FB pixel

GEDmatch loophole allows the police to access user DNA without their consent

Categories Biometrics News  |  Law Enforcement
GEDmatch loophole allows the police to access user DNA without their consent
 

On August 14th, DNA biometrics testing identified a body that was found on pilings in a Washington river a year ago, according to a release from the Cowlitz County Sheriff’s Office. It was too decomposed to conduct facial recognition or take fingerprints, the Tri-City Herald reports.

Investigators partnered with Othram, a forensic genetic genealogy lab in Texas, which was able to identify the brother of the unidentified body. The brother confirmed the deceased man was 55-year old Bryan M. Heinrich Sr. based on a tattoo. While there was no foul play in this instance, the case raises questions about privacy concerns with the use of DNA databases in criminal investigations.

By using a privacy loophole in GEDmatch’s services, Cece Moore, an actress and director-turned-genetic genealogist, worked with law enforcement agencies to use privately-held DNA databases to help identify unknown human remains or perpetrators who left DNA at a crime scene, according to The Intercept. A representative of Moore told Biometric Update in an email that the Intercept article contains “inaccurate information and misrepresentations.”

Police and the genealogists working with them can access the loophole by manipulating search fields within a DNA comparison tool to show profiles of individuals who explicitly opted out of sharing their information with police.

Records of communications reveal that Moore, along with two other forensic genealogists discuss how to trigger the loophole. One of the other genealogists mentioned hiding that her organization made an identification using an opted-out profile in separate communication.

Back in 2018 Joseph James DeAngelo, the Golden State Killer, was arrested after a broad, invasive search conducted without a warrant and in such a manner that it appeared to violate the privacy policy of at least one DNA company, according to the LA times.

Prosecutors claim to have used family tree searchers to find relatives of the killer to initially identify DeAngelo. Afterwards, a detective confirmed investigators uploaded semen from a rape kit to develop a DNA profile that was then uploaded to GEDmatch, an open-source platform.

Prosecutors did not share that the genetic material was first sent to FamilyTreeDNA, which allowed law enforcement to create a fake account and search for matching customers. After finding only distant leads, they uploaded the profile to MyHeritage where they identified a close relative who helped break the case.

Prior to The Intercept’s reporting on GEDmatch, Margaret Press, founder of the DNA Doe Project, published a statement on the organization’s website.

“In hindsight, it’s clear we failed to consider the critically important need for the public to be able to trust that their DNA data will only be shared and used with their permission and under the restrictions they choose,” she says.

“We should have reported these bugs to GEDmatch and stopped using the affected reports until the bugs were fixed,” continues Press. “Instead, on that first day when we found that all of the profiles were set to opt-out, I discouraged our team from reporting them at all. I now know I was wrong and I regret my words and actions.”

This post was updated at 7:10pm Eastern on August 23, 2023 to clarify that Margaret Press’ statement was published prior to The Intercept’s article, and at 10:53am Eastern on August 25, 2023 to clarify that one of Moore’s correspondents referred to hiding the opted out matches, clarify the description of involved databases and include a denial of the veracity of the Intercept article.

Article Topics

 |   |   |   |   | 

Latest Biometrics News

 

Ireland will get mDLs in 2025

There’s a wee delay on mobile driver’s licenses (mDL) in Ireland, but the government is on track for a rollout…

 

Google can depose Texas in biometric data privacy lawsuit after partial appeals win

Google will be allowed to depose Texas as it defends itself in a lawsuit brought by the state, but not…

 

Can digital identity wallets fix the identity theft and AI deepfake fraud problem?

As AI becomes a staple of the fraudster’s toolkit, driving an uptick in identity theft and deepfake fraud, some are…

 

Link EU digital ID wallet to social media accounts to end anonymity: Spanish PM

Social media accounts held in the European Union should be linked to EU Digital Identity Wallets to prevent anonymity, Spanish…

 

Dominican Republic awards contract for 5M biometric passports

The Dominican Republic is set to begin issuing biometric passports in August, president Luis Abinader has announced.  The tender for…

 

Digital transformation of healthcare gathers pace globally

The UAE and Estonia could see cooperation in the digital transformation of healthcare. Riina Sikkut, Estonia’s minister of health, said…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events