A decision by FamilyTreeDNA, a prominent consumer DNA-testing company, to share data with federal law enforcement means investigators have access to genetic information linked to hundreds of millions of people.
An early pioneer of the rapidly growing market for consumer genetic testing, FamilyTreeDNA confirmed late Thursday that it has granted the FBI access to its vast trove of nearly 2 million genetic profiles. The arrangement was first reported by BuzzFeed News.
Concerns about unfettered access to genetic information gathered by testing companies have swelled since April, when police used a genealogy website to ensnare a suspect in the decades-old case of the Golden State Killer. But that site, GEDmatch, was open-source, meaning police were able to upload crime-scene DNA data to the site without needing permission. The latest arrangement marks the first time a commercial testing company has voluntarily given law enforcement access to private user data.
The move is of concern to more than just privacy-minded FamilyTreeDNA customers. A person sharing genetic information also exposes close relatives. That’s how police caught the Golden State Killer suspect. A study last year estimated that only 2% of the population needs to have done a DNA test for virtually everyone’s genetic information to be represented in the data.
FamilyTreeDNA’s cooperation with the FBI more than doubles the amount of genetic data law enforcement already could access through GEDmatch. On a case-by-case basis, the company has agreed to test DNA samples for the FBI and upload profiles to its database, allowing law enforcement to see familial matches to crime-scene samples. FamilyTreeDNA said law enforcement may not freely browse genetic data but rather has access only to the same information any user might.
The genealogy community expressed dismay. Last summer, FamilyTreeDNA was on a list of consumer genetic testing companies that agreed to a suite of voluntary privacy guidelines, but as of Friday morning it had been crossed off the list.
“The deal between FamilyTreeDNA and the FBI is deeply flawed,” said John Verdi, vice president of policy at the Future of Privacy Forum, which maintains the list. “It’s out of line with industry best practices, it’s out of line with what leaders in the space do, and it’s out of line with consumer expectations.”
Some in the field have begun arguing that a universal, government-controlled database may be better for privacy than allowing law enforcement to gain access to consumer information.
FamilyTreeDNA said its lab has received “less than 10 samples” from the FBI. It also said it has worked with state and city police agencies in addition to the FBI to resolve cold cases.
“The genealogy community, their privacy and confidentiality has always been our top priority,” the company said in an email response to questions.
Consumer DNA testing has become big business. Ancestry.com and 23andMe Inc. alone have sold more than 15 million DNA kits. Concerns about a commitment to privacy could hamper the industry’s rapid growth.
Since the arrest of the Golden State Killer suspect, more than a dozen other suspects have been apprehended using GEDmatch. With the doubling of the amount of data that law enforcement can access, those numbers are sure to surge.
“The real risk is not exposure of info but that an innocent person could be swept up in a criminal investigation because his or her cousin has taken a DNA test,” said Debbie Kennett, a British genealogist and author. “On the other hand, the more people in the databases and the closer the matches, the less chance there is that people will make mistakes.”