
FamilyTreeDNA: It’s Our ‘Moral Responsibility’ to Give FBI Access to Your DNA - kaboro
https://gizmodo.com/ancestry-testing-company-it-s-our-moral-responsibilit-1833774781
======
ve55
I will be waiting until I can analyze my DNA myself, without handing it over
to a company that is going to do whatever it wants to with it. We are not yet
able to fully appreciate how valuable DNA is, and yet everyone seems delighted
to pay companies to take it from them.

Perhaps they will be less delighted when they are convicted of a crime based
off of a false positive, have their DNA shared with Facebook to Improve Their
User Experience ™, or have their DNA made public after yet another security
breach where it is left on an unsecured server.

Remember that your DNA is very valuable, literally. Those who have noticed
recent progress in genomics should realize how valuable it would be to a
competent advertising company, allowing them to profile and predict users with
significantly higher personal accuracy, even if all they are doing is
performing basic GWASs ([https://en.wikipedia.org/wiki/Genome-
wide_association_study](https://en.wikipedia.org/wiki/Genome-
wide_association_study)).

~~~
est31
People can get your DNA without your consent already, as your DNA gets onto
every object you touch. The most valuable part about sending stuff to a DNA
company is your consent, especially considering that sequencing costs have a
super-moore's law like cost reduction. Once they have your consent they can
share it, sell it, rent it, to recruiters for ad targeting, insurances, etc
etc. Without consent they'd get onto dubious legal territory, if e.g. Amazon
took gene samples from refunds. But maybe it'll just become part of their TOS,
you not being able to opt out unless you don't want to refund your stuff to
Amazon.

Not sure if the ability to sequence DNA yourself is really beneficial to
privacy, after all that allows people to sequence the DNA of many people
around them.

~~~
ve55
It would be nice to have better special regulations specifically concerned
with DNA usage and collection, just as we do for health information like
HIPAA, just as we should for facial recognition as well.

~~~
lixtra
So DNA-data is not HIPAA yet?

~~~
nkrumm
HIPAA does not explicitly call out genetic/genomic information as one of the
oft-cited 18 elements of protected information [1]. However, genetic/genomic
information is considered to fall under the 18th element, and HHS states that
it must be treated as PHI [2,3]. In fact, HIPAA is very broad in its
definition of PHI:

"The Privacy Rule protects all "individually identifiable health information"
held or transmitted by a covered entity or its business associate, in any form
or media, whether electronic, paper, or oral. The Privacy Rule calls this
information "protected health information (PHI)." [4]

Finally, it's worth pointing out that some states (e.g, WA) have enacted their
own legislation that specifically calls out genetic testing and data as PHI
[5]. In addition, there is the GINA act, which provides some protections as
well [6]

    
    
      [1]: https://cphs.berkeley.edu/hipaa/hipaa18.html
      [2]: https://www.hhs.gov/hipaa/for-professionals/faq/354/does-hipaa-protect-genetic-information/index.html
      [3]: https://www.law.cornell.edu/cfr/text/45/160.103
      [4]: https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html
      [5]: https://app.leg.wa.gov/billsummary?BillNumber=6284&Initiative=false&Year=1999
      [6]: https://en.wikipedia.org/wiki/Genetic_Information_Nondiscrimination_Act

------
shawnz
Compare with 23andme:

> 23andMe chooses to use all practical legal and administrative resources to
> resist requests from law enforcement, and we do not share customer data with
> any public databases, or with entities that may increase the risk of law
> enforcement access.

[https://www.23andme.com/law-enforcement-guide/](https://www.23andme.com/law-
enforcement-guide/)

And AncestryDNA:

> Contents of communications and any data relating to the DNA of an Ancestry
> user will be released only pursuant to a valid search warrant from a
> government agency with proper jurisdiction.

[https://www.ancestry.ca/cs/legal/lawenforcement](https://www.ancestry.ca/cs/legal/lawenforcement)

~~~
unreal37
The purpose of Ancestry (and FamilyTreeDNA) is ancestry research. You don't go
to Ancestry to get your DNA tested for diseases. You go there for ancestry
research.

The entire purpose is sharing.

~~~
shawnz
Yes, one purpose of the service is sharing with people who _have similar DNA
to you_ (not just police officers conducting dragnet searches). And it's not
the "entire purpose" either, much of the ancestry data is available for you to
view even if you don't use the sharing features.

~~~
unreal37
Sure, you can find the records others have shared and not share your own.

But the purpose of these sites is finding family members. Let's stop being
shocked that this means the DNA info voluntarily submitted is public.

------
rplst8
Some things require an eloquent rebuttal to be taken seriously. To others,
just saying "Fsck that" should be enough.

------
i_am_proteus
> As specified in FamilyTreeDNA's Terms of Service, law enforcement can only
> receive information not already accessible to the standard user by providing
> FamilyTreeDNA with valid legal process such as a subpoena or a search
> warrant.

> Additionally, FamilyTreeDNA customers have the option to opt out of law
> enforcement matching entirely. If customers do opt out, they can still see
> their family matches but are excluded from being seen by law enforcement.

This does not make sense to me. I know that DNA can be taken physically from
an individual with a warrant, so ostensibly that would hold with FamilyTree as
well.

So: if one opts out, what is one opting out of? FamilyTree can't be suggesting
that they'll withhold evidence because a customer opted out, can they?

~~~
ikeyany
Sounds like they're opting out of the warrantless variety of police searches.
I'd imagine you can't opt out of a subpoena.

~~~
deogeo
The opt out _could_ be and opt in to have them delete your data after they
give you the results. No-one is forcing them to keep it.

~~~
johndubchak
Are you suggesting they’d voluntarily delete your data?

Opt out, to me, just means that they’ll share your data if issued a subpoena.
However, I don’t know if you could get a subpoena to search the entire DNA
database of a company.

~~~
deogeo
I'm suggesting they _could_ delete your data (as well as many other
companies), and the possibility is deliberately not mentioned, so they can
pretend to respect your privacy by requiring a warrant.

------
dannykwells
I personally feel that the next great privacy scandal is going to come from
one of these DNA companies being hacked, or abused by law enforcement, etc.
And we all will have seen it coming.

The issue, of course, is that unlike Facebook you can't just delete your DNA.

~~~
flycaliguy
Not only that, but I can't stop anyone I'm related to from creating a shadow
profile of me.

~~~
dylan604
So, just like Facebook after all?

------
dilippkumar
This is my favorite argument against sharing DNA information (from Defcon 25):

[https://m.youtube.com/watch?v=HKQDSgBHPfY](https://m.youtube.com/watch?v=HKQDSgBHPfY)

~~~
est31
Oh, I've seen it but forgot about the name. Thanks for putting it here!

------
apo
> “If FamilyTreeDNA can help prevent violent crimes, save lives, or bring
> closure to families, then we feel the company has a moral responsibility to
> do so.”

The FBI (and a variety of other organizations) can and will use the
information for any and all purposes imaginable, and a number that are
unimaginable.

As a family member of someone who sends in a FamilyTreeDNA kit, you're
powerless to opt out. An implicit, traceable link to your own DNA suddenly
enters the system against your will, and you have no recourse. Suddenly you
become part of this this experiment in mass surveillance.

The people of rich democracies are way too trusting of their governments and
don't read enough history. Saying that this service will be used to " help
prevent violent crimes, save lives, or bring closure to families" is naive at
best and something monstrous at worst.

Some uses are easy to predict. Genocide, for example. Others, no so much.

\- Imagine a Bird-type gig economy in which thousands of cash-strapped people
are hired (possibly by FamilyTreeDNA under contract from the FBI) to swab
public places and objects for DNA, while the company compiles the results into
a massive internet of DNA things. Now imagine that database being linked to a
face-recognition system using public cameras.

\- Imagine being turned down for a job because someone happened to get a peek
at your FamilyTReeDNA profile and noticed a marker for mental illness.

\- Imagine being sent to prison because some jackass politician starts
believing in criminal DNA markers and you fit the bill.

I'll give credit to Bennett Greenspan for this. He knows how to wrap a massive
invasion of privacy in the sweet-smelling blanket of saving us all from the
criminal boogeyman.

~~~
time0ut
Gattaca was prescient. It was a glimpse of what our future will look like if
things continue this way unchecked. While those of us paying attention will
find it terrifying, the majority won't notice or be bothered by it I fear.

~~~
dorchadas
The vast majority have been convinced that the "I've got nothing to hide"
defense protects them. It works with surveillance, and it'll work with this
too. They've already given up liberty to purchase some temporary security;
Franklin would be upset.

~~~
staunch
Is it temporary safety though? A large enough DNA database might nearly
eliminate serial rapists. That's one hell of an immediate (and permanent)
benefit to trade off against some theoretical downside.

I'm not so sure Franklin would be upset.

~~~
bitL
Well, the data might not eliminate them, rather quickly identify them for
"special tasks", like when machiavellian directors intentionally seek bully
managers to control their unit with fear. Identifying someone who has certain
negative traits might fast-track them to positions of power.

------
unreal37
The _purpose_ of FamilyTreeDNA is to compare your DNA with all of the people
already in their database to find distant relatives.

There should be NO surprise that going to FamilyTreeDNA (or Ancestry.com)
results in your records being public to other members.

------
return0
I wonder what is the minimum % of people that need to have their DNA sequenced
in order for any human to be able to be identified. The police cases mentioned
in the past hint that we are already.

~~~
gwern
[https://www.biorxiv.org/content/10.1101/145599v3](https://www.biorxiv.org/content/10.1101/145599v3)
[https://www.biorxiv.org/content/biorxiv/early/2019/01/29/531...](https://www.biorxiv.org/content/biorxiv/early/2019/01/29/531384.full.pdf)

~~~
return0
thanks. it seems that already (considering only GEDMatch's 850000 samples):

> Its also striking that were already in an era in which familial searches
> against publicly accessible SNP databases are feasible for a lot of cases,
> probably the majority of cases where the suspect has substantial recent
> ancestry in the US

------
arminiusreturns
As a person who worked in a genetics lab for a while, those who are concerned
about privacy should do the following: find a smaller lab and tell them from
the get go you want all the data, and for them to delete it after sequencing,
then find a third party to do the data analysis.

With sequencing at less than 1k these days, you should be able to do it for
sub 3k with the analysis while protecting your privacy.

------
mnm1
This is the reason not to ever use any of these scummy companies. What next?
Should I sign over the rights to my DNA to them too so they can charge me for
cell division and reproduction? Monsanto already does this. Fuck these people
and their moralistic bullshit. It is our moral responsibility to not use such
services if we at all care about privacy, security, and our own well being.
Even DNA isn't 100% accurate. Do they think it's our responsibility to go to
prison when our DNA is mistakenly matched to a crime scene too? Seriously,
fuck these companies.

~~~
chillacy
> Fuck these people and their moralistic bullshit. It is our moral
> responsibility to...

I admit I chuckled, as someone who finds moral arguments pretty shallow
because they tend to depend on what each person thinks is the right thing.

------
new_guy
> Several weeks later, FamilyTreeDNA changed their rules to allow customers to
> block the FBI from accessing their information.

All that's gonna do is flag you for priority analysis!

------
Tsubasachan
This isn't really necessary. Make a DNA database of crimnals. That guy who
killed a child and left his sperm behind? He is bound to slip up and get
arrested for something sooner or later.

No need for the FBI to start fishing for everyone's DNA.

~~~
DanBC
England shows that "criminal" DNA databases expand as much as they can.

Now if you're arrested, not necessarily convicted, you'll have your DNA taken
and kept on file for a few years. Note that someone had to take England to the
EU court of human rights to get this changed so that people found not guilty,
or people not charged, won't have their DNA kept indefinitely.

[https://www.gov.uk/government/publications/protection-of-
fre...](https://www.gov.uk/government/publications/protection-of-freedoms-
act-2012-dna-and-fingerprint-provisions/protection-of-freedoms-act-2012-how-
dna-and-fingerprint-evidence-is-protected-in-law)

~~~
mamon
Suppose that's the one of the real reasons of Brexit :)

------
nahalay
'Moral responsibility' is a very interesting choice of words given the history
of this institution. But, feels like history isn't used for forecasting doom
if it causes short-term inconvenience.

------
pfdietz
I wonder how many men are worried that this sort of matching is going to turn
up children they didn't know they had fathered. That situation is a lot more
common than cold case serial killers.

~~~
hedora
Those sort of errors cause all sorts of more serious trouble in another way:

Men finding out they didn’t father children they thought they did.

I worked at a genetics lab, and day one training was that this happened all
the time, and that we absolutely must not let people in medical studies know
we’d found a mismatch. (In fact, we actively avoided noticing such things.)

~~~
pfdietz
Yes, but in this case what would happen would be mothers (or the children)
actively searching for the dads, using those forensic genealogy techniques.
The key of course is that the dad's DNA is not required to perform the search.

------
Madmallard
If only law enforcement agencies were strictly benevolent...

------
oh_sigh
I'll sign up for this. I'd gladly see a cousin, father, or brother go to jail
if they are a murderer, or rapist, or whatever.

~~~
asdfasgasdgasdg
Same. Law enforcement already has plenty of tools to implement
totalitarianism, should that be the goal of the political class. If we are in
the dark universe where this eventually comes to pass, a DNA database is not
going to make much of a difference in one way or another. On the other hand,
in the world where we have good leaders, this tool offers a material delta in
the finding and convicting of dangerous criminals.

~~~
rabidrat
> in the world where we have good leaders

This seems to be the faulty axiom in your logic.

~~~
asdfasgasdgasdg
It's not an axiom. It's a variable. It was meant to be parallel to the
sentence, "If we are in the dark universe . . ."

------
0_gravitas
Guess I'm not using that then

~~~
purple-again
Sadly it’s not that simple. You don’t have to use it, but unless you can stop
your family as well they will have most of what they need from you that way.

