Police Use Genealogy Site To Locate Murder Suspect They'd Been Hunting For More Than 30 Years
from the new-tech,-new-tools dept
DNA isn’t the perfect forensic tool, but it’s slightly preferable to the body of junk science prosecutors use to lock people up. It’s ability to pinpoint individuals is overstated, and the possibility of contamination makes it just as easy to lock up innocent people as garbage theories like bite mark matching.
In terms of process of elimination, it’s still a go-to for prosecutors. The rise of affordable DNA testing has provided a wealth of evidence to law enforcement. Investigators are no longer limited to samples they’ve taken from arrestees. Databases full of DNA info are within reach 24 hours a day — and all law enforcement needs is an account and a few bucks to start tracking down DNA matches from members of the public who’ve never been arrested.
Investigators used DNA from crime scenes that had been stored all these years and plugged the genetic profile of the suspected assailant into an online genealogy database. One such service, GEDmatch, said in a statement on Friday that law enforcement officials had used its database to crack the case. Officers found distant relatives of Mr. DeAngelo’s and, despite his years of eluding the authorities, traced their DNA to his front door.
“We found a person that was the right age and lived in this area — and that was Mr. DeAngelo,” said Steve Grippi, the assistant chief in the Sacramento district attorney’s office.
This “search” may possibly close the books on at least ten unsolved murders featuring the same suspect DNA. The process involved, however, raises questions. But customers of companies like GEDmatch and 23andMe probably won’t like the answers. Any ethical questions they may have about companies sharing DNA info with law enforcement is likely covered by the terms of service. Customers looking to the Bill of Rights may be disappointed to discover the courts have little positive to say about Fourth Amendment protections for third party records.
Adding your DNA to these databases makes this info publicly-available. If everyone’s DNA was siloed off from everyone else’s, genealogy services would be completely useless. It’s expected your DNA info will be shared with others. If “others” includes law enforcement, the terms of service have that eventuality covered. Even if other uses of your DNA weren’t specified, there’s nothing illegal about law enforcement agencies creating accounts to submit DNA for matches. If there’s a Constitutional challenge, the third party doctrine likely eliminates anything remaining for the court to consider once it gets past the obvious hurdle: DNA-matching services match DNA. Complete strangers are able to “access” DNA info of others without creating privacy issues.
GEDmatch’s response to all of this? If you don’t want your DNA to end up in the hands of law enforcement, delete your account. This isn’t exactly customer-friendly, but it reflects the reality of participating in a service that offers DNA matching. Even if a company refuses to hand over info voluntarily, it probably wouldn’t take more than a subpoena to knock it loose. As long as law enforcement is using the system like a customer would — that is, simply submitting DNA for a match — the only problems it poses are at the far end of the ethical spectrum. If it’s doing anything else — like asking companies to notify them if certain DNA samples are submitted — then there are problems. But as long as it’s not inserting itself into the supply chain, there’s really no privacy invasion occurring.
Filed Under: dna, evidence, garden state killer, joseph deangelo, privacy
Companies: gedmatch
Comments on “Police Use Genealogy Site To Locate Murder Suspect They'd Been Hunting For More Than 30 Years”
I’m a little disappointed the article didn’t include the results from GEDmatch regarding Mr. DeAngelo, as they found 12% Sasquatch, 50% Anglo-saxon, 28% Pedophilia, and 10% Nordic, tracing his lineage to Elizabeth Bathory.
Too soon?
2002: “OMG are you an idiot?! you are using your real name on an online profile?!”
2018: “Check out this website I just submitted the blueprint of my body to so I can see who I’m related to and anyone else can find out about me too!”
It wouldn't help against law enforcement...
But you could probably make an argument that these genealogy websites should be subject to HIPAA privacy regulations. That would at least keep them from selling the info to others.
Re: It wouldn't help against law enforcement...
If they were subject to HIPPA then the site might as well close down, it wouldn’t be able to do any of it’s matching and metrics if it had to sanitize the data to that degree.
Re: Re: It wouldn't help against law enforcement...
That also depends on whether the site is in the United States or not.
If such a website had no servers, or any presence in the United States, HIPAA would never apply to them, as severs there are not in the United States do not have to obey US laws. If a company has no presence in the USA, they are not subject to US laws.
This is also why SESTA will never work. Websites with presence in the United States are not subject to this law.
Re: Re: Re: It wouldn't help against law enforcement...
I’m sure Kim Dotcom and legitimate customers of megaupload wish this were true.
Re: Re: Re:2 It wouldn't help against law enforcement...
It is true. That the US government has lied, violated its own policies to enable the attack based on keeping Hollywood happy.
Just being right isn’t enough when it comes to copyrights. Even the law doesn’t matter as Kim didn’t commit a criminal act. Civil, quite possibly. But FBI doesn’t care. Grab the cash, that’s the new FBI.
Re: No HIPAA problems at all
If you submit your DNA to a database whose sole purpose in life is to match you with others who have done the same, there’s no HIPAA problems at all for the database doing exactly what you told them to do.
Now, if you submitted your blood at the Dr’s office to have your cholesterol checked, and the lab company took it upon themselves to divert a few drops to put you in a genealogy DB, THAT would be a massive HIPAA violation.
Re: It wouldn't help against law enforcement...
hippa is a joke
Not guilty yet
The only problem is that the ‘media’ as a whole seem to be taking this as a ‘guilty’ verdict on Mr De Angelo. He may be guilty, he may also be not guilty; as the article states, DNA evidence is not infallible.
Re: Not guilty yet
They wouldn’t be arresting him just on the DNA though. There’s also motive, opportunity and other factors that make him a good fit for the crimes. Right now, the preponderance of evidence looks like he’s the culprit.
Re: Re: Not guilty yet
Even so, he’s still not guilty yet. As members of the public we’re not in a position to make a judgement on ‘the preponderance of [published] evidence’ – that’s for the courts and a judge & jury of his peers.
Re: Re: Re: Not guilty yet
Re: Not guilty yet
I guess that could be why only two counts have been filed against him so far, one for a 1976 murder and the other a 1980 murder.
California law changed between 1976 and 1980. The 1980 murder carries the death penalty while the 1976 one does not.
The 1980 murder would be life without parole, but the 1976 murder would be life, with the possibility of parole after 7 1/2 years.
Re: Re: Not guilty yet
Well hopefully they’ll start tacking on a long list of his other crimes and he can die in jail with what is left if his life. He’s had it far, far better than everyone he’s killed.
Re: Re: Re: Not guilty yet
If you have proof of his guilt, you’re an asshole for not stepping up 30 years ago. If you don’t, you’re an asshole for condemning someone without due process. Find some evidence, or watch the trial.
Re: Re: Re: Not guilty yet
It also depends on what charges he is convicted on. If the two murder charges are the only ones he is charged with, and he is only convicted of the 1976 murder, than he can apply for parole in as little at 7/12 years, because prior to the 1978 ballot proposition approved by voters, the penalty was life with parole after as little as 7 1/2 years.
Just like any database, law enforcement can access it in a way where the network admins will never know they were there.
Server level databases, like MySQL, Oracle, MsSQL, and others have one flaw. They do not have logging.
And if sites have redundant servers in multiple locations, the database have to be exposed to the Internet for all those servers that need to access it to work.
This means that law enforcement can get around that “pesky” Fourth Amendment. LEOs and prosecutors can piss on the fourth amendment by doing this, and the site admins will never detect their presence, on account of these server level databases having no logging function.
Re: Re:
Except non of that has anything to do with anything in this case.
It’s a free website and police simply used it as any regular user would.
Re: Re:
Where do you get your conspiracy theories from, as just about every bit of server software supports logging, it’s an essential debugging tool.
Re: Re:
“Just like any database, law enforcement can access it in a way where the network admins will never know they were there.”
– I suppose that could be true if they do not secure their network.
“Server level databases, like MySQL, Oracle, MsSQL, and others have one flaw. They do not have logging.”
– Logging is a configurable parameter in Oracle, the others idk.
“And if sites have redundant servers in multiple locations, the database have to be exposed to the Internet for all those servers that need to access it to work.”
Not necessarily. There are many high availability architectures out there, you should look at them – cool stuff.
Re: Re:
“Just like any database, law enforcement can access it in a way where the network admins will never know they were there.”
Or… they just walk in with a warrant.
“on account of these server level databases having no logging function.”
https://dev.mysql.com/doc/refman/8.0/en/query-log.html
LOL. You Trollin brah? Yeah… you Trollin.
Re: Re:
Only one problem, those databases absolutely do have logging. the number one issue my wife’s previous employers had was problems with the logging, since they decided to split the logging between two different locations.
Without logging, you can’t perform checks on various performance metrics.
Learn about what you are speaking of before you vomit words into the world.
Anyone who reads any geneology DNA website’s legal terms will see that the DNA results are not private, and can be used for essentially any purpose whatsoever (although they try to spin it as helping out and improving the results itself.)
When I saw my first DNA matching commercial, I was immediately suspicious. Do medical privacy laws permit the access and use of DNA info? No worries, if you gladly give it up, everything is fine, *wink*. It’s like social media for your biology.
Re: Re:
The funny thing is, you pay a bunch of your own money to give all this info away to anyone. Talking about twisted.
When creating an account and supplying a sample, the terms should state – is this your own sample? Otherwise its a fishing expedition.
Re: Re:
Doesn't it seem like the cops may now be federal felons?
CFAA anyone?
Doesn’t it seem like making a fake profile and submitting a 3rd pry DNA sample would be a violation of the site/services’ EULA? Like at least ten times worse than offering Microsoft recovery CD’s?
Maybe a hundred times worse?
Again glossing over a crucial difference:
That doesn’t work since the persons entering data concerning myself aren’t myself.
Like with Facebook relying on others for tagging my face even if I don’t have an account, the answer isn’t "if you are worried about the Stasi collecting information about you, just don’t give them any".
Re: Again glossing over a crucial difference:
Except, in this case, you run up against other issues, as they are primarily entering their own data, it just happens you share that data in a relatively predictable way based on your relation to the second person. Barring them from putting in their information (which unlike tagging would not directly identify you), forces them to your choices. This use can only produce probable cause, not guilt.
"Delete your account"
It was stated earlier in the text, but just to be clear, the suspect did not have an account on that site. A family member did.
So, IMHO, there are some privacy issues here. It was probably all legal—which, like with NSA’s data collection, is the issue.
Based upon roadside drug test efficacy, I am suspicious of these dna tests.
The capability of dna testing to prove a match is over rated while its ability to prove a mismatch is under rated. TV shows do nothing to counter this mis understanding.
Re: Re:
Roadside drug tests, and cheap, basic tests. Which is why if you’re tested positive, they then do a blood test on you also when they take you into the station, which is accurate. But that can take a couple weeks, and during that time, they can screw up your life.
DNA is very accurate. Generally, 99.9% Trying to compare a DNA test to a cheap Roadside drug test is laughable. Now using DNA for an Ancestry Test. That may have some mixed results. Depends on the company. I was watching one where they were testing with triplets and a couple of them the results were not quite the same. The DNA is correct, but the results from that were off. Some of the other company’s were dead on with all 3 of the triplets.
Re: Re: Re:
Ok, so the ancestry side has a match and you’re arrested – now what … they perform the real test?
It is obvious where this is going
Re: Re: Re: Re:
Except that’s not how it worked. After they had a suspect from a familial match and other factors, they collected DNA from the suspect (surreptitiously, using a discarded item — perfectly legal whether they had a warrant or not, since once your trash is on the curb it’s fair game) to get a full DNA profile/match. Only after they had that did they make an arrest.
Re: Re: Re:2 Re:
Yeah, ok.
1) Ancestry website says their crappy software has a match
2) Probable cause
3) Obtain sample for the real test
4) ???
5) profit!
Re: Re: Re:
Meaning it could be 7,600,000 other people (0.1% of the population)? That doesn’t sound accurate at all.
Re: Re: Re: Re:
It’s actually much, much better than 99.9%. It depends in part on how rare the various markers are, but the average accuracy is better than 1 in a billion (this document is over 10 years old, so it’s probably better now) and, according to the FBI, up to 1 in 108 trillion (and in one case, purportedly 1 in 930 sextillion).
Re: Re: Re:2 Re:
It is still much better at proving a mismatch than a match.
This discussion of issues might be irrelevant within another decade or two. The government of China has already started amassing a DNA database of everyone in the country, starting with (no surprise) regions where political dissent is highest.
https://www.theguardian.com/world/2017/dec/13/chinese-authorities-collecting-dna-residents-xinjiang
But even without a national government mandated DNA collection policy like China, the USA will eventually have a de facto national DNA database, compiled through secondary sources, as this serial-killer story demonstrates that system in its infancy.
Re: Re:
and a story from almost a decade ago about the routine (and often state-government mandated) collection of DNA from all babies born in hospitals — without the parents knowledge or consent.
http://www.cnn.com/2010/HEALTH/02/04/baby.dna.government/index.html
Re: Jurasic China...
I can just see the Chinese bringing back the ‘Jurasic dissidents’ by re-growing them from their stored DNA (since the original culture was successfully wiped out by mainland China, they just want to re-create their pet dissident so they can continue to suppress them…
Re: Re: Jurasic China...
lol
haterz gonna hate
How about a family member? So your brother submits his DNA. They run a sample and are able to determine that someone in his family committed a crime. Maybe they could tell if it was a parent or sibling? That would mean YOU don’t have to actually submit a sample, just someone in your family? I wonder what time of protections would be afforded?
Re: Re:
In this case, you are looking at probable cause for a DNA swab, not evidence of guilt. NO different than if the police had swabbed that person and determined that a family member matched the blood sample they have.
In fact, it is likely what we have here, as the search only found a DNA match for a family member. So they likely developed a narrow suspect pool, and got a warrant for some DNA swabs. That got them the accused.
I actually think its a great process, using data that is by its nature accessible to the public.
Re: Re: Re:
In the Golden State Killer case the closest match in the GEDmatch database was a 3rd cousin. There were 10 20 matches. The matches were likely not based on percentage of DNA markers that matched. Rather, they were based on a single, rare, genetic marker. The suspect pool was determined from 25 family trees that were source from a great, great, great grandparent of DeAngelo, the killer. That pool was greatly narrowed given the known characteristics of the killer, a blond white male, 60-80 years old who had lived in that region of California. How small does that pool have to be before probable cause is established? There are thousands of living relatives with that marker. They could not have used other markers to narrow the pool because the closest identified relative in a database was a 3rd cousin.
I suspect the investigators did not attempt to get a warrant to obtain DeAngelo’s DNA because they did not have probable cause. Otherwise, they could have obtained a warrant and still used subterfuge to obtain the DNA to avoid tipping him off. They had previously obtained DNA from another individual that was identified via relations to someone in GEDmatch. It has not been said publicly whether that sample was obtained by permission, warrant, or just subterfuge. A warrant was obtained last year for a 73 year man in Oregon City who was not capable of giving permission. I doubt that warrant was proper as it was based on a close relative in the Ysearch database having that rare genetic marker. Given that only 189,000 individuals were represented in the database, there was no guarantee that any relative was the killer.
Maybe obtaining DNA without permission or a warrant is justified in this case but where is the line drawn when a familial search can only narrow the suspect pool down to several, dozens, or hundreds? Matches to close relatives will still narrow the suspects to a handful. Consider that advances in DNA testing technology will make such tests yet even cheaper and faster in the future. What level of crime will justify such familial searches? Under current California law, familial searches can only be done to find suspects “of major violent crimes in which the public faces safety risks and in which all other investigative avenues have proven fruitless”. Other states are less restrictive. I wonder how long sites such as Ysearch.org and GEDmatch will continue to exist when users realize that it is not only law enforcement that can upload someone’s DNA file and find relatives. What is to prevent anyone from using 23 and Me or AncestryDNA to get DNA results of a target individual. All you need is saliva.
” As long as law enforcement is using the system like a customer would”
like a customer would is submitted *your* dna for a match.
Submitting other people’s DNA for matches without their consent could (and should, imho) easily be something that is not allowed by the terms of service.
Re: Re:
I am sure the victims weren’t looking to get a DNA sample either.
Re: Re: Re:
Just saying you should need a subpoena or something, these sites shouldn’t allow / encourage people to take a coffee cup someone through out and submit it in for DNA testing.
Not that they can really prevent it if the person is lying, but they shouldn’t be intentionally allowing any random joe blow doing searches on people without their consent. What happened here should not be “using the system like a customer would”, it should be “this is allowed because it’s a valid law enforcement investigation and here is our proof of such”
…then don’t murder people. Don’t commit violent crimes, don’t do things that screw up other people’s lives, and the police won’t care about your DNA.
It really is that simple, and it astounds me that people seem to think that this is somehow a bad thing.
Re: Re:
Your faith in humanity is noble even if a bit undeserved.
Re: Re: Re:
If cops want to frame you, they don’t need your DNA.
(But no technology is infallible, eg DNA can be planted or contaminated by a third party. Even a “99.9% accurate” technology should be corroborated by independent evidence.)
Re: Re:
It’s NOT that simple. Perhaps you should re-read this article from just last week.
https://www.techdirt.com/articles/20180424/06201439696/innocent-man-charged-with-murder-because-his-dna-was-found-fingernails-victim-whom-he-had-never-met.shtml
They may be 99.9…% sure that it’s your DNA, but that doesn’t translate into being 99.9…% sure that you actually did the crime. And that’s dangerous.
Re: Re: Re:
I read the article. Perhaps you should re-read it, and see how easy it was to get him off by simply pointing to the fact that he was known to be elsewhere when the crime happened.
Re: Re: Re: Re:
Yes in this case it was easy as the mix up was accompanied by documented evidence. How often does it happen without such documentation.
Re: Re: Re:
“They may be 99.9…% sure that it’s your DNA”
They may be, but I’m not ….
Recent medical article claimed there is much more dna in cells than previously known, are they looking at that also?
Re: Re:
But its not that simple.
In the US, with ample other procedural protections and generally reasonable laws, this may prove to be an overall net benefit to society. But even here it is not that simple and worthy of close scrutiny. Even here we can expect the occasional false positive match. And remember that even when the match is legitimate it may not mean that person committed the crime.
In a country with more restrictive laws, something like this could be used to make it easier for the government to commit human rights violations and track the populous.
Re: Re:
The ends justify the means. Who gives a fuck about civil rights when there is murder involved, right?
Re: Re: Re:
I don’t know about anybody else, but I give quite a big fuck about the civil rights of any innocent person not involved in the murder, but accidentally involved in the investigation through no fault of their own.
In fact, I actually give a fuck (but perhaps not quite such a big one) that even the actual murderer be found guilty through due process and not trial by social media. Not for their own benefit, but for the benefit of society as a whole, for if we cannot rely upon proper due process for one person, how can rely upon it for ourselves. (Yeah, fantasy, I know – there is already a lot of evidence of cops, prosecutors, jurors and judges being willing to put aside due process for-the-win!)
Re: Re: Re: Re:
The evidentiary standards for believing someone is guilty, as a private individual uninvolved with the case, are completely different from the standards for convicting him in a court of law.
There’s nothing wrong with, for example, thinking that OJ Simpson committed murder even though a jury found otherwise. There’s not even necessarily a contradiction there; it’s entirely consistent to believe that he’s probably guilty but that the jury made the correct decision based on the facts presented in the trial.
The court of public opinion has different standards than a court of law. And it should.