Is Using Genealogy Data to Solve Crimes Taking DNA Analysis a Step Too Far?

Between June 1976 and July 1979, Sacramento residents were terrorized by a burglar-turned-rapist-turned-murderer. The East Area Rapist, better known today as the Golden State Killer, stalked middle class women in their single-story homes. His strategy was methodic, unpredictable, and fearless: the killer stalked his victims for months before making his attack, and in some cases, he broke into the victims’ homes to prepare them for the assault.

When newspapers reported that he sought out women who were alone, he began attacking couples, often startling his victims in their sleep with a flashlight and gun. He would then have the women tie up their husbands before he took the woman to another room to repeatedly rape her. Without concern, he frequently returned to the same neighborhood, often invading homes just a few doors down from the scene of previous crimes. Neighborhoods were frantic with fear and distrust. The killer eluded police capture for more than 12 years while remaining in plain sight. When a man at a self-defense forum held by police questioned how husbands could allow their wives to be violated, that man and his wife became the next victims of the serial rapist, leaving no doubt that the Golden State Killer was among those attending that community meeting.

By the end of 1986, the Golden State Killer had raped at least 50 women, murdered at least 12 people, and burglarized hundreds of homes. Then, suddenly, the crime spree stopped, his trail went cold, and it seemed that he would never be apprehended.¹

Despite several DNA samples from rape kits and blood samples left at crime scenes, the killer could not be identified and interest in the case died out. However, in 2016 the case was revisited with renewed interest. Advances in DNA technology allowed investigators to create a DNA profile of the suspect, but there were no matches in either state or federal law enforcement databases. Then, investigators tried something novel. The data were uploaded to an open-source genealogy website where individuals voluntarily upload their data to determine their ancestry. Matches to distant relatives allowed forensic genealogists to reconstruct the suspect’s family tree in an effort to identify the proband — in this case, the Golden State Killer.

After several months of searching the database, Joseph James DeAngelo was identified as the suspect. Police obtained DNA samples from his discarded personal trash and found that it matched the DNA samples collected from the crime scenes. In April 2018, Mr DeAngelo was arrested — nearly 30 years after his crime spree concluded.¹

The case of the Golden State Killer has set a new precedent for using public genealogy databases to solve previously unsolvable crimes when the FBI’s Combined DNA Index System (CODIS) fails to make a match. Since April 2018, several more unsolvable cases were cracked using this strategy of family tree reconstructing.

The National DNA Index System (NDIS) is a federal database of DNA profiles contributed by state and local forensic laboratories that includes DNA samples from “convicted offenders, arrestees, detainees” and “forensic samples from cases including unidentified samples from human remains, missing persons, and relatives of missing persons.”² Mr DeAngelo, who had never contributed an identifiable sample to the CODIS, could not be identified by searching that database. Rather, his relatives were identified by uploading the DNA data collected from samples found at crime scenes to an open-source genealogy website called GEDmatch, where users typically upload their DNA data into the public database so that it can be used for “comparison and research purposes.”^3,4 In many cases, these research purposes are people simply trying to sort out their ancestry.

Although many would consider the capture of the Golden State Killer a successful case closed, the use of publicly accessible DNA databases for criminal investigations raises some serious ethical concerns. For example, when patients give informed consent for a clinical trial using DNA samples, they intrinsically understand that the future use of their data in medical research may result in medical breakthroughs that can help them and other similar patients. However, they rarely — if ever — expect their DNA data to be used by criminal investigators to incriminate them, their relatives, or their future relatives. Likewise, when a user approaches a genealogy website and uploads information into a public database, the expectation is that the data are being used either to identify relatives or to improve medical research outcomes in other individuals.

Some sites do mention the possibility of forensic use in their terms of service, but others do not. Even if it is mentioned, who among us reads — or comprehends — the complete terms of service for every website we access?⁵ Most people barely understand the implications for themselves, let alone that sharing their DNA data in public databases may have implications for other people. How many Ancestry and 23andMe users consider that they may be violating a sibling’s right to not know about a gene mutation? The average citizen has the misconception that the information contained in their DNA belongs only to them. Rather, there is interference between individuals with similar genetic make-up, such as parents, children, and siblings. Researchers point out that using these public datasets may lead to the arrest of guilty relatives but may also lead to false-positive results. The latter may create an undue burden for innocent individuals.⁵

The other issue at the forefront of the Golden State Killer case is whether or not Mr DeAngelo had an expectation of privacy when police acquired DNA samples from discarded personal items. The law clearly says no: the abandonment doctrine states that there is no expectation of privacy in abandoned materials. When you throw away a coffee cup into a public trashcan, you are abandoning both that coffee cup (along with any DNA samples on that cup) and any expectation of privacy. Law enforcement agents are free to collect that cup and obtain any DNA samples you may have left behind with no special permission.

When users voluntarily upload their genealogy data to public databases, the law views that action as no different than abandoning DNA in public areas. Although some may find this equivalence socially unacceptable, this dislike it is irrelevant when it comes to criminal investigations.⁵ Thus, users of genealogy websites must understand the legal policies of the database that they are using and the legal ramifications of uploading their DNA data. They should not approach any genealogy website with an expectation of privacy unless it is explicitly written in the site’s terms of service. In their law enforcement guide, 23andMe states that they “use all practical legal and administrative resources to resist requests from law enforcement, and [they] do not share customer data with any public databases, or with entities that may increase the risk of law enforcement access.”⁶ They will only review requests “related to a valid trial, grand jury or administrative subpoena, warrant, or order.”⁶ However, if a user takes their ancestry data from 23andMe and then uploads it to GEDmatch, all bets are off: GEDmatch is a public database that is accessible by law enforcement — which is clearly stated in their terms of service.

Another concern that arises is the potential outcome of having one’s DNA data publicly accessible not only to law enforcement but also to employers and insurance companies, entities that may use those data to discriminate against the user. Currently, researchers feel that this risk is overstated but that in the future it may become a serious problem.⁵

Further, DNA evidence can be easily compromised if not meticulously collected. Researchers pointed to a case in Germany where a contaminated cotton swab was used to collect evidence and resulted in the police mistakenly chasing after member of the Romani communities for several years before they identified the error.⁵ Thus, law enforcement needs to be more transparent in their use of DNA data, and a set of official standards should be set forth. Collection and usage methods need to be made clear, and there must be accountability for its misuse. Researchers suggest that forensic genealogy should be used as an investigative tool rather than as a primary source of evidence, and that it may be prudent to limit its use to unsolved crimes where other methods have repeatedly failed to identify a suspect, as in the Golden State Killer case.⁵ Had it not been for the novel strategy, Mr DeAngelo might have never been caught and might have lived out the remainder of his retirement obsessing over his lawn while the people of Sacramento remained consumed by the fear of the Golden State Killer remaining at large. 

Whereas these DNA databases have the potential to aid in solving some of history’s most mysterious crimes, they also pose some serious yet novel ethical dilemmas for both service providers and users of DNA database services. The long-term success of forensic genealogy depends on large, robust databases of DNA. If users feel tricked, deceived, unduly prosecuted, or sense their privacy is being violated, they may choose not to share their data publicly. Those looking to unlock the secrets of their own DNA may hold back, limiting the data in public datasets. It is essential moving forward that there be a more robust informed consent process, that every effort be made to preserve privacy based on new standards and not the precedent set by older principles such as the abandonment principle, and that individuals who choose to share their DNA data be protected from abuse that might arise when insurers, legal entities, and employers seek to access individual DNA data.

References

1. Barry D, Arango T, Oppel RA Jr. The Golden State Killer Left a Trail of Horror With Taunts and Guile. New York Times. https://www.nytimes.com/2018/04/28/us/golden-state-killer-joseph-deangelo.html. April 28, 2018. Accessed August 7, 2018.
2. Federal Bureau of Investigation. Frequently Asked Questions on CODIS and NDIS. https://www.fbi.gov/services/laboratory/biometric-analysis/codis/codis-and-ndis-fact-sheet. Accessed August 7, 2018.
3. GEDmatch.com. GEDmatch.com Terms of Service and Privacy Policy. https://www.gedmatch.com/tos.htm. Updated May 20, 2018. Accessed August 7, 2018.
4. Zhang S. How a Genealogy Website Led to the Alleged Golden State Killer. The Atlantic. https://www.theatlantic.com/science/archive/2018/04/golden-state-killer-east-area-rapist-dna-genealogy/559070/. April 27, 2018. Accessed August 7, 2018.
5. Berkman BE, Miller WK, Grady C. Is it ethical to use genealogy data to solve crimes? [published online May 29, 2018] Ann Intern Med. doi:10.7326/M18-1348
6. 23andMe.com. 23andMe guide for law enforcement. https://www.23andme.com/law-enforcement-guide/. 2018. Accessed August 7, 2018.