Are Family Tree Sites Fair Game For Law Enforcement?09:35
Download

Play
Joseph James DeAngelo, the suspected Golden State Killer, appears in court for his arraignment on April 27, 2018 in Sacramento, Calif. (Justin Sullivan/Getty Images)
Joseph James DeAngelo, the suspected Golden State Killer, appears in court for his arraignment on April 27, 2018 in Sacramento, Calif. (Justin Sullivan/Getty Images)
This article is more than 1 year old.

Websites that trace family trees are facing questions after news last week that authorities found the suspected Golden State Killer, Joseph James DeAngelo, through a genealogical site called GEDmatch.

So is genetic information on family tree websites fair game for law enforcement?

Here & Now's Mina Kim speaks with Natalie Ram, an assistant professor of law at the University of Baltimore School of Law who focuses on bioethics.

Interview Highlights

On how these family tree sites work

"A site like 23andMe will both generate the DNA profile and keep it within a sort of walled garden. Folks on 23andMe can only compare their DNA profiles to find, say, missing or unknown relatives, with other folks who have also used the services that 23andMe provides. The same is true for other big services like AncestryDNA, and the like. The GEDmatch website ... allows individuals to upload their genetic information, which has been generated by a different service — a 23andMe or Ancestry site — and share across services. So it's designed to help facilitate people being able to search a broader swath of potential relatives."

"Generally speaking, your genetic information in a commercial, direct-to-consumer website setting, there isn't a lot of legal protection that's obviously available."

Natalie Ram

On police legally accessing a user's DNA profile via these sites

"The law surrounding these kinds of searches is murky, but there is not a lot of legal protection for these kinds of databases. So if you voluntarily share information of any kind, with any third party, the existing law from the U.S. Supreme Court about the Fourth Amendment and its protection against unreasonable searches and seizures basically says, once you voluntarily shared your data, you no longer have an expectation of privacy in that data. And that means that the Fourth Amendment often does not apply to that kind of data.

"In other contexts, Congress has acted to create statutory protections, so we have the Stored Communications Act, which gives certain privacy protections for your emails. But we don't have any sort of analogous law for ordinary genetic data like the genealogical data at issue in the Golden State Killer investigation. We do have protections in some other settings: so your identifiable health information might be protected under the HIPAA Privacy Rule, and certain kinds of data used for research purposes can be eligible for other kinds of protections. But generally speaking, your genetic information in a commercial, direct-to-consumer website setting, there isn't a lot of legal protection that's obviously available."

On how much information users are required to receive about how their DNA will be used

"Each one of these websites has a lengthy terms of service, or terms of use, and a privacy policy, just like many, many other online services. And generally speaking, courts will assume, or presume, that you have read and agreed to those terms of service. And if you drill down into those terms of service, each and every one of these websites, as far as I know, includes a disclaimer that says that that website is authorized or entitled to turn your information over to police or others if required by law. And what's also troubling about this case, in my view, is that the DNA that was searched was searched for partial matches — matches that indicate not that the person who uploaded their profile to the GEDmatch website committed the crime. But that a family relative, a genetic relative, of theirs might have been involved in that crime, and that person — the person who ultimately is identified through the partial match — that person never in any sense really voluntarily shared their DNA with GEDmatch.com."

On whether users could unwittingly be making family members potential targets of police or other entities

"Yes, and these kinds of searches, these partial [matches], these familial searches, this is one of a handful of instances in which I've heard of police using genealogical databases to conduct a search for relatives. But there are about a dozen states that use their state-authorized genetic database, the database that includes folks convicted or arrested for crimes, and those databases are now sometimes also used to look for partial matches or familial connections. And when police do that, they are also in some sense scooping in people who haven't been arrested or convicted of a crime, they just happened to be related to someone who was."

On the capacity for these data to help solve more crimes

"Just because something will help us solve more crimes doesn't necessarily mean that we should do it. Now cracking this case, this is a big win for public safety. There's no doubt about that. But again, just because something helps us solve more crimes doesn't mean that we should do it, or that the Constitution allows it. The police could solve many more crimes if they could indiscriminately and at their whim search everybody's houses, or anybody's house. But the Constitution does not allow that. And it's also worth noting that every state has a law on the books about whose DNA should be subject to routine searches to solve crimes. None of those state laws suggest that ordinary citizens should be in the database. No state has suggested, much less authorized, a universal database. And so using genealogical databases for crime-solving purposes subverts this legislative judgment about who should be subject to this kind of perpetual genetic surveillance."

This segment aired on May 1, 2018.

Related:

Support the news

+Join the discussion
TwitterfacebookEmail

Support the news