The New York Times reports:

For police officers around the country, the genetic profiles that 20 million people have uploaded to consumer DNA sites represent a tantalizing resource that could be used to solve cases both new and cold. But for years, the vast majority of the data have been off limits to investigators. The two largest sites, Ancestry.com and 23andMe, have long pledged to keep their users' genetic information private, and a smaller one, GEDmatch, severely restricted police access to its records this year. Last week, however, a Florida detective announced at a police convention that he had obtained a warrant to penetrate GEDmatch and search its full database of nearly one million users. Legal experts said that this appeared to be the first time a judge had approved such a warrant, and that the development could have profound implications for genetic privacy. "That's a huge game-changer," said Erin Murphy, a law professor at New York University. "The company made a decision to keep law enforcement out, and that's been overridden by a court. It's a signal that no genetic information can be safe."

I ended up tweeting a long thread about the legal issues in the case, and I figured I would also blog those thoughts here. So here's my Twitter thread, slightly modified for blog format.

First, it's worth pointing out that the facts are not yet fully known. A detective applied for and obtained a warrant, and the company did what the warrant said the company had to without challenging it. We don't have a copy of the warrant, and there has been no litigation about it.

Here's what we do know about the facts. Almost million people have uploaded DNA profiles to GEDmatch to enable anyone to search the profiles. When the police started searching the database for law enforcement reasons, GEDmatch enacted a new policy: The police can't do the same searches that the public can.

Under the policy, if you or I want to search GEDmatch, we can. But if police officers want to search it, they have to tell GEDmatch that they are police officers. GEDmatch then only lets the officers search the profiles of users that have affirmatively opted in to having their profiles searched by the police. It's sort of like a bar or restaurant putting up a sign saying that police aren't welcome. Anyone can enter except for the police, who have to declare they are the police and then can't go inside.

According to the story, a Florida detective wanted to search the same database as anyone else could. Presumably he could have gone undercover and pretended he was not a detective, as on the Internet, no one know you're a cop. Instead, the detective obtained a warrant requiring GEDmatch to "override the privacy settings" of GEDmatch and let him search like a civilian.