In July, he [Fields] asked a judge in the Ninth Judicial Circuit Court of Florida to approve a warrant that would let him override the privacy settings of GEDmatch’s users and search the site’s full database of 1.2 million users. After Judge Patricia Strowbridge agreed, Detective Fields said in an interview, the site complied within 24 hours. He said that some leads had emerged, but that he had yet to make an arrest. He declined to share the warrant or say how it was worded.
Detective Fields described his methods at the International Association of Chiefs of Police conference in Chicago last week. Logan Koepke, a policy analyst at Upturn, a nonprofit in Washington that studies how technology affects social issues, was in the audience. After the talk, “multiple other detectives and officers approached him asking for a copy of the warrant,” Mr. Koepke said.
It is difficult to comment on this case without having the full facts available. As this is an active investigation it is not possible to get a copy of the search warrant to find out why the police thought it necessary to over-ride the consents and we don't know the grounds on which the judge granted the warrant. GEDmatch could potentially have resisted the warrant but they are unlikely to have the resources to fight a lengthy legal battle. They are also likely to be sworn to confidentiality so they would not be able to discuss the case and would not have been in a position to warn their users. But if GEDmatch were sworn to confidentiality I wonder why Detective Fields was boasting about his actions at a police conference.
However, the use of a search warrant in this case does provide cause for concern as it potentially sets a precedent. What is to stop the police issuing search warrants to search for matches at the other testing companies? Would these companies be able to defy the warrant and refuse access? It is also troubling from an international perspective. An American judge has made a unilateral decision which affects the privacy and rights of all of GEDmatch's many international users who do not have any legal or governmental representation in the US. Granting access to the opted out profiles of international customers is not only a disproportionate measure, as their family trees are much less likely to be used to solve the crime, but it is also a gross over-reach by the judge who has passed a judgement which affects individuals who live in countries which are outside her jurisdiction.
If you think you might have been affected I suggest that you write to the Orlando Police Department to find out if your name is included in the match lists they are using. If you are an EU citizen you should be protected by the General Data Protection Regulation (GDPR) and you will have the right to have your information removed. If the police refuse to do so you should complain to your data protection regulator in the EU. If you are in the UK you should write to the Information Commissioner's Office. If you are in Ireland you should write to the Data Protection Commission. The ICO have a handy template on their website which you can use if you wish to submit a complaint. I have now written to the Orlando Police Department and I await their response with interest.
If you feel strongly about this judgement you might also like to write to Judge Patricia Strowbridge. She can be contacted via her judicial assistant. I have sent her an e-mail because I think it's important that she understands the international implications of her decision though I am not expecting a response.
Update 7th November 2019
I have received the following response from Judge Strowbridge's office:
I will comment on this in due course.
Update 7th November 2019
I have received the following response from Judge Strowbridge's office:
"Judge
Strowbridge’s office is in receipt of the email you sent yesterday, November 6,
2019. Unfortunately, the Florida Code of Judicial Conduct strictly prohibits
judges from commenting on any pending cases. As such, Judge Strowbridge is unable
to respond to your email."
Update 13th November 2019
Someone was able to get a redacted version of the GEDmatch search warrant and they've shared it on Twitter. You can access it here:
https://twitter.com/rot13x2/status/1194325134653435904
Update 13th November 2019
Someone was able to get a redacted version of the GEDmatch search warrant and they've shared it on Twitter. You can access it here:
https://twitter.com/rot13x2/status/1194325134653435904
I will comment on this in due course.
Further reading
- Graham Coop on Twitter
- Erin Murphy on Twitter
- There is no opt out by Leah Larkin, The DNA Geek
- A judge said police can search the DNA of 1 million Americans without their consent. What's next? by Jocelyn Kaiser, Science (Note the erronenous headline - the GEDmatch database is international and not US-specific)
- Our stance on protecting customers' data by Kathy Hibbs of 23andMe
- Your privacy is our top priority by Eric Heath, AncestryDNA
- We may be entering a new era for using consumer genetic information to solve crime by Aaron Mak, Slate Magazine
- When governments have access to DNA databases you're right to be scared by John Naughton, The Guardian
- Orlando homicide detective uses commercial DNA website to solve murders WFTV
- Privacy and DNA tests. An interview with Erin Murphy on WVTF.
- About that warrant... by Judy Russell, The Legal Genealogist
Related blog posts
