This weekend, GEDmatch changed its Terms of Service to automatically opt every one of the >1,250,000 kits in the database out of matching with any kit uploaded for law enforcement purposes. This was to allay concerns by some that law enforcement was using DNA kits in the GEDmatch database, whether for crimes originally enumerated in the Terms of Service (homicide and sexual assault) and/or possibly for lesser crimes.
There is a ton of media coverage for these events:
- “The Arrest Of A Teen On An Assault Charge Has Sparked New Privacy Fears About DNA Sleuthing“
- “This Genealogy Database Helped Solve Dozens Of Crimes. But Its New Privacy Rules Will Restrict Access By Cops“
- “‘It could leave a murderer running on the streets’: How a DNA database’s new policy is changing police access“
- “DNA database opts a million people out from police searches“
And blog posts:
- “GedMatch Implements Required Opt-In for Law Enforcement Matching” from Roberta Estes
- “The choice that really isn’t” from Judy Russell
People in the database that want their DNA to be utilized by law enforcement must now specifically opt-in their kit in order for their DNA to be matched with a kit uploaded by law enforcement.
Following the automatic opt-out and the change to the ToS, law enforcement can now upload DNA to “identify a perpetrator of a violent crime against another individual, where ‘violent crime’ is defined as murder, nonnegligent manslaughter, aggravated rape, robbery, or aggravated assault.” However, kits that are opted-out will not be seen as a match to the uploaded law enforcement kit. Kits that are opted-in can be seen as a match to the uploaded law enforcement kit.
HOWEVER: note that while kits that are opted-out of matching with any kit uploaded for law enforcement purposes cannot be matched to that kit, it is IMPOSSIBLE to completely opt-out of law enforcement use of a kit unless you delete the kit or change it to a “research” kit. For example, if law enforcement uploads Kit #1 to the GEDmatch database, they can see the match to Kit #2 if Kit #2 has opted-in to law enforcement use. Law enforcement cannot, using Kit #1, see the family members of Kit #2 since they are opted-out. However, law enforcement CAN use Kit #2 to search for and find the family members of Kit #2. This is not a violation of the Terms of Service, even though the family members of Kit #2 have opted-out. Thus, there is no way to opt completely out of law enforcement use of DNA at GEDmatch unless the kit is deleted or made a ‘research’ kit.
Accordingly, to ensure fully informed consent, it is vital that you and anyone you’ve added to the GEDmatch database understand the privacy options:
- If the test-taker supports law enforcement use of the DNA, opt-in to law enforcement matching;
- If the test-taker wants a minimal layer of protection/privacy, opt-out of law enforcement matching (recognizing that it can still be used for law enforcement as described above); OR
- If the test-taker does not support law enforcement use of the DNA, delete the kit or make it ‘research’ (as research kits cannot be seen by other people).
Unfortunately, this also means that despite automatic opt-out, not everyone in the GEDmatch database will have given informed consent because their DNA can still be used by law enforcement. That remains a continuing problem that will have to be resolved at some point.
The Guiding Principle: Informed Consent
The guiding principle here is informed consent. Although there are arguments that the end justifies the means, or that it is our moral obligation to upload our DNA to GEDmatch, these arguments are not supported by the historical or legal framework of the United States (where all of this is currently taking place). We have a system in place that has spent the past 200+ years in thousands of legal proceedings upholding the principal that the end does not justify the means if it exceeds the power of the government or erodes the privacy of the individual.
Wanting a database built completely on informed consent does not make a person “anti-law enforcement” or “pro-criminal” or, right to the absurd, “wanting to hide something or someone.” Accusations like that indicate a lack of understanding that everyone deserves to make their own decision regarding their own DNA. We all want criminals off the streets, even people that are highly private want criminals off the street, but we all want to make sure they get off the street in an ethical way (and that they stay off the street!). We don’t yet have any idea what the outcome of using genealogy DNA test results without informed consent or permission could do to these cases, or how it might erode trust.
Does requiring informed consent diminish the size and impact of a database? Yes, it does, but that’s the entire point of informed consent. Informed consent exists to make sure that only the people that want to be there, and that understand the possible implications of being there, are actually there. This results in a DNA database useful for law enforcement purposes that could one day in the not-so-distant future be more robust and powerful – and more trustworthy – than any currently in existence.
When we published the Genetic Genealogy Standards in 2015, we did so knowing full well that they would prevent people from testing their DNA. But that was a necessary outcome to make sure that DNA was being tested in the most responsible and ethical way. Not only were the Standards created in conjunction with several people helping law enforcement catch criminals, the Standards have been cited over and over again within the community.
Ensuring Rational, Informed, and Educational Discussion
To ensure that people are truly making a decision based on informed consent, we must also be careful how we discuss it with them. Emotional appeals such as asserting that opting-out will let criminals run amok or that our very lives are in danger, are themselves dangerous if people opt-in out of fear rather than true informed consent. A database built on a base of informed consent is much, much stronger than a database build on a base of fear.
We must also consider scale. Although law enforcement may not be able to solve the same 50 cases/year over the next year or two, it’s quite likely that 10 or 100 times that number of criminals are let go every year due to clerical errors alone. This is not a national emergency, it is a bump in the road, a temporary minor setback (particularly in view of the reality of the limited opt-out situation) that helps build trust in DNA testing and should ultimately lead to MORE people joining these databases in support of law enforcement.
We already know that law enforcement use of DNA is having an impact on DNA testing. Those that speak at seminars and conferences are seeing more people than ever before ask about privacy concerns, and there are worries that it is having a serious negative effect on DNA testing (as noted by 23andMe CEO Anne Wojcicki earlier this year). If we can educate people and assure them that their DNA will be kept private to whichever level they might be comfortable with, we build trust in DNA testing and continue to grow the databases that have become so valuable to our genealogical research.
It is YOUR Decision ONLY!
It is just as important that everyone realize there is nothing wrong with a person wanting their DNA to be opted-in and available for use by law enforcement! Despite inflammatory accusations to the contrary, it IS perfectly acceptable to remain in the GEDmatch database so long as there is informed consent. That is simply their right to make their own decision regarding their own DNA. No one should be trampling anyone else’s right to make an informed decision about their own DNA.
Only YOU have the right to decide YOUR personal privacy comfort level. No company, database, or individual has the right to make that decision for you. Don’t let anyone bully you into a decision about your own DNA, there is no right or wrong. Instead, get informed and make a decision you can be comfortable with.
Unfortunately, as noted several years ago now there are DNA bullies out there, people that don’t care about your personal choice, that only care if you upload everything, or only care that you never upload anything. Informed consent ensures that YOU get to make the best decision for YOU. That’s it, plain and simple.
This graphic barely scratches the surface of all the issues involved, but can be a starting point for permission: