Posted by Eric Heath on November 8, 2019 in Website

Your privacy is important to us. That’s why we want to share our position on a recent event where a Florida judge issued a search warrant to allow law enforcement to search all of GEDmatch, an open data personal genomics database. Following the issuance of the search warrant, GEDmatch opened its database of nearly one million users — beyond those who had consented to such access — within 24 hours. Ancestry believes that GEDmatch could have done more to protect the privacy of its users, by pushing back on the warrant or even challenging it in court. Their failure to do so is highly irresponsible, and deeply concerning to all of us here at Ancestry. GEDmatch’s actions stand in stark contrast to our values and commitment to our customers. 

We want to be clear – protecting our customers’ privacy and being good stewards of their data is our highest priority. Not only will we not share customer information with law enforcement unless compelled to by valid legal process, such as a court order or search warrant, we will also always advocate for our customers’ privacy and seek to narrow the scope of any compelled disclosure, or even eliminate it entirely. You can find more information on our privacy philosophy here

Additionally, each year we release a transparency report that outlines law enforcement requests for member data. To date, we have received no valid requests for information related to genetic information of any Ancestry member, nor have we disclosed any such information to law enforcement.

With regard to this situation, we, together with our partners at The Coalition for Genetic Data Protection, which was formed to advance business practices that ensure the privacy and security of an individual’s genetic data, have issued the following statement:

The Coalition for Genetic Data Privacy is deeply concerned by the recent decision by GEDMatch — a publicly accessible genetic database that is neither a member of our Coalition nor a signatory to the Best Practices — to not challenge the search warrant in the interests of their users’ privacy.

The Coalition believes that individuals deserve the full protection of the law when it comes to their personal and genetic data. This includes an obligation by companies who process genetic data to commit resources to closely scrutinize and challenge the validity of any warrant, including where the warrant may infringe on individuals’ Fourth Amendment rights.

When our users choose to upload their personal genetic data to other services that do not adhere to our Best Practices, they should carefully consider the commitments made by such services as they relate to law enforcement access.

It is incumbent on any company entrusted with sensitive personal information, including genetic data, to approach the issue of law enforcement access with a high degree of scrutiny, transparency, and prioritization of customer privacy.

We deeply value our Ancestry community and remain fiercely committed to providing a protected environment for journeys of personal discovery.

Eric Heath

Chief Privacy Officer, Ancestry

29 Comments

  1. Aaron

    Thank you for getting out in front of this. How can we possibly convince our relatives to take DNA tests with GEDMatch driving the narrative? I hope someone develops a privacy minded tool where we can do segment analysis that isn’t a law enforcement honeypot.

  2. Davis

    Privacy is an important issue when it comes to business with customers.The samedaypapers.com helps the people to read research paper for understanding the way of writing essay on privacy.I see the bright future of your company and I hope you will keep same consistency.

  3. Jones

    Thank you for the information and for the stance Ancestry has taken. DNA should be absolutely private unless intentionally and voluntarily shared by the principal or acquired through valid court order with limited scope and which is also based on probable cause, due process and need to know. Privacy is foundational to both the purpose and collaboration of this platform. Ancestry is demonstrating the ultimate good faith in its compact with users. Very appreciated and applauded.

  4. Sandra

    I read the Nov 5th article “Your DNA Profile is Private? A Florida Judge Just Said Otherwise” in the New York Times and noted you had not responded to a request for a comment, so thank you for this. Like Aaron, I believe that if the enthusiastic detective quoted in the article got his wish, it would make it even harder than it already is for us to get relatives to take the Ancestry DNA test. I hope you will now give your statement to the New York Times, at least in a Letter to the Editor. As an adoptee, I am grateful for the size of Ancestry’s database. Using the same method as the detective would presumably use to solve unsolved crimes, I have been able to identify both of my birth parents, but, believe me, it doesn’t happen overnight as Detective Fields thinks! On the other hand, I’m not against solving unsolved crimes, if a way could be found to do it without invading our privacy.

  5. Barbara

    Having a strong privacy policy is a good thing. Attacking someone else who followed a lawful court order in an effort to make yourself look better is a cheap shot and completely unnecessary. I’m very disappointed in your approach.

  6. Neil

    Whilst I agree privacy is important I would agree with Barbara. Perhaps you could be assisting Gedmatch? They started off as a free service and while they make money it is nothing like the financial resources ancestry has. Many of us who are ancestry customers have to use Gedmatch if we want access to a chromosome browser. So whilst they could have been a bit stronger in their resolve I understand why they decided they couldn’t.

  7. Janice

    Thank you Ancestry! The Florida judge was wrong to issue such a broad search warrant. As for gedmatch, they probably lacked the resources to fight it.

  8. Ernest Kapphahn

    I appreciate your concern about privacy but I fail to see how the dna information you hold could not be considered evidence. If a police detective is investigating a crime he can go to a magistrate in his or her jurisdiction with a search warrant affidavit. If the affidavit provides probable cause that you are holding evidence that is pertinent to the case and could identify the suspect, the magistrate will issue a search warrant to obtain that evidence. No one’s consent is required. The rule Gedmatch had established only covered the consent search situation. They and all other dna sites will have to adhere to the law where search warrants are involved. There are interesting legal questions. Does a suspect whose dna is legally taken as evidence at a crime scene have a right to have evidence suppressed when it is owned or held by an un-involved party? Can a person who is not charged with any crime withhold evidence that may identify a suspect? What constitutes evidence in a digital database? Are the work products of a genealogy company (its matches) subject to a search warrant? Can a court order a company that does not accept uploaded data to accept an upload from law enforcement? Should you argue this matter in court, we should get answers.

  9. Sandy

    Had Ancestry given its users the chromosome browser we have been requesting for years, most of us would not be on GEDmatch. It is disingenuous to charge high subscription fees, not offer what every serious genetic genealogist uses as a basic DNA tool, and then throw shade on a largely free service that many of us have turned to due to Ancestry’s omission as it struggles to keep up with its role in the crime solving spotlight.

  10. Mindy

    I am sad to hear ancestry takes such a stance! Privacy is one thing but trying to find a killer or one who has done some horrible things, I don’t consider that a privacy issue. Too bad ancestry continues to feel the NEED to NOT help law enforcement on ANY of these horrible issues.
    Is that the reason WHY we don’t have a chromosome browser?? Because ancestry is so dead set to NOT have to deal with investigators!! RIGHT ON GEDMATCH you are many many people’s HERO!! And ancestry,,,, GEDmatch is FREE FREE FREE

  11. Martin

    Glad to see Ancestry making this statement that it will do everything within its power to protect users privacy.

    GedMatch sad to say has lost the trust of many if it’s users, starting back in May of this year and in recent days many friends and acquaintances in the genealogy field have deleted their GedMatch accounts, myself included. GedMatch is not totally to blame, it seems to me that US lax privacy laws need to be beefed up bringing them to level of those in the EU.

    I note that Ancestry is signed up to the EU-US Privacy Shield, which GedMatch isn’t, so makes me think how seriously do they take their users Privacy.

  12. Kay farr

    A florida judge has no right to any dna i have submitted to gedmatch as i & the persons whose dna i have submiited are NOT american citizens. Gedmatch should contact all those whose dna was accessed, apologise & explain how they are going to prevent it happening again

  13. VThomp

    Good luck Gedmatch doesn’t care how anyone feels about invasive and broad searches by law enforcement, in fact the are pro law enforcement access.

  14. Jenna P.

    I have more of a problem with sites selling my info to “partners”. But someone who violates another person’s physical wellbeing by assault, robbery, murder, should have their privacy protected? Nope, I don’t disagree with Gedmatch on this one.

  15. Terry

    Law enforcement does not want your genetic data, nor is it being shared with them. They are looking at DNA profiles that match crime scene DNA. PROFILES. NOT GENETIC DATA. From there they build a family tree in the hope of finding a clue to who the perpetrator is – a clue from your DNA profile. It’s not like they are getting GENETIC DATA, like customer GENETIC DATA that Ancestry and 23andME are sharing with their pharmaceutical partners for tons of money. Think about it, law enforcement has used the PROFILES of DNA MATCHES to arrest dozens of killers and rapists. Hmmm. And to all of the ancestry genealogists who are screaming about privacy…answer this question: Why is it okay to share DNA PROFILES with complete strangers – adopted parents, unknown family members, etc – but you are flipping off law enforcement trying to arrest killers and rapists? Really? God forbid it was your mother or daughter who was victimized – and law enforcement had to say, “Well, we have the tools to find him, but, well, we’re not allowed to, sorry.” I call B.S. on beating up GEDmatch, Ancestry.

  16. Connie

    Small companies don’t have the resources to fight warrants. GEDmatch and others are acting as a shield for companies like Ancestry. The fact that they are willing to work with law enforcement keeps the agencies from knocking on Ancestry’s door. You should be thanking them.

  17. Theresa

    Thank you, Ancestry. I watch these issues closely and and pleased to see you assuring the users that their data will still be protected. After this most recent incident, I was strongly considering recommending that all my family delete their DNA data. Since I’ve seen your statement, I’m on hold on that, but as soon as Ancestry changes its stance, I’m done with DNA genealogy and will recommend the same to my entire family.

  18. Connie Brown

    If you and your immediate family members abide by the law, why should you care? I thought it was great and innovative GEDmatch was used to get that scum out of the populace. He had violated and disrupted so many lives.

  19. Donald

    The problem people who believe that privacy in DNA and police using it is not a big deal are being short sighted. The fact of the matter is, time and time again it has been shown police can be corrupt or just lazy and DO pin crimes on innocent people. If they have access to your DNA kits they can just copy it and claim that your DNA was at the crime scene. Or perhaps the get DNA from the crime scene, use Genetic genealogy to try to catch a criminal, and maybe they lock up a sibling of a criminal. Plus you need to remember that law enforcement is trying to use these sites for crimes other than murder and rape, potentially just misdemeanors.

  20. Miles Drake

    Going after GEDmatch was a cheap shot as had been fairly described above. As a genetic genealogist I use DNA as a tool to help verify my lineages. Isn’t a bit odd that people wander about amongst cameras, fork over their credit card numbers, supply passwords almost with abandon. You are listed in phone books, you show your driver’s license for identification, you register to vote. They already know far more about you than a paranoid should be comfortable with. So you go after what you do not understand. One should only be rationally afraid if one is actually guilty. So we can all wonder what these vociferous privacy advocates are hiding. Thanks for letting us know by the way. That said, okay, I get that you might be afraid of the police falsely accusing you by incorrectly reading the results. Only subjects of multiple births should be concerned because their DNA is really similar. A fun fact, their fingerprints develop later and do not match. This is all far from rocket science. It is simple enough that I can easily imagine a grade school child could be taught to do this. The amount of matching DNA matters. That should be the end of this conversation, but for the fact that police do not hire the smartest people….and they carry guns. Should a police action result in harrassing an innocent, surely a group funding and the ACLU could bring that particular police district into court and financial ruin. Then we would be surrounded by the rapists and murderers and have less police protection. You should all want the violent criminals brought to justice and to inform them that such activity will be found out. Just how many serial killers is enough? How many rapists? How many unidentified loved one’s remains? Would not it be better to dissuade them *before* they start.

  21. Kate

    When I learned that LE was using GEDmatch unfettered, I pulled my family’s data from the site. I wish they’d require a search warrant for each case, even for those who have opted in. I’d really prefer that there be a judge involved in the process. I will probably never used GEDmatch again which is unfortunate because they had so many useful tools. I just don’t fully trust LE to do the right thing and not misuse the data.

  22. Me

    Okay, I know that I am blonde, female AND old, which is a lethal combination. But what’s the big deal about someone seeing my DNA data? What can they do with that data that can hurt me??

  23. There is no privacy in our current culture and we are kidding ourselves if we think so. Secondly, it does not expose me if DNA is used to catch a crook. I may expose him and his family but does not hurt me in any way. And what could someone learn anyway, that I am 19% Irish? How does that hurt me? My health is not exposed, if I paid taxes, or any disease or criminal record, etc. I think it is okay for the Police and Gedmatch to do this. I have nothing to hide. Let them check me.

  24. Pauline Ryan

    You should be helping GEDmatch not taking cheap shots to make yourself look better and make more profit. Curtis Rogers is a champion.

  25. Ani

    The combination of genealogy, DNA and health data stored on sites like Ancestry, paired with data breaches at the IRS, Equifax, hospitals and health insurance companies, has made us all more vulnerable, than we were when the site launched. A warrant should ALWAYS be used by law enforcement, even for those opting in to having their DNA law enforcement searchable, because their DNA is in effect, not just their own, but additionally belongs to all their blood relations. Those relatives might not be equally keen, on having their DNA searchable to law enforcement, even if you are.

    There are people blissfully walking around out there, who have no idea that non related strangers, or 6th cousins 4x removed by marriage, have uploaded their entire tree to a genealogy site, and that data, paired with their DNA might someday make them vulnerable to a whole host of things, from being turned down for a life insurance policy, health insurance, or age discrimination. Laws change and are repealed. What happens if Grandpa’s inherited disease, becomes public knowledge when another user posts a cause of death, or a death certificate on a genealogy site? Or f police go off, half cocked, as they did in the Angie Dodge murder case in Idaho, and an innocent Ancestry user, who wasn’t the suspect, was dragged into the ordeal of a lifetime, and an additional innocent man, made to serve 10+ years in jail. That’s wasn’t Ancestry’s fault in the least. It’s what someone else did, who accessed their data.

    When you tested, you do so thinking, “I’ve never committed a crime, nor has anyone I know, in the family, we’re in no danger of becoming a false suspect simply by being in a DNA pool” You are not thinking that an over zealous detective, manned with a sketchy list of possible relatives, and a whiff’s worth of shared DNA, and your first name, being the same as a suspect’s, might turn your life into a living nightmare.

    It’s great that Ancestry has moved their tests to a private lab, but I think stricter community behavior guidelines should be put in place, and the first two generations back from your own, should be made private, in public trees.

    There is a reason that census data is confidential for decades, and that only blood relations can frequently order copies of birth, marriage and death certificates. Just because it’s legally permissible in the publish public domain items like obituaries, with living relatives full names, does not mean that it’s safe to do, so in a harrowing digital age. When your social security number, your credit history and your full medical history, have bee released through data breaches by insurance companies, credit reporting bureaus, and the IRS, a whole lot of your private data is now usable, via a few clicks, by the wrong people.

    We produced open trees thinking that our blood relatives would benefit from them, not some one perpetrating identity fraud, or companies like criminal forensic labs would be mining them.

    We all want the bad guys caught, but I’m unsure if my right to publish a public tree, and have my DNA sequenced, should infringe on another person’s privacy. Not everyone wants to be part of a massive world tree, where they can’t redact info, that strangers, post on them. The things deposited on those kind of sites are there forever. We should all be asking ourselves, “When does my right to know, supersede you hanging on to a tiny bit of your privacy?” Most users on the site are lovely, but there are some, who don’t care what harm befalls you and your relatives, as a result of their willy nilly data posting. It may be entertaining for them to create a billion person tree, or log in a million grave memorials, but might not be so, for you. Maybe you don’t want people to know where Grandma was buried. Could the data they post allow a stalker to find your daughter at Aunt Betty’s house? We are not just giving away our own data, but our grandchildren’s.

    I don’t think anyone should be word for word copying all the private info other users added to their public profile pages, even if you were the dummy who had your tree set to public, back in the day when it was safe to do so. When you created that tree, and made it public on Ancestry, you never envisioned that 12 years, it’s information would be so easily copied, or that a non blood relation wouldn’t care a fig, if you were harmed by the info they copied, and they would refuse to redact the info and make it private. No skin off their noses.

    The same users who are display all your private info, are the ones who have their two previous two generation made private. Doesn’t seem fair. You didn’t know the world would digitally change. Clearly, they agree with you that the info should be made private, because they’ve their’s made private after you share your story with the, but they are not concerned about you being more vulnerable to identity theft.

    People all over the site are slamming trees closed to protect themselves from less than thoughtful users. It’s a shame, because we all suffer as a result. Anything they’re trying to help along by amassing your data, and tacking it on to their’s and creating a massive tree, just causes more people to make their information private.

    I used to think users with private trees were selfish, but after you hear some of the things that befell them, du to open trees, you get it. Someone at Ancestry, should be monitoring the school yard, and encouraging better behavior from less considerate users.

    The majority of us don’t copy our Grandmother’s photos and hand them out to strangers on the street. Nor do we expect that someone will think it’s perfectly acceptable to copy paragraphs and paragraphs of someone else’s personal anecdotal notes that were painstakingly typed into fact boxes. We’d never think of walking into someone else’s home, pulling their photo album off a book shelf and start ripping out photos, or copying their diary without permission, because that would be rude.

    I have to say I agree with an Ancestry friend, who said, that she, “felt raped and sick to her stomach” after another user pilfered over 40 years of her research and made it their own. Just as you wouldn’t copy someone else’s exam sheet in class, or plagiarize from a book, you probably should only be coping public domain accessible documents that Ancestry published in their catalog, not other user’s private thoughts and recollections, without their permission.

    Just because the site allows you to get away with acting in a less than thoughtful way towards other users, doesn’t mean that you should.

Join the Discussion

We really do appreciate your feedback, and ask that you please be respectful to other commenters and authors. Any abusive comments may be moderated. For help with a specific problem, please contact customer service.