Gedmatch, the DNA analysis site, was pulled briefly offline on Sunday, while its parent company investigated how its user profile became available to law enforcement.
The site allows users to upload their DNA profile and trace it back to their ancestors and family tree. It got famous in 2018 when the police used the site to match the DNA with a serial murder suspect against the million profiles present on the site. However, they didn’t inform the company. Still, it’s a good step with the #Metoo campaign going on.
Gedmatch gave a privacy warning to its users and put new controls. It included the user’s DNA profile in police searches.
Users said that it was a breach of their privacy. However, the company’s owner declined to say whether it was a security breach or just an error.
Brett Williams, the chief executive of Verogen, stated, “We know about the issue in which the company didn’t set the user’s privacy correctly. However, we just resolved this issue as a precaution. Now, we have taken down the site, and we are looking at the root cause of the problem. Once we know the cause, we will issue a formal statement.”
Williams didn’t say whether Gedmatch or Verogen got any request for user data previously or if the company has responded.
GedMatch hasn’t clarified how often the law enforcement agencies ask for access to the company’s data. Its rivals, such as Ancestry.com and 23AndMe, have already published transparency reports. Earlier this year, Ancestry.com indicated that it rejected a police warrant, indicating that the police are still using their DNA profiling sites for information.
“Accepting the issue is a beginning, but many questions remain to be answered,” Elizabeth Joh, a professor at the University of California, Davis School of Law.
She added, “Does Gedmatch know whether the law enforcement agencies accessed the tagged users? Will they disclose further details? This isn’t just Gedmatch’s problem. A privacy breach is a common problem within the tech industry. Things are a mess.”