FamilyTreeDNA, Government Overreach, and Unethical Nudges

A disturbing story about FamilyTreeDNA highlights issues about consumer privacy, government collaboration, and poor stewardship by a private company. Digging deeper, the story also highlights how behavioral economics can go awry, through self-serving choices by a moralistic CEO that violate basic ethical principles of choice architecture design. Bad nudges is an issue I have highlighted before in the context of Kentucky Medicaid plan choice and state-run auto-IRAs.

The short version: FamilyTreeDNA’s database contains more than 1.5 million customers, and the FBI approached company president Bennett Greenspan in late 2017 and early 2018 to access those records in hopes of finding genetic links for some unsolved crimes. As the Wall Street Journal notes:

He didn’t tell the FBI attorney to come back with a court order. He didn’t stop to ponder the moral quandaries. He said yes on the spot. “I have been a CEO for a long time,” said Mr. Greenspan, 67 years old, who founded the Houston-based company in 1999. “I have made decisions on my own for a long time. In this case, it was easy. We were talking about horrendous crimes. So I made the decision.”

Any libertarian would certainly agree that consumers and companies should be free to come to any agreement they want on sacrificing personal privacy for other product characteristics (including lower prices). Even with an open-ended user agreement, it is hard to fathom that even the most imaginative users from 15 years ago would have envisioned the sort of law enforcement overreach that we see today. If informed, some subset of customers would likely support FamilyTreeDNA’s collaboration with the FBI. The user agreement did not require the company to inform customers that the FBI was searching their records, and the company did not inform customers until after Buzzfeed revealed the collaboration in January 2019.

Although the CEO appears to be an enthusiastic participant in the FBI’s dragnet, this may be the exception, rather than the rule. Other DNA testing companies – such as 23andMe, Ancestry, and MyHeritage – do not collaborate with law enforcement unless legally required to do so. One must wonder how much extra legal costs are borne by private companies from law enforcement overreach like this, and how much it would cost a company to vigorously fight back against the fishing expeditions? Surely, the cost of law enforcement overreach is passed on to customers who pay more in submission fees, in order to have their privacy invaded.

It is important to put the company’s subsequent response to the fallout into a behavioral economic lens.

In March (2019), FamilyTreeDNA said it figured out a way to allow customers to opt out of law-enforcement matching but still see if they matched with regular customers. … (Mr. Greenspan) said less than 2% of customers have requested opting out of law-enforcement searches.

In his pioneering work, Prof. Cass Sunstein lays out ethical considerations for choice architecture. He argues that the objective of nudging is to “influence choices in a way that will make the choosers better off, as judged by themselves.” In this context, when confronted with obvious outrage and bad publicity, FamilyTreeDNA had important decisions to make. Sunstein’s “as judged by themselves” principle would suggest the opposite choice architecture: the company should have set the default as automatic opt-out of law enforcement matching, and allowed users to opt-in to law enforcement matching if they so decided. Many of the 1.5 million customers are likely infrequent, inactive users of the website, and many were likely unaware of the FBI collaboration, even after the news broke. They would be appalled by the collaboration. Mr. Greenspan’s opt-out figure of 2% strikes me as a very large response, given that FamilyTreeDNA has customers going back 20 years, and many likely ignore emails and news stories about this scandal.

The criticism of this company’s choice architecture – and feature stories in prominent newspapers – of course would not exist without unabated government overreach. From a handful of inquiries in early 2018, there are now 50 law-enforcement agencies requesting matching from FamilyTreeDNA. Buyer beware.