Beware! Police are Accessing Commercial DNA Databases
Aussies are being warned about the risks of providing DNA to map their family histories, after it recently emerged that genealogy companies are increasingly providing police with access to their DNA databases.
Tens of thousands of Australians have already provided their forensic samples to commercial operators like Ancestry.com, My Heritage DNA and 23andMe – which analyse that material, generate a DNA profile and store the information in their databases.
In an article recently published in the Australian Journal of Forensic Science, genetics professor Dennis McNevin and researcher Dr Nathan Scudder explain that most genealogy sites publish waivers which permit them to provide police departments with access to their databases in certain situations, including where they are investigating matters that pose a continuing risk to public safety.
They warn that trawling genealogy sites has already yielded false leads, incorrectly implicating family members of people who have provided forensic samples.
Ethical dilemma
The researchers explain that large repositories of genetic data from all corners of the globe (Ancentry.com alone stores over 10 million profiles) have incredible potential to generate lists of suspects and even to develop cures to genetic diseases.
Recently in the US, police identified a suspect in the Golden Gate Serial Killer case through DNA provided by members of his family. The researchers explain that even the DNA of distant relatives has been used by police to form the ‘probable cause’ required to arrest and interrogate suspects in the US.
And while many would agree that solving crime and curing disease are positive uses of commercial DNA databases, there are concerns that law enforcement agencies may misuse that information to implicate innocent people.
There are also, of course, privacy concerns. Indeed, many send their forensic samples without fully understanding that the information is stored on file – potentially forever – and could potentially be made available to a wider range of people than just police as the value of the material becomes fully realised.
Releasing information
Ancestry.com’s terms and conditions state that data is made available to law enforcement agencies upon request in certain circumstances.
Other sites such as My Heritage DNA, 23andMe and GEDMatch state that customer DNA files are only shared in response to subpoenas or other court orders.
However, it has been reported that unnamed genealogy companies are being investigated by the Federal Trade Commission in the US over the mishandling of genetic data, including the sharing of information with third parties. It is suspected that companies may be selling access to their data banks to ‘research laboratories’, the descriptions of which have not been released.
Civil Liberties Australia says it has been calling on the Federal Government for years to enact national legislation to regulate the use of DNA profiles.
In the context of genealogy businesses, it is important to remember that our privacy laws are very weak and only extend to our borders – they simply do not protect use from having our DNA released by foreign companies.
Security breaches
Potential database hacks are also entirely possible – as we’ve seen in recent times with the Facebook and MyFitnessPal data breaches.
Last year, Human Rights Watch spoke out about reports that Chinese authorities collected DNA samples from millions of residents of the Xinjiang province under the guise of a free healthcare program. The organisation has expressed concerns that the data will be used for surveillance and discrimination against certain minority groups.
“DNA information is highly sensitive and can facilitate a wide array of abuses if it is collected or shared non-consensually,” a representative stated.
Be informed
Anyone who is considering providing their DNA to commercial operators should be aware of the potential ramifications.
And despite how curious a person may be about their family history, it is a good idea to keep in mind that businesses are most interested in generating profits, not protecting privacy.