Think twice before giving results of your home DNA kit to the police

Think twice before giving results of your home DNA kit to the police
© Getty Images

DNA testing company FamilyTreeDNA is urging consumers to share genetic information with law enforcement, promising that the data could help solve crimes. More than 26 million people have used consumer genetic tests to learn about their ancestry, connect with family members, and identify health risks. They should think twice before making themselves and their relatives unanticipated subjects in a criminal lineup.

When used appropriately, technology can provide substantial benefits to law enforcement agencies, victims, and society. Genetic testing of crime scene DNA evidence — a technique utilized by police since the 1980s — can be a powerful tool to catch criminals and exonerate innocent suspects. But powerful tools require powerful safeguards, and FamilyTreeDNA is inviting consumers to submit sensitive personal data to a system that lacks basic privacy protections.

Last year, FamilyTreeDNA struck a secret deal with the FBI, permitting the Bureau to search for matches between the company’s database of genetic information and DNA collected from crime scenes. Users who upload their genetic data to FamilyTreeDNA might be surprised to learn that the company permits the FBI to search for matches without a warrant, that crime scene forensics are fallible, and that giving police access to genetic profiles can put innocent individuals — and their relatives — in the crosshairs of a criminal investigation.

ADVERTISEMENT

The FamilyTreeDNA agreement is inconsistent with consumer expectations. Leading genetics companies like 23andMe, Ancestry, Helix, Habit, and others worked with the Future of Privacy Forum to publicly endorse policies that genetic data should not be disclosed to government agencies without a warrant. These companies take legal and technical measures to prevent police from accessing consumers’ DNA profiles without legal process. Not all companies are as transparent and might have secretly entered into agreements similar to the FamilyTreeDNA arrangement, but such deals are out of step with industry norms.

Warrant requirements are a longstanding mechanism for solving crimes and protecting privacy. Warrants are issued based on evidence and typically target a specific person when a criminal predicate exists. The warrant process allows a neutral judge to determine whether there is probable cause to suspect that a particular individual is linked to a crime. These protections help prevent individuals from being erroneously swept up in criminal investigations.

Warrant protections are important safeguards, especially with regard to crime scene forensics. DNA analysis and other forensic techniques can erroneously identify innocent people. Experts agree that DNA matches, absent other evidence, are insufficient to prove an individual’s guilt. DNA samples may be misidentified, damaged through exposure to moisture or extreme temperatures, or contaminated with other DNA. Between 1993 and 2009, European police searched for a serial criminal who was linked to six murders and numerous robberies through crime scene DNA. The search ended when officials discovered that the genetic information linking the cases matched an innocent Bavarian woman. She had not committed a crime, but instead worked in a factory that produced cotton swabs used for DNA sample collection.

FamilyTreeDNA’s new media campaign raises substantial privacy and civil liberty concerns for individuals and their relatives. Users who contribute their DNA data for law enforcement scanning aren’t simply providing their own information. DNA samples can implicate anyone in a person’s genetic family tree, from close relatives to people they have never met. Some states, including Texas, have wisely restricted or banned the type of familial matching technique that could be employed by the FBI in DNA databases. These rules help prevent individuals from becoming “genetic informants” by subjecting their relatives to unwanted government scrutiny, but they have not been implemented in all states.

Individuals who have taken genetic tests should think long and hard about the consequences for them — or their relatives — before they upload their DNA information to any entity that does not have explicit policies against sharing it with law enforcement.

ADVERTISEMENT

Further, more consistent transparency is necessary across the genetics industry to ensure customers are fully informed about how their genetic information may be used — how long it is retained, how it is secured, who it is shared with, and why — before they submit samples.

DNA is extraordinarily revealing and persistent. Its use should demand the utmost caution.

Michael German, a former Special Agent with the FBI specializing in domestic terrorism and covert operations, is a fellow with the Brennan Center for Justice’s Liberty and National Security Program. He is the author of Thinking Like a Terrorist: Insights of a Former FBI Undercover Agent and Disrupt, Discredit, and Divide: How the New FBI Damages Democracy.

John Verdi is the Vice President of Policy at the Future of Privacy Forum, a non-profit organization that serves as a catalyst for privacy leadership and scholarship, advancing principled data practices in support of emerging technologies; in 2018, FPF published “Privacy Best Practices for Consumer Genetic Testing Services.”