DNA profiling company Ancestry has confirmed it fought two U.S. law enforcement requests to access its DNA database in the past six months, but that neither request resulted in turning over customer or DNA data.
The Utah-based company disclosed the two requests in its latest transparency report covering the latter half of 2020. The report said Ancestry “challenged both of these requests, which were withdrawn,” and that the company “provided no data” at the time of the report, published Tuesday.
Ancestry did not say which agencies or police departments requested the DNA data or for what reason the company challenged the request. Ancestry spokesperson Gina Spatafore confirmed the search warrants were to obtain DNA data but declined to comment beyond what was in the report.
The company also said in its most recent report that it “refused numerous inquiries” from U.S. law enforcement for failing to obtain the proper legal process. The report also said the company received four valid law enforcement requests, but that it did not provide any data in response.
Ancestry has more than 3.6 million subscribers and has more than 18 million customer DNA profiles in its database, making it the largest in the world.
DNA profiling companies like Ancestry are increasingly popular with customers wanting to learn more about their family heritage, their genetic markers, and to understand their cultural and ethnic backgrounds. But as these DNA databases become larger, they are also attracting attention from law enforcement who want access to help solve crimes.
On its website, Ancestry says: “We believe that the nature of our members’ DNA data is particularly sensitive, so we insist on a court order or search warrant as the minimum level of due process before we will review our ability to comply with the request. We also seek to put our members’ privacy first, so we also will try to minimize the scope or even invalidate the warrant before complying.”
It’s not the first time Ancestry has pushed back against a legal demand. Last year the company said it rejected an out-of-state search warrant, ordered by a court in Pennsylvania, to “seek access” to its DNA database on the grounds that the warrant was “improperly served.”
Ancestry has only complied with one search warrant for DNA data from a database it acquired and later made public, not realizing that police would use the database to search for leads.
It’s not uncommon for companies with large amounts of customer data to frequently receive law enforcement demands for user data — or for companies to publish periodic transparency reports that detail the number of legal demands they receive.
To its credit, Ancestry is one of only two DNA profiling sites that publishes a transparency report. 23andMe also publishes the number of data demands it receives each quarter, but to date has not released any customer data to law enforcement. FamilyDNA said over a year ago that it was “working on publishing” a transparency report.
The move by Ancestry and 23andMe came shortly after police used DNA profiling site GEDmatch to identify the DNA of a suspected serial killer, a breakthrough which later led to the arrest of the so-called Golden State Killer in 2018. GEDmatch said it was “not approached by law enforcement” prior to the search. GEDmatch soon after allowed its users to opt-in for their DNA to be included in police searches.
Last year, GEDmatch confirmed it was hit by two data breaches that made user profiles visible to other users, including law enforcement.