Ancestry Resists Law Enforcement Access to DNA Database

Ancestry, a leading consumer genomics firm, has recently affirmed that it successfully contested two requests from U.S. law enforcement agencies seeking access to its extensive DNA database over the past half-year. Importantly, neither of these requests ultimately resulted in the release of any customer data or genetic information.

Transparency Report Details

The company’s disclosure was made within its latest transparency report, covering the latter portion of 2020. According to the report, Ancestry actively challenged both requests, leading to their subsequent withdrawal. No data was provided to authorities at the time the report was published on Tuesday.

While the specific agencies or police departments involved, and the rationale behind the requests, were not detailed by Ancestry, spokesperson Gina Spatafore verified that the warrants sought DNA data. Further comment beyond the report’s contents was declined.

Refusal of Improper Requests

In addition to successfully challenging the two warrants, Ancestry reported refusing a number of inquiries from U.S. law enforcement due to a lack of appropriate legal process. Four valid requests were received, however, the company maintained its commitment to privacy and did not supply any data in response.

Scale of the Database

With over 3.6 million subscribers and a database containing more than 18 million customer DNA profiles, Ancestry currently possesses the largest such database globally. This substantial size naturally attracts attention from law enforcement agencies.

Growing Law Enforcement Interest

DNA profiling services like Ancestry have gained significant popularity as individuals seek to explore their family history, genetic predispositions, and cultural origins. However, the increasing scale of these DNA databases is simultaneously drawing the attention of law enforcement seeking assistance in criminal investigations.

Ancestry’s Stance on Privacy

Ancestry explicitly states on its website that it considers member DNA data to be highly sensitive. Therefore, a court order or search warrant is considered the minimum requirement before any compliance review. The company also prioritizes member privacy, actively seeking to limit the scope or even invalidate warrants before fulfilling them.

Previous Resistance to Warrants

This is not the first instance of Ancestry resisting legal demands. Last year, the company rejected a search warrant issued by a Pennsylvania court, deeming it “improperly served” and refusing access to its DNA database.

Previously, Ancestry had only complied with a single search warrant concerning DNA data from a database it had acquired and subsequently made public, failing to anticipate its use by law enforcement for investigative purposes.

Common Practice: Data Requests and Transparency

It is increasingly common for companies holding large volumes of customer data to receive frequent requests from law enforcement for user information. Consequently, many organizations are now publishing periodic transparency reports detailing the number of legal demands they receive.

Leadership in Transparency

Ancestry is notably one of only two DNA profiling sites that currently publishes a transparency report. 23andMe also releases quarterly data on the number of data demands it receives, and has, to date, not provided any customer data to law enforcement. FamilyDNA indicated over a year ago that it was in the process of developing a transparency report.

The GEDmatch Case and its Aftermath

The actions taken by Ancestry and 23andMe followed the use of the GEDmatch DNA profiling site by police to identify a suspect in a serial killer case. This breakthrough ultimately led to the arrest of the “Golden State Killer” in 2018. GEDmatch stated it was not contacted by law enforcement prior to the search.

Subsequently, GEDmatch allowed users to opt-in to having their DNA included in police searches. However, GEDmatch also experienced two data breaches last year, exposing user profiles, including those accessible to law enforcement.