This post has been updated.
Today, The New York Times published a shocking article. Some time this summer, GEDmatch granted a police detective access to their entire matching database—including people who have opted out of law-enforcement matching—after receiving a warrant from a judge.
Here’s a brief summary for those of you who can’t access the article;
- In July, a detective working with Parabon asked a Florida judge for a warrant to search all of GEDmatch, not just the users who had opted in to law-enforcement matching.
- GEDmatch complied within 24 hours of receiving the warrant.
- This fact was made public at a police convention last week (October).
- They haven’t solved the case.
GEDmatch has been working to rebuild trust with their users after violating their own Terms of Service back in May. Part of that effort was an opt-in system for police investigations, whereby only users who explicitly consent are available for matching to criminal cases. The privacy protections of an opt-in system are meaningless if law enforcement can barge their way in with warrants, and if GEDmatch won’t at least try to stop them.
Why haven’t the cops tried this with the bigger databases? The cops went after GEDmatch first for two reasons: the owners of GEDmatch themselves are in favor of law-enforcement uses, and they don’t have the legal resources to resist even if they wanted to.
This is a problem for anyone who trusted GEDmatch to shield them from police investigations. It’s an even bigger problem for the entire industry. This successful warrant establishes a precedent that can—and will—be applied to the larger databases.
Don’t believe me? The New York Times article ends with this paragraph, which I quote in full:
Detective Fields said he would welcome access to the Ancestry.com and 23andMe’s databases. “You would see hundreds and hundreds of unsolved crimes solved overnight,” he said. “I hope I get a case where I get to try.”
Statements from 23andMe and AncestryDNA
On 7 November 2019, 23andMe issued a statement saying that they “would use every legal remedy possible” to challenge a warrant were they to be served one. A day later, AncestryDNA announced that they would “seek to narrow the scope of any compelled disclosure, or even eliminate it entirely.” Both companies affirm that they have never handed over customer genetic data to law enforcement.
Updates to This Post
- 11 November 2019 — added links to the statements by 23andMe and AncestryDNA