One way that google explicitly enables these types of scams is by allowing advertisers to display a fake url in the ad footer. Ostensibly this is so advertisers can link to an intermediary 3rd-party tracking url instead of the target page without scaring the customers, but this is precisely what allows scammers to display usps.com in the link to a fraud site. Google even uses javascript to display the fake url in the browser tooltip when you hover over the link!
There’s also no addresses on Gedmatch, the police would email you and ask for your details.
You are splitting hairs. Unless you took precautions to use a fake name and an untraceable email address, the police are showing up at your door. It’s what they do.
On the ‘turned on by default’ statement, that’s just untrue.
“Public” is selected by default. Yeah yeah, they added “public opt-in” and “public opt-out” options in 2019 and forgot to update their screenshot, but I bet “public opt-in” is still selected by default. The NYT article says exactly that too. It is just untrue to call that “just untrue”! And can you guess what happened to all the people who uploaded their DNA data before 2019? Were all they automatically upgraded to “public opt-in”? I don’t understand why you are so adamant to protect gedmatch saying “go ahead, upload your DNA freely!” when we know for sure that it was a free-for-all at least until 2019.
And you are still splitting hairs because you haven’t refuted my main claim that police can get your data with a warrant. All that “opt-in/opt-out” is for the gedmatch’s voluntary police information warrantless sharing program. I have seen no indication that gedmatch will not search the entire database for a match upon police request with a warrant. I have reason to believe that they will, because I know the state is sovereign. You cannot shield your information stored at third parties from government search just because you signed a privacy agreement with them.
(D) FGGS MAY ONLY BE CONDUCTED USING A DIRECT–TO–CONSUMER OR PUBLICLY AVAILABLE OPEN–DATA PERSONAL GENOMICS DATABASE THAT: (1) PROVIDES EXPLICIT NOTICE TO ITS SERVICE USERS AND THE PUBLIC THAT LAW ENFORCEMENT MAY USE ITS SERVICE SITES TO INVESTIGATE CRIMES OR TO IDENTIFY UNIDENTIFIED HUMAN REMAINS; AND (2) SEEKS ACKNOWLEDGMENT AND CONSENT FROM ITS SERVICE USERS REGARDING THE SUBSTANCE OF THE NOTICE DESCRIBED IN ITEM (1) OF THIS SUBSECTION.
To me that sounds more like “providing a warning” than providing an “opt-in/opt-out” system. The “acknowledgment and consent” could be as simple as clicking “I agree to terms of service”. Here’s what gedmatch privacy policy says:
some of these possible uses of Raw Data, personal information, and/or Genealogy Data by any registered user of GEDmatch include but are not limited to:
Familial searching by third parties such as law enforcement agencies to identify the perpetrator of a crime, or to identify remains.
…
We may disclose your Raw Data, personal information, and/or Genealogy Data if it is necessary to comply with a legal obligation such as a subpoena or warrant.
…
we may use and disclose personal information for meeting legal requirements and enforcing legal terms, as described in more detail above
I am not a lawyer but to me that sounds like an explicit notice that law enforcement may get my data and satisfies the Maryland law requirement for a warrant. Specifically, gedmatch policy does not say they will ignore a warrant if you opt out. Again, my assertion is that the opt-in/opt-out system is for the voluntary warrantless information sharing system, and the warrants described in Maryland law are separate from that.
You also imply that 23andMe and ancestry.com do NOT share any information with law enforcement because they do not have an opt-in system. This is also false. Here’s ancestry.com policy:
Ancestry will release additional account information or transactional information pertaining to an account (such as search terms, but not including the contents of communications) only in response to a court order issued pursuant to 18 USC § 2703(d).
Contents of communications and any data relating to the DNA of an Ancestry user will be released only pursuant to a valid search warrant from a government agency with proper jurisdiction.
They WILL give up your DNA data to a valid warrant. The only question in my mind is whether they will also search the entire database for a given police sample. There is this article that says ancestry.com refused a police warrant in 2019 as improper, and police did not push the matter further. But it is unclear if ancestry.com was refusing to search its database on principle, or whether that one warrant in particular was faulty. Like if the police request “all 15 million DNA records” because they are idiots and don’t know how databases work there is grounds to argue that is too broad of a request. But we don’t have the text of the actual warrant. There are other articles that say police have been using specifically ancestry.com successfully to investigate crimes.
Someone would need to search the actual court cases where police used genealogy data to find suspects to confirm whether every single instance has used GEDMatch voluntary opt-in service, or whether police warrants have successfully retrieved match data from GEDMatch full database and from ancestry.com and 23andMe. I do not have such access.
EVEN IF ancestry.com and GEDmatch refuse warrants to search non-opt-in DNA in databases, such refusals have not yet been tested in court.
EVEN IF the Maryland law is amended/interpreted to mean that police cannot search non-opt-in DNA in databases even with a warrant (a voluntary restriction of the state on its own sovereign power, quite possible!), and EVEN IF the opt-in is made an explicit choice made in consultation with a “trained bioethicist” instead of an “I agree” checkbox below Terms of Service, and EVEN IF all other 49 states pass the same law as Maryland, it would STILL not be perfectly safe to upload your DNA to these services. Just as Maryland law changed in 2019, so it can change again. As we’ve seen with Roe v. Wade even long-established laws are not safe when there is a political interest to change them.
Beginning on Oct. 1, investigators working on Maryland cases will need a judge’s signoff before using the method, in which a “profile” of thousands of DNA markers from a crime scene is uploaded to genealogy websites to find relatives of the culprit. The new law, sponsored by Democratic lawmakers, also dictates that the technique be used only for serious crimes, such as murder and sexual assault. And it states that investigators may only use websites with strict policies around user consent.
To me that reads that the court order allows the police to use the genealogy database. For example:
I am curious about my genes
I submit my DNA for sequencing
Some years later some cousin rapes and murders someone, dumps the body
Police find body, find unknown DNA
Police get court order in murder case
Police force genealogy database to scan for matching DNA
Genealogy database gives police my name
Police show up at my door, start asking if I have any relatives that "kinda like to rape people"
Police hang out behind my house, steal the pizza crust from my trash bin for further DNA tests
Is that not a plausible scenario? What in the language of the law used by the NYT article makes you think this is disallowed? And remember, this is for Maryland only. The other 49 states can obtain a court order for any reason, be it murder or subway fare dodging.
it’s a program you need to opt in to
Again, not what privacy advocates from the NYT article say:
Currently, customers of GEDmatch and FamilyTreeDNA are given a choice about whether to participate in these searches. But the companies provide little information about what those searches entail, and the opt-in settings are turned on by default.
I.e. more like opt-out than opt-in, and again, irrelevant in case of a court order.
Ok, maybe I’m misremembering. There was some case where detectives simply submitted the DNA as their own, but maybe it was not GSK. Found this New York Times article: www.nytimes.com/2021/05/…/dna-police-laws.html
May 31, 2021 New laws in Maryland and Montana are the first in the nation to restrict law enforcement’s use of genetic genealogy, the DNA matching technique that in 2018 identified the Golden State Killer, in an effort to ensure the genetic privacy of the accused and their relatives.
Ah. So at least in 2021 only two states had any laws against trolling genealogy databases at all. Before 2021 none did. How many of remaining 48 have passes any laws about it since?
Beginning on Oct. 1, investigators working on Maryland cases will need a judge’s signoff before using the method, in which a “profile” of thousands of DNA markers from a crime scene is uploaded to genealogy websites to find relatives of the culprit.
As I said, a website cannot “allow” something if the police have a court order. They can only obey. Before 2021 police in Maryland could get genealogy info without court order. Now they can get it with one.
Montana’s new law, sponsored by a Republican, is narrower, requiring that government investigators obtain a search warrant before using a consumer DNA database, unless the consumer has waived the right to privacy.
Ok, so in Montana only:
with court order, can get all DNA data
without court order, can get DNA data of consumers who waved their privacy rights
What does waving entail?
Privacy advocates like Ms. Ram have been worried about genetic genealogy since 2018, when it was used to great fanfare to reveal the identity of the Golden State Killer, who murdered 13 people and raped dozens of women in the 1970s and ’80s. After matching the killer’s DNA to entries in two large genealogy databases, GEDmatch and FamilyTreeDNA, investigators in California identified some of the culprit’s cousins, and then spent months building his family tree to deduce his name — Joseph James DeAngelo Jr. — and arrest him.
Ok, so GEDmatch and FamilyTreeDNA were used, without court order…
Another sticky provision: Investigators may use only genealogy companies that have explicitly informed the public and their customers that law enforcement uses their databases, and that have asked for their customers’ consent to participate. Currently, customers of GEDmatch and FamilyTreeDNA are given a choice about whether to participate in these searches. But the companies provide little information about what those searches entail, and the opt-in settings are turned on by default.
Apparently that “need to opt in” you mentioned does exist, but it’s more like an opt out really.
Unlike 23andMe and Ancestry, which have kept their immense genetic databases unavailable to law enforcement without a court order, GEDmatch and FamilyTreeDNA are eager to cooperate.
Aha! So GEDmatch and FamilyTreeDNA did and are giving police DNA info upon request without court order, and 23andMe and Ancestry are giving police DNA info with court order only. We can now construct this matrix:
Can police get your DNA data from genealogy database?
GEDMatch FamilyTreeDNA-23andMeAncestrywith optoutdefaultMaryland w/o court ordernonononoMaryland w/ court orderyesyesyesyesMontana w/o court ordernoyesnonoMontana w/ court orderyesyesyesyesother 48 states w/o court ordernoyesnonoother 48 states w/ court orderyesyesyesyesYou see it gets rather complicated… Rather than telling users to play 3SAT with the latest legal rules of their state, it’s easier to simply say “If you submit your DNA for sequencing, police might get it.”
In other cases, detectives might surreptitiously collect the DNA of a suspect’s relative by testing an object that the relative discarded in the trash. Maryland’s new law states that when police officers test the DNA of “third parties” — people other than the suspect — they must get consent in writing first, unless a judge approves deceptive collection.
Oh wow, what a case! Again, all this deception legal at the time, and still legal in 49 states without court order, and legal in Maryland with court order.
All consumer commodities … shall have … a sign at the point of display which indicates the item to which the price refers, provided that this information is plainly visible at the point of display for sale of the items so indicated.
So it is a question of whether the product spilling over to an adjacent shelf still has a “plainly visible” price tag. If it were on a wrong shelf entirely it would not, and here there is some ambiguity, but city inspectors can be pretty strict and demand items stay within the lines. If it is decided the price was not plainly visible, the store may be fined $25-$100 per violation per day. In any case, the customer would not be calling “better business bureau” (which is just yelp from before the internet), but the Commissioner of Department of Consumer and Worker Protection. And the customer would also not get to pay the lower price for the other product if it is clear it is a different product, as the customer admits they knew. (The question would be different if there were ambiguity).
However, the point that I specifically object to is the opinion that it was preposterous for the customer to claim some legal right in this situation, the implication that no such right exists. The language of the law does exist (at least in some jurisdictions), and violations do carry legal penalties.
All consumer commodities, sold, exposed for sale or offered for sale at retail except those items subject to section 20-708.1 of this code, shall have conspicuously displayed, at the point of exposure or offering for sale, the total selling price exclusive of tax by means of (a) a stamp, tag or label attached to the item or (b) by a sign at the point of display which indicates the item to which the price refers, provided that this information is plainly visible at the point of display for sale of the items so indicated. This section shall not apply to consumer commodities displayed in the window of the seller.
§ 20-708.1 Item pricing.
e. Price accuracy. No retail store shall charge a retail price for any stock keeping item, whether or not exempt under subdivision c of this section, which exceeds the lower of any item, shelf, sale or advertised price of such stock keeping item.
City inspectors may perform random checks to compare tag price to scanner price at checkout and fine store $25-$100 for every incorrect/missing tag, and may repeat the inspections every 24 hours until problem is solved.
If you run around slapping your own discount stickers it wouldn’t count since the store didn’t do it, you are just committing fraud. The store would be on the hook if it continued to display the fraudulently-mislabeled product for sale after being made aware of it.