• Categories

  • Pages

  • Archives

Your Daughter Arrested By Your Own DNA? Ancestry Sites & Law Enforcement

Back in 2009, I’d written an article on Disney theme parks sharing facial recognition technologically enhanced photos of park-goers with the Department of Homeland Security in an effort to boost the DHS’ base population photo database.  Shortly thereafter, the theme parks were joined by cruise lines, vacation spots and just about all hotel, domestic and international, check-ins.  Now firmly in possession of billions of citizen and visitor photos, law enforcement has moved on to absorb as much DNA from the public as it can, often to identify relatives of those on file in connection with crimes.

This 2015 Fusion article describes the acquisition of genetic IDs from family ancestry sites like Ancestry.com and 23andMe:

When companies like Ancestry.com and 23andMe first invited people to send in their DNA for genealogy tracing and medical diagnostic tests, privacy advocates warned about the creation of giant genetic databases that might one day be used against participants by law enforcement. DNA, after all, can be a key to solving crimes. It “has serious information about you and your family,” genetic privacy advocate Jeremy Gruber told me back in 2010 when such services were just getting popular.

Now, five years later, when 23andMe and Ancestry both have over a million  customers, those warnings are looking prescient. “Your relative’s DNA could turn you into a suspect,” warns Wired, writing about a case from earlier this year, in which New Orleans filmmaker Michael Usry became a suspect in an unsolved murder case after cops did a familial genetic search using semen collected in 1996. The cops searched an Ancestry.com database and got a familial match to a saliva sample Usry’s father had given years earlier. Usry was ultimately determined to be innocent and the Electronic Frontier Foundation called it a “wild goose chase” that demonstrated “the very real threats to privacy and civil liberties posed by law enforcement access to private genetic databases.”

The FBI maintains a national genetic database with samples from convicts and arrestees, but this was the most public example of cops turning to private genetic databases to find a suspect. But it’s not the only time it’s happened, and it means that people who submitted genetic samples for reasons of health, curiosity, or to advance science could now end up in a genetic line-up of criminal suspects.

Both Ancestry.com and 23andMe stipulate in their privacy policies that they will turn information over to law enforcement if served with a court order. 23andMe says it’s received a couple of requests from both state law enforcement and the FBI, but that it has “successfully resisted them.”

23andMe’s first privacy officer Kate Black, who joined the company in February, says 23andMe plans to launch a transparency report, like those published by Google, Facebook and Twitter, within the next month or so. The report, she says, will reveal how many government requests for information the company has received, and presumably, how many it complies with. (Update: The company released the report a week later.)

“In the event we are required by law to make a disclosure, we will notify the affected customer through the contact information provided to us, unless doing so would violate the law or a court order,” said Black by email.

Ancestry.com would not say specifically how many requests it’s gotten from law enforcement. It wanted to clarify that in the Usry case, the particular database searched was a publicly available one that Ancestry has since taken offline with a message about the site being “used for purposes other than that which it was intended.” Police came to Ancestry.com with a warrant to get the name that matched the DNA.

“On occasion when required by law to do so, and in this instance we were, we have cooperated with law enforcement and the courts to provide only the specific information requested but we don’t comment on the specifics of cases,” said a spokesperson.

As NYU law professor Erin Murphy told the New Orleans Advocate regarding the Usry case, gathering DNA information is “a series of totally reasonable steps by law enforcement.” If you’re a cop trying to solve a crime, and you have DNA at your disposal, you’re going to want to use it to further your investigation. But the fact that your signing up for 23andMe or Ancestry.com means that you and all of your current and future family members could become genetic criminal suspects is not something most users probably have in mind when trying to find out where their ancestors came from.

“It has this really Orwellian state feeling to it,” Murphy said to the Advocate.

If the idea of investigators poking through your DNA freaks you out, both Ancestry.com and 23andMe have options to delete your information with the sites. 23andMe says it will delete information within 30 days upon request.

Another example of familial DNA invasion:

From pri,org:

DNA is taken from the crime scene and compared against a federally regulated FBI-run database used to process DNA evidence, called CODIS. The process can take as long as 18 months before a match is identified. In the meantime, the perpetrator has committed a string of other crimes.

But some local police departments claim they can get faster results — as little as 30 days — by using private labs and local DNA databases.

Frederick Harran, director of public safety at the Bensalem Police Department in Pennsylvania said, “18 months is not prevention, that’s not what they pay me for.”

“I would agree the federal database is a good thing, but we’re just moving too slow,” he claims.

So more and more law enforcement agencies are turning to local databases. But with loose regulations, that can present troubling scenarios. Take this real example from Melbourne, Florida, for example.

A few teenagers were sitting in a parked car, when a police officer pulled up and requested someone provide a DNA sample. The officer gave one boy a cotton swab and a consent form. Once the officer made the collection, he went back on patrol as usual.

Increasingly, local police departments are collecting consensual DNA samples, processed using private labs. It’s happening in cities across Florida, Pennsylvania, Connecticut and North Carolina.

The potential issues for these databases vary state by state. In Florida, minors are allowed to consent to having their DNA collected, which isn’t true in other states, like Pennsylvania. But simply maintaining the databases allows each jurisdiction to test every sample already collected, meaning that the DNA from a minor crime scene from years before could be immediately matched with the new sample.

Stephen Mercer, chief attorney for the Forensics Division of the Maryland Office of the Public Defender, finds the practice deeply troubling.

“The collection procedureshighlights the very real threat to liberty interests that local DNA databanks pose,” Mercer said. “The usual suspects are targeted, so we see this amplification of bias in the criminal justice system along the lines of race being amplified through the criminal justice system.”

Granted, many may think, “Well, if you have nothing to hide…”.  That’s not the point. The innocent, unindicted individual should retain a basic form of control over whether she becomes involved in situations wherein she identifies relatives in potential criminal acts. There is something perverse in having one’s DNA finger one’s own flesh and blood for the government’s purposes.  Identification by familial DNA isn’t a slippery slope… it’s a well-greased slalom of privacy infringement.

We will be looking into the matter of DNA familial finger-pointing in-depth and report back as developments warrant .

BNI Operatives: Situationally aware.

As always, stay safe.

Yahoo and Google Data Availability to Law Enforcement & For Legal Process

email magnifying glass

 

As we’ve surmised by now, Lois Lerner’s missing emails exist – somewhere.  There’s also now the availability of cloud hosting, a method of saving your email on the net that allows you 24/7  access from any remote location.  So, do you really know what happens to all of your subscription information, emails, attachments, etc., once you shut down an email account?  What if your information is requested by law enforcement or in anticipation of litigation?   What is the legal process in such a case?

We’ve conducted research into data retention by the two major service providers: Yahoo and Google:

YAHOO

yahoo data save

Compliance With Law Enforcement:    PRESERVATION

Will Yahoo! preserve information?

Yahoo! will preserve subscriber/customer information for 90 days. Yahoo! will preserve information  for an additional 90-day period upon receipt of a request to extend the preservation.   If Yahoo! does not receive formal legal process for the preserved information before the end of the  preservation period, the preserved information may be deleted when the preservation period expires.

 

GOOGLE

What kinds of data do you disclose for different products?

To answer that, let’s look at four services from which government agencies in the U.S. commonly request information: Gmail, YouTube, Google Voice and Blogger. Here are examples of the types of data we may be compelled to disclose, depending on the ECPA legal process, the scope of the request, and what is requested and available. If we believe a request is overly broad, we will seek to narrow it.

Gmail
Subpoena:

  • Subscriber registration information (e.g., name, account creation information, associated email addresses, phone number)
  • Sign-in IP addresses and associated time stamps

Court Order:

  • Non-content information (such as non-content email header information)
  • Information obtainable with a subpoena

Search Warrant:

  • Email content
  • Information obtainable with a subpoena or court order
YouTube
Subpoena:

  • Subscriber registration information
  • Sign-in IP addresses and associated time stamps

Court Order:

  • Video upload IP address and associated time stamp
  • Information obtainable with a subpoena

Search Warrant:

  • Copy of a private video and associated video information
  • Private message content
  • Information obtainable with a subpoena or court order
Google Voice
Subpoena:

  • Subscriber registration information
  • Sign-up IP address and associated time stamp
  • Telephone connection records
  • Billing information

Court Order:

  • Forwarding number
  • Information obtainable with a subpoena

Search Warrant:

  • Stored text message content
  • Stored voicemail content
  • Information obtainable with a subpoena or court order
Blogger
Subpoena:

  • Blog registration page
  • Blog owner subscriber information

Court Order:

  • IP address and associated time stamp related to a specified blog post
  • IP address and associated time stamp related to a specified post comment
  • Information obtainable with a subpoena

Search Warrant:

  • Private blog post and comment content
  • Information obtainable with a subpoena or court order

Note about general Gmail retention:  Even if you Purge your Trash email or shut down your gmail account, your email remains available for recovery for 20 days beyond when the mail is deleted or the account closed.

Please feel welcome to contact us with more specific questions regarding data retrieval from these two major service providers (and lesser used ISPs w/unique data product.)

BNI Operatives: Street smart; info savvy.

As always, stay safe.

 

 

%d bloggers like this: