A family friend has leukemia. He’s 11. Without chemotherapy, he would have died. Thanks to modern biomedical research, though, he’s through the worst of the treatment, back in school, and doing well. He’s even participating in a drug study to improve the odds for patients who come after him.
There is no reason to think the experimental treatment will harm him; the doctors wouldn’t try it if they thought it might. Even so, there would be outrage if he had been enrolled in the research study without the knowledge and consent of his parents. Even though there is a greater good at stake. Even though it could improve treatments. Even though it could save lives.
That’s because informed consent is key.
Why should police investigations be any different? They shouldn’t, and yet, somehow, they are. Perhaps it’s because biomedical researchers ask for permission while the cops just barge on in. And for reasons beyond my ken, some of the very people we’ve entrusted to guard our most personal genetic data are happy to comply.
- In late 2017 or early 2018, the FBI uploaded the Golden State Killer’s DNA profile to GEDmatch without telling the site’s owners. The members of that database hadn’t given consent for their personal data to be searched by government agents; they’d never been asked. Rather than protecting their members from this intrusion, GEDmatch quickly changed their Terms of Service to allow murder and rape investigations and neglected to hide the DNA profiles of those who had not accepted the new Terms of Service.
- In January 2019, we learned that the FBI had been granted access to the autosomal database at FamilyTreeDNA, again without the knowledge or consent of FTDNA’s customers. That company, too, changed their Terms of Service (twice!) to prioritize law enforcement’s needs: their default setting is to expose their customers to criminal investigations, whether the person agrees or even knows what’s happening.
And now we have the first evidence that GEDmatch broke their own Terms of Service—a contract between themselves and their users—simply because the cops asked nicely. Deseret News reported yesterday on an assault (not murder or rape) case that was solved using GEDmatch, with GEDmatch’s permission.
Here’s their damage control:
The thing is, GEDmatch doesn’t have the right to give permission on behalf of their users. They don’t have the right to unilaterally ignore their own Terms of Service because one guy thinks it’s a good idea at the time. They have an obligation to put their users first, and they have utterly and completely betrayed that trust.
Parabon is at fault here, too. Their lead genealogist is keenly aware of the debates surrounding informed consent, and Parabon knew that GEDmatch could not ethically give permission on behalf of a million people who were completely unaware of what was happening. Yet, they went ahead anyway.
What’s next? Will GEDmatch and FTDNA open their databases for other violent crimes? Crimes that are classified as violent even if no one gets hurt? Why stop there? It’s in the interests of society to stop petty crime, too, is it not?
Coming Full Circle
Let’s go back to medical research. According to the Centers for Disease Control and Prevention, 647,457 people died of heart disease and 599,108 of cancer in 2017. And that’s just the top two causes of death that could be cured with new treatments. By contrast, the FBI reports that 17,284 people were murdered or died from non-negligent homicide that year, while 135,755 were raped.
Couldn’t we make a “compelling argument” that GEDmatch and FamilyTreeDNA should open their databases to Big Pharma—consent be damned—for the greater good? After all, curing heart disease alone would save nearly 40 times more lives per year than preventing all murders.
Of course not!
We wouldn’t, and shouldn’t, argue that our data be handed over for biomedical research without our consent, no matter how much good could come of it. Any database that did that would be pilloried. Heck, some of the companies have been pilloried even when they don’t betray our trust that way.
Why, then, does GEDmatch, and FTDNA before them, think it’s okay to give law enforcement access to our data? Not just law enforcement, but private, for-profit companies hired by law enforcement. It’s not okay. It’s wrong. And GEDmatch has shown us that their contract with their users is meaningless. They should change their Terms of Service to read “Anything goes. You’re on your own.”
Aldous, Peter. “The Arrest Of A Teen On An Assault Charge Has Sparked New Privacy Fears About DNA Sleuthing.” Buzzfeed, 14 May 2019.
Reavy, Pat. “Plastic milk container, genealogy helped Utah police crack church assault case.” Deseret News, 13 May 2019.
Russell, Judy G. “Withdrawing a recommendation.” The Legal Genealogist, 15 May 2019.