Julia Creet, Professor of English, York University, Canada
December 23, 2019

During the Christmas season, genetic genealogy companies offer discounts on testing kits. We should be increasingly concerned not only about the accuracy of the tests but also about giving the gift that gives away all the family DNA.

On Dec. 9, 2019, genealogists using GEDmatch, a free online tool that compares DNA test results, were surprised to find out that the genealogy database had been bought by Verogen, a company that manufactures forensic lab instruments for law enforcement.

seagate hard drive ad

The road to this purchase started last spring when genealogists who had uploaded their data to GEDmatch found out detectives had mined their data to crack a cold case.

The phenomenon of solving cold cases using free DNA data provided by the generous sharing instincts of genealogists quickly got taken up as a for-profit venture. Almost 100 cold-cases have been solved by a combination of genetic and genealogical sleuthing — and some surreptitious sampling by police officers.

Tissues, coffee cups, straws and cigarette butts are rich sources of discarded DNA. Tracking down the cold cases of cold-blooded killers has been a triumph for law enforcement — a miracle for long-suffering families — but it is also a privacy nightmare.

Two controversial cases made users and observers wonder about the limits of police intrusion.

Privacy and police intrusion

The whole point of genetic genealogical testing is to trace your lost biological kin and 800 or so genetic relatives. DNA on its own isn’t very useful; it’s the identified family trees of those genetic relations that are so valuable.

GEDmatch was a database with fewer privacy provisions and thus more relative matches than commercial testing companies. That lax privacy policy was precisely the appeal to family historians who generously shared their genealogical and genetic data.

To catch the Golden State Killer, police detectives created a fake profile and uploaded cold-case DNA tests. No one was the wiser until the case broke. The founders of the site, Curt Rogers and John Olson, passionate genealogists themselves, were as surprised as their users. They reacted with confusion. Their side hobby had just taken a very unanticipated turn.

Rogers told The New York Times:, “It’s kind of been a shock to all of us how these things developed: all of a sudden, all this notoriety.” His co-founder agreed, “I feel like I’m on a high-speed ride with no way to steer.”

Users reacted negatively to the use of their personal bio-data — and the data of all of their genetic relatives — without their consent. So, GEDmatch changed its privacy policy several times.

At first, GEDmatch, in a hurried disclaimer, defensively warned its users that their data was indeed unprotected and could be used by anyone. Some genealogists (particularly on social media) gleefully declared that they were delighted to help catch criminal relations, invoking the “I’ve got nothing to hide” line of genetic privacy ignorance.

DNA tests are winding up under the tree at Christmas. 23andMe/Instagram

But, faced with enough informed outrage, GEDmatch tightened its privacy policy. First they tried limiting police searches to violent crimes and cold-cases, but then bent their own rules. After the ensuing anger, they then they gave users the choice to opt-out of police searches.

Out of the more than 1.3 million people using GEDmatch, only 200,000 agreed to have their profiles made available for criminal searches. Having effectively killed the usefulness of the database for law enforcement, the Orlando Police Department obtained a warrant in November that overruled any and all of GEDmatch’s privacy promises.

Users were ambushed once again. It turned out that GEDmatch had very little privacy control.

As Debbie Kennett, an associate researcher at University College London, wrote: “The technology has advanced faster than our ability to introduce safeguards.”

Verogen promises

After the CEO of Verogan, Brett Williams, courted GEDmatch and promised his company could strengthen the privacy protections of the database, Rogers and Olsen decided to cash out. The details of the deal have not been made publicly available.

Once again, genealogical information collected for and by genealogists has been sold. It’s happened time and again in the genealogy industry and each time genealogists react with surprise and dismay. But then they acquiesce, often then paying for access to their own donated data.

Reactions have run the gambit this time as well.

Some users immediately deleted their accounts. Others have declared their criminal relations better watch out.

Verogen’s Williams is hoping that his message will prevail. In a recent phone call, he said: “Public safety and public privacy are not mutually exclusive.”

Fighting rumours that the database would now be even more accessible to law enforcement, Rogers sent a reassuring to GEDmatch subscribers: “Verogen recognizes that law enforcement use of genetic genealogy is here to stay and is in a better position to prevent abuses and protect privacy than GEDmatch ever could have done on its own.”

William’s plan is to enhance the database to attract more civic-minded genealogists with advanced data analysis and a social media opt-in campaign. At the same time, Verogen is committed to fighting warrants and to restricting the amount of sensitive information that police can access, such as disease markers.

Williams is hoping that with his ethical stewardship, GEDmatch will preserve its original purpose while allowing Verogen to offer a seamless service to law enforcement. The database will still be public, but Verogan says it will now know how best to mine it.

As with all social media sites, genealogists and their family trees have become the product. Perhaps there are better ways to foster family this year than to gift away your genetic relatives, as criminal as you think they might be.

Cover image by CDC/Unsplash

Source: The Conversation