Recently, investigators in California arrested a suspect in the "Golden State Killer" case. Joseph James DeAngelo, a former police officer, is accused of murdering as many as 13 people and raping 50 women during the 1970s and 1980s.
A key aspect of the case is how law enforcement identified the man. According to police in Sacramento, they matched the crime scene DNA to an entry in GEDmatch, an online database of ancestry DNA profiles. The suspect himself did not upload his DNA into GEDmatch's database -- it was a distant relative who partially matched the 30-year-old crime scene DNA. That was apparently enough for investigators to extrapolate the identity of the suspect.
"People who submit DNA for ancestors testing are unwittingly becoming genetic informants on their innocent family," says the chief attorney for the forensic division at the Maryland Office of the Public Defender.
GEDmatch's co-founder says that the company was never even approached by law enforcement. It says it doesn't "hand out data," but does warn its users that their profiles could be used for unintended purposes. Other DNA companies have said they won't give law enforcement access to their data without a court order.
Many civil libertarians are troubled that investigators were able to access the DNA profiles on GEDmatch without a warrant. Unfortunately, there are currently no strong privacy laws protecting people's DNA from use by law enforcement. Since the GEDmatch database is open to the public, there may be virtually no bar to its use by the government for any purpose.
GEDmatch's public database may offer even less privacy protection than government databases of convicts' DNA, which are closely regulated by statutes.
The privacy concerns people feel about DNA evidence being easily accessible to law enforcement are legitimate. Arguments will certainly be made that access should be restricted -- especially when a relative, rather than the target of an investigation, uploaded that material.
There is another good reason to be concerned in this case, however. Last year, the investigators used a different DNA website, YSearch.org, and found a match between the crime scene DNA and the relative of an Oregon man.
They identified the man by a subpoena from the DNA company to disclose the identity of the person who uploaded the DNA profile, along with payment data of the purchaser. The person who uploaded the DNA profile was the man's daughter, and she was never told that her identity was disclosed.
They then obtained a warrant to obtain a DNA swab from that man -- a 73-year-old in a nursing home. Again, the man's daughter was never told that police had obtained DNA from her father.
That search led to an innocent man. Yet the Sacramento District Attorney told the Associated Press that she was unaware of the innocent Oregon man, or that any genealogy site had been used before the current suspect was identified.
There are many privacy concerns with law enforcement use of such techniques. Yet before the public can debate the privacy issues surrounding law enforcement use of genealogy companies, there is news now that police have recently uploaded DNA profiles from as many as 100 more cold case crimes to use similar genealogic techniques.