<\/p>\nThe use of forensic genetic genealogy<\/em><\/a> (FGG) as an investigative tool for law enforcement has become, \u201cif not exactly routine, very much normalized.\u201d<\/em><\/a> The normalization is<\/em> in large part due to law enforcement\u2019s use of FGG to identify and arrest the Golden State Killer<\/em><\/a>.<\/span><\/em> The April 2018 arrest gained national recognition, and subsequently, so did the police\u2019s use of FGG as an investigative tool to narrow in on suspects.\n\nForensic genetic genealogy has immense potential to serve as an investigative tool for law enforcement. The technique helps investigators \u201creduce the size of the haystack\u201d<\/em><\/a> by identifying the suspect\u2019s family\u2014making it that much more probable to find the needle. In the case of the Golden State Killer, law enforcement used GEDmatch<\/em><\/a>, a public website that produces possible familial matches based on users\u2019 genetic profiles. The site allows users to upload genetic profiles from third parties (such as 23andme and Ancestry.com), which is how law enforcement uploaded a DNA profile of the suspect from the Golden State Killer case. GEDmatch produced a partial match to the DNA profile, uploaded under a fake name, which led law enforcement to a distant relative. By narrowing down the possible suspect pool to one family tree, investigators were then able to deploy traditional investigative techniques, ultimately identifying the suspect as former police officer Joseph DeAngelo. Since the success of law enforcement\u2019s use of FGG became national news with the arrest of DeAngelo, the technology has been used to solve at least 50 other killings and rapes nationwide<\/em><\/a>.<\/em> Currently, an estimated 300 active cases<\/em><\/a>, involving violent and non-violent crimes, are relying on FGG as an investigative aid.\n\nWhile the benefit to law enforcement is clear, particularly for cold cases in which more traditional investigative tools have been exhausted, forensic genetic genealogy raises important privacy concerns stemming from law enforcement\u2019s access to and use of genetic profiles stored in commercial DNA databases by genealogy and genetic testing companies such as 23andme and FamilyTreeDNA. The American Civil Liberties Union<\/em><\/a> (ACLU) and the Future of Privacy Forum<\/em><\/a> (FPF) have both expressed concern regarding law enforcement\u2019s current use of forensic genetic genealogy. FPF highlighted its concerns following the reveal in January<\/em><\/a> that FamilyTreeDNA had a secret agreement with the FBI<\/em><\/a> which allowed agents to test DNA samples from crime scenes, develop genetic profiles and identify familial matches. This agreement is the first time a prominent private company has agreed to voluntarily provide law enforcement with routine access to customers\u2019 data.\n\nAccording to FPF, the agreement is not only outside of industry norms but also is inconsistent with consumers\u2019 expectations. In its critique of the FamilyTreeDNA\/FBI agreement<\/em><\/a>, FPF noted that other leading genetic testing companies require legal authorization, such as a warrant, prior to allowing law enforcement to access genetic data. Elaborating, the FPF stated that \u201cFBI genetic searches should be predicated on probable cause and conducted pursuant to appropriate process.\u201d A major concern is that the agreement allows the FBI to cast too wide of a net and could potentially use profiles provided by FamilyTreeDNA on other sites without the consumer\u2019s knowledge or permission. FPF further explained that FamilyTreeDNA\u2019s agreement conflicts with FPF\u2019s Best Practices for Consumer Genetic Testing Services<\/em><\/a>, which express that genetic data should only be disclosed or made accessible to third parties with the person\u2019s express consent or as required by law.\n\nFollowing the notoriety of the Golden State Killer case and the backlash from FamilyTreeDNA\u2019s agreement with the FBI, genetic testing companies began clarifying their policies regarding law enforcement\u2019s access to genetic data<\/em><\/a>. Both Ancestry.com and 23andme restated their policies; not to permit law enforcement access to consumers\u2019 data without a subpoena or warrant. GEDmatch changed its policy, asking users to opt-in to share their genetic profiles with law enforcement. As a result of the new policy, nearly 90%<\/em><\/a> of the profiles on GEDmatch are no longer available for law enforcement to search. FamilyTreeDNA, however, took the opposite approach, instead making its consumers opt-out<\/em><\/a>. The choice of an opt-out approach is a unique strategy since research<\/em><\/a> indicates that many consumers do not take the time to read terms and conditions or privacy policies when signing up for a service. Thus, it is possible that law enforcement will still be able to access the genetic data of thousands of FamilyTreeDNA\u2019s customers without their knowledge, or at least recognizing, that law enforcement\u2019s access to data is a condition of FamilyTreeDNA\u2019s service.\n\nThese companies\u2019 policy changes and the media\u2019s continued coverage of privacy issues suggest significant public concerns regarding DNA privacy. A 2018 study conducted by individuals at the Baylor College of Medicine, however, indicates that \u201csuch concerns have been overstated.\u201d<\/em><\/a> The results showed that 79% \u201csupported law enforcement searches of genetic websites\u201d and 62% supported disclosure of direct-to-consumer \u201cgenetic testing customer information\u201d to investigators. Notably, respondents were much more supportive of law enforcement\u2019s use of FGG to aid in investigations of violent crimes, crimes against children, and missing persons (80%, 78%, and 77% respectively) whereas only 39% supported the use of FGG to help investigations of non-violent crimes. These results imply that while potential privacy intrusions exist regardless of the type of crime or investigation, the public is more willing to permit these intrusions to aid law enforcement\u2019s ability to solve violent crimes.\n\nThis dichotomy could be partly the result of bias stemming from the national recognition of the Golden State Killer case. The Baylor study<\/em><\/a> did include information about the Golden State Killer, which could have influenced the respondents\u2019 results and biased findings. Additionally, the case of the Golden State Killer was \u201chow the American public as a whole was introduced to forensic genealogy.\u201d<\/em><\/a> Erin Murphy, a law professor at New York University, explained that it is common to have potentially controversial forensic techniques, like FGG, tested in cases that will \u201cbring out the most public sympathy.\u201d As Christi Guerrini<\/em><\/a>, an ethicist at Baylor who co-authored the study explained, \u201c[a]rresting a suspected serial killer who murdered at least 13 people and raped at least 50 made the technique a much easier sell.\u201d Despite the public\u2019s support of forensic genetic genealogy as an investigative tool, it is still imperative that privacy concerns are addressed and that the technique is properly regulated.\n\nTo better regulate the function and use of this new investigative technique, the Department of Justice (DOJ)<\/em><\/a> released an interim policy, effective as of November 1st<\/sup>, on forensic genetic genealogical DNA analysis and searching (FGGS). The policy requires investigators to attempt to identify a suspect through the FBI\u2019s Combined DNA Index System (CODIS) prior to searching genetic profiles from commercial databases. Additionally, law enforcement must identify themselves prior to searching consumer genetic databases, which directly addresses the issue of police uploading fake profiles to these commercial sites.\n\nThe policy, which applies to all law enforcement agencies that receive federal funding, is certainly a step in the right direction but, in terms of balancing public safety and consumer privacy, many have argued that the policy does not go far enough<\/em><\/a>. Requiring law enforcement to exhaust traditional investigative tools prior to accessing consumers\u2019 genetic profiles is a critical consumer privacy protection, as is the requirement that law enforcement identify themselves prior to searching these databases. Identification prior to search, however, only informs the company that law enforcement is searching genetic profiles and does not address the issue of notice to and informed consent of consumers.\n\nAlso, the interim policy only requires investigators to obtain prosecutor approval<\/em><\/a> to run a search. Given that such a large net is cast when investigators run a search using a commercial DNA database, requiring only prosecutor approval is a low standard that prioritizes law enforcement\u2019s desire to use FGGS as an investigative tool over the privacy of consumers. Furthermore, while the interim policy only allows for searches following a \u201csubstantial threat of public safety,\u201d<\/em><\/a> at the moment law enforcement officials decide what constitutes a public threat. If law enforcement retains the decision-making authority to classify a public threat, there is potential for substantial abuse of forensic genetic genealogy to aid in investigations that do not constitute public threats. Thus, the interim policy again comes up short by failing to give adequate guidelines for the classification of substantial threats to public safety.\n\nOn its face, the DOJ\u2019s interim policy appears to have made significant strides in promoting \u201cthe reasoned exercise of investigative, scientific, and prosecutorial discretion in cases that involve forensic genetic genealogical DNA analysis and searching,\u201d<\/em><\/a> but the policy fails to address key privacy concerns. While current public sentiment<\/em><\/a> indicates consumers are more comfortable with potential privacy invasions when FGGS is used to aid in investigations of violent crimes, such as murder and sexual assault, the public\u2019s support shifts more heavily towards privacy protections when it comes to law enforcement\u2019s use of FGGS for non-violent crimes, such as identity theft and shoplifting. Thus, these concerns, particularly regarding notice and informed consent, still need to be addressed. The DOJ should develop clearer guidelines regarding law enforcement\u2019s use of commercial databases in investigations in its final policy, set to be released in 2020, to help assuage privacy concerns while still protecting law enforcement\u2019s ability to investigate and maintain public safety. A stronger, more transparent DOJ policy coupled with well-articulated company policies that inform consumers of potential law enforcement access would certainly strike a better balance between public safety and DNA privacy.\n\n \n\n (Source) The use of forensic genetic genealogy (FGG) as an investigative tool for law enforcement has become, \u201cif not exactly routine, very much normalized.\u201d The normalization is in large part due to law enforcement\u2019s use of FGG to identify and arrest the Golden State Killer. The April 2018 arrest gained national recognition, and subsequently, so…<\/p>\n","protected":false},"author":1,"featured_media":2867,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[14,15,16,17,18,19,21,24,25,27,28],"tags":[678,679,731,879,928,1231],"class_list":["post-2866","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-archives","category-authors","category-blog-news","category-certified-review","category-feature","category-feature-img","category-spotters","category-notes","category-policycontributor-blogs","category-recent-stories","category-student-blogs","tag-forensic-genetic-genealogy","tag-forensics","tag-golden-state-killer","tag-jlpp","tag-law-enforcement","tag-privacy"],"acf":[],"_links":{"self":[{"href":"https:\/\/publications.lawschool.cornell.edu\/jlpp\/wp-json\/wp\/v2\/posts\/2866","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/publications.lawschool.cornell.edu\/jlpp\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/publications.lawschool.cornell.edu\/jlpp\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/publications.lawschool.cornell.edu\/jlpp\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/publications.lawschool.cornell.edu\/jlpp\/wp-json\/wp\/v2\/comments?post=2866"}],"version-history":[{"count":0,"href":"https:\/\/publications.lawschool.cornell.edu\/jlpp\/wp-json\/wp\/v2\/posts\/2866\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/publications.lawschool.cornell.edu\/jlpp\/wp-json\/wp\/v2\/media\/2867"}],"wp:attachment":[{"href":"https:\/\/publications.lawschool.cornell.edu\/jlpp\/wp-json\/wp\/v2\/media?parent=2866"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/publications.lawschool.cornell.edu\/jlpp\/wp-json\/wp\/v2\/categories?post=2866"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/publications.lawschool.cornell.edu\/jlpp\/wp-json\/wp\/v2\/tags?post=2866"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}![\"elise](\"https:\/\/live-journal-of-law-and-public-policy.pantheonsite.io\/wp-content\/uploads\/2019\/10\/elise-kletz.png\")
Elise Kletz is a second-year law student at Cornell Law School. Elise earned a B.S.B.A. from the Olin Business School at Washington University in St. Louis, where she completed a double major in Leadership & Strategic Management and in Marketing. Currently, Elise serves as an associate for The Issue Spotter and serves as Co-President for the Business Law Society and the Jewish Law Student Association.\n\n \n\n \n\nSuggested Citation: Elise Kletz, Do Not Access \u2013 Is Law Enforcement Access to Commercial DNA Databases Actually a Substantial Privacy Concern?<\/em>, Cornell J.L. & Pub. Pol\u2019y, The Issue Spotter, (March 3, 2020), https:\/\/live-journal-of-law-and-public-policy.pantheonsite.io\/do-not-acess-is-law-enforcement-acess-to-commercial-dna-databases-a-substantial-privacy-concern<\/a>.","protected":false},"excerpt":{"rendered":"