Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Biotech Crime Privacy

Beware: FBI, Other Agencies Might Go After Your Voluntary DNA Records (theneworleansadvocate.com) 132

Kashmir Hill reports at Fusion that DNA results from companies like 23andMe are being requested by law enforcement agencies, something that is likely to start happening more and more. From the article: Both Ancestry.com and 23andMe stipulate in their privacy policies that they will turn information over to law enforcement if served with a court order. 23andMe says it's received a couple of requests from both state law enforcement and the FBI, but that it has "successfully resisted them." ... Ancestry.com would not say specifically how many requests it's gotten from law enforcement. ... "On occasion when required by law to do so, and in this instance we were, we have cooperated with law enforcement and the courts to provide only the specific information requested but we don’t comment on the specifics of cases,” said a spokesperson. (Related Wired article here.)
This discussion has been archived. No new comments can be posted.

Beware: FBI, Other Agencies Might Go After Your Voluntary DNA Records

Comments Filter:
  • by thedarb ( 181754 ) on Saturday October 17, 2015 @01:17PM (#50750271)

    I did.

    • by mwvdlee ( 775178 ) on Saturday October 17, 2015 @01:37PM (#50750345) Homepage

      Law enforcement will use any means possible, no matter how unlawful.

      • by TWX ( 665546 ) on Saturday October 17, 2015 @01:46PM (#50750373)
        This is why I wonder about the 4th Amendment and if there was an expectation that it was supposed to restrict the amount of records that the Government was to keep on the citizen in addition to being intended to prevent the Government from seizing private records.

        At the time the amendment was crafted there were limits on the storage capability of records simply due to the medium on which they could be stored. Now that limit is essentially gone due to electronic storage.

        Maybe we need limits on what the Government is allowed to store on any given person unless there's an actual legal investigation of that person, assigned to a human investigator, where that human investigator has to commit regular individual reports on the state of such investigation back to the record for it to be maintained.
        • by Impy the Impiuos Imp ( 442658 ) on Saturday October 17, 2015 @02:19PM (#50750507) Journal

          We are currently in a state where we are shifting our private info, our "papers" in 4th Amendment terms, outside our houses and into the hands of others, and anachronistic Supreme Court rulings have held we have no expectation of privacy in such things held by 3rd parties.

          This needs to change, given people view themselves as holding a virtual presence out there on the nebulous Internet and in the computers thereon. It may need another amendment, but the Supreme Court could clear it all up tomorrow.

        • assigned to a human investigator, where that human investigator has to commit regular individual reports on the state of such investigation back to the record for it to be maintained

          I don't think more bureaucracy is necessarily the right idea. We need to change how things work fundamentally, not by putting another gear into the machine
          • by TWX ( 665546 )
            Why not? Isn't a large part of what constitutes criminal law proceedings based on proper procedure being followed? If we don't have procedures we have no more standing than the Salem Witch Trials.
            • Why not? Isn't a large part of what constitutes criminal law proceedings based on proper procedure being followed? If we don't have procedures we have no more standing than the Salem Witch Trials.

              I think the point is that this is more a case of having too many 'gears' in the process already--which is a perfectly reasonable thing to say, particularly since I'd be actually okay if my DNA report is being used for certain processes. For example, if what they're trying to do is figure out if J Doe #23 is me, I have no problems--especially if I really am J Doe #23.

              I'd certainly like to be notified, however, on the off chance that I'm still alive, and given the opportunity to call the department requestin

      • by PRMan ( 959735 ) on Saturday October 17, 2015 @01:57PM (#50750413)
        As long as there is a warrant and it is for a single suspect's DNA then it is lawful and I am fine with it. Without a warrant is a different story.
        • As long as there is a warrant and it is for a single suspect's DNA then it is lawful and I am fine with it.

          That is almost useless. If they have a specific suspect, and probable cause, then they can use a warrant to demand a hair or blood sample directly from the suspect. What is far more likely, is that they have the DNA sample, but have no idea who it belongs to. So they give the sample to 23andme, and say "Who matches this?" Then they get back a match, or maybe a partial match of a brother, sister, or cousin. That could narrow the suspects way down.

          • As long as there is a warrant and it is for a single suspect's DNA then it is lawful and I am fine with it.

            That is almost useless. If they have a specific suspect, and probable cause, then they can use a warrant to demand a hair or blood sample directly from the suspect. What is far more likely, is that they have the DNA sample, but have no idea who it belongs to. So they give the sample to 23andme, and say "Who matches this?" Then they get back a match, or maybe a partial match of a brother, sister, or cousin. That could narrow the suspects way down.

            As I mentioned a bit farther up, we've already caught somebody managing to slip a sample of somebody else's blood--repeatedly, actually, and I've seen camera footage from one of the later attempts to get his blood from him. (They didn't say how they figured out it wasn't his blood, so I can only guess that the 'donor' he chose was obviously not him--the equivalent of a male druggie trying to pass off a pregnant woman's urine as his own.) It's more reliable to go to somebody like 23andme since the odds of

      • Law enforcement will use any means possible, no matter how unlawful.

        I propose that we stop using the term 'law enforcement' to refer to those who *rule* by force and miscellaneous coordinated thuggery.

        My experience, and you may check this for yourself on youtube, is that they neither know the law nor attempt to enforce it. Of course, there are exceptions; those aspects of 'the law' which may be used to extract fines or coerce required behaviours, are known in great detail.

        • by Anonymous Coward

          Agreed. I know three cops, including one family member. ALL of them operate on the belief that they are part of the authority caste and that regular citizens are part of a lower caste. ALL of them believe it's absolutely fine for a cop to detain, rough up and arrest anyone that is part of the lower caste if they've done anything to draw the ire of a cop (regardless of whether a crime was committed). ALL of them believe that cops should be totally free from any kind of oversight or judicial consequences

          • by KGIII ( 973947 )

            Hmm... Not sure if serious... I know a similar, slightly higher, number and exactly zero match your description. While absolutely none of them are my friends they are acquaintances and I've had a number of conversations with them about many different things over the years. Now, I suppose, they could be putting on a face/front for me but that seems unlikely and I've seen a couple of them pretty drunk and talked to them while they were inebriated.

            I feel icky defending the cops but...

            Yeah, exactly none seemed

            • Hmm... Not sure if serious...

              I know a similar, slightly higher, number

              Appeal to authority / one upmanship

              and exactly zero match your description.

              Rebuttal

              While absolutely none of them are my friends they are acquaintances

              Introduce apparent impartiality

              and I've had a number of conversations with them about many different things over the years.

              They really do exist and are absolutely not fictional characters brought to life with a single purpose in mind

              Now, I suppose, they could be putting on a face/front for

              • by KGIII ( 973947 )

                I think you went 0:all but it was an amusing try and I enjoyed reading it. Thanks for the entertainment. But no, no... We'll start with, I'm quite happily retired, have no dog in the hunt, and don't really like shitty cops but haven't actually had any bad interactions except for one and that's with quite a few interactions over my life.

                What to finish with... Hmm... Hell, even my 'bad' interaction was just a couple of idiot cops in Kansas telling me that my telling them that they couldn't search the car was

        • by Mr.CRC ( 2330444 )

          No, I'd say they do know the law very well and use the widest possible interpretation of it to develop any excuse they can to stop and detain people. Once detained they will attempt to provoke you. Then they will arrest you for disorderly conduct or something, and when you protest you get beat up and charged with resisting arrest. Which of course is ridiculous since you wouldn't have gotten an attitude in the first place if you hadn't been threatened with arrest for no good cause.

          At this time, if you si

          • There should be penalties for acting against the spirit of the law

            • by Mr.CRC ( 2330444 )

              No. There is no objective definition of the "spirit" of anything. Law must not be subjective, or else it is impossible for anyone to ever be sure that they are not breaking a law.

              A law was passed making it is a crime to intercept someone's phone conversation by "wiretapping" (well understood to mean law enforcement authorities going to the phone company and plugging their recorder into your line) without a warrant. The "spirit" of this law was in fact to protect people's constitutional rights. That is o

    • by Anonymous Coward

      Gosh, I am absolutely astonished that this is being abused. Especially given that the co-founder of 23andMe was married to Google's Sergey Brin. Why, who ever could have called that? Oh - fucking everybody.

      "but I hurpa durp nothin to hide hurpa durp search me"

    • Why are they keeping any records after they have done your analysis? Only you need have a record.

    • by KGIII ( 973947 )

      I've thought about this some more and, you know what? It'd be damned neat to be able to just have a cheap machine at home that attaches via USB and can run a test. Then you can use an online comparative (willfully, with privacy controls) and see what matches, where things branched off, make assumptions/guesses about your heritage and history, see where you split from the tree and where (if) you rejoined in a new place, find your guessed major ethnicity, etc...

      I was recently re-watching the NOVA series about

    • You're telling me that people who give samples to 23andMe use their real name?
    • The UK biobank [ukbiobank.ac.uk] was set up to collect medical information (including DNA) from about 500,000 people in the UK between 40 and 69 as part of a long term programme to get a better understanding of the factors promoting different tyes of disease.

      As part of the solicitation process they produced a Q&A and one of the points they had to cover, obviously, was privacy. And basically all they could say was "we'll do our best" - they'd have to comply with any court orders and they couldn't foresee what future cha

    • by nbauman ( 624611 )

      We haven't had privacy of medical records in this country since Monica Lewinsky's psychotherapist gave her treatment records to Kenneth Starr.

      I talked to a few health care lawyers about the privacy of medical records. Bottom line: Any judge can order the production of records "in the interest of justice."

      There are state protections for things like DNA tests, but they don't protect you against federal investigations.

      The medical privacy law (HIPAA) allows doctors and hospitals to disclose medical records to l

    • by Askmum ( 1038780 )
      How can anybody in their right mind expect that information divulged to a third party will be hidden/secret from the government. Of course you should have expected this. This was a question of when, not if.
  • 23andme? Sounds like a site name a 40 yeard-old web-wannabee would use to throw up a quick site about snail collecting or something. I understand it refers to chromosomes but that's a bridge too far to accept.
  • by fuzzyfuzzyfungus ( 1223518 ) on Saturday October 17, 2015 @01:23PM (#50750295) Journal
    Given the combination of convenience(the samples are already collected for you; so it's just a request for a copy from some database) and the '3rd party doctrine' eliminating any pesky 4th amendment issues; the far greater surprise would be the feds not taking advantage of the situation.
    • Posting to remove accidental redundant mod.

    • by KGIII ( 973947 )

      They took my blood when I went in the military. I'm pretty sure that sample still exists somewhere with a number on it and my name attached to it. They may have already run it. However, I am not going to go out of my way to give it to additional third parties.

    • Maybe there is one already, but if there isn't someone needs to start a company that performs this service but destroys the sample and the DNA data afterwards, providing you with only the ancestry and relational data that you originally asked for. And probably not even retaining a copy of that. Problem solved, and they could market themselves as having assured privacy.
      • performs this service but destroys the sample and the DNA data afterwards

        that's a good idea. They'll create a market and then get an National Security Letter saying they have to keep the data anyway, but can't tell anybody, and maybe if they're lucky they'll get a motivation payment, like RSA got from the NSA for making the weak PRNG a default in their products.

        They can charge their customers a premium and also make some extra on the side. Fascist USA is best USA.

        Oh - that new genomics company with very c

      • They'll have a difficult time giving customers ancestral or relational data if, for privacy or other purposes, they destroy the customer's sample and DNA data after processing it. The company won't have any data on ancestry or relations upon which to base their product.
  • by Anonymous Coward

    Although CA governor Jerry Brown just signed a bill requiring warrants to search electronic devices [sfgate.com] (and has signed simular such laws [usnews.com] in the past), there's still that dumbass Proposition 69 [ca.gov] bill that the CA public actually voted into law-- an unforced error-- in 2004. It basically says that if you are ARRESTED (not convicted, arrested), when they do the whole fingerprint thing, they can also grab your DNA and add it to their database. So you know, arrested for political protesting? All your DNA belongs t

  • our Big Brother just keeps getting bigger.
    • The only logical solution is for everyone to join the TLA/government - when there's no more 'them' for the them-and-us, what then?

  • Seriously it is going to get harder and harder for people to be criminals. Technology is going to catch people that feel secure in the nonsense that they pull off currently with little fear of getting caught. It will also create a situation in which the government appears to be more and more corrupt. For example there are clearly criminal phone sales rooms that cops often leave alone as it brings in money to the town and the calls steal money long distance. The mayors don't want the cops making the ar
    • Re: (Score:2, Insightful)

      by Anonymous Coward

      it is going to get harder and harder for people to be criminals.

      On the contrary: with more and more laws in your face, it's going to get easier and easier to find yourself on the wrong side of one.

    • Seriously it is going to get harder and harder for people to be criminals. Technology is going to catch people that feel secure in the nonsense that they pull off currently with little fear of getting caught.

      You're quite right; if NSA records indicate a high probability that you were in the vicinity of a crime, today's modern technology would mean that you'd be half-way convicted before they've finished planting your DNA at the scene!

    • by 7-Vodka ( 195504 )
      Recall that in a lot of cases, criminal and terrorist just means you disagree with the government gang.
    • by Dunbal ( 464142 ) *
      On the contrary it is easier and easier to be a criminal. Many things are crimes now which were completely normal behavior when I was young. In fact I'm willing to bet that we are all pretty much criminals at this point.
    • by AHuxley ( 892839 )
      The next fun part around the world is standard "free" health service blood DNA tests.
      Your is too "low"or "high", find out in a few weeks if it is from both parents, one or none, want to take the free DNA test?
      The use of public data for the "Selective Service" (what was military conscription) in the US in the 1980's showed what could be done with any data "found" by the US gov from simple lists to now complex datasets.
  • I propose that all instances of 'required by law' be replaced by "required to satisfy the whims of a certain section of the population".

    Let's stop pretending that some higher moral authority has decreed a common set of rules known as 'the law' and that they are open to modification in order to correct injustices.

  • Really. Really. Not shocking at all.

    Any record of you is accessible by a court-ordered warrant. That is the entire point of those Court Orders, they can make people give data about you to law enforcement.

    And in fact, even under HIPAA [hhhealthlawblog.com], a mere subpoena will legally require them to turn over the information if it's signed by the right guy.

    The nightmare scenario (your brother rapes a women, and you get convicted because 23andme had your blood sample, not his) is virtually impossible in the real world for anyone

    • by 7-Vodka ( 195504 )

      Your nightmare scenario is so dumb.

      What about the government decides they don't like your opposition to fracking and they use your information to poison you with peanut allergy, or give you a pre-disposed diabetes condition that distracts you from your activism.

      Or they trace the fact that you are the product of your grandfather's slave raping and just put it out there during an election year.

      Or how about they threaten to take one of your children into a mind control program and break them into schizophr

    • Actually, it's virtually impossible to be too poor to afford your own lawyer. The trick is getting a halfway competent one--and I've seen some relatively expensive defense lawyers who...aren't anywhere near as good as even the most indifferent public defender. (If I got stuck with one of them I'd likely ask the judge if I could please have my lawyer required to take his meds because while I think he's hoping to get me off on appeal for having a lousy lawyer, I'd like to be certain that if my lawyer is tal
    • by nbauman ( 624611 )

      because if your lawyer points out that their evidence could also apply to him there's 50% doubt, and generally Juries think 50% doubt is reasonable doubt.

      You give me $10,000 and I'll get an expert witness who will convincingly argue before a jury that the DNA test is absolutely certain, and that the odds are a trillion to one against a mistake.

      He will at least be able to throw enough confusion into the case to give the prosecutor a good chance of convincing the jury that the defendant was guilty beyond a reasonable doubt.

      The files of The Innocence Project and the National Association of Criminal Defense Attorneys are filled with cases like that.

      • You think DNA evidence alone is enough to convict for rape? Let me introduce you to Nelson Bernard Clifford [baltimoresun.com], who managed to convince three juries in three years that three near-identical sets of allegations, with DNA evidence, were actually consensual sex. Fifth time [baltimoresun.com] turned out to be the charm for that guy. I suspect they won that one because he ran out of money for decent defense attorneys, not because their case was actually stronger.

        The databases you mentioned are filled with files from shitty lawyers, g

        • by nbauman ( 624611 )

          I never said that DNA evidence alone is enough to convict for rape.

          The cases of Nelson Bernard Clifford show that you also have to prove lack of consent. I don't have the details of the case, and I can't understand why the jury would acquit 4 times based on the evidence as reported by the Baltimore Sun. But it looks like he had a good defense lawyer.

          I know some of the lawyers at the Innocence Project and the National Associaton of Chriminal Defense Lawyers (not "Attorneys," sorry), and I also know some publ

          • I never said that DNA evidence alone is enough to convict for rape.

            The cases of Nelson Bernard Clifford show that you also have to prove lack of consent. I don't have the details of the case, and I can't understand why the jury would acquit 4 times based on the evidence as reported by the Baltimore Sun. But it looks like he had a good defense lawyer.

            If you're saying they can get a guy convicted of rape, despite the fact he claims to have never seen the women, and the DNA test doesn't rule his cousins out, then you are indeed arguing that it's possible to get convicted based solely on DNA.

            From other stories on Nelson Bernard Clifford it sounds like a) he was really good at convincing people the accuser might (just might) be a slut who invited him in for sex and is now scorning him because she's an evil bitch, and b) Maryland Judges consistently ruled th

  • I'm more worried about what the insurance industry will do with that information. They control the government, they will do whatever they want with it to maximize profit.
  • "Hey, if you give us some data, we may be required to cough up to some government entity if they have a court order. If they ask, we will. Our business is more important than you, and we will not fall on our sword to protect the incredibly personal and identifiable info that you gave of your own free will."
  • Warrants are one thing, but if a company refuses to admit that it's turned over any information, a NSL is more of a suspect than a warrant. And they don't demand any justification or allow any challenge.

    When a company says they have successfully contested a warrant, that doesn't tell you the information is secure. Perhaps it is. But given the brazen abuse of NSLs there's no reason to believe that.

  • by ohnocitizen ( 1951674 ) on Saturday October 17, 2015 @03:34PM (#50750719)
    I see more responses saying "Not surprised" than suggesting we take steps to address this, or that it is ethically acceptable. Either this is fine, in which case it is good law enforcement can obtain our DNA in this fashion. Or it is a worrying and unethical issue and we need to take concrete action such as contacting representatives and organizing to try and shut this shit down. But the least useful thing to do is say "I saw this coming.". Who. Fucking. Cares.
    • by martas ( 1439879 )
      Isn't this really easy? Mail in your sample with a unique ID and a money order (without return address), see results online via said unique ID and through a VPN so it doesn't get tied to your IP. Perhaps theoretically possible to deanonymize, but practically speaking should be good enough. In fact, I'm not sure why this isn't already an option (or is it? I've never looked into any of these services).
      • by nbauman ( 624611 )

        Isn't this really easy? Mail in your sample with a unique ID and a money order (without return address), see results online via said unique ID and through a VPN so it doesn't get tied to your IP. Perhaps theoretically possible to deanonymize, but practically speaking should be good enough. In fact, I'm not sure why this isn't already an option (or is it? I've never looked into any of these services).

        Indeed, the way to keep your medical information private is to go to the doctor or medical service anonymously and pay in cash. You don't need to identify yourself to get health care. You can go to a hospital and call yourself John Doe.

        The weak link might be getting the money order. I don't know if you can get a postal money order anonymously any more. Post offices have cameras now that record every "patron." Maybe you could hire somebody off the street to go in and get a $25 money order for you.

  • One of the many reasons DNA tests from 23andMe, Ancestry, and Family Tree DNA aren't generally used for lawsuits or criminal cases, is chain of custody. For DNA evidence to hold up in court, the witness providing the evidence must generally be able to swear in court that the DNA sample actually belonged to the person in question, and that control of the physical evidence was maintained at all times. Genealogy-related DNA testing sites simply accept their customers' word that the sample being sent in for a

    • They don't need a chain of custody because it doesn't matter. Once they know who, they can find the rest of the evidence they need, and they can document it to the standard necessary for court.

  • Test a sample against a relatively small data set of known prior offenders, fairly good chance of an identification.

    Test the same sample against the vast data sets available, and there's a much larger chance of a false positive.

    Trolling through all the available DNA records is a mistake.

    http://www.ncbi.nlm.nih.gov/pm... [nih.gov]

  • >"Kashmir Hill reports at Fusion that DNA results from companies like 23andMe are being requested by law enforcement agencies"

    Like this is a surprise to anyone???? Give me a break! Information shared with a third party can never really be secure, regardless of what is in their "privacy" policies. Even if they delete the results after transmitting them to the customer, the "dark side" can intercept the communications, plant bugs or malware, or put in redirectors WITH the company knowing it but with a g

Think of it! With VLSI we can pack 100 ENIACs in 1 sq. cm.!

Working...