Natalie Ram of the University of Baltimore School of Law addresses University of Houston Law Center students and faculty during a presentation in the Hendricks Heritage Room.
Feb. 19, 2019 - Natalie Ram, an assistant professor at University of Baltimore School of Law, argued that consumers should have a reasonable expectation of privacy from law enforcement surveillance even if they have made their genetic data available to genealogical or other consumer genetic third-party services.
Ram's presentation, "Genetic Privacy After Carpenter" was held in the Hendricks Heritage Room at the University of Houston Law Center last week.
"Genetic data is precisely the kind of data in which individuals ordinarily maintain expectations of privacy that are constitutionally significant—even when that data is shared with a third-party service provider," Ram said.
This issue gained national attention after the April 2018 arrest of Joseph James DeAngelo, the alleged "Golden State Killer," who is suspected in multiple murders and sexual assaults dating back more than four decades.
"A break in the case came when investigators compared DNA recovered from victims and crime scenes to other DNA profiles searchable in a free genealogical database called GEDmatch," Ram said. "That search turned up a distant cousin of the Golden State Killer’s, and through sleuthing in that family tree, investigators eventually homed in on DeAngelo.
"Police arrested DeAngelo to great fanfare after confirming a DNA match between the crime scene evidence and DeAngelo’s DNA surreptitiously collected from the car handle of his car and a discarded tissue."
Ram argues that the Supreme Court’s recent decision in Carpenter v. United States, meanwhile, gives genealogical database platforms like 23AndMe, AncestryDNA and GEDmatch, a reinvigorated role in policing law enforcement access to their resources.
"In Carpenter v. United States, the court upended the previously categorical rule that one cannot have an expectation of privacy in data shared with another," Ram said.
"The Supreme Court’s recent decision in Carpenter opens the way for more robust and nuanced assessments of what constitutes a reasonable expectation of privacy for data in third-party hands."
Ram also questioned what authority genealogy companies have in facilitating or preventing law enforcement access to the millions of genetics profiles that they maintain. She noted that GEDmatch updated its user interface, terms of service, and privacy policy to welcome law enforcement expressly, explaining that DNA may be uploaded to its platform if it is “obtained and authorized by law enforcement to identify a perpetrator of a violent crime against another individual.”
After DeAngelo's arrest, 23andMe emphasized that its policy is "to resist law enforcement inquiries to protect customer privacy." However, the company acknowledged that "under certain circumstances personal information may be subject to disclosure pursuant to judicial or other government subpoenas, warrants or orders, or in coordination with regulatory authorities." AncestryDNA took a similar stance, saying that it would not share users' genetic information with law enforcement, "unless compelled by valid legal process."
Ram was the third of 10 speakers in the Spring 2019 Distinguished Speaker Series. The series will continue at noon every Monday in the Hendricks Heritage Room until April 8, except for March 11 during spring break. The next speaker is Ryan Williams of Boston College Law School.
