Wednesday, 6 November 2019

Search warrant granted for access to GEDmatch database

A troubling story has been published in the New York Times about a security breach at GEDmatch. Detective Michael Fields from the Orlando Police Department was able to obtain a search warrant which allowed him to over-ride the privacy settings of individual customers at GEDmatch and search for matches in the entire database rather than in the subset of the database which had opted in to law enforcement matching. Fields had previously been able to use GEDmatch in collaboration with Parabon Nanolabs to identify a suspect in the 2001 murder of Christine Franke. He was disappointed when GEDmatch changed their terms of service in May this year which resulted in all users being required to actively opt in to law enforcement matching. This change effectively reset the number of profiles available for law enforcement matching to zero, including many people who had transferred their results to GEDmatch specifically to help with law enforcement cases. Since then a steady trickle of people have opted back in to law enforcement matching but, according to the New York Times article, just 185,000 of GEDmatch's 1.3 million users have done so at the present time. The cold case which resulted in the search warrant relates to a serial rapist who assaulted a number of women several decades ago, though the full details have not been made public. The New York Times reports as follows:
In July, he [Fields] asked a judge in the Ninth Judicial Circuit Court of Florida to approve a warrant that would let him override the privacy settings of GEDmatch’s users and search the site’s full database of 1.2 million users. After Judge Patricia Strowbridge agreed, Detective Fields said in an interview, the site complied within 24 hours. He said that some leads had emerged, but that he had yet to make an arrest. He declined to share the warrant or say how it was worded. 
Detective Fields described his methods at the International Association of Chiefs of Police conference in Chicago last week. Logan Koepke, a policy analyst at Upturn, a nonprofit in Washington that studies how technology affects social issues, was in the audience. After the talk, “multiple other detectives and officers approached him asking for a copy of the warrant,” Mr. Koepke said.
It is difficult to comment on this case without having the full facts available. As this is an active investigation it is not possible to get a copy of the search warrant to find out why the police thought it necessary to over-ride the consents and we don't know the grounds on which the judge granted the warrant. GEDmatch could potentially have resisted the warrant but they are unlikely to have the resources to fight a lengthy legal battle. They are also likely to be sworn to confidentiality so they would not be able to discuss the case and would not have been in a position to warn their users. But if GEDmatch were sworn to confidentiality I wonder why Detective Fields was boasting about his actions at a police conference.

However, the use of a search warrant in this case does provide cause for concern as it potentially sets a precedent. What is to stop the police issuing search warrants to search for matches at the other testing companies? Would these companies be able to defy the warrant and refuse access? It is also troubling from an international perspective. An American judge has made a unilateral decision which affects the privacy and rights of all of GEDmatch's many international users who do not have any legal or governmental representation in the US. Granting access to the opted out profiles of international customers is not only a disproportionate measure, as their family trees are much less likely to be used to solve the crime, but it is also a gross over-reach by the judge who has passed a judgement which affects individuals who live in countries which are outside her jurisdiction.

If you think you might have been affected I suggest that you write to the Orlando Police Department to find out if your name is included in the match lists they are using. If you are an EU citizen you should be protected by the General Data Protection Regulation (GDPR) and you will have the right to have your information removed. If the police refuse to do so you should complain to your data protection regulator in the EU. If you are in the UK you should write to the Information Commissioner's Office. If you are in Ireland you should write to the Data Protection Commission. The ICO have a handy template on their website which you can use if you wish to submit a complaint. I have now written to the Orlando Police Department and I await their response with interest.

If you feel strongly about this judgement you might also like to write to Judge Patricia Strowbridge. She can be contacted via her judicial assistant. I have sent her an e-mail because I think it's important that she understands the international implications of her decision though I am not expecting a response.

Update 7th  November 2019
I have received the following response from Judge Strowbridge's office:

"Judge Strowbridge’s office is in receipt of the email you sent yesterday, November 6, 2019. Unfortunately, the Florida Code of Judicial Conduct strictly prohibits judges from commenting on any pending cases. As such, Judge Strowbridge is unable to respond to your email."

Update 13th November 2019
Someone was able to get a redacted version of the GEDmatch search warrant and they've shared it on Twitter. You can access it here:

I will comment on this in due course.

Further reading
Related blog posts


cathyd said...

I'm so sick of these GedMatch people ... Am in the process of deleting all kits and quitting Tier One. All they care about is LE. And LE didn't even solve the case! Pitiful.

Debbie Kennett said...

I think it is unfair to blame GEDmatch. They didn't ask for this attention and I suspect there is little they could have done when faced with a search warrant. GEDmatch are not responsible for the complete lack of regulatory and ethical oversight of US law enforcement agencies. They should not have been put in a position where they have to make these decisions.

DNA Genealogy hobbyist said...

Does a Raw DNA file contain tester identity information?

Is it possible to anonymize a DNA file upload to GEDmatch so that the kit provides no information other than an email address for matches to contact?

-rt_/) said...

Those of us concerned about privacy now find ourselves in the extremely unfortunate position of hoping a murderer gets off on a technicality. Presumably, the defense attorneys will challenge the warrant's validity in court, perhaps, based on illegal search without consent. Under the doctrine of "fruit of the poisoned tree", any evidence emanating from the match would be inadmissible.

Debbie Kennett said...

You can't anonymise a raw data file. If you don't provide the data your results can't be added to the database. As long as your matches can see you on their match list you can be identified through your genetic network of cousins even if you are using a different e-mail address. Identification does of course depend on the closeness of your matches. If they're all very distant and sharing less than 30 cM with you then there's probably not a lot of information that could be gleaned. If you wish to remain anonymous the best option would be to upload a kit as a research kit so that you see your matches but they can't see you. There is of course also always the risk that the database could be hacked.

Debbie Kennett said...

I sincerely hope that a murdered doesn't get off because of a technicality. We don't have the full facts about this case so the search warrant may be more justified than we imagine based on the limited press coverage we've seen.

CarolAnne said...

What if the entire genetic genealogy community were to delete their info from Gedmatch for a few months? Wouldn't this show law enforcement how people feel about their intrusion?

Debbie Kennett said...

A mass deletion of DNA kits would certainly have an impact. The police need the trust of the community if they are to continue using GEDmatch.

Rafal Grochala said...

The story developed even further in dangerous direction: law enforcement warrant, owner change, recent security breach, according to

Debbie Kennett said...

Verogen, the new owners of GEDmatch, announced some changes at a forensics conference last week. They are tightening up on security and have employed the full time services of a cybersecurity firm. They are also introducing a separate law enforcement portal and a new forensic genetic genealogy assay. I think we need to wait and see how things develop in the next six months or so but I think the improvements they have in mind should help to alleviate concerns though there are still many ethical challenges to be overcome.