CrimProf Blog

Editor: Kevin Cole
Univ. of San Diego School of Law

Friday, November 30, 2018

Ram on Privacy After Carpenter

Natalie Ram (University of Baltimore - School of Law) has posted Rebuilding Privacy Practices After Carpenter on SSRN. Here is the abstract:
The recent arrest of the alleged Golden State Killer has ignited law enforcement interest in using genetic genealogy databases to crack cold cases. The break in that case came when investigators compared DNA recovered from crime scenes to other DNA profiles searchable in an online genetic genealogy database called GEDmatch. Yet, genealogical genetic services have responded to increased law enforcement interest in markedly different ways. GEDmatch updated its user interface, terms of service, and privacy policy to welcome law enforcement expressly, authorizing law enforcement to use its platform to investigate “violent crimes.” 23andMe and AncestryDNA, by contrast, have emphasized their commitment “to resist law enforcement inquiries to protect customer privacy.” At almost the same time, the Supreme Court gave these platforms a reinvigorated role in policing police access to their genetic resources. In Carpenter v. United States, the Court upended the previously categorical rule that one cannot have an expectation of privacy in data shared with another.

This Article interrogates the impact of Carpenter for investigations like the Golden State Killer case. In so doing, it accomplishes three goals. First, it argues that Carpenter invites courts to engage with third party privacy practices in a more robust and nuanced way in evaluating Fourth Amendment expectations of privacy in shared data. Second, it demonstrates that genetic data is sensitive, personal information in which individuals may ordinarily have an expectation of privacy. Third, it assesses third party privacy practices for genealogical genetic data specifically, concluding that 23andMe and AncestryDNA’s privacy practices likely reinforce a Fourth Amendment expectation of privacy, while GEDmatch’s privacy practices likely accomplish the opposite.

| Permalink


Post a comment