Ancestry.com, the largest DNA testing company in the world, was served a search warrant to give police access to its database of some 16 million DNA profiles, but the company did not comply.
“Ancestry received one request seeking access to Ancestry’s DNA database through a search warrant,” the company revealed in its 2019 transparency report released last week. “Ancestry challenged the warrant on jurisdictional grounds and did not provide any customer data in response.”
The warrant came from a court in Pennsylvania, the company told BuzzFeed News by email, adding: “The warrant was improperly served on Ancestry and we did not provide any access or customer data in response. Ancestry has not received any follow up from law enforcement on this matter.”
For months, legal experts who follow investigative genetic genealogy have expected search warrants to be issued to Ancestry and its main competitor, 23andMe, which has about 10 million DNA profiles in its database. Both companies have publicly vowed to defend their customers’ genetic privacy, and say they will fight efforts to open up their databases to searches by police.
Investigative genetic genealogy is a new method used to solve crimes. It involves searching for genetic profiles that partially match DNA from crime scenes and then building family trees from these relatives to find a suspect. Until now, only two databases used by genealogy enthusiasts to research their family histories — GEDmatch, originally set up by hobbyists but now owned by the forensic genetics company Verogen, and the database run by FamilyTreeDNA — have been open to search requests from police.
Finding criminal suspects through genetic genealogy is a numbers game: The more profiles you have to search, the more likely you are to find a reasonably close relative.
GEDmatch contains about 1.3 million profiles and Family Tree DNA has around 1.1 million. So if cops were to gain access to the much larger databases operated by Ancestry or 23andMe, it would make solving cases much easier.
After the April 2018 arrest in California of Joseph James DeAngelo, alleged to be the infamous Golden State Killer, there was a boom in investigative genealogy. But in May 2019, cops hit a partial roadblock when GEDmatch announced that its users would have to opt in to make their profiles visible to searches by the police. Only about 1 in 6 users have since done so.
At that time, Paul Holes, a retired investigator with the Contra Costa County district attorney's office, who led the team that solved the Golden State Killer case, said he expected warrants would be issued to search GEDmatch’s database — and to access the genetic data held by the larger companies.
“Of course there are going to be legal battles,” Holes told BuzzFeed News. “It would not surprise me, years down the road, if this could be a US Supreme Court issue.”
Holes' predictions have so far proved spot on. In October, the New York Times revealed that a homicide detective with the Orlando Police Department had obtained a warrant to search GEDmatch, which quickly complied. Ancestry’s new transparency report reveals that the big companies are now under pressure to open up their databases too.
23andMe told BuzzFeed News that it had received no warrants to search its database as of the end of 2019. The company is expected to update its own transparency report in the next couple of weeks.
“We carefully scrutinize all law enforcement requests, and have never provided any customer information to a law enforcement agency, nor do we share customer data with any public databases or with entities that may increase law enforcement access,” 23andMe told BuzzFeed News by email.
MyHeritage, which is based in Israel and has more than 3.75 million DNA profiles in its database, said that it had also not received any warrants to search its database and would similarly fight any that were received. “Our position is that MyHeritage does not cooperate with law enforcement,” company spokesperson Rafi Mendelsohn told BuzzFeed News.
The coming legal tussles are likely to center on the meaning of “probable cause,” which historically has meant there is a particular reason to conduct a search to help solve a crime. Arguing that a database containing genetic information on millions of people is so large that it is highly likely to help solve most violent crimes stretches that definition, some legal experts argue.
“If statistical probability standing alone is sufficient to define probable cause, then probable cause is going to be virtually meaningless in an era of big data,” Natalie Ram, a legal scholar at the University of Maryland who studies genetic privacy, told BuzzFeed News.
This post was updated to include comments from 23andMe.