Maryland and Montana Limit Police DNA Database Access

New State Laws Restrict Law Enforcement Access to DNA Databases

Maryland and Montana have pioneered legislative action within the United States, enacting laws designed to limit how readily law enforcement can access DNA databases. These measures represent a growing concern for genetic privacy among citizens.

Safeguarding Genetic Information

The core focus of these new laws is the protection of genetic privacy concerning consumer DNA databases. Platforms like 23andMe, Ancestry, GEDmatch, and FamilyTreeDNA allow individuals to upload their genetic data for purposes such as connecting with relatives and tracing ancestry.

However, a significant number of users remain unaware that these platforms may share genetic data with external entities. These entities include pharmaceutical companies, research scientists, and, crucially, law enforcement agencies.

Forensic Genetic Genealogy Searching (FGGS)

Law enforcement utilizes a technique called forensic genetic genealogy searching (FGGS) to aid investigations. This involves uploading DNA evidence from a crime scene to these databases to identify potential suspects.

A prominent example of this is the identification of the Golden State Killer in 2018. Investigators uploaded a DNA sample from a 1980 murder into GEDmatch, leading to the identification of distant relatives of the suspect, Joseph James DeAngelo, and ultimately his arrest.

Privacy Concerns and Potential Misuse

While FGGS has proven successful in solving crimes, privacy advocates have consistently raised concerns about the potential for misuse. DNA profiles can reveal information beyond ancestry, including predispositions to diseases, addiction risks, and drug responses.

Furthermore, this genetic data could be leveraged by companies to generate predictive images of an individual’s appearance.

Database Policies Vary

Ancestry and 23andMe have maintained a policy of not providing access to law enforcement without a valid warrant. Conversely, GEDmatch (acquired by a forensic DNA company in December 2019) and FamilyTreeDNA have previously shared data with investigators.

Maryland's New Regulations

Effective October 1st, Maryland will require law enforcement to obtain judicial approval before employing genetic genealogy. The use of this technique will be restricted to serious crimes such as murder, kidnapping, and human trafficking.

Additionally, investigators will only be permitted to utilize databases that explicitly inform users about the potential for their information to be used in criminal investigations.

Montana's Approach

Montana’s regulations are somewhat less extensive. Law enforcement will need a warrant to access DNA databases unless users have explicitly waived their privacy rights.

Advocacy Group Response

The Electronic Frontier Foundation (EFF) has welcomed these laws as a positive step. Jennifer Lynch, surveillance litigation director at the EFF, emphasized the need for further action by other states and the federal government to regulate FGGS.

“Our genetic data is exceptionally sensitive and requires robust protection, extending beyond the discretion of private companies and law enforcement agencies,” Lynch stated.

She highlighted the increasing access law enforcement has to these databases due to the policies of companies like GEDmatch and FamilyTreeDNA.

Company Statements

A 23andMe spokesperson affirmed their support for legislation strengthening consumer privacy protections. They are actively working on legislation in multiple states to enhance genetic privacy.

“Customer privacy and transparency are fundamental principles guiding 23andMe’s response to legal requests and maintaining customer trust,” the spokesperson added. “We only comply with legally valid court orders, subpoenas, or search warrants.”

Ancestry stated they collaborated with Maryland lawmakers to create a law that balances public policy goals with consumer privacy. They maintain a firm commitment to protecting customer data and will only share information when legally compelled.

GEDmatch and FamilyTreeDNA Remain Unchanged

GEDmatch and FamilyTreeDNA, both of which default users into law enforcement searches, have indicated they have no current plans to alter their user consent policies in response to the new regulations.