A popular at-home DNA testing company has announced that it is allowing police to search its database of genetic data just as customers do when looking for family members. But there’s one big difference: Police are trying to track down rape and murder suspects using relatives’ DNA.
Since Joseph James DeAngelo was arrested as the suspected Golden State Killer last April, police have announced the identification of suspects in at least 25 cold cases, including five in January (SN Online: 4/29/18). Until now, law enforcement agencies had mostly used a public database called GEDMatch for these “genetic genealogy” investigations.
But FamilyTreeDNA has granted police permission to upload data from crime scene DNA and search the company’s more than 1 million records to look for relatives of potential suspects. While some people support the company’s effort to help catch suspected rapists and murderers, privacy advocates and some customers of DNA testing services are alarmed by the idea that police could poke around in people’s genetic data. Here’s what the announcement really means.
What genetic information can law enforcement access?
Police are interested in determining how much DNA people in the database share with genetic samples from crime scenes. Genealogists can then use the closest matches possible to build family trees and identify a likely suspect.
The process is similar to looking at someone’s LinkedIn profile to see who is in the person’s social network, says Melinde Lutz Byrne, a forensic genealogist at Boston University who is involved in helping law enforcement solve rape and murder cases.
FamilyTreeDNA’s Gene-by-Gene laboratory has “processed a handful of cold cases for the FBI,” company president and founder Bennett Greenspan said in a letter emailed to customers on February 3. Those FBI investigations are being conducted on behalf of other law enforcement agencies to find suspects in violent crimes and to identify remains of deceased people.
But that doesn’t mean law enforcement has unfettered access to customers’ DNA. Police can see data only from people in FamilyTreeDNA’s database who are a genetic match with those crime scene samples. Law enforcement “cannot search or ‘dig through’ FTDNA profiles any more than an ordinary user can.” For any additional information, police would need a warrant or subpoena, the letter said.
Should FamilyTree DNA customers be worried about their privacy?
Neither police, nor other customers, have access to individuals’ raw genetic data, which includes the chemical letters of DNA — A, T, C and G. The sequence of those letters determines how proteins and other biological molecules will be built. Ancestry testing companies sample hundreds of thousands of single DNA letters (known as SNPs) in a person’s entire genetic instruction book, or genome, to determine information about ancestry, appearance and health.
Some people worry that law enforcement, insurance companies and other entities might use such sensitive information against them. But customers, including police, can’t access other customers’ raw genetic data, which may help protect customers’ privacy.
The company “came to the conclusion that if law enforcement created accounts, with the same level of access to the database as the standard FamilyTreeDNA user, they would not be violating user privacy and confidentiality,” Greenspan said in a statement released January 31.
Far less genetic information is available in FamilyTreeDNA’s database than through the publicly available GEDMatch, says Byrne. Data uploaded to GEDMatch can be accessed by any user.
Getting at the chemical letters of DNA in that more-accessible GEDMatch database would be an onerous task, though not impossible. But, in most cases, even the most dedicated DNA thief wouldn’t be able to figure out a person’s entire genetic makeup. All the SNPs combined make up less than 1 percent of the more than 3-billion-letter genome, and relatives share only small fractions of DNA with each other.
“I think it’s ludicrous” to worry about someone stealing DNA through genealogy searches, Byrne says.
Byrne and other genetic genealogists are also not interested in the nitty-gritty genetic information. Genealogists build family trees that may ultimately lead to crime suspects mostly from other types of records, such as birth, death and marriage certificates and obituaries. DNA matches just tell investigators where to begin. “I don’t need to see the A, T, C, G stuff at all,” Byrne says.
Are other consumer genetic testing companies also sharing data with police?
At-home DNA testing giants 23andMe and AncestryDNA have both said that they will not allow similar searches of their much larger databases (more than 5 million people are in 23andMe’s data banks, and more than 10 million are in Ancestry’s).
“We have clear policies stating we will not voluntarily work with law enforcement, and use all legal means to safeguard our customers’ data,” Kathy Hibbs, 23andMe’s chief legal and regulatory officer, said in a statement. “We have never shared customer information with law enforcement.” As of October 15, 2018, the company had received five such requests for user data, none of which were granted.
Ancestry provided data to law enforcement for 31 of 34 requests in identity-theft cases in 2017, but did not have any requests for genetic information, Ancestry said in its latest report, from 2017. However, genetic genealogy did not come into use for crime solving until 2018 (SN: 12/22/18, p. 22).
What can worried FamilyTreeDNA customers do to protect their genetic data?
FamilyTreeDNA customers can adjust their accounts’ privacy settings to disable matching so that police won’t be able to compare crime scene samples with an individual’s DNA. But that also means previously unknown relatives won’t be able to connect with the person.
Or customers may elect to have their DNA pulled from the site, which may require contacting customer service. But the company says it can’t guarantee all genetic information will be taken down if customers have joined projects within the site, such as ones that trace all descendants of a particular couple or with particular last names.
It’s safe to assume that no information that is available through the internet is completely secure, Byrne says. “If you put it up there, there’s a way to get it,” she says. Still, other than companies that are collecting DNA information for research, it’s a mystery to her why other people, including hackers or other potential thieves, would want that genetic information. “They want your credit card more than your DNA,” she says.