SB 218: Better Guardrails on Law Enforcement Use of DNA
To track the status of this bill, find it on our Legislation Tracker. Click here to contact the sponsor of the bill to share your thoughts, or click here to email your Senator and Representative about it.
Last year, the legislature passed a law to codify procedures allowing law enforcement officers to utilize genetic genealogy databases to obtain your genetic data from private companies without a warrant. Officers simply need “reasonable grounds” that a DNA sample belongs to someone who committed a crime. And rather than getting a judge to sign off, officers only need to work with prosecutors to “consult and agree” that a “search is an appropriate and necessary step.”
Proponents of this bill persuaded the public that consent was being honored, as those who wished to “opt out” of having their genetic data shared with law enforcement could do so—meaning that officers would only receive information from those who gave consent.
As it turns out, that was not accurate.
As revealed in an article by The Intercept last fall, law enforcement officials and the genealogists who assist them have been exploiting a loophole that allowed them to obtain the data of those who had opted out:
The loophole, which a source demonstrated for The Intercept, allows genealogists working with police to manipulate search fields within a DNA comparison tool to trick the system into showing opted-out profiles. In records of communications reviewed by The Intercept, Moore and two other forensic genetic genealogists discussed the loophole and how to trigger it. In a separate communication, one of the genealogists described hiding the fact that her organization had made an identification using an opted-out profile.
Multiple individuals are featured in the story who knowingly violated this (revoked) consent. One of them is CeCe Moore, a genetic genealogist who regularly uses this technology to assist law enforcement. Speaking to elected officials last year on Utah’s bill, she reassured the public that “this tool is being used appropriately and ethically” and that the bill ensured that “best practices” would be followed.
To another audience, Moore said that “If we lose public trust, we will lose this tool.” And yet she was secretly utilizing the tool in a way that completely violated public trust and goes against what she and her associates told the public previously. One such associate, the head of DNA Doe Project, later acknowledged her complicity in this corrupt practice:
In hindsight, it’s clear we failed to consider the critically important need for the public to be able to trust that their DNA data will only be shared and used with their permission and under the restrictions they choose. We should have reported these bugs to GEDmatch and stopped using the affected reports until the bugs were fixed. Instead, on that first day when we found that all of the profiles were set to opt-out, I discouraged our team from reporting them at all. I now know I was wrong and I regret my words and actions.
Last year’s bill was presented as an opportunity to put “guardrails” around the use of this sensitive technology. It is clear that those guardrails did not stop this breech of trust and violation of consent. To that end, Senator Todd Weiler is sponsoring Senate Bill 218, which creates tougher conditions for companies like GEDmatch to meet before they can make their databases available to law enforcement.
The bill creates accountability by allowing individuals to sue these companies if they release the individual’s DNA information to law enforcement after having opted-out. It also requires an audit and transparency to users so they are made aware of how often law enforcement is seeking to use this information.
If law enforcement is going to be allowed to go on fishing expeditions in large databases full of people’s DNA information, then there must be actual guardrails in place to deter misuse and hold abusers accountable. SB 218 is needed to restore public trust to this emerging technology.