Why We Fear Genetic Informants: Using Genetic Genealogy to Catch Serial Killers

Consumer genetics has exploded, driven by the second-most popular hobby in the United States: genealogy. This hobby has been co-opted by law enforcement to solve cold cases, by linking crime-scene DNA with the DNA of a suspect\u27s relative, which is contained in a direct-to-consumer (DTC) genetic database. The relative’s genetic data acts as a silent witness, or genetic informant, wordlessly guiding law enforcement to a handful of potential suspects. At least thirty murderers and rapists have been arrested in this way, a process which I describe in careful detail in this article. Legal scholars have sounded many alarms, and have called for immediate bans on this methodology, which is referred to as long-range familial searching ( LRFS ) or forensic genetic genealogy ( FGG ). The opponents’ concerns are many, but generally boil down to fears that FGG will invade the privacy and autonomy of presumptively innocent individuals. These concerns, I argue, are considerably overblown. Indeed, many aspects of the methodology implicate nothing new, legally or ethically, and might even better protect privacy while exonerating the innocent. Law enforcement’s use of FGG to solve cold cases is a bogeyman. The real threat to genetic privacy comes from shoddy consumer consent procedures, poor data security standards, and user agreements that permit rampant secondary uses of data. So why do so many legal scholars fear a world where law enforcement uses this methodology? I submit that our fear of so-called genetic informants stems from the sticky and long-standing traps of genetic essentialism and genetic determinism, where we incorrectly attribute intentional action to our genes and fear a world where humans are controlled by our biology. Rather than banning the use of genetic genealogy to catch serial killers and rapists, I call for improved DTC consent processes, and more transparent privacy and security measures. This will better protect genetic privacy in line with consumer expectations, while still permitting the use of LRFS to deliver justice to victims and punish those who commit society\u27s most heinous acts

A Game Theoretic Approach to Balance Privacy Risks and Familial Benefits

As recreational genomics continues to grow in its popularity, many people are afforded the opportunity to share their genomes in exchange for various services, including third-party interpretation (TPI) tools, to understand their predisposition to health problems and, based on genome similarity, to find extended family members. At the same time, these services have increasingly been reused by law enforcement to track down potential criminals through family members who disclose their genomic information. While it has been observed that many potential users shy away from such data sharing when they learn that their privacy cannot be assured, it remains unclear how potential users’ valuations of the service will affect a population’s behavior. In this paper, we present a game theoretic framework to model interdependent privacy challenges in genomic data sharing online. Through simulations, we find that in addition to the boundary cases when (1) no player and (2) every player joins, there exist pure-strategy Nash equilibria when a relatively small portion of players choose to join the genomic database. The result is consistent under different parametric settings. We further examine the stability of Nash equilibria and illustrate that the only equilibrium that is resistant to a random dropping of players is when all players join the genomic database. Finally, we show that when players consider the impact that their data sharing may have on their relatives, the only pure strategy Nash equilibria are when either no player or every player shares their genomic data

Why We Fear Genetic Informants: Using Genetic Genealogy to Catch Serial Killers

Consumer genetics has exploded, driven by the second-most popular hobby in the United States: genealogy. This hobby has been co-opted by law enforcement to solve cold cases, by linking crime-scene DNA with the DNA of a suspect's relative, which is contained in a direct-to-consumer (DTC) genetic database. The relative’s genetic data acts as a silent witness, or genetic informant, wordlessly guiding law enforcement to a handful of potential suspects. At least thirty murderers and rapists have been arrested in this way, a process which I describe in careful detail in this article. Legal scholars have sounded many alarms, and have called for immediate bans on this methodology, which is referred to as long- range familial searching (or "LRFS"). The opponents’ concerns are many, but generally boil down to fears that LRFS will invade the privacy and autonomy of presumptively innocent individuals. These concerns, I argue, are considerably overblown. Indeed, many aspects of the methodology implicate nothing new, legally or ethically, and might even better protect privacy while exonerating the innocent. Law enforcement’s use of LRFS to solve cold cases is a bogeyman. The real threat to genetic privacy comes from shoddy consumer consent procedures, poor data security standards, and user agreements that permit rampant secondary uses of data. So why do so many legal scholars fear a world where law enforcement uses this methodology? I surmise that our fear of so-called genetic informants stems from the sticky and long-standing traps of genetic essentialism and genetic determinism, where we incorrectly attribute intentional action to our genes and fear a world where humans are controlled by our biology. Rather than banning the use of genetic genealogy to catch serial killers and rapists, I call for improved direct-to-consumer consent processes, and more transparent privacy and security measures. This will better protect genetic privacy in line with consumer expectations, while still permitting the use of LRFS to deliver justice to victims and punish those who commit society's most heinous acts

Systematizing Genome Privacy Research: A Privacy-Enhancing Technologies Perspective

Rapid advances in human genomics are enabling researchers to gain a better understanding of the role of the genome in our health and well-being, stimulating hope for more effective and cost efficient healthcare. However, this also prompts a number of security and privacy concerns stemming from the distinctive characteristics of genomic data. To address them, a new research community has emerged and produced a large number of publications and initiatives. In this paper, we rely on a structured methodology to contextualize and provide a critical analysis of the current knowledge on privacy-enhancing technologies used for testing, storing, and sharing genomic data, using a representative sample of the work published in the past decade. We identify and discuss limitations, technical challenges, and issues faced by the community, focusing in particular on those that are inherently tied to the nature of the problem and are harder for the community alone to address. Finally, we report on the importance and difficulty of the identified challenges based on an online survey of genome data privacy expertsComment: To appear in the Proceedings on Privacy Enhancing Technologies (PoPETs), Vol. 2019, Issue

DNA Is Different: An Exploration of the Current Inadequacies of Genetic Privacy Protection in Recreational DNA Databases

(Excerpt) Part I of this Note discusses the fundamental science behind DNA and defines and explains the process of familial DNA searching. Part I also discusses how Carpenter v. United States provides a framework to begin thinking about the unique nature of DNA and privacy implications for its use, and why the revealing nature of this type of data warrants protection. Part II of this Note delves into the lack of constitutional and statutory protections for DNA in recreational DNA databases. First, Part II explains that traditional Fourth Amendment concepts, like search warrants, probable cause, reasonable expectation of privacy, third-party doctrine, and consent, do not adequately protect or map onto DNA stored in recreational databases. Next, Part II highlights the complete absence of statutory protections for the forensic use of DNA in this particular context. Part III assesses the strength of common arguments intended to minimize the necessity of statutory protection and concludes that they are not persuasive. Such arguments include the strong government interest in being able to use familial searching to solve and prevent crimes, the anonymization of DNA samples to resolve privacy concerns, and the work-intensive nature of familial searching in these databases tending to decrease the likelihood that the technique would be used frequently. Finally, Part IV asserts that statutory protection is the appropriate solution and that it is imperative to protect the genetic information of individuals stored in recreational DNA databases against invasive use by government actors. Part IV also provides an overview of possible regulations

A World of Difference? Law Enforcement, Genetic Data, and the Fourth Amendment

Law enforcement agencies are increasingly turning to genetic databases as a way of solving crime, either through requesting the DNA profile of an identified suspect from a database or, more commonly, by matching crime scene DNA with DNA profiles in a database in an attempt to identify a suspect or a family member of a suspect. Neither of these efforts implicates the Fourth Amendment, because the Supreme Court has held that a Fourth Amendment search does not occur unless police infringe expectations of privacy society is prepared to recognize as reasonable and has construed that phrase narrowly, without reference to society\u27s actual views. The empirical study presented in this Article, which attempts to gauge societal privacy expectations in this terrain, suggests that laypeople consider law enforcement access to genetic information to be as intrusive as, or more intrusive than, searches of bedrooms, text messages, or emails, not only when one\u27s DNA is held by health care providers, but also when it is obtained from direct-to-consumer genetic testing companies and public genealogy websites. Our research also suggests that the location of genetic information-rather than its nature, the purpose for which it is acquired, or the extent to which its surrender was voluntary-is the primary driver of these intrusiveness perceptions. Based on this research, we argue that both police access to non-governmental genetic databases and police use of covert methods to collect DNA in the hope of matching crime scene DNA require judicial authorization, although not necessarily a traditional warrant. More broadly, we argue that empirical data about the public\u27s privacy concerns surrounding law enforcement\u27s collection of and access to genetic data should be an integral consideration in judicial determinations of how these activities should be regulated by the Constitution

Digitizing surveillance: Categorization, space, inequality

In this article, we seek to add to current debates about surveillance and society by critically exploring the social implications of a new and emerging raft of surveillance practices: those that specifically surround digital techniques and technologies. The article has four parts. In the first, we outline the nature of digital surveillance and consider how it differs from other forms of surveillance. The second part of the article explores the interconnections between digital techniques and the changing political economies of cities and urban societies. Here we explore the essential ambivalence of digital surveillance within the context of wider trends towards privatization, liberalization and social polarization. The third part provides some insights into particular aspects of digital surveillance through three examples: algorithmic video surveillance (in which closed circuit television systems are linked to software for the recognition of movement or identity); the increasingly prevalent practices of digital prioritization in transport and communications; and the medical surveillance of populations, wherein databases are created for increasingly mixed state and commercial medical purposes. Following this, in part four, we reflect on the policy and research implications raised by the spread of digital surveillance

Envisioning the FTC as a Facilitator of Blockchain Technology Adoption in the Direct-to-Consumer Genetic Testing Industry

Seemingly overnight, the kingpins of the direct-to-consumer genetic testing (DTC-GT) industry shifted their focus from exploring their customers’ DNA to commodifying it. Companies like Ancestry or 23andMe that were once exclusively known as mere sources of “infotainment” now regularly sell consenting customers’ genetic data to pharmaceutical researchers or use it to develop drugs of their own. To gain these customers’ consent, both firms employ a series of long, complex clickwrap contracts that largely fail to apprise their readers of the potential risks of sharing their genetic data. Nor do these agreements provide any form of compensation to those consumers whose data ultimately facilitates the development of a new, profitable drug. Understandably, the relative autonomy major DTC-GT firms wield over their customers’ genetic information—and the manner in which that autonomy is gained—raises serious privacy and bioethical concerns. More directly, it reflects a stark lack of federal oversight of the data management and storage practices of the DTC-GT industry as a whole. The emerging patchwork of state consumer privacy laws—while certainly more robust than any existing federal legislation—likewise falls short in fully protecting the privacy and dignitary interests of the DTC-GT consumers whose genetic data is shared and mined for profit. This is not to say that DTC-GT consumers should be uniformly prohibited from contributing their genetic data to medicinal research. Such behavior should be encouraged to the extent this information can be transferred and stored securely. Nevertheless, the current exploitation of consumer data by major DTC-GT firms may, over the long term, inhibit medicinal progress by undermining demand for genetic testing and, thus, the pool of genetic data available for research. Accordingly, consumers and researchers alike would benefit from a more secure and equitable method of exchanging genetic information. This Note argues that the recent advent of “blockchain genomics”—a form of exchange that allows consumers to securely loan out their genetic information for research purposes in return for compensation—fits that bill. With mainstream DTC-GT firms unlikely to adopt such a system and no legislative solution on the horizon, this Note further suggests a role for the FTC, the country’s de facto privacy regulator, to nudge major DTC-GT firms in that direction by exercising various tools of its soft regulatory authority