Boards.ie uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Click here to find out more x
Post Reply  
 
 
Thread Tools Search this Thread
03-02-2019, 11:51   #1
pinkypinky
Moderator
 
Join Date: Aug 2007
Posts: 4,594
Can open, DNA worms everywhere

So FTDNA has decided to change their Terms of Service and allow law enforcement access to their database. It appears that they did this at some point in December 2018 without informing the existing users.

This move allows (presumably US only?) law enforcement organisations to upload kits and utitise the matching services in the same way a commercial user does. It does not allow them access to non-matching kits without valid legal methods like a warrant or subpoena.

Let's be clear here. Gedmatch is already allowing it. The difference is that they put a notice on their homepage saying so, immediately once they discovered their database had been used to find the (alleged) Golden State Killer, and gave users the opportunity to pull their data if they wanted.

FTDNA has done this without telling their users. I logged into my own kit just now and there's no notification, no email. Here's their press release.
I've got lots of kits on their site and am currently waiting for results on a new one.
I don't have a problem with my DNA being used to catch criminals, particularly involving violent crimes.
But I do think FTDNA should have informed users in advance. I'm not going to remove my data, not least because it's cost a lot of money to acquire these services (and added massively to my knowledge of my ancestry) but I am VERY DISAPPOINTED.

The Legal Genealogist blog has a good post, if you want to read more.
pinkypinky is offline  
(2) thanks from:
Advertisement
03-02-2019, 11:57   #2
punisher5112
Registered User
 
Join Date: Dec 2013
Posts: 12,329
One way of looking at it is that if you have nothing to hide or done nothing serious wrong then it really isn't a issue imo.

I think it would be great if every new born had a file created and this could be kept for catching serious offenders.

Look at all the unsolved murders, tapes and serious assaults for example go on to be never closed.
punisher5112 is offline  
03-02-2019, 12:00   #3
pinkypinky
Moderator
 
Join Date: Aug 2007
Posts: 4,594
See, I don't agree with that "if you've nothing to hide..." argument, because "nothing to hide" does not equal "I do not want any privacy".
If you've nothing to hide why not insist that pseudonyms or avatars are never used online?
People might have very good reasons to hide things that are not criminal.
pinkypinky is offline  
(4) thanks from:
03-02-2019, 12:01   #4
Donnielighto
Registered User
 
Donnielighto's Avatar
 
Join Date: Apr 2011
Posts: 3,125
Quote:
Originally Posted by punisher5112 View Post
One way of looking at it is that if you have nothing to hide or done nothing serious wrong then it really isn't a issue imo.

I think it would be great if every new born had a file created and this could be kept for catching serious offenders.

Look at all the unsolved murders, tapes and serious assaults for example go on to be never closed.
That first line is very dangerous. Had been used in the past for government overreach. Letting people know would be enough.
Donnielighto is offline  
03-02-2019, 12:14   #5
CPTM
Registered User
 
Join Date: Feb 2014
Posts: 490
Quote:
Originally Posted by pinkypinky View Post
See, I don't agree with that "if you've nothing to hide..." argument, because "nothing to hide" does not equal "I do not want any privacy".
If you've nothing to hide why not insist that pseudonyms or avatars are never used online?
People might have very good reasons to hide things that are not criminal.
Yes, but there's a big difference between having a DNA sample on file, and stripping someone of their privacy. First of all, DNA data is unreadable in isolation, in that you can't build a picture of someone's beliefs, ideologies, or intentions by just looking at their DNA. You can't judge them differently having looked solely at their DNA. What you're comparing it to is stripping someone of their right to anonymity when seeking advice or debating topics online. To me they are two different things. One can impact their social standing, the other can't?
CPTM is offline  
Thanks from:
Advertisement
03-02-2019, 12:16   #6
punisher5112
Registered User
 
Join Date: Dec 2013
Posts: 12,329
Quote:
Originally Posted by Donnielighto View Post
That first line is very dangerous. Had been used in the past for government overreach. Letting people know would be enough.
Oh I agree if terms are changing they should be made aware.

I'm looking at the side of the victims and family and friends...... They shouldn't be left not knowing and more importantly the person or persons that carry out such terrible crimes should be caught.

Look at all the failings from police forces over the years where they even had the killer for example and let them go or had stopped them and because they didn't talk to each other or link things they would get away.

Look at those that were imprisoned but weren't the ones that done the crime, DNA set them free and if they had of had the actual criminals DNA they would know this.
punisher5112 is offline  
03-02-2019, 16:53   #7
pinkypinky
Moderator
 
Join Date: Aug 2007
Posts: 4,594
Further thought, after some reading, I don't think this change to their terms of service is GDPR compliant. And we know the DPC in Ireland is not pro-genealogy.
pinkypinky is offline  
03-02-2019, 21:44   #8
hblock21
Registered User
 
Join Date: Nov 2007
Posts: 496
Just recieved this email now.

A letter from Bennett Greenspan, FamilyTreeDNA Founder

Dear Customers:

I am writing to address the news that our Gene-by-Gene laboratory, which processes genetic tests for several commercial clients in addition to all of the FamilyTreeDNA tests, has processed a handful of DNA samples for cold cases from the F.B.I. In many cases, the news reports contained false or misleading information.

Let me start with this categorical statement:

LAW ENFORCEMENT DOES NOT HAVE OPEN ACCESS TO THE FTDNA DATABASE.

They cannot search or “dig through” FTDNA profiles any more than an ordinary user can. As with all other genetic genealogy services, law enforcement must provide valid legal process, such as a subpoena or search warrant to receive any information beyond that which any other user can access.

I have been an avid genealogist since I was twelve years old. FamilyTreeDNA is not just a business, it is my passion. I fully understand your privacy concerns on a personal level.

Law enforcement has the ability to test DNA samples from crime scenes and upload the results into databases, like any other customer can, and it appears they have been doing it at other companies for the past year. The distinction is that, according to our Terms of Service and Privacy Policy, we expect the FBI and law enforcement agencies to let us know when they submit something to our database. We moved to something transparent, rather than having them work in a stealthy way. Other than that, nothing changed that affects the privacy of our customers.

FamilyTreeDNA has always taken your privacy seriously and will continue to do so. We’ve remained steadfast, always, refusing to sell your data to pharmaceutical companies and other third parties.

One of the key reasons law enforcement wanted to submit their samples to us is the same reason many of you have: out of all the major companies, FamilyTreeDNA is the only one that has its own lab, and our customers’ samples never leave our company.

As previously stated, law enforcement can only receive information beyond that which is accessible to the standard user by providing FamilyTreeDNA with valid legal process, such as a subpoena or a search warrant. Again, this is specified in FamilyTreeDNA’s Terms of Service, just as with all other companies.

ABOUT OUR TERMS OF SERVICE

The Terms of Service were changed in May of 2018 to reflect GDPR requirements, and we informed our customers about the update at that time. Those changes included a paragraph that required law enforcement to receive our permission to enter the database and since it was a part of the overall update, notice was sent to every FTDNA customer. Without infringing upon our customers’ privacy, the language in the paragraph referring to law enforcement was updated in December, although nothing changed in the actual handling of such requests. It was an oversight that notice of the revision was not sent to you and that is our mistake. Therefore, we are reverting our TOS to our May 2018 version, and any future changes will be communicated to you in a timely manner.

This is the May 2018, GDPR-compliant version, communicated to you at that time: “You agree to not use the Services for any law enforcement purposes, forensic examinations, criminal investigations, and/or similar purposes without the required legal documentation and written permission from FamilyTreeDNA.”

WE WILL DO A BETTER JOB OF COMMUNICATING WITH YOU.

I am genuinely sorry for not having handled our communications with you as we should have.

We’ve received an incredible amount of support from those of you who believe this is an opportunity for honest, law-abiding citizens to help catch bad guys and bring closure to devastated families. We want you to understand, as many of you already do, that you have the same protections that you’ve always had and that you have nothing to fear.

We’ve also heard from supporters offering ideas and solutions to make the FamilyTreeDNA experience a more comfortable one in light of this new information.

We are listening. Our plan is to create a panel of citizen genealogist advisors who will work with us as we focus on how to make your FamilyTreeDNA experience the best one available.

Sincerely,

Bennett Greenspan
President
FamilyTreeDNA.com
hblock21 is offline  
Thanks from:
03-02-2019, 22:12   #9
Ipso
Registered User
 
Join Date: Oct 2012
Posts: 3,963
But it’s not a back door where they can trawl through everything, anyway what’s tonstop someone working anywhere to get a DNA sample from someone else and do the same thing?
Ipso is offline  
Thanks from:
Advertisement
03-02-2019, 22:12   #10
pinkypinky
Moderator
 
Join Date: Aug 2007
Posts: 4,594
Yes, I also got that this evening.
It's a start.
They've recognised that they fecked up.
pinkypinky is offline  
04-02-2019, 11:55   #11
pedroeibar1
Registered User
 
Join Date: Jan 2010
Posts: 4,726
FTDNA’s problem is more about a breach of user conditions by law enforcement agencies than by FTDNA.
For the last 30 years most people have been sheep when it came to their data privacy. Supposedly it’s a trade-off, “You share your data with us, we will help you obtain what you are looking for”. However, it’s all about money and the balance is heavily tipped in favour of the big corporations who are mining your data and at best using it for research (GSK+23andMe) or at worst Facebook & Google) selling it for profit. The FTDNA story is only the tip of a very large iceberg and their ‘access conditions’ breach is not the worst case by a long way, when compared with what Facebook was complicit in doing with Cambridge Analytica.

Data helps vendors target their advertising – the more data the more accurate their targeting can be. In genealogy, even if your tree is ‘private’ online’, just look at the number of tantalising ‘hints’ that show up (although many are wildly inaccurate!). It’s not a faulty algorithm, it’s an attempt to sell you more, either a subscription or an upgrade, from a 37-marker to a 67-marker, from a UK & Irl sub to a premium or world sub. Hammered home every time you log on.

In some cases there is a trade-off, e.g. the profiling cards such as ‘Frequent Flyer’ are around since the 1980’s, Supermarket ‘loyalty’ cards have been with us since the mid-1990’s and will give you upgrades/flights/cash-back/offers. Others offer little or nothing: Google was the first to heavily exploit ‘private’ data and built on it from 2001 when it started to collect customers’ completed searches and use it to target them with specific advertising. By 2004 its advertising revenue had increased by almost 3,000%, (when we also found out that it was using our data!). The arrogance was astounding – the then CEO Erik Schmidt said “If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place!”

In the late 1990’s we had the ‘Aware Home’ groups (a prominent one in Georgia Tech) working on the interaction between homes and their inhabitants, e.g. ‘smart fridges’, temperature control sensors that increased room heating. Its policies/guidelines have long since been dumped by the tech companies. A couple of years ago a study by Prof. Ian Walden of University of London showed that the Google-owned ‘Nest’ thermostat when fully connected to accompanying apps, involved almost one thousand data privacy contracts. If you don’t agree to them you won’t get upgrades/patches and are told its functionality and your security are compromised.

Today’s Irish Independent reports that banks owned by BMW, VW, and Renault loaned just under €1bn to Irish motorists in 2018. Just consider the data they now hold and what they will be able to do to the borrowers in their ‘smart’ cars.

No point in complaining if you still have an Amazon or Facebook account, or a LinkedIn profile, or apps (particularly health-related) on your smart phone. Paradoxically it is the educated wealthy individuals that are most likely to be conned into parting with their data.
pedroeibar1 is offline  
Thanks from:
04-02-2019, 21:00   #12
pinkypinky
Moderator
 
Join Date: Aug 2007
Posts: 4,594
That is probably true but it's off-topic here.

The point is that FTDNA changed their own T&Cs and didn't advise users, which infringes on GDPR and, according to many Americans, the 4th amendment to their constitution.

I've asked family members to do tests for me and they've agreed. I feel I probably should be contacting them all now, explaining what's happened and asking them to reconsent or not.
pinkypinky is offline  
05-02-2019, 00:24   #13
pedroeibar1
Registered User
 
Join Date: Jan 2010
Posts: 4,726
Quote:
Originally Posted by pinkypinky View Post
That is probably true but it's off-topic here.

The point is that FTDNA changed their own T&Cs and didn't advise users, which infringes on GDPR and, according to many Americans, the 4th amendment to their constitution.

I've asked family members to do tests for me and they've agreed. I feel I probably should be contacting them all now, explaining what's happened and asking them to reconsent or not.
It is true and my points are germane, because in a thread on data sharing they illustrate the careless manner in which many already freely allow their data to be collected and (mis)managed.

As for contacting family for renewal of their consents, with respect, I believe that you are making a mountain out of a molehill. FTDNA has said
Quote:
“The Terms of Service were changed in May of 2018 to reflect GDPR requirements, and we informed our customers about the update at that time. Those changes included a paragraph that required law enforcement to receive our permission to enter the database”
The actual clause is
Quote:
“You agree to not use the Services for any law enforcement purposes, forensic examinations, criminal investigations, and/or similar purposes without the required legal documentation and written permission from FamilyTreeDNA.”
FTDNA goes on to say
Quote:
“Without infringing upon our customers’ privacy, the language in the paragraph referring to law enforcement was updated in December, although nothing changed in the actual handling of such requests………………law enforcement must provide valid legal process, such as a subpoena or search warrant to receive any information beyond that which any other user can access.”
They also reconfirmed that Law enforcement agencies don’t have open access to their database. They have admitted that they
Quote:
“processed a handful of DNA samples for cold cases from the F.B.I.”
and from the FTDNA text I infer that this was unwitting, as the FBI did not notify them. Whose fault is that? (Technically, FTDNA should have notified customers and data regulators of what could, in effect, be deemed a data breach.)

Those in the US who rabbit on about the Fourth Amendment are talking nonsense IMO, as that amendment does not guarantee protection from all searches and seizures, but only those deemed unreasonable under the law. When analysing the reasonableness standard, the US court uses an objective assessment and considers factors including the degree of intrusion and the manner in which it was conducted. Trying to match (on a quasi-public database) a DNA sample of a serial murder/rapist would IMO not be viewed as an unreasonable intrusion by any court, even in the US.
I view the main 'surprise event' in Ireland for those who tested with any DNA company is the discovery of a heretofore unknown half sibling or cousin. No bad thing, that, but it would screw-up inheritance planning!
pedroeibar1 is offline  
(2) thanks from:
05-02-2019, 12:05   #14
pinkypinky
Moderator
 
Join Date: Aug 2007
Posts: 4,594
We're just going to have to disagree.
pinkypinky is offline  
05-02-2019, 20:23   #15
Vetch
Registered User
 
Vetch's Avatar
 
Join Date: Jul 2017
Posts: 243
Quote:
Originally Posted by pinkypinky View Post
We're just going to have to disagree.
I’ll agree with you that FTDNA should have informed customers about the changed T&Cs. That said, the entire business model of these genealogy DNA testing companies rests on data sharing and their databases are open to use/exploitation by people interested in things other than tracing their distant family history.

The ultimate fact here is that law enforcement can seek personal data to fight crime. For example, the new Irish Data Protection Act provides for this. FTDNA may have made a strategic decision that by allowing law enforcement to join as ordinary members and getting them to identify select users they were actually interested in that it prevents law enforcement speculatively contacting them looking for evidence.
Vetch is offline  
Post Reply

Quick Reply
Message:
Remove Text Formatting
Bold
Italic
Underline

Insert Image
Wrap [QUOTE] tags around selected text
 
Decrease Size
Increase Size
Please sign up or log in to join the discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search



Share Tweet