Wednesday 21 August 2019

Getting the most from your new Big Y-700 results

The Big Y test changed to a completely new technology earlier this year. It now covers 50% more of the Y chromosome than previously. And so it is anticipated that the new test will discover additional SNP markers that the old technology did not detect. Furthermore, the new SNPs should be able to more accurately date the various branching points on the Tree of Mankind.

It also gives us approximately 700 STR markers whereas the previous test only gave approximately 500 STRs. As a result, the old test is called the Big Y-500 and the new one is called the Big Y-700. Going forward, all new Big Y orders will use this new technology.

For those who did the old test, it is possible to upgrade from the Big Y-500 to the Big Y-700. But for everyone who does the new test, or upgrades from the old version to the new version, it is essential that you upload a copy of your results to the Big Tree so that we can get some essential additional analyses. You will find instructions for doing so on the Big Tree website here and on the Y-DNA Data Warehouse website here but I include a briefer summary below.

What do you get from your Results?

Your results should be analysed within a week or two and you can check them by navigating to your particular portion of the Big Tree. For members of Ryan Group 2 (for example), their Terminal SNP is M756 and you will find this branch on the Big Tree here (see screenshot below). The diagram nicely illustrates their placement on the Tree of Mankind and the surnames of the people sitting on neighbouring branches to their own. This information can be very useful for determining the geographic origins of your particular direct male line and for determining if your name is associated with an Ancient Irish Clan.

Project Administrators can use programmes like the SAPP tool to generate Mutation History Trees and determine the likely branching structure of your particular "genetic family" from the time of surname origins up to the present day. This process can also help identify which Ryan's (for example) are more closely related to each other and which are more distantly related. It is also possible to date the branching points within the Mutation History Tree using SNP data as well as STR data. This process is likely to become more accurate with the advent of the new Big Y-700 data and the identification of new SNPs. It is anticipated that the new data will reduce the number of "years per SNP" from about 130 to about 80 years per SNP. You can read more about this here.

You can also click on your surname above your kit number for an analysis of your Unique / Private SNPs. These may prove useful in the future for defining new downstream branches in the Mutation History Tree and for dating new branching points. But this very much depends on new people joining the project and undertaking Big Y-700 testing (so that we can compare apples with apples). And as this is a new test, it is likely that we will have to wait some time before we begin to see real benefits from it.

Creating a Link to your Big Y results

In order to create a downloadable link to your Big Y results, first log in to your FTDNA account and go to your Big Y Results page ...

Then click on the blue Download Raw Data button ...

Then you need to create a link to two separate files - your VCF file and your BAM file. The VCF file is used for placing you on The Big Tree. The BAM file is used for high-end technical analysis by the folks at the Y-DNA Data Warehouse. You can see some of the results so far on their Coverage Page here (and if you like you can search for kits by surname, including your own).

1) to create a link to your VCF file, right click on the green Download VCF button, and then click on "Copy link" from the drop-down menu. You will later paste this link into the the "Download URL" box on the Submission Form.
Alternatively you can simply (left) click on the green Download VCF button and this downloads a 10 MB file to your computer. This can then be directly uploaded via the Submission Form below. However it is preferable (and less problematic) to generate a link instead.
2) to create a link to your BAM file, click on the green Generate BAM button. You will then get a message that "Your Big Y BAM file is currently being generated" (see below). This generates a very large BAM file ... but it takes several days to prepare so you will have to come back to this page in a few days time! Put a reminder in your diary / calendar!

Uploading your VCF file

Having created the first link (to your VCF file) and copied it, click here to go to the Y-DNA Data Warehouse and fill in the form with your standard information - email, kit number, surname of your paternal MDKA (Most Distant Known Ancestor), and (most importantly) the link to your file - you do this by pasting the link you copied earlier into the "Download URL" box underneath the heading "Raw Data Upload" at the bottom of the page.

If you want to upload the actual file itself (rather than a link), click on the blue Direct tab under "Raw Data Upload" and then click on the "Choose File" button and attach the file from where you downloaded it onto your computer (on my laptop, the "Choose File" button appears to be slightly hidden under some text but it works if you click on the start of the text). 

Don't forget to tick the checkbox to confirm you agree with the Data Policy and then click the blue Submit button.

Uploading your BAM file

Several days later, come back to this same place to get a link to your newly generated BAM file. So, navigate to your Big Y Results page, and after clicking on the blue Download Raw Data button, you will find that the BAM file has been generated. DO NOT DOWNLOAD IT - you don't need to and it is way too big. Instead, click on the green Share BAM button and then the green Copy button in order to copy a link to your BAM file. You will share this link in the next step.

Then go to the Y-DNA Data Warehouse and fill in the same form as before BUT ...

  1. select Other for the Testing Lab
  2. enter your Kit ID Number 
  3. leave everything else on its default setting
  4. paste the link to the BAM file in the "Download URL" box underneath the heading "Raw Data Upload"
  5. tick the checkbox to confirm you agree with the Data Policy and then click the blue Submit button

Maurice Gleeson
Aug 2019

Wednesday 10 July 2019

Optimising your Anonymity & Privacy with DNA tests

Here are some practical hints and tips to optimise your Privacy if you are thinking of doing a DNA test (or you have already done one).

1) Don’t test!
This is the simplest way to avoid exposing your self to potential online scrutiny and unwanted intrusion from others. If you are not sure whether you should do a DNA test or not, do yourself a favour and don't test. You will only worry about it if you do.

2) Get your brother to do it instead
Some people are less concerned about privacy than others ... so if this is how one of your siblings feels, why not ask them to test instead? One person I know did this and everyone was happy. Win-win.

3) Don't use your Real Name
You are not obliged to use your real name. You can use whatever name you want. I don't recommend using "Clint Eastwood" (unless you want unlimited fan-mail) - much better to use something completely nondescript like John Williams or Jane Jones.

Genealogically it makes sense to use your surname (as this will help with any genealogical research) but again, it's not essential. You can just as easily use an alias, a pseudonym, or a nom de plume. Or even a sequence of letters & numbers … FYL227 has a particular ring to it.

A cunning disguise will fool most people
(this is obviously Groucho Marx in a wig)

4) Disguise your Personal Information

Similar to above, you are under no obligation to use your real date of birth. Now is the perfect opportunity to take 10 years off your age. I did and I feel so much better.

You could also create a bespoke, untraceable email address just for your DNA tests. It's easy to set one up on Gmail and have any messages directed to your inbox. I believe is already taken but something similar would work just as well. It would be extremely difficult to identify you from a seemingly random combination of letters and numbers.

Only give the minimum amount of information necessary. I don't bother with my postal address or telephone number. If they can't reach me by email then I am probably on a retreat to the North Pole and they are unlikely to reach me by snail mail or telephone either.

5) Privatise your DNA account
All the testing companies allow you the option to make your results completely private. For some, this means that your matches cannot see you, but you cannot see them either. And this seems like it might defeat the purpose of doing the test in the first place, but not so! You can de-privatise your results when you want to work on them, and re-privatise them when you have finished. This minimises the amount of time you are "exposed to public view" by your matches.

Here is how to privatise your DNA matches on the various websites ...
  • Ancestry: go to Your DNA Results Summary, click on Settings, then scroll down to Visibility & Sharing, click on DNA Matches, tick the Off button, and click Save. To reverse this process, tick the On button, and click Save. Once you have privatised your DNA matches, they cannot see you and you cannot see them.
  • 23andMe: click on your name or icon in the top right, click on Settings, scroll down to Privacy / Sharing, click on the Edit button, scroll down to DNA Relatives and click on Manage your Preferences, then click on "I would like to stop participating in DNA Relatives". Then click the Finish button. Once you have privatised your DNA matches, they cannot see you and you cannot see them.
  • MyHeritage: click on your name in the menu bar at the top, then click on My Privacy, then click on My DNA Preferences, then select the DNA kit you wish to customise (from the drop-down menu), then untick the Enable DNA Matching box, and then click on Save Once you have privatised your DNA matches, they cannot see you and you cannot see them.
  • FTDNA: click on your name in the menu bar at the top, then click on Account Settings, then click on Privacy & Sharing, and then under Matching Preferences, click on the button beside Opt in to Matching so that it switches to the Off position. Your changes are automatically saved. A pop-up box appears at the bottom of the page after about 10 seconds stating "Your selections have been saved".  Once you have privatised your DNA matches, they cannot see you and you cannot see them.
  • LivingDNA: click on Profiles in the menu bar at the left, select your profile, scroll down to Family Matching, click on Opted In, tick the Opt Out button, and then click Save Once you have privatised your DNA matches, they cannot see you and you cannot see them.
  • GEDmatch: on the Home Page, scroll down to Your DNA Resources and find your kit number. Click on the Edit icon to the right of your kit number. Scroll down to Public Profile, and under Change Access, tick the Research button and then the green Change button. This makes your kit private and no one can see you as a match, but you can still see all your DNA matches.

6) Privatise your Family Tree
Without a family tree attached to them, DNA results are relatively useless. You could show up as a close "2nd cousin match" to someone else but if you haven't supplied any family tree information, it can be very difficult for them to figure out how you fit in to their tree.

Keeping your family tree private is as effective as keeping your DNA results hidden (if not moreso).

7) Delete your DNA account

If you have finished working with them, you could delete your results completely. This works really well if you have transferred your results to a particular website from another company - you can always keep the original results on the website you initially tested with and re-upload them again at any time.

Similarly, you can delete your kit from any website and have your sample destroyed.

So there are ways and means of finding the level of privacy and security that you personally feel comfortable with. Can you think of any others? Leave a comment below. 

Have fun! Play safe!
Maurice Gleeson
July 2019
updated Sep 2023

Tuesday 9 July 2019

Irish Mother finds her son ... 60 years later

When it came time for her to deliver, she was taken into a room and put to sleep. When she woke up, the large bump of her pregnancy was gone, and so was her child. For the past 60 years she has always wondered if it was a boy or a girl - they wouldn't tell her.

Now, 60 years later, thanks to DNA, she knows. It's a boy.

There are many people in Ireland searching for their birth family. Some are adoptees, some are foundlings, some are people who were raised in industrial schools, some of whom were boarded out. Over the past few years, many of these people have turned to DNA for help, and these numbers are increasing all the time as the success stories of people finding family through DNA are becoming more widespread.

But it's not just the children that are searching for their families, it's the parents too. I have been working with several birth mothers (in their 70s and 80s) who are trying to locate the child that was taken away from them many decades beforehand. Many tell a similar story, like the one at the top of this article. They had little control over what happened to them. Decisions were made for them. And they were left with little or no information about the child they gave birth to, not even what gender it was.

I am delighted to announce that one of my clients (the woman above) has finally reconnected with her son. She gave up her child 60 odd years ago, and it only took 12 months for DNA to find him. She tested with Ancestry and then uploaded her data to FamilyTreeDNA, MyHeritage & Gedmatch (the recommended approach).

Now comes the next step in their journey - getting to know each other, building bridges, putting the past in the past, and moving into the future. This is a slow process that will take a lot of work on both sides.

Any birth parent who wants to find and contact their child should first seek advice from the Adoption Authority of Ireland (AAI). They can help you sign up to the National Adoption Contact Preference Register (application form here, and Frequently Asked Questions here) and help you to contact the Agency who placed your child for adoption. You can email the AAI at This should be your first port of call before turning to DNA.

If tracing using the first-line method above is unsuccessful, then you can consider DNA testing. The recommended approach is to test with Ancestry, and then upload a copy of the results to MyHeritage, FamilyTreeDNA, LivingDNA and Gedmatch. If this is unsuccessful, you should also test with 23andMe. If this is still unsuccessful, then it becomes a waiting game. You are hoping that some time soon your child or one of their children will do a DNA test and pop up in one of the databases as your closest match.

When they do, the connection may be instantaneous and things may move very quickly indeed so be prepared - think about what you want to tell them, think about the sort of questions they may ask you, write it all down, and put it in a letter (or two) that you can post or email to your child.

For most people, reconnection is an emotional rollercoaster. It is best to have professional help on hand in case you need it. Take things slowly. You will need time to process your feelings. So will the other person and their family. Be kind to yourself and to others.

Further information can be found in an earlier blog post here. For ways of optimising your Privacy with DNA tests, read this post here.

My thanks go to Ancestry who provided free DNA kits to help with this research.

Maurice Gleeson
July 2019

Saturday 18 May 2019

Civil Liberties vs The Greater Good

It's been a year since Law Enforcement Matching (LEM)* has resulted in the identification of suspects in at least 50 cases of violent crime in the US. [1] The power of genetic genealogy techniques to solve these crimes is truly amazing and is a real game-changer for law enforcement (LE), not just in cold cases but in active cases where the perpetrator is still at large and may offend again. [2,3]

But against this are the growing concerns about infringement of civil liberties, in particular lack of informed consent and intrusive police procedures which may unfairly target innocent people. These are legitimate concerns and need to be addressed. [4,5,6]

Previously I have suggested a very cautious, conservative approach to law enforcement use of the genetic genealogy databases. [7] In this post, I'll take a broader look at the overall Benefit Risk Ratio of Law Enforcement Matching and explore how this can be further improved by appropriate Risk Minimisation.

The potential Benefits of Law Enforcement Matching are many:
  1. It helps solve "cold cases" of violent crime where the victim has been killed or raped or both. This can bring closure to the families involved and save a huge amount of time and money for LE, thus allowing limited police resources to be used more efficiently.
  2. It can help solve "active investigations" where the rapist or killer is still at large, and thus helps remove violent criminals from the streets, potentially preventing further violent crime and loss of life. [2,3]
  3. It is the certainty of being caught rather than the severity of the penalty that stops criminals from committing crimes in the first place. The advent of LEM has created the possibility that many criminals will now think twice before committing a crime because of the very high risk of being caught using LEM.
  4. By reducing the risk from active violent criminals and by serving as a deterrent, it makes the society we live in a safer place.

These are the Benefits. What are the Risks?
  1. LEM is being undertaken without the express Informed Consent of a sizeable number of people within the genetic genealogy databases (possibly the majority). This is because some of them are deceased, some people have not read the revised Terms, and some kits are managed by other people who are making the decisions for them. And there are probably other reasons also.
  2. The recent Utah case [2,3] illustrated that Gedmatch was in breach of its own Terms. [4,5] Gedmatch argued that this action was justified, given the violent circumstances of the case concerned. Others have argued that this is a slippery slope [5] and that soon non-violent crimes will be the target for LEM. This raises fears of inappropriate and intrusive police action and an increased risk of inappropriate or wrongful targeting, and even wrongful conviction.
  3. Some people have moral objections to the death penalty and would not like to see their DNA being used to identify criminals whose punishment would be death.
  4. If LEM is not carried out with appropriate oversight and safeguards, there is a risk that it will be "shut down", thus depriving society of a very powerful tool for crime detection and prevention, and denying future generations the potential benefits that it may provide. Update: as of Sunday 19th May 2019 (the day after this post was written), everyone in the Gedmatch database has been automatically opted-out of LEM. A process will be instituted in the next week or so to allow people to actively opt back in.
  5. LEM does not guarantee anonymity of the "passive genetic informants". Brandy Jennings will always be known as the woman who helped convict her cousin. Her name is out there. Forever. This puts her at risk of revenge attacks, unwanted media intrusion and public scrutiny (like this blog post).

If LEM is to survive and thrive, there needs to be a process of Risk Minimisation in order to optimise the Benefit Risk Ratio. So how do we minimise each of the Risks identified above?

Let's take a look at Informed Consent  The first important point to make is that the requirement for Informed Consent is not absolute. In medicine, if someone arrives unconscious at the Emergency Department and needs an urgent blood transfusion to save their life, the doctor can order for such an infusion to be given without the patient's consent. And in most circumstances the patient will thank them for saving their life. But there are exceptions - if the patient later turns out to be a Jehovah's Witness then they may be very upset by this course of action and may attempt to sue the hospital. However, if it can be shown that the doctor "acted in good faith" and provided a reasonable standard of care, then he should get off the hook.

So this raises the question: is the requirement for Informed Consent absolutely essential in the situation where a murderer may kill someone again unless they are caught quickly? My gut feeling in this case is: go ahead and catch the murderer. The requirement for Informed Consent is not absolute in this case. Not to proceed in this fashion risks another murder ... and how would you explain to the victim's family that you did not catch the killer when you could have, because of concerns over Informed Consent? Would they buy your explanation? Would they agree that "Mum had no option but to lose her life because Informed Consent wasn't obtained?" I don't think they would agree with that line of logic. Rather they would say: you should have found some way around it. You should have made it happen. You should have found some solution.

And that is where we now stand: how do we find a solution to this issue? who determines if the Right to Informed Consent is absolute under these circumstances? 

In the UK, Biometric and Forensic Ethics Group (BFEG) is discussing the application of LEM to policing in Britain, following the receipt of many enquiries. In the minutes of their September meeting, they made the following statement:
The BFEG cautioned against using this approach in the UK. Asides from the issues of incompatibility of testing carried out in an unaccredited environment, the ethical issues of using DNA profiles provided for genealogy purposes were considerable.
Whilst this statement clearly recognises the ethical issues involved, it does not suggest any means by which they might be resolved. One also wonders to what extent the BFEG were sufficiently informed about the way that LEM operates in practice such that a comprehensive evaluation of the Benefit Risk Ratio could be made. There is also the consideration that LEM may not be as urgently required in the UK (for example) as it might be in other jurisdictions due to the relatively lower rate of violent crimes and the relative greater potency of the national forensic database.

The second risk described above is the risk of inappropriate or wrongful targeting. Gedmatch breached their Terms of Service. And they did so for justifiable reasons. And many people will agree with those reasons and the subsequent actions, and many will not. The remedy is quite simple: change the Terms, apologise to the customers, move forward. Most people will be happy with that. Some won't.

However, it does raise some very important questions. First off: who is the Gatekeeper? 

Who decides whether or not LE can use the database? Should it be a single person (as in the case of Gedmatch)? or should it be a group of people, a committee perhaps? But then who decides who sits on such a Committee? Should I be on the Committee? Should I make decisions for what the FBI can and cannot do? Do I have the requisite skills and experience? Who does?

In the UK, should the BFEG decide on which cases can make use of the commercial DTC databases and which cannot? Do they have the requisite skills and experience?

In the US, does the FBI have a Committee that decides what cases can and cannot be progressed? Does Parabon? Does Bode? Are the terms under which such committees operate transparent? If not, how do we know if they are reasonable? And one final question: are the workings of such committees overseen by an appropriate authority? 

Who gatekeeps the Gatekeeper?

Thus there is a need for a clearly defined process with appropriate stops and checks. And there is a need for transparency so that public confidence can be attained and legitimate fears and concerns can be minimised. I would feel a lot safer if there were processes in place that would help minimise the risk of inappropriate use of the databases. It would also take the burden off the CEOs of Gedmatch and FTDNA (and the other commercial companies).

Which brings us to the risk of inappropriate or wrongful targeting. This has always been a problem with police forces everywhere. Often they get it right, but often they get it wrong. And sometimes they plant evidence to get the conviction they desire. We've all seen it in the movies.

There have been several cases where genetic genealogy has been used to target the wrong person. People often say: DNA doesn't lie. But what these cases have shown is that it can certainly be misread, misinterpreted, misunderstood and misconstrued. It can lead you on a wild goose chase, barking up the wrong tree. And that can cause harm. Michael Usry suffered the distress of unnecessary police intrusion, anxiety while waiting for the DNA results that could potentially convict him, and potential damage to his career and reputation despite being exonerated. His name is out there. Forever.

Here's another consideration: if you are a police officer, and you are certain that someone has committed a crime but there isn't enough evidence to convict him, just plant some of his DNA at the crime scene. Or at any appropriate crime scene for that matter. Frame him with his own DNA. Put him behind bars, where he deserves to be. The new technology allows this. [8] It may even have been done in the past when only standard forensic DNA tests were available. Has a movie been made about that?

The Innocence Project has had 350 exonerations to date - 20 of them were on death row. So clearly there is a risk of wrongful conviction and the death penalty. It may be a small risk, but IT IS THERE. And it needs to be minimised. 

But is this more a problem of the criminal justice system than the actual use of LEM itself? Yes, it is. LEM doesn't kill people, people kill people. But the context within which LEM is applied needs to be taken into consideration. In those jurisdictions where the death penalty is not enforced, LEM will not result in deaths due to wrongful conviction (unless the innocent convict is killed in prison). But in those jurisdictions where the death penalty is enforced, then there is a definite risk of wrongful death. How can such a risk be minimised?

Furthermore, we need to think beyond the English-speaking world. Most commercial DNA tests have been done by people in the US, followed by smaller percentages in the UK, Ireland, Canada, Australia and New Zealand. LEM is more likely to be successful in the US, less likely in the other English-speaking countries, and much less likely anywhere else ... with some rare exceptions. Sweden, for example, has had a large proportion of its population tested. Iceland has had practically the entire population tested. Kuwait tried to test the entire population but their efforts were overturned by their Supreme Court. China has surreptitiously tested 50 million people (i.e. no informed consent) and has used the data to send members of the Uighur minority to "Re-education Camps". 

To what extent are we responsible for this?

Who is looking after the planet?

The last Risk identified above is the loss of anonymity for "passive genetic informants". The Brandy Jennings case was cited. Her name appears on a Search Warrant that was obtained by the Press under Freedom of Information legislation and was made public. This exposes her to revenge attacks as well as unwanted Press intrusion and public scrutiny (like this blog post). 

The Take Home Message is: by allowing your DNA to be used for LEM, you risk being named in the newspaper and on TV. Does that give you pause for thought? It does me.

This is definitely a risk and it definitely needs to be minimised. But is this more an issue relating to the nature and culture of how the Press reports than the actual use of LEM itself? Yes, it is. And again, the context within which LEM is practiced is all important. What is a risk in one country may not be a risk in another. And this emphasises the need for a global perspective in relation to LEM and the context in which it is practised.

How could this Risk of loss of anonymity be minimised? Well, it would have been nice if the names of the "passive genetic informants" had been redacted. Should someone have done this? Who is responsible for safeguarding the anonymity of the "passive genetic informant"? Does anyone know? Someone should change the Policies and Procedures of the FBI and other relevant LE authorities such that safeguards are put in place to minimise the risk of loss of anonymity and such that Privacy for those in the commercial database can be optimised.

It is only by minimising the risks associated with LEM that the Benefit Risk Ratio for its continued use remains optimal. And this helps safeguard the future viability of this incredibly powerful tool that holds the promise of making society a safer place for this generation and the ones to follow.

Maurice Gleeson
May 2019

* LEM, Law Enforcement Matching refers to the use of the genetic genealogy databases (e.g. Gedmatch, FTDNA) by law enforcement officials to help identify perpetrators of crimes, usually "cold cases" involving rape or murder.
[7] Maurice Gleeson: My input to FTDNA's Citizen Panel ...
[8] DNA Evidence Can Be Fabricated, Scientists Show (NY Times, 2009) ...

Tuesday 19 March 2019

My input to FTDNA's Citizen Panel

Recently I was privileged to be invited to be part of FamilyTreeDNA's Citizen Panel to advise on steps to meet the privacy requirements of FTDNA's members and at the same time allowing the FTDNA database to be of service to the wider community.

FTDNA have long been leaders in the field of genetic genealogy - they were the first company to provide DNA tests aimed specifically at the genealogy community and remain the only company to provide their customers with an infrastructure for running their own DNA projects. In fact, it can be argued that without FTDNA there would have been no genetic genealogy - I certainly owe them a debt of gratitude for fostering my own emergence as a genetic genealogist. This active promotion of Citizen Science has resulted in great advances in the field of genetics, such as the ongoing characterisation of the Tree of Mankind (Y-Haplotree) and the Tree of Womankind (mitochondrial Haplotree). They were also the first company to introduce a chromosome browser and many other tools to help with the interpretation of our autosomal DNA results. They have also actively supported the community through sponsorship of scientific meetings and conferences, such as Genetic Genealogy Ireland and the DNA Lectures at Who Do You Think You Are - Live!

So it was an honour to be part of the Citizen's Panel and to help contribute to the continued leadership of this great company.

The use of Genetic Genealogy Techniques by law enforcement is just the latest in the potential applications of these techniques. We as a community have been using these same techniques for many years to help adoptees connect with their birth families, and the use by law enforcement is a further natural extension of the methodology. It also has potential applications in any mass grave situation and in the future we may see its increasing use in such circumstances (e.g. to help identify soldiers who have been killed in the field of battle, to identify victims of natural disasters, such as the California Wild Fires, to identify the children buried at the former Tuam Children's Home, etc). And the availability of public, crowd-sourced databases to help achieve these important objectives will help increase the likelihood of successful identification and positive outcomes. Recent surveys have demonstrated broad public support for the use of public DNA databases to achieve these aims, but have hinted that additional regulation may be necessary.

FTDNA are to be congratulated for their continuing leadership in this regard. They are the first of the commercial companies to recognise the power of crowd-sourced databases to achieve the Greater Good. Their revised Terms of Service and Privacy Statement address a lot of the concerns that have been raised in the ongoing debate about law enforcement access to public DNA databases and they should be commended for this latest revision. No doubt as the debate continues, and different perspectives are aired, the need to revise and refine the approach to privacy and consent will change and the Terms will evolve accordingly. This is only natural. Privacy, Consent & Data Protection are not static topics. They never were. They are ever-evolving and will continue to evolve over the course of time.

In addition, their new Law Enforcement Matching FAQs and Law Enforcement Guide are an important advance toward explaining the current situation, allaying customers concerns, and satisfying the need for information.

So well done to FTDNA on taking the lead in addressing this issue head on and advancing the cause of the Greater Good. Hopefully, as the debate continues, additional safeguards will be identified and introduced such that any potential risks associated with the process of Law Enforcement Matching will be effectively neutralised.

Being part of the Citizen's Panel was of enormous benefit to me personally. It afforded me the opportunity to review all the many blog posts and Facebook comments that have been exchanged over the past year or so since the prime suspect in the Golden State Killer case was identified in April 2018. The advice I provided was based on my assessment and interpretation of the various perspectives and concerns aired in this ongoing debate. I hope I have captured all of them. In addition, I also have to thank my colleagues here in the UK and Ireland for our extremely fruitful ongoing discussions, partially arising out of GDPR, and many of my recommendations are based on these interchanges. In particular, I would like to thank Debbie Kennett, James Irvine, John Cleary, Donna Rutherford and Michelle Leonard whose sage advice and measured commentary have helped form my own opinions.

I found that the recommendations arising from my review incorporated a useful summary of the key issues that we as a community (and as a society) currently face. As such, I think that many people would find this very helpful in educating themselves about the issues involved and formulating their own opinions. As this is merely a summary of issues that have already been aired publicly, and as there was no requirement for a Non-Disclosure Agreement, I have appended my analysis and recommendations in their entirety below (this was an email that I sent on Feb 25th). I also believe that doing so is important as it helps promote the transparency of the Citizen's Panel (which ideally should reflect the broad range of views held by the customer base). I hope people find the advice informative (there are hyperlinks within the text) and that it is a useful contribution to the ongoing debate.

We are in exciting and unchartered territory. We are living in interesting times. The decisions we take today may have huge implications for privacy, consent, data protection, and the Greater Good. The debate is not over and will continue well into the foreseeable future. But it is very encouraging to see that FTDNA took many of my suggestions on board for their revised Terms of Service and no doubt this will be only one of many future revisions of their Terms over the coming years.

Hopefully other companies will follow suit as the situation evolves. People want to contribute to the Greater Good and there is a moral imperative to facilitate that happening. The devil is in the detail - we need to identify all potential risks and introduce sufficient (and not overly-restrictive) safeguards to minimise them. FTDNA's revised Terms of Service are a step in the right direction.

Maurice Gleeson
March 2019
FTDNA have kindly sponsored the Genetic Genealogy Ireland conference that I organise each year in Dublin & Belfast. I am very grateful for this sponsorship. They have occasionally paid part of my travel and accommodation expenses at these events.

My advice to FamilyTreeDNA as a member of the Citizen's Panel:

Feb 25th, 2019

Dear Bennett and Max

Thank you for inviting me to be part of the Citizen’s Panel. It is an honour and a privilege and I am very grateful indeed.

Let me start by saying that if it wasn’t for you both, I would not be the citizen scientist that I am today. None of us would. Without FamilyTreeDNA’s vision and the creation of an infrastructure that allows ordinary citizens to run their own DNA Projects, the genetic genealogy community as we know it today, would never have emerged. And therefore, I am acutely aware of the debt of gratitude that we owe to FTDNA as a company, to all its employees, and to the both of you in particular.

With that in mind, what follows comes from a place of deep respect for you both and I hope my honest and direct assessment serves as a useful addition to the ongoing conversation. Please feel free to pass these comments on to your legal team to help them in their exploration of the various international legal ramifications, and also to your PR consultants to help them in their efforts at damage control. My current thoughts have formed gradually over the past few months (having read the many posts and comments and blogs relating to this issue) and are likely to evolve further as the situation unfolds.

Ever since the news that the FBI were making use of the FTDNA database, I have struggled with the two default options before us for a database that allows LE (Law Enforcement) access:
  1. default opt in database, from which customers can opt out
  2. default opt out database, into which customers can opt in

1. The current situation: default “opt in”, optional “opt out” of all matching
The current situation is a default opt in database from which customers can opt out. But doing so means opting out from all matching, which for many customers was the main reason for joining the database in the first place. Some may claim that their consumer rights have been infringed by this move and may have a legitimate case for compensation. Not only might this impose a financial strain on the company, but it would be extremely bad press.

2. The new proposal: default “opt in”, optional “opt out” of LE matching
The new proposal to have a separate “opt out” option such that "Users can opt-out of Law Enforcement Matching at any time, while retaining the ability to see all of their matches” is a step toward remedying the current situation and no doubt will satisfy a lot of your customer base. But there are several major risks associated with this approach that could substantially damage the business:
  1. It will be easy to apply the revised consent process to new customers, but much more difficult to apply it to existing customers. Emails could be sent out to all customers telling them they can opt out if they want to, but many customers do not read their emails and others do not bother replying. Lack of objection to the default “opt in” cannot be interpreted as express or explicit consent. FTDNA could lock people out of their accounts until such time as they had acknowledged they are happy being opted in automatically, but a lot of people haven’t accessed their account for years so this too is not a foolproof method of confirming that people are consenting to the default opt in. 
  2. In addition, dead people will obviously not be able to re-consent, and many have not appointed beneficiaries … so do dead people have rights in this regard? Do their families? It is important that FTDNA does not to appear to walk over the (perceived) rights of dead people. And in addition, this will be a particularly sensitive issue for some people with indigenous status both within the US and outside (such as the Havasupai tribe).
  3. Many Users manage kits for other people - there is no guarantee that they will consult with those people and therefore there is a real risk that some customers will be opted in for something they did not consent to. This is a major flaw in the proposed new system and FTDNA will be heavily criticised for it.
  4. The FBI only have jurisdiction in the US. They don’t have jurisdiction in Europe, the Middle East, Australia, etc. So all customers falling outside of the FBIs jurisdiction should automatically be opted out of the "LE-only" database.
  5. there is a convincing argument that access to matches' personal data (e.g. names, email addresses, matching segment data) by LE is beyond the intention for which the database was set up and requires separate optional “opt in” consent in a similar way to consent for scientific research (see the dedicated consent processes at Ancestry & MyHeritage)
  6. this specific point is made in the Future of Privacy Forum’s Best Practice Guidelines (see section IIb on page 4). LE access clearly falls under the “incompatible secondary use” category and this would therefore require "separate express consent". (Incidentally, the fact that FTDNA has been expelled from the forum raises serious concerns in people’s minds and FTDNA will be branded in the media as "the company that does not follow Best Practice Guidelines”.)
  7. Under GDPR, there is a specific requirement to collect “freely given, specific, informed and unambiguous consent” from customers before sending them marketing emails (Article 32). The same GDPR requirements also apply when allowing LE to access the personal data (name, email, family tree) of any matches that any of the kits uploaded by LE may have. Consent must be explicitly “opt in” and cannot be “opt in” by default. This is covered in the section on consent in the Guide to GDPR and falls under section 3 of the UK’s Data Protection Act 2018  Your legal team should offer specific advice not just on the GDPR requirements in this regard, but also the requirements of the DPA 2018. Further specific information on the use of personal data by LE is available from the Information Commissioner’s Office.
  8. in the UK, the Information Commissioner's Office (ICO) is particularly sensitised to LE use of personal data following a recent investigation into the UK Police’s use of a “Gang Matrix” (consisting of suspected gang members) which was shared by the police with several different government organisations. The ICO found this to be in breach of GDPR and an Enforcement Notice was instituted against the police. If a company (such as FTDNA) were to be perceived as doing something similar, a hefty fine (of up to 20 million euro or 4% of company annual turnover) might be levied as well as an Enforcement Order. The largest fine to date is 50 million euro (against Google last month).
  9. From the discussions on Facebook, it would appear that at least one person has instituted a GDPR complaint (there may be others). There is also talk of a class action law suit. Furthermore, there are dedicated groups whose sole objective is to aggressively fight against perceived breaches of privacy and “forced consent". NOYB is one such group and they have brought successful GDPR actions against Google and Facebook … so there is a real risk that they could take similar action against FTDNA, particularly if alerted by an aggrieved customer or a competitor. Any such legal activity will tie up FTDNA in terms of time, money & resources, not to mention the damage to its public image and the opportunity cost resulting from the consequent loss of business. Thus such possible consequences are to be avoided at all costs.
  10. FTDNA is in danger of losing its EU/US Privacy Shield status by converting a genealogy database into an LE database. One of the basic principles of the Privacy Shield is data integrity and purpose limitation  The revocation of the Privacy Shield is likely to hit European recruitment hard.
  11. FTDNA relies greatly on the support of volunteer project administrators to promote the company both online and offline at various genealogy events. Those admins who disagree with the proposed opt out policy are likely to become disillusioned and withdraw their support for the company or post damaging negative comments which could impact on the company’s sales and reputation.

For these reasons the optional "opt out” system will not work. It has to be changed to an optional “opt in” with “opt out” being the default position. This move is likely to severely compromise the ability of the “LE-only” database to catch killers & rapists (something we all want to do), but we cannot set up a database for US law enforcement that is in breach of international data protection laws even if the benefits for the greater good are plainly evident to all. In fact, if the "LE-only” database is built in the wrong way, with undue haste and lack of forethought, the public will lose trust in the process and ultimately more harm than good will be done by this precipitous action. 

And FTDNA’s public image will suffer hugely. Despite the best intentions of FTDNA, it will be seen as the company that ultimately destroyed the possibility of a voluntary database that helps LE catch killers & rapists.

3. The alternative solution: default “opt out”, optional “opt in” to LE matching
If FTDNA copied the same process introduced by Gedmatch, this would be a significant advance. Consent is explicitly obtained from all new Users to “opt in” to a database that is clearly described as allowing LE access. Gedmatch has a second option for their Users, namely that those who choose to can additionally “opt out” of having LE (or anyone else for that matter) see their kit (the “Research kit only” option). Thus there is an initial informed consent obtained from each User followed by an "escape route" should they so desire. This two-step process goes a long way toward reassuring customers and building trust in the system. 

And this 2-step process could also be introduced by FTDNA. Copying the Gedmatch approach would allay a lot of fears and help restore public confidence in FTDNA. It would also potentially allow FTDNA to collaborate with Gedmatch on resolving the exact same legal issues. 

This optional “opt in” LE-only database will take a lot longer to build than a default “opt in” database, but it will be more robust and less vulnerable to attack, thus helping to ensure its survival and making it more likely that it will achieve its goals of catching violent criminals and bringing closure to victim’s families.

However, even with the alternative default “opt out” / optional “opt in” LE-only database, there remain several very significant problems: 
  1. the ongoing legal action by Maryland (and potentially other states) arguing that LE access is a breach of the 4th Amendment. The publicity of the case may be even more damaging to FTDNA (and Gedmatch) than any eventual legal decision.
  2. the inherent vulnerability of the database to exploitation by undesirable forces (see below)

4. Vulnerability of the database 
Even if a separate optional "opt in" database is created for LE use, what is to stop them from continuing to use the general database surreptitiously, in the same way the FBI were using it before FTDNA discovered them? Conceivably, the FBI (or any LE agency) could say that they will comply with the revised Terms of Service but thereafter could simply upload DNA profiles “undercover”, just like they did previously. FTDNA might not be any the wiser of this surreptitious activity. And some customers would have their personal data (name, email, etc) exposed to the FBI if any of them were a match to the undercover FBI kits. 

So this scenario begs several questions: 
  1. how can FTDNA monitor the database to ensure that any such undercover kits are either prevented from being uploaded, or are quickly identified and removed?
  2. what is the penalty for breach of the Terms of Service? Would FTDNA refuse to work with the FBI if it did not observe these Terms?

It doesn’t stop there. Any organisation could potentially gain access to the database as long as they were able to upload somebody’s DNA. The Mafia or organised crime could potentially use it to identify the families of specific individuals, perpetrate revenge attacks, or even disrupt witness protection programmes. I know this is far-fetched but you can imagine the damage to FTDNA’s reputation if it ever came to pass.

But most importantly what this demonstrates is that, in the absence of a method to prevent rogue kits from entering the database, FTDNA will never be able to 100% guarantee the confidentiality of their customer’s personal data. This would be catastrophic both legally (GDPR, etc) and from the perspective of FTDNA’s public image. This is why involving a legal team and a PR consultant is so vital. In addition, the legal team will need to consider implications not just in the US but across a variety of different legal systems across the world.

So how then can FTDNA protect itself against this type of undercover activity? One possible solution is to require that all DNA transfers from other companies have to have a cryptographic signature as proposed by Yaniv Erlich. This would clearly identify where the original DNA results had been generated and “non-permissible" kits could be rejected.

This does not address the possibility of some people trying to create a “fake” or “spoof” DNA sample, although this is more of a problem with saliva-based DNA kits. Nevertheless, in order to sustain a good reputation, FTDNA will need to take (and be very publicly seen to take) the appropriate and proportionate action to protect its customers' data. It will also need to prepare for a possible external audit, either by the relevant US authority or GDPR representative or both. 

5. Some additional suggestions

You could also add the LE access opt in / opt out feature to the Family Tree Sharing section under the Privacy & Sharing tab. This would allow people to specifically opt out of sharing their family tree with LE. And this action on your part would provide further reassurance regarding the protection of customer's data.

It will be important to add a new FAQ about Law Enforcement Matching that addresses the following questions (I am very happy to help with this):
  1. How does the process work? 
  2. Does LE need a search warrant to upload a kit? 
  3. What documentation does LE need to provide to FTDNA?
  4. Who decides whether or not to allow the LE kit into the database?
  5. What cases are allowed in?
  6. Are there plans to allow kits to be uploaded by LE agencies in other countries (e.g. UK, China, Russia)?
  7. Will customers be informed if their DNA kit comes up as a match to an LE kit?
  8. Could some FTDNA customers end up in a Witness Protection Programme? (e.g. if there is a match to a gang member, Mafia, etc)

It would be very reassuring for customers if further data protection measures could be undertaken. For example, could an internal messaging system be used rather than sharing customers' email addresses? These can easily be used to identify people and track down their home addresses (we do this with adoptees all the time). There may be other actions that could be undertaken to optimise customers’ data protection and privacy. All such actions will help reduce the risk of a GDPR complaint or a time-consuming law suit … and will maximise the public perception that FTDNA is “doing the right thing” by its customers.

Customers will need reassurance that all potential risks have been considered, that the probability of each risk is low, and that (nevertheless) steps have been taken to minimise each of them. Separate FAQs will need to be developed for each one and I am very happy to help with the wording for these. Here are a few examples of the sort of concerns that customers have expressed on Facebook and other social media:
  1. What is the risk of wrongful targeting, arrest, conviction, imprisonment, and the death penalty? This is a particular concern among the African American community where the historical relationship with law enforcement has not been good. The Innocence Project has helped exonerate 350 people, 20 of whom were on death row, so the risk of wrongful targeting is very real and needs to be comprehensively addressed in order to regain customer confidence.
  2. Concerns have also been raised about the possible misuse of customer’s data if it fell into the wrong hands. Traditionally the main fear was insurance companies, but more recently people are discussing what would happen if totalitarian regimes or dictators got hold of our DNA? This is one of the reasons why DNA testing never took off in Germany. People have also raised concerns about the fact that China has surreptitiously tested 50 million people, and Middle Eastern customers have been concerned about the situation in Kuwait where (in 2017) the Supreme Court had to overturn legislation introduced by the government requiring all citizens and visitors to undergo DNA testing. The public needs to be reassured about the safeguards that are in place to prevent this type of misuse in the future.
  3. Will LE kits be easy to recognise by other customers? Is there a risk that a match to these kits will expose it publicly, or start “working the case”, alert potential perpetrators, put the genetic informant at risk, etc? How could such risks be mitigated, minimised, or neutralised? Ideally LE kits should be hidden from public view (like the "Research kit only option" at Gedmatch).

I hope you find these suggestions helpful. I’m sure other thoughts will emerge in due course. 

And thank you once again for allowing me the opportunity to share these thoughts with you both. FTDNA has a very strong presence in the UK and Ireland and I would not want to see this significant British & Irish database compromised. We recently returned from a very successful meeting in Belfast where Martin McDowell (Admin of the North of Ireland Project) presented on how most of his close matches are in the FTDNA database, thanks to the tenacious efforts that have been made to recruit Irish people, at both the Dublin & Belfast conferences, but also by the many Irish DNA projects and via the DNA Outreach Ireland network of volunteers that have worked hard on FTDNA’s behalf these past 6 years. We have built incredible momentum for FTDNA in Britain & Ireland and it would be a great shame to see this damaged in any way.

Looking forward to helping out in any way I can.

Warm regards

Dr Maurice Gleeson MB 
Genetic Genealogist
Education Ambassador, ISOGG