How cops used a public genealogy database in the Golden State Killer case

Julia Creet, York University, Canada

DNA was credited for cracking the decades old cold case of the “Golden State Killer,” a California serial murderer and rapist. But the detectives used a public database of genetic genealogy called GEDmatch, raising privacy concerns about publicly available DNA profiles.

Detectives working on the case created a fake profile and uploaded a real DNA sample. Matches from distant family members led Sacramento police to the door of the suspect, Joseph James DeAngelo.

The case has created a wave of concern about the privacy of direct-to-consumer DNA testing, mostly carried out by the big genealogy companies like Ancestry.com and 23andMe. Representatives from both companies were quick to defend their policies of not giving information to the police.

But this isn’t the first time genealogy information has been used to solve a crime. In a 2015 case the matches were turned over by Ancestry.com under a search warrant. This time, the police just helped themselves.

Genetic genealogy has generated some of the largest and most useful datasets in the world with little discussion of privacy, particularly around the question of who other than genealogists might access these databases and for what reason. I’ve been researching these issues for over a decade and have made a documentary “Data Mining the Deceased: Ancestry and the Business of Family” and am just finishing a book that expands the histories of some of the biggest databases in the world.

When you submit your DNA to a public database or a direct-to-consumer genetic genealogy company, you are also submitting information about all of your closest relatives, living and dead. The point of these tests is to discover relatives or, more recently, your percentage of ethnic or racial inheritance.

But the secondary uses of the information — as in the case of the Golden State Killer — has seen little discussion in the face of rapidly increasing sales of ancestral DNA tests. There is a general sense that the information is completely benign.

Public sites like GEDmatch are a boon because they have fewer privacy restrictions than commerical sites. In the wake of public outrage over the amount of personal information collected by Facebook and Google, genealogy sites have more or less stayed under the privacy concerns radar, until now.

Privacy vs. desire to find relatives

Since 1984, with the advent of a database called RootsWeb (now owned by Ancestry.com), genealogists became some of the first to recognize that the internet could be used to share information and to connect people. Genealogy as a hobby depends on people’s eagerness to share personal information and genealogists are somewhat allergic to privacy constraints since privacy runs counter to the desire to find relatives.

GEDmatch is a public site organized by genealogy enthusiasts in the model of most non-profit genealogy groups. Everyone uploads information for the greater good of all. Registered members can upload their family tree DNA results from any commercial company, with or without their family trees in the industry standard GEDCOM file (Genealogical Data Communication, software developed by the Church of the Latter Day Saints).

The site processes the DNA and shows users relative matches, usually cousins, with email addresses attached — all good as long as you are a genealogist just looking for relatives who are also looking for relatives.

But, nothing prevents other kinds of users from accessing this information as well. GEDmatch seemed genuinely surprised that the police had used their database to track a killer and posted this disclaimer on their landing page for their users on April 27, 2018.

“We understand that the GEDmatch database was used to help identify the Golden State Killer. Although we were not approached by law enforcement or anyone else about this case or about the DNA, it has always been GEDmatch’s policy to inform users that the database could be used for other uses, as set forth in the Site Policy”

That policy does indeed acknowledge the site could be used to track criminal relatives. Having a dead black sheep in the family can be a source of great family tales, but living miscreants are more of a problem.

“While the database was created for genealogical research, it is important that GEDmatch participants understand the possible uses of their DNA, including identification of relatives that have committed crimes or were victims of crimes,” GEDmatch said in its statement.

A day later, the site posted a link that allowed users to easily remove all of their information, including DNA, family trees and registration information. However, removing your information does not mean that you will be forgotten. Here’s where everyone involved in the genealogy industry, family historians, commercial providers and non-profit organizations alike, really need to do some hard thinking about DNA that is linked to family trees.

When you send your DNA to a commercial company for testing, or upload those results to community site, you are, by design, asking for your information to be shared and linked with every other user on the site. You can set privacy filters that will specify how much you want to reveal about your self — your name and contact information, for example.

But, the more you reveal on the site, the more family you will find; that’s the lure and the promise. Once you are linked with other people and family trees, removing yourself is virtually impossible. At that point, you have no control who will add you to your tree or link your information in their GEDcom.

While catching DeAngelo, if he is the “Golden State Killer,” is a huge victory for the public and the police, it’s worth noting that he never uploaded anything.

Julia Creet, Professor of English, York University, Canada

This article was originally published on The Conversation. Read the original article.

Ombudsman: Small businesses should be allowed to pay out staff who don’t “fit”

Emma Koehn / Friday, April 27, 2018

Playing nice at work could cost you success

Peter O’Connor, Queensland University of Technology

If you’re struggling to say “no” at work and instead feel the need to constantly assist coworkers you might be compromising your success. As sad as it sounds, research shows that being agreeable can come at a cost in terms of career success. It can even mean earning less over the course of your career.

Agreeableness is a personality trait characterised by compassion, friendliness, politeness and empathy. People high in this personality trait can be described as “nice”; they tend to make good friends, are good listeners and good team players.

Read more:
How to understand and harness your workplace rage

One study found that, on average, agreeable people have lower income than “disagreeable” people. They also tend to have lower occupational status (for example, they receive fewer promotions).

Being too agreeable can also be a problem for managers who often need to make hard decisions and deliver bad news in order to get things done.

Agreeable people are likely to be attracted to “social” professions
that are emotionally demanding (for example nursing and counselling) and have high rates of burnout. These professions also typically receive less pay than other professions classified as “investigative” – like scientists and surgeons, and “enterprising” – like entrepreneurs and managers.

Why is being nice such a bad thing?

There seem to be two reasons for why agreeable people can suffer career setbacks. According to this study, more agreeable people might sacrifice their own success in the process of pleasing others. This study also suggests that agreeable people are less likely to aggressively negotiate their wage and more likely to be passive in conflict situations.

People who are low in agreeableness, on the other hand, are more self-focused and competitive. They don’t let their compassion for others get in the way of their own goals. People with this personality type are also high in what is known as the “dark triad” traits of narcissism, psychopathy, and Machiavellianism, which have also recently been linked to higher income.

Read more:
Emotionally intelligent employees may come with a dark side – manipulation

Individuals high in these traits, especially narcissism, actively seek out prestige, target high level jobs and make their accomplishments known to those around them. Meanwhile, agreeable people tend to be modest and less boastful about their achievements.

The benefits of being nice

Although agreeableness is problematic for extrinsic aspects of career success, being agreeable does have benefits in the workplace.

For example, agreeable people are less likely to be victims of bullying. They also tend to perform well in jobs requiring interpersonal interactions such as customer service, and generally do well in teams.

People high in agreeableness also make likeable coworkers and have a set of characteristics likely to contribute to positive organisational culture.

Although agreeable people are attracted to emotionally demanding professions, they tend be more resilient than others in these professions. This is because agreeable workers tend to form positive relationships with coworkers and patients, which possibly buffers the inherent challenges to these jobs.

It should be noted that most studies on agreeableness and career success reported weak to moderate relationships. This means that while on average agreeable people are at a disadvantage, there are many agreeable workers who have very successful careers.

Read more:
Introverts think they won’t like being leaders but they are capable

Agreeableness can actually enhance career success when combined with certain other traits. One study demonstrated that agreeableness increases job performance when combined with political skill, that is the ability to leverage relationships in order to achieve goals. This suggests that being helpful and nice can be very beneficial when used strategically.

Other research demonstrates that agreeableness is beneficial when combined with conscientiousness. This indicates that being agreeable can be beneficial when coupled with focus, self-discipline and the tendency to set and achieve goals.

What to do if you think you’re too agreeable

There are some things people can do if they feel their agreeableness is hampering their success at work. Agreeable employees can use their good nature more strategically by continuing to assist others but not hesitating to ask for favours in return.

Another recommendation is to be more organised and focused on meeting goals. You can remain a good colleague where possible, but not sacrifice your own work to help others.

Also, agreeable people could try to reign in their modesty. Although agreeable people feel uncomfortable promoting their achievements, there is nothing wrong with making others aware of a good outcome.

Agreeable people can benefit from choosing their battles. People who choose their battles will avoid conflict most of the time, but have the ability to stand up for themselves when they need to.

Peter O’Connor, Associate Professor, Business and Management, Queensland University of Technology

This article was originally published on The Conversation. Read the original article.

Class action against Facebook over facial recognition could pave the way for further lawsuits

Sandeep Gopalan, Deakin University

Facebook’s privacy problems suffered a major setback in a US Federal Court this week. Judge James Donato of the Northern District federal court in San Francisco allowed a class action brought by Facebook users in Illinois to go ahead.

The case was brought by Nimesh Patel and others representing a class of Facebook users alleging that the “Tag Suggestions” feature violates their privacy rights. Facebook’s tagging feature allows users to tag themselves or friends in photos, and Facebook also uses facial recognition technology to suggest friends be tagged. Patel alleged that the collection and storage of such biometric data violates provisions of the Illinois Biometric Privacy Act (BIPA).

Illinois is one of only a small number of states in the US (Texas and Washington are the others) with legal protection for biometric data. Industry lobbies have killed off proposed legislation in other states including California and Facebook is apparently lobbying to remove the Illinois law.

How does facial recognition work on Facebook?

Facebook’s tag suggestions program scans photographs uploaded by users, identifies people who appear in photographs and enables them to be tagged.

To identify faces, the tool first separates faces from other objects in the photograph. It then standardises faces based on certain attributes, such as size.

Facebook gives each face a signature in the form of a string of numbers. This signature is then matched against “face templates” to locate matches from a database of images. A face template distinguishes the facial signature of a particular user from other images.

Read more:
Close up: the government’s facial recognition plan could reveal more than just your identity

Face templates are created from photographs uploaded by users, such as profile images. When Facebook finds a match between a photograph and the template, it suggests tagging. Facebook only stores templates and not facial signatures.

Facebook’s technology is able to recognise individuals from the uploaded photographs with a high degree of accuracy – outperforming the FBI’s system (97% versus 85% accuracy).

What did the court decide?

The evidence showed that not every uploaded photo results in the collection of biometric data because Facebook’s program sometime fails to compute facial signatures from photographs. Therefore, the court limited the class of plaintiffs to those users from Illinois for whom Facebook had created a facial template.

In certifying the class action, the court decided that two questions in relation to users who had their facial templates created after June 7, 2011 would have to be answered at trial: whether Facebook had collected and stored biometric data under the BIPA; and whether users were notified about these practices and had given their consent.

Facebook argued that users had to be “aggrieved” in order for their claim to be valid. In other words, victims had to suffer a “serious injury or harm”.

Read more:
DNA techniques could transform facial recognition technology

Here’s a hypothetical example of being aggrieved: a Facebook friend uploaded a photo of you at a tennis match you attended during working hours and Facebook then identified you in the image, which was later seen by your employer. Since you had taken sick leave that day, your employer sacked you based on the Facebook evidence showing you lied. In this circumstance, you would have suffered actual harm because of the tagging feature.

The judge rejected this argument, saying that the intention of the statute was to codify “a right of privacy in personal biometric information”. Crucially, the court said that a person is “aggrieved” when “a legal right is invaded by the act complained of”.

Here, the court is saying that even without actual harm – that is, even if you didn’t lose your job as a result of being identified at the tennis court – the mere breach of the legal right is sufficient to constitute injury.

What does it mean for Australian Facebook users?

Facebook argued that because its data servers were not located in Illinois, the BIPA law should not apply – but the court rejected this too. If the argument had been successful, the plaintiffs’ case would have collapsed.

Instead, the judge ruled that the geographic location of data servers was not a determining factor, stating:

…the functionality and reach of modern online services like Facebook’s cannot be compartmentalised into neat geographic boxes.

Facebook was also unable to show that the violations did not occur “primarily and substantially” within Illinois.

This is significant for Australians since Facebook may not have servers here. If Australian users try to bring a class action here under our privacy law – which is weaker than the Illinois biometrics protection statute – Facebook can be expected to mount a similar argument claiming that Australian privacy protections do not apply because the data is collected, processed, and stored outside our borders.

Read more:
Facial recognition is possible even if part of the face is covered

The decision is a major blow for Facebook. The company itself stated in the proceedings that damages could amount to billions of dollars. If similar actions are brought in other states, and other countries such as Australia, Facebook could face catastrophic consequences for ignoring the privacy interests of its users.

Already there are concerns about whether facial recognition complies with the EU’s General Data Protection Regulation (GDPR) which comes into effect on May 25.

As part of changes Facebook has made to its privacy policies to comply with GDPR, the company has started to ask EU and Canadian users for consent to opt-in to facial recognition. The company had turned off facial recognition for EU users due to privacy concerns in 2012 stemming from a regulatory investigation at its headquarters in Ireland. Canadian users did not have access to the feature due to a backlash in 2011.

Today it was announced Facebook has amended its terms of service so that the EU law doesn’t apply to users outside the EU, US, and Canada. This makes the success of Patel’s class action even more significant – it could force Facebook to treat the privacy rights of all its users with more respect.

Sandeep Gopalan, Pro Vice-Chancellor (Academic Innovation) & Professor of Law, Deakin University

This article was originally published on The Conversation. Read the original article.

Why we made iWitnessed, an app to collect evidence

Helen M. Paterson, University of Sydney

Eyewitness evidence can be critical to investigations and trials. However, research shows that eyewitness memory can be inaccurate and vulnerable to distortion depending on what happens next – for example, inaccurate information encountered through leading questions, discussion with other witnesses, or journalists.

This is particularly true when there is a long delay between witnessing an event and reporting the details to police. We forget details very rapidly, and the more we forget, the more our memories become prone to inaccuracies.

I am part of a team of eyewitness memory experts, and together we have developed the iWitnessed smartphone application. Starting today, the app is available to the general public for free download for both Apple and Android devices across Australia.

Read more:
Legal lessons for Australia from Uber’s self-driving car fatality

iWitnessed was designed upon an evidence base, to help witnesses and victims provide a detailed account of an event in a way which helps preserve and protect their memory. Such recordings can then be used in court to refresh the memory of a witness – either for one-off events (such as a car accident), or multiple, related events (such as bullying).

We believe this is the first smartphone application designed by cognitive scientists to help protect witness memory evidence.

iWitnessed helps preserve eyewitness memory as soon as possible after an event. Police officers are often very busy in the immediate aftermath of an incident, and can be unable to question witnesses until days, or weeks later.

Also, some witnesses do not come forward to police immediately after an event because they may be reluctant to report a crime. This delay can lead to forgotten and contradictory details, which can undermine the quality of the evidence when witnesses do decide to make a statement.

Helping witnesses record evidence

Memory researchers have studied the ways that a witness’ memory can be protected against forgetting and memory distortion.

One of the best ways to do this is to give witnesses an opportunity to provide a comprehensive account at the earliest possible time. We know from research that this early account is often more complete than later retellings.

More importantly, the act of recalling soon after the event helps protect the memory. That is, details recalled in this early account are less likely to be forgotten or changed by the introduction of post-event information. These beneficial effects are dependent upon the early comprehensive account being given within 24 hours of the incident.

Can iWitnessed evidence be used in court?

Legally speaking, evidence collected using iWitnessed will be treated like contemporaneous notes. Contemporaneous notes are witness accounts composed during or immediately after a critical event, and in court proceedings they can range from a note scribbled on the back of a napkin to a meticulous description of the event.

According to the Evidence Act 1995 NSW (sections 32 and 34), contemporaneous notes or contemporaneous recordings of events can be used to refresh the memory of a witness to an event. Even if very rudimentary, they can add to the reliability and strength of the evidence being given in court proceedings.

It is also possible that developments in evidence law may enable evidence collected using iWitnessed to become directly admissible. While there is some legislation on the admissibility of this type of evidence in court, this has not kept pace with the rapid development of modern technologies. As a result, the evidence may be used only upon strict proof in individual cases – for example, regarding the use of audio recordings.

Anyone with a device

iWitnessed is designed to be used by anyone within Australia with a smartphone or tablet, and does not require high levels of literacy or language skills. Users can type details using their keypad, and record spoken notes – standard voice-to-text functions also work in iWitnessed. Responses do not need to be in English, allowing witnesses to use their preferred language to give the most accurate and detailed account.

iWitnessed also includes contact details of support services and some general advice on responses to traumatic events.

With the app opened up, users are first given advice on how to protect their memories. Then they are asked to follow a series of prompts and enter details of the event they witnessed. As well as text and audio recordings, images can be uploaded. All entries can be time, date, and location stamped, and the history of any changes made to the entry is recorded.

Read more:
The dark side of mondegreens: how a simple mishearing can lead to wrongful conviction

Information entered via the iWitnessed app remains on the user’s phone/tablet, and can be locked with a PIN code. If witnesses choose to do so, they can send their account to police in the form of an email. All evidence stays on the device unless this step is taken, although the potential exists for this information to be subpoenaed by police.

There are many advantages of iWitnessed as highlighted above, and we believe the development of our tool is timely. Australians use advanced technologies on a daily basis, with the majority (88%) owning a smart phone). This statistic explains why more and more people are recording incidents they witness (such as racist attacks in public transport).

iWitnessed will formalise the way that this information is collected. Ultimately, we expect the information gathered by iWitnessed will facilitate police practice and investigation as well as litigation in both criminal and civil trials.

Other experts involved in the development of iWitnessed are Celine van Golde (The University of Sydney), Richard Kemp (UNSW Sydney), Nicholas Cowdery (former Director of Public Prosecution in NSW) and NSW police officers.

Helen M. Paterson, Senior Lecturer in Forensic Psychology, University of Sydney

This article was originally published on The Conversation. Read the original article.