The move is of concern to more than just privacy-minded FamilyTreeDNA customers. One person sharing genetic information also exposes those to whom they are closely related.
The decision by a prominent consumer DNA-testing company to share data with federal law enforcement means investigators have access to genetic information linked to hundreds of millions of people.
FamilyTreeDNA, an early pioneer of the rapidly growing market for consumer genetic testing, confirmed late Thursday that it has granted the Federal Bureau of Investigation access to its vast trove of nearly 2 million genetic profiles. The arrangement was first reported by BuzzFeed News.
Concerns about unfettered access to genetic information gathered by testing companies have swelled since April, when police used a genealogy website to ensnare a suspect in the decades-old case of the Golden State Killer. But that site, GEDmatch, was open-source, meaning police were able to upload crime-scene DNA data to the site without permission. The latest arrangement marks the first time a commercial testing company has voluntarily given law enforcement access to user data.
The move is of concern to more than just privacy-minded FamilyTreeDNA customers. One person sharing genetic information also exposes those to whom they are closely related. That’s how police caught the alleged Golden State Killer. A study last year estimated that only 2 percent of the population needs to have done a DNA test for virtually everyone’s genetic information to be represented in that data.
FamilyTreeDNA’s cooperation with the FBI more than doubles the amount of genetic data law enforcement already had access to through GEDmatch. On a case-by-case basis, the company has agreed to test DNA samples for the FBI and upload profiles to its database, allowing law enforcement to see familial matches to crime-scene samples. FamilyTreeDNA said law enforcement may not freely browse genetic data but rather has access only to the same information any user might.
The genealogy community expressed dismay. Last summer, FamilyTree DNA was among a list of consumer genetic testing companies that agreed to a suite of voluntary privacy guidelines, but as of Friday morning, it had been crossed off the list.
“The deal between FamilyTreeDNA and the FBI is deeply flawed,” said John Verdi, vice president of policy at the Future of Privacy Forum, which maintains the list. “It’s out of line with industry best practices, it’s out of line with what leaders in the space do and it’s out of line with consumer expectations.”
Some in the field have begun arguing that a universal, government-controlled database may be better for privacy than allowing law enforcement to gain access to consumer information.
FamilyTree DNA said its lab has received “less than 10 samples” from the FBI. It also said it has worked with state and city police agencies in addition to the FBI to resolve cold cases.
“The genealogy community, their privacy and confidentiality has always been our top priority,” the company said in an email response to questions.
Consumer DNA testing has become big business. Ancestry.com and 23andMe Inc. alone have sold more than 15 million DNA kits. Concerns about an industry commitment to privacy could hamper the industry’s rapid growth.
Since the arrest of the suspected Golden State Killer, more than a dozen other suspects have been apprehended using GEDmatch. By doubling the amount of data law enforcement have access to, those numbers are sure to surge.
“The real risk is not exposure of info but that an innocent person could be swept up in a criminal investigation because his or her cousin has taken a DNA test,” said Debbie Kennett, a British genealogist and author. “On the other hand, the more people in the databases and the closer the matches, the less chance there is that people will make mistakes.”