Police Use Genealogy Site To Locate Murder Suspect They'd Been Hunting For More Than 30 Years

from the new-tech,-new-tools dept

DNA isn’t the perfect forensic tool, but it’s slightly preferable to the body of junk science prosecutors use to lock people up. It’s ability to pinpoint individuals is overstated, and the possibility of contamination makes it just as easy to lock up innocent people as garbage theories like bite mark matching.

In terms of process of elimination, it’s still a go-to for prosecutors. The rise of affordable DNA testing has provided a wealth of evidence to law enforcement. Investigators are no longer limited to samples they’ve taken from arrestees. Databases full of DNA info are within reach 24 hours a day — and all law enforcement needs is an account and a few bucks to start tracking down DNA matches from members of the public who’ve never been arrested.

Investigators used DNA from crime scenes that had been stored all these years and plugged the genetic profile of the suspected assailant into an online genealogy database. One such service, GEDmatch, said in a statement on Friday that law enforcement officials had used its database to crack the case. Officers found distant relatives of Mr. DeAngelo’s and, despite his years of eluding the authorities, traced their DNA to his front door.

“We found a person that was the right age and lived in this area — and that was Mr. DeAngelo,” said Steve Grippi, the assistant chief in the Sacramento district attorney’s office.

This “search” may possibly close the books on at least ten unsolved murders featuring the same suspect DNA. The process involved, however, raises questions. But customers of companies like GEDmatch and 23andMe probably won’t like the answers. Any ethical questions they may have about companies sharing DNA info with law enforcement is likely covered by the terms of service. Customers looking to the Bill of Rights may be disappointed to discover the courts have little positive to say about Fourth Amendment protections for third party records.

Adding your DNA to these databases makes this info publicly-available. If everyone’s DNA was siloed off from everyone else’s, genealogy services would be completely useless. It’s expected your DNA info will be shared with others. If “others” includes law enforcement, the terms of service have that eventuality covered. Even if other uses of your DNA weren’t specified, there’s nothing illegal about law enforcement agencies creating accounts to submit DNA for matches. If there’s a Constitutional challenge, the third party doctrine likely eliminates anything remaining for the court to consider once it gets past the obvious hurdle: DNA-matching services match DNA. Complete strangers are able to “access” DNA info of others without creating privacy issues.

GEDmatch’s response to all of this? If you don’t want your DNA to end up in the hands of law enforcement, delete your account. This isn’t exactly customer-friendly, but it reflects the reality of participating in a service that offers DNA matching. Even if a company refuses to hand over info voluntarily, it probably wouldn’t take more than a subpoena to knock it loose. As long as law enforcement is using the system like a customer would — that is, simply submitting DNA for a match — the only problems it poses are at the far end of the ethical spectrum. If it’s doing anything else — like asking companies to notify them if certain DNA samples are submitted — then there are problems. But as long as it’s not inserting itself into the supply chain, there’s really no privacy invasion occurring.

Filed Under: , , , ,
Companies: gedmatch

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Police Use Genealogy Site To Locate Murder Suspect They'd Been Hunting For More Than 30 Years”

Subscribe: RSS Leave a comment
Anonymous Coward says:

Re: Re: It wouldn't help against law enforcement...

That also depends on whether the site is in the United States or not.

If such a website had no servers, or any presence in the United States, HIPAA would never apply to them, as severs there are not in the United States do not have to obey US laws. If a company has no presence in the USA, they are not subject to US laws.

This is also why SESTA will never work. Websites with presence in the United States are not subject to this law.

David (profile) says:

Re: Re: Re:2 It wouldn't help against law enforcement...

It is true. That the US government has lied, violated its own policies to enable the attack based on keeping Hollywood happy.

Just being right isn’t enough when it comes to copyrights. Even the law doesn’t matter as Kim didn’t commit a criminal act. Civil, quite possibly. But FBI doesn’t care. Grab the cash, that’s the new FBI.

SirWired (profile) says:

Re: No HIPAA problems at all

If you submit your DNA to a database whose sole purpose in life is to match you with others who have done the same, there’s no HIPAA problems at all for the database doing exactly what you told them to do.

Now, if you submitted your blood at the Dr’s office to have your cholesterol checked, and the lab company took it upon themselves to divert a few drops to put you in a genealogy DB, THAT would be a massive HIPAA violation.

btr1701 (profile) says:

Re: Re: Re: Not guilty yet

As members of the public we’re not in a position to make
> a judgement on ‘the preponderance of [published]
> evidence’ – that’s for the courts and a judge & jury of
> his peers.

No, we can make judgments about this just like we do with a million other things in our lives everyday.

What we the public can’t do is punish someone based on our judgment. Only the state can do that after a finding of guilty beyond a reasonable doubt.

Anonymous Coward says:

Re: Not guilty yet

I guess that could be why only two counts have been filed against him so far, one for a 1976 murder and the other a 1980 murder.

California law changed between 1976 and 1980. The 1980 murder carries the death penalty while the 1976 one does not.

The 1980 murder would be life without parole, but the 1976 murder would be life, with the possibility of parole after 7 1/2 years.

Anonymous Coward says:

Re: Re: Re: Not guilty yet

It also depends on what charges he is convicted on. If the two murder charges are the only ones he is charged with, and he is only convicted of the 1976 murder, than he can apply for parole in as little at 7/12 years, because prior to the 1978 ballot proposition approved by voters, the penalty was life with parole after as little as 7 1/2 years.

Anonymous Coward says:

Just like any database, law enforcement can access it in a way where the network admins will never know they were there.

Server level databases, like MySQL, Oracle, MsSQL, and others have one flaw. They do not have logging.

And if sites have redundant servers in multiple locations, the database have to be exposed to the Internet for all those servers that need to access it to work.

This means that law enforcement can get around that “pesky” Fourth Amendment. LEOs and prosecutors can piss on the fourth amendment by doing this, and the site admins will never detect their presence, on account of these server level databases having no logging function.

Anonymous Coward says:

Re: Re:

“Just like any database, law enforcement can access it in a way where the network admins will never know they were there.”

– I suppose that could be true if they do not secure their network.

“Server level databases, like MySQL, Oracle, MsSQL, and others have one flaw. They do not have logging.”

– Logging is a configurable parameter in Oracle, the others idk.

“And if sites have redundant servers in multiple locations, the database have to be exposed to the Internet for all those servers that need to access it to work.”

Not necessarily. There are many high availability architectures out there, you should look at them – cool stuff.

MindParadox (profile) says:

Re: Re:

Only one problem, those databases absolutely do have logging. the number one issue my wife’s previous employers had was problems with the logging, since they decided to split the logging between two different locations.

Without logging, you can’t perform checks on various performance metrics.

Learn about what you are speaking of before you vomit words into the world.

David says:

Again glossing over a crucial difference:

If you don’t want your DNA to end up in the hands of law enforcement, delete your account.

That doesn’t work since the persons entering data concerning myself aren’t myself.

Like with Facebook relying on others for tagging my face even if I don’t have an account, the answer isn’t "if you are worried about the Stasi collecting information about you, just don’t give them any".

James Burkhardt (profile) says:

Re: Again glossing over a crucial difference:

Except, in this case, you run up against other issues, as they are primarily entering their own data, it just happens you share that data in a relatively predictable way based on your relation to the second person. Barring them from putting in their information (which unlike tagging would not directly identify you), forces them to your choices. This use can only produce probable cause, not guilt.

Anonymous Coward says:

"Delete your account"

Complete strangers are able to "access" DNA info of others without creating privacy issues.

GEDmatch’s response to all of this? If you don’t want your DNA to end up in the hands of law enforcement, delete your account. This isn’t exactly customer-friendly, but it reflects the reality of participating in a service that offers DNA matching.

It was stated earlier in the text, but just to be clear, the suspect did not have an account on that site. A family member did.

So, IMHO, there are some privacy issues here. It was probably all legal—which, like with NSA’s data collection, is the issue.

Anonymous Coward says:

Re: Re:

Roadside drug tests, and cheap, basic tests. Which is why if you’re tested positive, they then do a blood test on you also when they take you into the station, which is accurate. But that can take a couple weeks, and during that time, they can screw up your life.

DNA is very accurate. Generally, 99.9% Trying to compare a DNA test to a cheap Roadside drug test is laughable. Now using DNA for an Ancestry Test. That may have some mixed results. Depends on the company. I was watching one where they were testing with triplets and a couple of them the results were not quite the same. The DNA is correct, but the results from that were off. Some of the other company’s were dead on with all 3 of the triplets.

jonr (profile) says:

Re: Re: Re: Re:

Except that’s not how it worked. After they had a suspect from a familial match and other factors, they collected DNA from the suspect (surreptitiously, using a discarded item — perfectly legal whether they had a warrant or not, since once your trash is on the curb it’s fair game) to get a full DNA profile/match. Only after they had that did they make an arrest.

jonr (profile) says:

Re: Re: Re: Re:

It’s actually much, much better than 99.9%. It depends in part on how rare the various markers are, but the average accuracy is better than 1 in a billion (this document is over 10 years old, so it’s probably better now) and, according to the FBI, up to 1 in 108 trillion (and in one case, purportedly 1 in 930 sextillion).

Anonymous Coward says:

This discussion of issues might be irrelevant within another decade or two. The government of China has already started amassing a DNA database of everyone in the country, starting with (no surprise) regions where political dissent is highest.


But even without a national government mandated DNA collection policy like China, the USA will eventually have a de facto national DNA database, compiled through secondary sources, as this serial-killer story demonstrates that system in its infancy.

Anonymous Coward says:

Re: Jurasic China...

I can just see the Chinese bringing back the ‘Jurasic dissidents’ by re-growing them from their stored DNA (since the original culture was successfully wiped out by mainland China, they just want to re-create their pet dissident so they can continue to suppress them…

Anonymous Coward says:

How about a family member? So your brother submits his DNA. They run a sample and are able to determine that someone in his family committed a crime. Maybe they could tell if it was a parent or sibling? That would mean YOU don’t have to actually submit a sample, just someone in your family? I wonder what time of protections would be afforded?

James Burkhardt (profile) says:

Re: Re:

In this case, you are looking at probable cause for a DNA swab, not evidence of guilt. NO different than if the police had swabbed that person and determined that a family member matched the blood sample they have.

In fact, it is likely what we have here, as the search only found a DNA match for a family member. So they likely developed a narrow suspect pool, and got a warrant for some DNA swabs. That got them the accused.

I actually think its a great process, using data that is by its nature accessible to the public.

aldestrawk (profile) says:

Re: Re: Re:

In the Golden State Killer case the closest match in the GEDmatch database was a 3rd cousin. There were 10 20 matches. The matches were likely not based on percentage of DNA markers that matched. Rather, they were based on a single, rare, genetic marker. The suspect pool was determined from 25 family trees that were source from a great, great, great grandparent of DeAngelo, the killer. That pool was greatly narrowed given the known characteristics of the killer, a blond white male, 60-80 years old who had lived in that region of California. How small does that pool have to be before probable cause is established? There are thousands of living relatives with that marker. They could not have used other markers to narrow the pool because the closest identified relative in a database was a 3rd cousin.
I suspect the investigators did not attempt to get a warrant to obtain DeAngelo’s DNA because they did not have probable cause. Otherwise, they could have obtained a warrant and still used subterfuge to obtain the DNA to avoid tipping him off. They had previously obtained DNA from another individual that was identified via relations to someone in GEDmatch. It has not been said publicly whether that sample was obtained by permission, warrant, or just subterfuge. A warrant was obtained last year for a 73 year man in Oregon City who was not capable of giving permission. I doubt that warrant was proper as it was based on a close relative in the Ysearch database having that rare genetic marker. Given that only 189,000 individuals were represented in the database, there was no guarantee that any relative was the killer.

Maybe obtaining DNA without permission or a warrant is justified in this case but where is the line drawn when a familial search can only narrow the suspect pool down to several, dozens, or hundreds? Matches to close relatives will still narrow the suspects to a handful. Consider that advances in DNA testing technology will make such tests yet even cheaper and faster in the future. What level of crime will justify such familial searches? Under current California law, familial searches can only be done to find suspects “of major violent crimes in which the public faces safety risks and in which all other investigative avenues have proven fruitless”. Other states are less restrictive. I wonder how long sites such as Ysearch.org and GEDmatch will continue to exist when users realize that it is not only law enforcement that can upload someone’s DNA file and find relatives. What is to prevent anyone from using 23 and Me or AncestryDNA to get DNA results of a target individual. All you need is saliva.

crade (profile) says:

Re: Re: Re:

Just saying you should need a subpoena or something, these sites shouldn’t allow / encourage people to take a coffee cup someone through out and submit it in for DNA testing.

Not that they can really prevent it if the person is lying, but they shouldn’t be intentionally allowing any random joe blow doing searches on people without their consent. What happened here should not be “using the system like a customer would”, it should be “this is allowed because it’s a valid law enforcement investigation and here is our proof of such”

Mason Wheeler (profile) says:

If you don’t want your DNA to end up in the hands of law enforcement

…then don’t murder people. Don’t commit violent crimes, don’t do things that screw up other people’s lives, and the police won’t care about your DNA.

It really is that simple, and it astounds me that people seem to think that this is somehow a bad thing.

Anonymous Coward says:

Re: Re:

It’s NOT that simple. Perhaps you should re-read this article from just last week.


They may be 99.9…% sure that it’s your DNA, but that doesn’t translate into being 99.9…% sure that you actually did the crime. And that’s dangerous.

TimothyAWiseman (profile) says:

Re: Re:

But its not that simple.

In the US, with ample other procedural protections and generally reasonable laws, this may prove to be an overall net benefit to society. But even here it is not that simple and worthy of close scrutiny. Even here we can expect the occasional false positive match. And remember that even when the match is legitimate it may not mean that person committed the crime.

In a country with more restrictive laws, something like this could be used to make it easier for the government to commit human rights violations and track the populous.

Ben (profile) says:

Re: Re: Re:

I don’t know about anybody else, but I give quite a big fuck about the civil rights of any innocent person not involved in the murder, but accidentally involved in the investigation through no fault of their own.

In fact, I actually give a fuck (but perhaps not quite such a big one) that even the actual murderer be found guilty through due process and not trial by social media. Not for their own benefit, but for the benefit of society as a whole, for if we cannot rely upon proper due process for one person, how can rely upon it for ourselves. (Yeah, fantasy, I know – there is already a lot of evidence of cops, prosecutors, jurors and judges being willing to put aside due process for-the-win!)

Thad (user link) says:

Re: Re: Re: Re:

In fact, I actually give a fuck (but perhaps not quite such a big one) that even the actual murderer be found guilty through due process and not trial by social media.

The evidentiary standards for believing someone is guilty, as a private individual uninvolved with the case, are completely different from the standards for convicting him in a court of law.

There’s nothing wrong with, for example, thinking that OJ Simpson committed murder even though a jury found otherwise. There’s not even necessarily a contradiction there; it’s entirely consistent to believe that he’s probably guilty but that the jury made the correct decision based on the facts presented in the trial.

The court of public opinion has different standards than a court of law. And it should.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...