
Search warrant overrides 1M users’ choice not to share DNA with cops - pseudolus
https://arstechnica.com/tech-policy/2019/11/search-warrant-overrides-1m-users-choice-not-to-share-dna-with-cops/
======
devinjflick
Major problem with a heavily underfunded understaffed company, they simply
don't have the resources to put up any kind of legal resistance to this type
of judicial pressure.

Edit, Also incredibly relevant:
[https://news.ycombinator.com/item?id=21461957](https://news.ycombinator.com/item?id=21461957)

~~~
Barrin92
>they simply don't have the resources to put up any kind of legal resistance
to this type of judicial pressure

a very simple solution to this, don't keep the data once you've provided a
service to the customer. Or anonymize it and scrub any association.

It's never a question of "we don't have the resources to protect your data".
The conclusion should be, if you don't have the ability to protect your
customers you don't get to harvest their information.

~~~
beerandt
This is the only way things will change. Companies need to be our in the
position where holding personal data is a major liability. And not gpdr type
that relies on admins or politicians. It needs to be something that excites
the trial lawyers approaching the level of mesothelioma.

Idk how we get there, whether it be through the courts, Congress, or some
other way. I think getting rid of third party doctrine will do more towards
this goal than most people realize, but it has to be in a way that treats any
data acquired by government as if it were collected by the government, to 4th
amendment levels of scrutiny.

But if things are going to change, major liability on government and private
sector will have to be the result, unless we want eventual relapse.

------
jamestimmins
Things like this are why tools like Ring doorbells or Alexa make me scared.
Sure, nobody is normally paying attention to that data. But it's all just a
subpoena/warrant away from being searched. If it's physically possible to look
through a dataset, then there are legal pathways for the government to use
that data.

~~~
homonculus1
>legal pathways

And barring that, they'll just suck it all up anyway in secret and claim
immunity from oversight due to undefined national security reasons.

------
parliament32
I wonder how a bigger corp, like 23andme, would handle this.

Interestingly, their transparency report[1] claims they've received 7 requests
from law enforcement, and denied all of them.. shows they're willing to put up
somewhat of a fight at least.

[1] [https://www.23andme.com/transparency-
report/](https://www.23andme.com/transparency-report/)

~~~
beerandt
It seems to me all these companies would benefit by pooling resources into an
industry wide organization for defending against this sort of thing.

If case law is set by the little guy losing, it doesn't matter how much money
23 and me is throwing at their cases.

------
RcouF1uZ4gsC
>GEDmatch hit the spotlight in 2018, when DNA data from its site led to the
eventual arrest of a man suspected to be the "Golden State Killer,"
responsible for dozens of rapes and murders in California between 1976 and
1986.

This Golden State Killer case was the biggest public relations boon to police
wanting access to these DNA. In general the public wants rapists and killers
to be caught. I think the public thinks that if these people don't care enough
about their privacy to send DNA samples to a private company (that is not a
health care company), then they should not object if police use that
information to catch killers and rapists.

~~~
robotron
Wasn't it actually a relative of his that submitted their DNA, not him?

~~~
waspentalive
Yes it was a relative's DNA. So you have to not only submit your DNA, you have
to talk your all your kin out of submitting theirs. That includes sisters or
brothers separated by adoption in early life.

------
Overtonwindow
At this point, particularly as a matter of principle, I think it’s better to
pull your DNA profile out of the system, and request that it be destroyed.

~~~
devinjflick
That may not be enough.

>Asked if there was evidence the database had already faced concerted attacks,
scraping, or scanning, Rogers said, “I don’t want to get into it.”

>“Not that I am aware of,” he added. “I don’t know.”

>Rogers declined to comment on whether he’d been approached by national
security officials about the site.

Good luck trying to destroy a digital record at this point.

Edit, Referenced: [https://www.technologyreview.com/s/614642/dna-database-
gedma...](https://www.technologyreview.com/s/614642/dna-database-gedmatch-
golden-state-killer-security-risk-hack/)

~~~
beerandt
He's already been busted lying about providing access when it was against
policy. After being in the bad position of not having a policy for police
requests, he set a policy then almost immediately broke it.

I think policy was only for a murder, and he personally approved access for a
non-lethal stabbing, or something similar.

------
mullen
If you don't want your DNA searched in the GEDmatch database, then don't
upload your DNA to GEDmatch.

~~~
eberkund
You also have to ensure that none of your close relatives upload their DNA
(very similar to yours) to the database either.

~~~
igetspam
I've tried. So very hard. And I failed.

People, like my siblings and mother, see this as a game. They see no problem
with giving a private company access to their most uniquely identifying
information. They'd likely hand over their fingerprints and retina scans for a
free photo of themselves doing it. My mother shreds every piece of mail but
jumped on 23andme without hesitation.

The world has become dumber and less concerned with personal information than
some weird shared social experience. I'm not worried about the feds getting my
data (ish) as much as I am about Bad Actors in the future. (I still very much
want the government out of my business and personal life though.)

