves in their own policy to balance those two interests in accordance with our Constitution. Your opinion on that Constitution and this country is irrelevant, as the jailbreak occurred here, the investigation happened here, and the databases are here. Australia can approach the issue however it likes.
Melissa, we’re talking about introducing financial penalties for law enforcement officers who breach the law and the terms and conditions of testing companies to solve crimes.
We already see in other areas where intentional law breakers weigh up the pros and cons. An example is the mainstream media publishing defamatory comments when they stand to gain more from spreading that misinformation than the compensation they may be required to pay if successfully sued.
If there is a financial penalty for breaching the privacy of other test takers in the database, I can’t see it being large enough to prevent LE from doing it. They will weigh up the cost of the fine vs putting a murderer in prison. The department will pay the fine, not the individual who issued the order. If I want to complain about my privacy being invaded, really, what have I suffered? Someone looked at my family tree and perhaps at some records that would be off limits to the general public. I wasn’t contacted and no one harmed me in any way. The impact upon me will be considered when deciding upon the value of the penalty.
We’re talking about murderers and rapists walking free because their cases weren’t investigated properly.
Oh please. All of your communication on this issue has been concerned with protecting the privacy of genealogists and introducing legislation to provide further protection to genealogists. How many rapists and murderers are walking free because police aren’t adhering to an “interim policy”?
My communication is concerned with protecting the constitutional rights of everyone exposed to FGG.
Access to LE has already resulted in the withdrawal by their owners from GEDmatch as well as some of the major DNA testing companies of some of the DNA matches that made early breakthroughs for me. Others have removed public access to trees and DNA matches with them. If I were starting now I would not be able to proceed as far as I have. And I suspect that my ongoing research is also suffering.
This is NOT a victimless crime.
Very true. Not only did people pull existing kits, but the entire industry took a huge hit in sales when the GSK story broke. I pulled some of mine from Ancestry this week as well.
I manage over 50 kits on FTDNA (and their transferred versions). Only two of my testees were in the US (and they are now both deceased). My relatives are in Canada, Australia, the UK and Ireland. Our DNA is part of this. I believe that MyHeritage is an Israeli company. So is it OK for non-American LE to use MyHeritage for criminal investigation?The situation is far broader than an interpretation of current American law.
I love genetic genealogy and would be very sad if it were destroyed. Genetic genealogy definitely involves privacy. But so do a lot of things. I question whether there really is such a thing as privacy in our modern world. Maybe we should all think about this in a much broader context.
MyHeritage explicitly prohibits law enforcement from using their database (as do AncestryDNA and 23andMe) so, no, it’s absolutely not okay for any LE agency to use their database.
Genetic genealogy isn’t limited to invading the privacy of everyone participating. It invades the privacy of people who are not even in the database.
Precisely. And that’s why FGG needs limits and why we should have zero tolerance for anyone who violates those limits.
I believe the crux of the matter is:
1. Between the DOJ and the officer(s) as a possible breach of policy (not law?), and
2. Between the DNA companies and the genetic genealogy researchers who possibly breach terms and conditions for access to the data.
Responses by DOJ and the testing companies will be eagerly anticipated. I imagine there won’t be a substantive response.
We’re invading the privacy of people who are not in the database when we test. Why is that acceptable to testers? I helped one of my matches to determine her bio father’s identity. I got down to 6 brothers and began locating them before she told me that she was the product of rape. None of the brothers or their children were in the database so I still don’t know the identity of the rapist, but 5 innocent men are under suspicion and their privacy has been invaded. If someone else helped her, that person may reveal their identity to others. Fortunately for those 5 innocents, I won’t tell anyone else who they are, but she might. Why is there concern for the privacy of testers when testers have no concern for the privacy of non-testers?
You invade people’s privacy when you gossip about them. How is that any different from inferring the same information from genealogy?
Point being that privacy from nosey neighbors and privacy from people with the force of government behind them are two completely different things in the US.
Leandra, I do have concern for the privacy of non-testers. I have 68 living first cousins. They run the gamut. I don’t think you should be able to use my DNA to bypass the right of due process of anyone under the law. Since the beginning, I have been strongly opposed for just this reason. This field is not yet well-regulated and regulations that exist aren’t strongly enforced. My family tree is set to private. I expect law enforcement to abide by both the guidelines of the DoJ and by the policies of the DNA companies that prohibit law enforcement from use of their websites for law enforcement purposes. After all, I have only subscribed to these companies’ services based on my expectation of privacy for my DNA and the information about it that might be gleaned from it about any other family member for any purposes outside of those I have expressly authorized by signing the agreement when I took the test and agreed for it to be uploaded.
People who are skilled at interpreting their match results and doing traditional genealogy can identify kits without trees, kits that don’t use their real name, or both. Your private tree might not be protecting your 68 living 1Cs quite as well as you think.
I’m learning something about a person (the rapist) that I would not be in a position to know without DNA, and I’m learning about 5 siblings who are now under suspicion. Ethics aside, in a conversation face to face, if someone heard that Fred raped a woman, they could gossip that Fred is a rapist. They wouldn’t be saying that Fred, Tom, Dick, Harry, Ed or Mike is a rapist. (I just made those names up, for anyone concerned that I am divulging information about a real family.) If LE wants to be unscrupulous and violate rights to go after people, there are much easier ways to do it than with DNA in a genetic genealogy database, where they could be waiting several years to find the right matches.
And yet, they being unscrupulous with DNA in a genetic genealogy database is precisely what they are doing.
Locked doors only keep out honest men. No matter what rules are in place, or what penalties are handed out to those who breach them, there will always be someone willing to work around or ignore the rules. So legislation is tightened and cases that use genetic genealogy databases risk being thrown out. So then LE secretly uses them, identifies the person of interest, and is then creative to find another legitimate reason for obtaining that person’s DNA, in a way that is acceptable to the court. Testers would be prudent to weigh up the risks vs benefits of adding their DNA to a genetic genealogy database. What level of risk are you prepared to accept? If the risk of loss of privacy is unacceptable, then don’t test, or remove your kit.
My apology, I touched a wrong key somewhere and my last reply disappeared before I had the opportunity to complete it.
I’m aware that failure to follow the correct process can result in a case being dismissed. It happens in other countries too. The point I am trying to make is that firm laws and harsh penalties will not prevent LE from fishing in those databases. They will become more creative to achieve their goal in a way that is acceptable to the court. Privacy will be more protected by strategies that prevent LE from getting into the database in the first place.
If you’re having a hard time understanding that, have a think about the gun problem in the US. Murder is outlawed. Some states have the death penalty. There are still mass shootings on a daily basis. Some could say it’s like the Wild West. Some other countries have reduced these deaths with a preventative approach. Self-regulation in various areas has long shown itself to be ineffective at preventing unethical or criminal behaviour.
It gets worse for Damon’s innocent children. Someone found him on FindAGrave and the profile currently has edits waiting to add his parents. Marty Green has taken other grave photos in New Zealand. Unless he was buried a long way from home, there’s no anonymity for his family in a small rural community. That’s unlikely because his children didn’t know his true identity. So much for the US marshal being careful to protect the identity of Damon’s son! There’s no one to extradite and LE has blabbed enough details to easily identify his innocent kids.
Agreed. Not to mention that the marshal’s photo on the memorial was in exceedingly bad taste.