My wife is a happy client of the genealogy company Ancestry.com. It's a terrific genealogical resource. For example, my wife confirmed the family story that our particular branch of the Baileys derives from an illegitimate boy born to my 4-times removed great-grandmother Tazzie Bailey in the 1840s.
Ancestry.com also offers a $99 gene-testing service that aims to map your ethnicity. As it happens, we gave my father-in-law a gene-testing kit for his birthday. When I expressed doubts that it would confirm his family legend of having Native American ancestors he challenged me to a bet. He still owes me $100. All-in-all we're pretty pleased with Ancestry.com's services.
So it is with considerable dismay that I read the Electronic Frontier Foundation's report which details how Ancestry.com turned over client genetic test results to police in Idaho without requiring a warrant. Reopening a 20-year old rape and murder case, the police sent a semen sample to be scanned and compared to results in Ancestry.com's Sorenson Database. EFF reports:
Sorenson found 41 potential familial matches, one of which matched on 34 out of 35 alleles—a very close match that would generally indicate a close familial relationship. The cops then asked, not only for the "protected" name associated with that profile, but also for all "all information including full names, date of births, date and other information pertaining to the original donor to the Sorenson Molecular Genealogy project."
As it happens, familial genetic matching turned up a 62 year-old client who didn't fit the murderer's profile, but the police thought it could fit his son 36 year-old soon. The son was lured to Idaho where a warrant was issued requiring him to submit to genetic testing, partially on the grounds that as a filmmaker he had produced videos depicting murders. His DNA did not match.
AncestryDNA.com's Privacy Statement says:
AncestryDNA will not disclose any of your personal information to third parties except in very limited circumstances which are set out below. … Examples of the limited scenarios where AncestryDNA may disclose your personal information to third parties are:…(c) as may be required by law, regulatory authorities,or legal process….
Surely, "as may be required by law" means that AncestryDNA should at least demand that the police produce a warrant before turning over their clients' data. See below for Correction.
As a genetic exhibitionist who has posted his genotype screening test results online, I will have only myself to blame if the police decide to use that information against me in some way. However, private genetic testing services had better keep their customers' data private and safe, or soon they may have no clients.
Disclosure: My wife has had her DNA tested by AncestryDNA. So far as we know, she has not yet been implicated in any murders.
*Correction: The sequence of events is that the Idaho police asked Sorenson Forensics Lab (not affiliated with Ancestry.com) to match Y chromosome genetic data from the crime scene semen sample with Y chromosome data in the public Sorenson Molecular Genealogy Foundation database owned by Ancestry.com. Anyone can obtain access by joining the Sorenson genealogical database, but the identities associated with the genetic data are not public. The police did not get a warrant at to match the semen sample with genetic database. Once a match was made, the Idaho police did obtain a warrant requiring Ancestry.com to release the name associated with the Y chromosome data. Details are in this warrant.
Ancestry.com sent this statement: The genetic information provided by our DNA customers is personal and we have strict standards in place to protect their identities and the integrity of their data. These standards are our first priority. On occasion when required by law to do so, and in this instance we were, we have cooperated with law enforcement and the courts to provide only the specific information requested but we don't comment on the specifics of cases.