Detective Fields described his methods at the International Association of Chiefs of Police conference in Chicago last week. Logan Koepke, a policy analyst at Upturn, a nonprofit in Washington, D.C., that studies how technology affects social issues, was in the audience. After the talk, “multiple other detectives and officers approached him asking for a copy of the warrant,” Mr. Koepke said.
DNA policy experts said they will closely watch public response to news of the warrant, to see if law enforcement agencies will be emboldened to go after the much larger genetic databases. “I have no question in my mind that if the public isn’t outraged by this, they will go to the mother lode: the 15-million person Ancestry database,” said Professor Murphy. “Why play in the peanuts when you can go to the big show?”
Yaniv Erlich, the chief science officer at MyHeritage, a genealogy database of around 2.5 million people, agreed. “They won’t stop here,” he said.
Because of the nature of DNA, every criminal is likely to have multiple relatives in every major genealogy database. Without an outcry, Professor Murphy and others said, warrants like the one obtained by Detective Fields could become the new norm, turning all genetic databases into law enforcement databases.
‘Don’t rock the boat’
Not all consumer genetics sites are alike. GEDmatch and FamilyTreeDNA make it possible for anyone to upload their DNA information and start looking for relatives. Law enforcement agents began conducting genetic genealogy investigations there not because these sites were the biggest, but because they were the most open.
Ancestry.com and 23andMe are closed systems. Rather than upload an existing genetic profile, users send saliva to the companies’ labs, and then receive information about their ancestry and health. For years, fearful of turning off customers, the companies have been adamant that they would resist giving law enforcement access to their databases.
Both sites publish transparency reports with information about subpoenas and search warrants they receive. 23andMe says it has received seven data requests relating to 10 customers and has not released any data. Ancestry.com said in its 2018 report that it had received 10 “valid law enforcement requests” that year and complied with seven, but that all the cases involved “credit card misuse, fraud and identity theft,” not requests for genetic information.