You’ve probably seen on the news that police used genetic genealogy website GEDmatch to identify a suspect in the Golden State Killer cases. The suspect is accused of a series of horrific rapes, murders and other crimes that took place from 1976 to 1984 across California.
Everyone is glad a killer was caught. Unfortunately, it wasn’t in time to prevent the damage he caused. But this high-profile case may lead to similar strategies in other investigations, and maybe those will find the perpetrator in time to save someone’s life.
But it still raises some tough issues for genetic genealogists.
What is GedMatch?
GEDmatch doesn’t offer DNA tests. Rather, at GEDmatch, you upload the raw DNA data you get when you take a test at another site. Then you can find genetic matches and perform other advanced analyses. Our book, the Family Tree Guide to DNA Testing and Genetic Genealogy, recommends GedMatch as a research tool.
GEDmatch has released a statement that it wasn’t aware of the site being used in a criminal investigation. It points out that everyone submitting DNA data to GEDmatch should understand the data might be used in nongenealogical ways:
DNA testing privacy
It’s not yet clear how police got the Golden State Killer suspect’s DNA profile to upload to GEDmatch. I tend to doubt they submitted a sample to a genetic genealogy testing service, as this requires a vial of saliva or a cheek swab. They may have had the genetic profile created at a lab, using DNA found at the crime scenes. We’ll probably learn more as the case moves forward in the courts.
Be assured that genetic genealogy testing websites like 23andMe, Ancestry DNA, Family Tree DNA, Living DNA and MyHeritage won’t just hand over your DNA sample or profile information upon request from law enforcement. They require a legally valid warrant.
According to Ancestry’s Transparency report, in 2017, the company provided some customer information—but none of it DNA-related—to law enforcement in 31 cases related to fraud and identity theft. 23andMe has received five requests and released no information.
The DNA sample you submit to a testing service isn’t useful for matching to crime scene DNA because there’s no legal chain of custody attached to your sample.
But law enforcement can use genetic genealogy databases in the very same way that you would. Upload a profile, find matches, and combine genetic genealogy with historical records to identify family members.
It’s not just about your own privacy anymore
This case raises some issues genetic genealogists will want to think about before taking their next test:
- DNA companies usually require permission from the test-taker in order to analyze the sample or raw data. Law enforcement likely wouldn’t have had it in this investigation. How might this affect not only the court case, but also DNA websites’ privacy policies or terms of agreement?
- All the test-takers at GedMatch unknowingly participated in a criminal investigation. I doubt anyone minds in this specific case, but it raises the question: How much control should you get over how your DNA is used?
- If your DNA can be used in a criminal investigation, how else might it be used?
- Genetic genealogy research depends on lots of people taking DNA tests. Will this news slow the growth of DNA databases, as people fear being implicated in crimes?
Bottom line: Always read the terms of service when you take a genetic genealogy test. Don’t upload someone else’s DNA results to a third-party site without their consent. You need to make sure they understand that their test results are publicly searchable. And don’t take a DNA test if you’re concerned about the privacy risks—not just to you, but also to your family.