i’ve been wondering for a while since the heavy advertising for dna testing to determine your “ancestry” on these sites like ancestry.com. the method is so simple. just swab and send and get added to their database and find out your ancestry through your dna profile.
now that sounds neat, right?
BUT…
i’ve had this lingering question for a while: could these dna profiles and records of those who submit their dna be subpoena’d by law enforcement and, if yes, for what reasons?
Requests for Ancestry User Information
Ancestry requires valid legal process in order to produce information about our users. We comply with legitimate requests in accordance with applicable law and our Privacy Statements.Law Enforcement Requests Outside the United States:
Depending on the jurisdiction of the requesting law enforcement agency, a Mutual Legal Assistance Treaty request or letter rogatory may be required to compel the disclosure of records. This is because our users’ account data can only be accessed by Ancestry.com Operations Inc. (located in the United States) and Ancestry Information Operations Unlimited Company (located in Ireland). International law enforcement authorities may also submit requests for emergency disclosure. We will provide responsive records in accordance with applicable law and our policies.Law Enforcement Requests in the United States:
Ancestry will release basic subscriber information as defined in 18 USC § 2703(c)(2) about Ancestry users to law enforcement only in response to a valid trial, grand jury or administrative subpoena.Ancestry will release additional account information or transactional information pertaining to an account (such as search terms, but not including the contents of communications) only in response to a court order issued pursuant to 18 USC § 2703(d).
Contents of communications and any data relating to the health or DNA of an Ancestry user will be released only pursuant to a valid search warrant from a government agency with proper jurisdiction.
If we receive a valid request under U.S. law to preserve records that constitute potentially relevant evidence in legal proceedings, we will preserve, but not disclose, a temporary snapshot of the relevant account records for 90 days pending service of valid legal process as described above.
How We Respond to Legal Requests
Respect for the privacy and security of our users’ account data drives our approach to complying with legal requests for information. When we receive a request our team reviews it to make sure it satisfies legal requirements and our policies. If we believe a request is overly broad, we will try to narrow it to the extent legally permitted.How to Request Ancestry User Information
Ancestry responds to valid legal process issued in compliance with applicable law.When requesting user account information, please include:
- If available/known, the full name of the subject Ancestry account holder, the account holder’s username and the email and/or mailing address associated with the account(s);
- Details about what specific information is requested (e.g., basic subscriber information) and its relationship to the investigation. We are unable to process overly broad or vague requests; and
- A valid official email address (e.g., name@agency.gov) so we may get back in touch with you upon receipt of your legal process.
Requests should be made in writing and should be submitted by certified mail, express courier, or in person at the addresses listed below; and an additional copy may be sent by email. We do not accept legal process by email or fax unless the request is an emergency request. Our contact information is available at the bottom of this Guide. Written requests must be made on law enforcement letterhead and be signed by the responsible law enforcement officer.
We Will Notify Users of Requests Unless Prohibited From Doing So
Our policy for all requests is to notify users of the request and provide a copy of the request prior to disclosure, unless we are legally restricted from doing so. In the United States, law enforcement officials may prevent this disclosure by submitting a court order pursuant to 18 U.S.C. § 2705(b) or equivalent state statute that is signed by a judge. We will evaluate requests not to notify users from law enforcement outside the U.S. under applicable law. For all requests, we may also decide, in our sole discretion, not to notify the user if doing so would be counterproductive and we are legally permitted to do so.
well, looks like the answer is yes — not just to local law enforcement, but also through international legal requests, as well.
why should this bother you or me? how about hackability? how secure are their servers? what is the value of that data to an outside company (think insurance, large corporations, pharmaceutical industry).
well, in the troubled times we now are in, i am not at all comfortable with access to determinate “fingerprints” through DNA being kept in a private, hackable, unsecured business. nor am i at ease with the ability of law enforcement to obtain DNA through such an indirect method.
mistakes can be and are made in record keeping. errors are made in testing.is the testing done on the forensic level that would prevent mistakes being made? what protocols are used? having a subpoena issued without the subject’s knowledge of an investigation taking place also puts that information into hands that are not necessarily trustworthy.
with the congress trying to push through laws demanding that employees submit dna samples to be employed… where do we go next? when did we lose total right to privacy?
soooo…
if you were thinking of sending out that little swab of spit… maybe time to rethink it?
not just your DNA … your relatives could cause a problem! this story in wired shares a man who was taken into custody due to similar alleles to his profile — due to shared alleles with his father who was in the police dna familial database.
The bewildered Usry soon learned that he was a suspect in the 1996 murder of an Idaho Falls teenager named Angie Dodge. Though a man had been convicted of that crime after giving an iffy confession, his DNA didn’t match what was found at the crime scene. Detectives had focused on Usry after running a familial DNA search, a technique that allows investigators to identify suspects who don’t have DNA in a law enforcement database but whose close relatives have had their genetic profiles cataloged. In Usry’s case the crime scene DNA bore numerous similarities to that of Usry’s father, who years earlier had donated a DNA sample to a genealogy project through his Mormon church in Mississippi. That project’s database was later purchased by Ancestry, which made it publicly searchable—a decision that didn’t take into account the possibility that cops might someday use it to hunt for genetic leads. [emphasis mine]
let me repeat this: this is the database that was purchased by Ancestry, which made it publically searchable. the wired article continues:
Familial DNA searching is only going to get more prevalent as the cost of rapid DNA analysis plummets and the size of genetic databases swells. States must start putting rules in place to protect citizens, beginning by prohibiting police from running searches through nongovernmental databases, as happened in Usry’s case. This is not only because of privacy concerns—the people who contribute their DNA to such endeavors, whether medical or genealogical, rarely expect to have their genetic code scrutinized by cops—but also because those databases haven’t been vetted for use by law enforcement. Police in Idaho Falls, for example, were able to obtain a warrant for Usry’s cheek cells because his father’s DNA “matched 34 of 35 alleles” of that of Angie Dodge’s killer. But how common are those particular alleles in the general population? Does this even mean that there is a familial link? This isn’t entirely clear. (Ancestry, which gave Idaho Falls police the name of Usry’s father in response to a court order, has since shut down the database in question because, the company said, the “site [had] been used for purposes other than that [for] which it was intended.”)
in october of 2015, people were being warned about using sites such as Ancestry and 23andMe…In an article written for Fusion,
When companies like Ancestry.com and 23andMe first invited people to send in their DNA for genealogy tracing and medical diagnostic tests, privacy advocates warned about the creation of giant genetic databases that might one day be used against participants by law enforcement. DNA, after all, can be a key to solving crimes. It “has serious information about you and your family,” genetic privacy advocate Jeremy Gruber told me back in 2010 when such services were just getting popular.
now, 23andMe has a “privacy officer” that is supposed to ensure the data is properly handled (hello, wikileaks? sure...)
23andMe’s first privacy officer Kate Black, who joined the company in February, says 23andMe plans to launch a transparency report, like those published by Google, Facebook and Twitter, within the next month or so. The report, she says, will reveal how many government requests for information the company has received, and presumably, how many it complies with. (Update: The company released the report a week later.)
“In the event we are required by law to make a disclosure, we will notify the affected customer through the contact information provided to us, unless doing so would violate the law or a court order,” said Black by email.
Ancestry has subsequently taken the publically searchable database offline, however, neither site has (that i can find) published any information on the number of requests submitted by law enforcement sites. up until the public searchable site was removed, however, all an officer would have to do would be to join the sites.
As NYU law professor Erin Murphy told the New Orleans Advocate regarding the Usry case, gathering DNA information is “a series of totally reasonable steps by law enforcement.” If you’re a cop trying to solve a crime, and you have DNA at your disposal, you’re going to want to use it to further your investigation. But the fact that your signing up for 23andMe or Ancestry.com means that you and all of your current and future family members could become genetic criminal suspects is not something most users probably have in mind when trying to find out where their ancestors came from.
“It has this really Orwellian state feeling to it,” Murphy said to the Advocate.
If the idea of investigators poking through your DNA freaks you out, both Ancestry.com and 23andMe have options to delete your information with the sites. 23andMe says it will delete information within 30 days upon request. [emphasis mine]
i’m thinking too little, too late. even with deleting the information, we all know that NOTHING ever disappears from the web...